MD5: 7171d90790cb54ed3d582614338db070
SHA1: 559f395f97c8b513380bf7ccc4e06b7d19493eac
SHA256: b41e289e89ec08e66e4331c09b8c89d19c2e640d4312323bfa7c050391aecddc
SSDeep: 49152:hSceSCPLbqF94wsDvZ5Wq7ck NnFYTidCJF o1Z443LiB6kywx:y/mShDB05nuTMCJtw43U6Dwx
Size: 3156344 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: MyFunCards
Created at: 2012-12-05 04:11:53
Analyzed on: Windows7Ada SP1 64-bit

Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

No specific payload has been found.

Process activity

The Worm creates the following process(es):

0000041cT8SETUP.EXE:920
%original file name%.exe:1052
rundll32.exe:4088
5msrchmn.exe:1476

The Worm injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process 0000041cT8SETUP.EXE:920 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mregiet.dll (87 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\BOOTSTRAP.JS (20 bytes)
C:\Windows\System32\config\SOFTWARE (33682 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mhighin.exe (22 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\T8TICKER.DLL (68 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\gen1\COMMON.T8S (1 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mmedint.exe (22 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\LOGO.BMP (10 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mmsg.dll (324 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\5mffxtbr@MyFunCards_5m.com\bootstrap.js (20 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\IE9Mesg\COMMON.T8S (446 bytes)
C:\Users\"%CurrentUserName%"\ntuser.dat.LOG1 (5680 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\CREXT.DLL (50 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\CrExtP5m.exe (1 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mhttpct.dll (169 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mskin.dll (259 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mSrchMn.exe (87 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mscript.dll (95 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\T8EXTEX.DLL (144 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\INSTALL.RDF (2 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5midle.dll (70 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mbrstub.dll (70 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mbarsvc.exe (87 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mhtmlmu.dll (326 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mauxstb.dll (62 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe (62 bytes)
C:\Windows\System32\config\SOFTWARE.LOG1 (33484 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5msknlcr.dll (610 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\T8RES.DLL (358 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mieovr.dll (87 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll (127 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\installKeys.js (213 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\T8HTML.DLL (203 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mfeedmg.dll (185 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\NP5mStub.dll (63 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\5mffxtbr@MyFunCards_5m.com\installKeys.js (213 bytes)
C:\ (96 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\Settings\s_pid.dat (28 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mreghk.dll (95 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mmlbtn.dll (95 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mdatact.dll (201 bytes)
C:\$Directory (192 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mdyn.dll (111 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (1415 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5muabtn.dll (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\5mffxtbr@MyFunCards_5m.com\chrome.manifest (1 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mdlghk.dll (103 bytes)
C:\Users\"%CurrentUserName%"\NTUSER.DAT (7096 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mimpipe.exe (24 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\T8EXTPEX.DLL (161 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\Message\COMMON.T8S (89 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mradio.dll (250 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mregfft.dll (87 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mhkstub.dll (34 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\5mffxtbr@MyFunCards_5m.com\install.rdf (2 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mskplay.exe (30 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mPlugin.dll (129 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\CHROME.MANIFEST (1 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\chrome\5mffxtbr.jar (548 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\5mffxtbr@MyFunCards_5m.com\chrome\5mffxtbr.jar (3361 bytes)
%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mtpinst.dll (165 bytes)

The process %original file name%.exe:1052 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\T8PA1CB.tmp (130 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0000041cT8SETUP.EXE (116049 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0000041cT8SETUP.EX_ (4 bytes)

The process 5msrchmn.exe:1476 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mhkstub.dll (36 bytes)

Registry activity

The process 0000041cT8SETUP.EXE:920 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\TypeLib\{78E0B4F6-1636-4008-9443-B00356D1B364}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{C72DBC94-5EAC-4749-8B52-E19C46884749}]
"(Default)" = "ISessionData"

[HKCR\Wow6432Node\Interface\{4A7417BD-15A2-413F-84A8-69CAD55DE283}\TypeLib]
"(Default)" = "{35FB662A-B7FE-4040-8EA9-807A664415F7}"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar\Switches]
"5mSrcAs.dll" = "0"

[HKCR\Wow6432Node\CLSID\{f382a6a0-351f-4041-a7c2-ea76e85f5211}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\MyFunCards_5m.HTMLMenu]
"(Default)" = "MyFunCards_5m HTML Menu"

[HKCR\Wow6432Node\CLSID\{04bdd2be-51e9-4031-a7a7-b882b3abea12}]
"(Default)" = "Bar Button Class"

[HKCR\TypeLib\{C9983432-AF43-449E-A0A1-EF574A26FD5E}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"lidate" = "2015-01-05T23:17:22Z"

[HKCR\Wow6432Node\CLSID\{33119133-0854-469d-807A-171568457991}]
"(Default)" = ""

[HKCR\Wow6432Node\CLSID\{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.PseudoTransparentPlugin"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43e32fb4-d5e9-41a2-9ded-f0894fb21ad2}]
"AppPath" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar\Switches]
"od" = "1"

[HKCR\Wow6432Node\Interface\{683C3964-BB3D-439C-916F-1B7ED01E797C}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}]
"(Default)" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c855d636-07b5-4dc3-82c7-a35242ea1d05}]
"AppPath" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar\Switches]
"ok" = "1"

[HKCR\Wow6432Node\Interface\{CE5E4F93-C745-46F6-A04D-493021064EEA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{C72DBC94-5EAC-4749-8B52-E19C46884749}]
"(Default)" = "ISessionData"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar\Switches]
"au" = "1"

[HKCR\Interface\{2A8806D0-370A-452F-82C4-7B4CB0BBF176}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{03119103-0854-469D-807A-171568457991}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\1706"

[HKCR\Interface\{E32C0B37-8074-4B1E-893D-E01E149E495C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{FAB9093C-D694-4F3B-8053-809D28D00E43}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\Wow6432Node\Interface\{4A7417BD-15A2-413F-84A8-69CAD55DE283}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{9669121C-D085-4E10-AD79-47DB0CC35122}]
"(Default)" = "SEARCHSCOPE_INTERFACE"

[HKCR\Wow6432Node\CLSID\{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}\TypeLib]
"(Default)" = "{625ba528-a523-4978-9a9d-63424f6352ee}"

[HKCR\Wow6432Node\CLSID\{0d5ce42b-8679-426d-b994-be1c7065b2a1}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{E32C0B37-8074-4B1E-893D-E01E149E495C}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{63c79023-1301-4973-b78e-0727454c6a70}\ProgID]
"(Default)" = "MyFunCards_5m.ScriptButton.1"

[HKCR\Interface\{CE5E4F93-C745-46F6-A04D-493021064EEA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{13119113-0854-469d-807A-171568457991}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\Interface\{C72DBC94-5EAC-4749-8B52-E19C46884749}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{882D51EE-841A-4829-884A-E85844CDCEDA}]
"(Default)" = "IHttpControl"

[HKCR\TypeLib\{F5C77008-03F5-459E-82DB-8C2D923B3CB2}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\MyFunCards_5m.SkinLauncherSettings.1]
"(Default)" = ""

[HKCR\Interface\{A36CB996-30A2-4FA7-AD3C-DDD003A80935}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{C72DBC94-5EAC-4749-8B52-E19C46884749}\TypeLib]
"(Default)" = "{6C1E4E02-8456-4F9B-AA3A-BFD24BBB61FC}"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"RegHookPath" = "C:\PROGRA~2\MYFUNC~1\bar\1.bin\5mreghk"

[HKCR\Interface\{67E9702B-2041-4BC5-BF82-0BC13E158C32}]
"(Default)" = "IHttpControlEvents"

[HKCR\Wow6432Node\CLSID\{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}\MiscStatus]
"(Default)" = "0"

[HKCR\MyFunCards_5m.PseudoTransparentPlugin.1\CLSID]
"(Default)" = "{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}"

[HKCR\Wow6432Node\CLSID\{33119133-0854-469d-807A-171568457991}\TypeLib]
"(Default)" = "{03119103-0854-469d-807A-171568457991}"

[HKCR\MyFunCards_5m.UrlAlertButton.1\CLSID]
"(Default)" = "{9b709b9f-98aa-4d90-9c86-19c1d774e5b4}"

[HKCR\Wow6432Node\Interface\{ACA1E7C1-19EB-4C3C-9D2C-372E69C68975}\TypeLib]
"(Default)" = "{C9983432-AF43-449E-A0A1-EF574A26FD5E}"

[HKCR\Wow6432Node\CLSID\{257bedb2-8226-42f8-b755-c66e2c32972c}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{0d5ce42b-8679-426d-b994-be1c7065b2a1}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Wow6432Node\CLSID\{c4b22c87-45ef-4f43-89f2-40db2078864e}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}\ProgID]
"(Default)" = "MyFunCards_5m.PseudoTransparentPlugin.1"

[HKCR\Interface\{BE206AAC-8D83-4478-AAF6-BD3F045E79D8}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{432732f2-4ca1-4d00-be71-699550667c05}]
"(Default)" = ""

[HKCR\Wow6432Node\Interface\{FAB9093C-D694-4F3B-8053-809D28D00E43}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{67E9702B-2041-4BC5-BF82-0BC13E158C32}\TypeLib]
"(Default)" = "{E1CB369C-4F24-4907-84E5-44F13A41354E}"

[HKCR\TypeLib\{625BA528-A523-4978-9A9D-63424F6352EE}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\1104"

[HKCR\Wow6432Node\CLSID\{9b709b9f-98aa-4d90-9c86-19c1d774e5b4}]
"(Default)" = ""

[HKCR\Wow6432Node\Interface\{67E9702B-2041-4BC5-BF82-0BC13E158C32}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{86FEEFC4-D55F-493B-A117-B389891B814C}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\Interface\{E63CC297-9FD8-4682-B0D3-280DF3A804A7}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\Wow6432Node\Interface\{BC6E741E-667F-48D1-9AA9-D769E3C344EF}]
"(Default)" = "_It8HTMLPanelEvents"

[HKCR\Interface\{BC6E741E-667F-48D1-9AA9-D769E3C344EF}\TypeLib]
"(Default)" = "{585A666A-99B8-4F81-8F11-9A9B7EDDC894}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c855d636-07b5-4dc3-82c7-a35242ea1d05}]
"Policy" = "3"

[HKCR\Wow6432Node\Interface\{F16213F8-7E9B-41BE-AD99-C293B60FFCF8}\TypeLib]
"(Default)" = "{625BA528-A523-4978-9A9D-63424F6352EE}"

[HKCR\Interface\{882D51EE-841A-4829-884A-E85844CDCEDA}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{ACA1E7C1-19EB-4C3C-9D2C-372E69C68975}]
"(Default)" = "ITemplateHTMLMenu"

[HKCR\Wow6432Node\Interface\{DED6233B-191B-4A35-82F9-6F31D24DA871}]
"(Default)" = "IThirdPartyInstaller"

[HKCR\MyFunCards_5m.SkinLauncher\CLSID]
"(Default)" = "{13119113-0854-469d-807A-171568457991}"

[HKCR\MyFunCards_5m.Radio]
"(Default)" = ""

[HKCR\Wow6432Node\Interface\{57CFF878-D0A4-40F9-BB2C-4CDC7FF01194}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\Wow6432Node\Interface\{882D51EE-841A-4829-884A-E85844CDCEDA}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}\1.0]
"(Default)" = "Skin 1.0 Type Library"

[HKCR\Wow6432Node\Interface\{BC6E741E-667F-48D1-9AA9-D769E3C344EF}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{f382a6a0-351f-4041-a7c2-ea76e85f5211}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\SkinTools]
"PlayerPath" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mSkPlay.exe"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"CurInstall" = "1"

[HKCR\MyFunCards_5m.MultipleButton\CurVer]
"(Default)" = "MyFunCards_5m.MultipleButton.1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall]
"DisplayName" = "MyFunCards Toolbar"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"UninstallString" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mhighin.exe 5mbar.dll,O"

[HKCR\Wow6432Node\CLSID\{432732f2-4ca1-4d00-be71-699550667c05}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.Radio"

[HKCR\MyFunCards_5m.PseudoTransparentPlugin.1]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\Interface\{57CFF878-D0A4-40F9-BB2C-4CDC7FF01194}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\Wow6432Node\Interface\{402BD884-83EA-4266-9629-B27893A0EF35}\TypeLib]
"Version" = "1.0"

[HKCR\MyFunCards_5m.ThirdPartyInstaller.1]
"(Default)" = "MyFunCards Third Party Installer"

[HKCR\Interface\{882D51EE-841A-4829-884A-E85844CDCEDA}]
"(Default)" = "IHttpControl"

[HKCR\TypeLib\{625BA528-A523-4978-9A9D-63424F6352EE}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\CLSID\{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}\Version]
"(Default)" = "1.0"

[HKCR\Wow6432Node\Interface\{A36CB996-30A2-4FA7-AD3C-DDD003A80935}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{9669121C-D085-4E10-AD79-47DB0CC35122}]
"(Default)" = "SEARCHSCOPE_INTERFACE"

[HKCR\Interface\{F16213F8-7E9B-41BE-AD99-C293B60FFCF8}\TypeLib]
"(Default)" = "{625BA528-A523-4978-9A9D-63424F6352EE}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall]
"UninstallString" = "rundll32 C:\PROGRA~2\MYFUNC~1\bar\1.bin\5mBar.dll,O"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43e32fb4-d5e9-41a2-9ded-f0894fb21ad2}]
"AppName" = "5mSlSrch.exe"

[HKCR\Wow6432Node\CLSID\{257bedb2-8226-42f8-b755-c66e2c32972c}]
"(Default)" = "MyFunCards_5m HTML"

[HKCR\Wow6432Node\CLSID\{614ba139-bd8d-4789-8a78-8f836622ec82}\ProgID]
"(Default)" = "MyFunCards_5m.ThirdPartyInstaller.1"

[HKCR\Wow6432Node\Interface\{57CFF878-D0A4-40F9-BB2C-4CDC7FF01194}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{8a5d512d-5ac0-44b1-9882-6252077bc607}\TypeLib]
"(Default)" = "{e1cb369c-4f24-4907-84e5-44f13a41354e}"

[HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@MyFunCards_5m.com/Plugin\MimeTypes\application/x-myfuncards_5mplugin]
"Suffixes" = "5m"

[HKCR\Interface\{43E32FB4-D5E9-41A2-9DED-F0894FB21AD2}]
"(Default)" = "ITemplateBarSettings"

[HKCR\TypeLib\{C9983432-AF43-449E-A0A1-EF574A26FD5E}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{23119123-0854-469D-807A-171568457991}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Wow6432Node\Interface\{762C8E84-0015-4667-BD61-2D61B69FC59C}]
"(Default)" = "ITemplateXMLElement"

[HKCR\Wow6432Node\Interface\{43E32FB4-D5E9-41A2-9DED-F0894FB21AD2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{E32C0B37-8074-4B1E-893D-E01E149E495C}\TypeLib]
"(Default)" = "{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}"

[HKCR\Wow6432Node\Interface\{E63CC297-9FD8-4682-B0D3-280DF3A804A7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{683C3964-BB3D-439C-916F-1B7ED01E797C}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{da71fd14-5f7b-46ae-b8b1-44074a38f331}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\Interface\{5FEB1D60-0B28-4445-A911-776D5DD5DA20}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\Interface\{A36CB996-30A2-4FA7-AD3C-DDD003A80935}\TypeLib]
"(Default)" = "{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}"

[HKCR\Wow6432Node\Interface\{563028CC-55F3-4678-A37A-D9B10CFB2B19}\TypeLib]
"(Default)" = "{78E0B4F6-1636-4008-9443-B00356D1B364}"

[HKCR\MyFunCards_5m.HTMLPanel.1]
"(Default)" = "MyFunCards_5m HTML Panel"

[HKCR\MyFunCards_5m.SettingsPlugin.1\CLSID]
"(Default)" = "{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}"

[HKCR\TypeLib\{35FB662A-B7FE-4040-8EA9-807A664415F7}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\Wow6432Node\CLSID\{c4b22c87-45ef-4f43-89f2-40db2078864e}]
"(Default)" = "Search Assistant BHO"

[HKCR\MyFunCards_5m.Radio\CurVer]
"(Default)" = "MyFunCards_5m.Radio.1"

[HKCR\Wow6432Node\CLSID\{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}\ProgID]
"(Default)" = "MyFunCards_5m.SettingsPlugin.1"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"SessionHash" = "39 88 4E F9 6D 9C DE 04 14 54 39 7D 92 75 AE CC"

[HKCR\Interface\{BE206AAC-8D83-4478-AAF6-BD3F045E79D8}\TypeLib]
"(Default)" = "{6C1E4E02-8456-4F9B-AA3A-BFD24BBB61FC}"

[HKCR\Interface\{9298FA8C-796B-4D80-B25B-E0A53E171248}\TypeLib]
"(Default)" = "{86FEEFC4-D55F-493B-A117-B389891B814C}"

[HKCR\Wow6432Node\Interface\{CE5E4F93-C745-46F6-A04D-493021064EEA}]
"(Default)" = "IDataCtrl"

[HKCR\TypeLib\{625BA528-A523-4978-9A9D-63424F6352EE}\1.0]
"(Default)" = "TEMPLATEBARFEEDTYPELib"

[HKCR\Wow6432Node\CLSID\{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.XMLSessionPlugin"

[HKCR\MyFunCards_5m.SkinLauncherSettings\CLSID]
"(Default)" = "{33119133-0854-469d-807A-171568457991}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c4b22c87-45ef-4f43-89f2-40db2078864e}]
"(Default)" = ""

[HKCR\MyFunCards_5m.MultipleButton.1]
"(Default)" = ""

[HKCR\TypeLib\{35FB662A-B7FE-4040-8EA9-807A664415F7}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\1003"

[HKCR\Interface\{A36CB996-30A2-4FA7-AD3C-DDD003A80935}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{762C8E84-0015-4667-BD61-2D61B69FC59C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{257bedb2-8226-42f8-b755-c66e2c32972c}\MiscStatus]
"(Default)" = "0"

[HKCR\Wow6432Node\CLSID\{89f650c9-517c-490f-a99c-b835680836e4}\MiscStatus]
"(Default)" = "0"

[HKCR\MyFunCards_5m.FeedManager\CLSID]
"(Default)" = "{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}"

[HKCR\Interface\{9298FA8C-796B-4D80-B25B-E0A53E171248}]
"(Default)" = "_IThirdPartyInstallerEvents"

[HKCR\Interface\{5FEB1D60-0B28-4445-A911-776D5DD5DA20}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{4E6538AC-A062-484E-9421-95B24C81126C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{89f650c9-517c-490f-a99c-b835680836e4}\TypeLib]
"(Default)" = "{4da251c3-4f2c-4c69-9e3b-966bbfeed8c2}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b03ecee6-cb2f-4338-84a7-1358ac61a918}]
"Policy" = "3"

[HKCR\Wow6432Node\CLSID\{f382a6a0-351f-4041-a7c2-ea76e85f5211}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{811D33FD-97D1-4DFC-BA40-33D7A845BAD2}]
"(Default)" = ""

[HKCR\Interface\{C72DBC94-5EAC-4749-8B52-E19C46884749}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MyFunCards_5m.MultipleButton\CLSID]
"(Default)" = "{6c7e7816-51aa-4e5c-b5a0-660ceaea08b1}"

[HKCR\Wow6432Node\Interface\{659B31CC-E53F-4B04-A920-8F352E76D1D6}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{762C8E84-0015-4667-BD61-2D61B69FC59C}\TypeLib]
"(Default)" = "{78E0B4F6-1636-4008-9443-B00356D1B364}"

[HKCR\TypeLib\{03119103-0854-469D-807A-171568457991}\1.0]
"(Default)" = "SkinLauncher 1.0 Type Library"

[HKCR\MyFunCards_5m.RadioSettings\CLSID]
"(Default)" = "{f382a6a0-351f-4041-a7c2-ea76e85f5211}"

[HKCR\Wow6432Node\Interface\{659B31CC-E53F-4B04-A920-8F352E76D1D6}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{811D33FD-97D1-4DFC-BA40-33D7A845BAD2}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mhtmlmu.dll"

[HKCR\Interface\{4A7417BD-15A2-413F-84A8-69CAD55DE283}]
"(Default)" = "IRadioSettings"

[HKCR\MyFunCards_5m.ScriptButton.1]
"(Default)" = ""

[HKCR\Interface\{2A8806D0-370A-452F-82C4-7B4CB0BBF176}\TypeLib]
"(Default)" = "{625BA528-A523-4978-9A9D-63424F6352EE}"

[HKCR\Wow6432Node\CLSID\{811D33FD-97D1-4DFC-BA40-33D7A845BAD2}]
"(Default)" = "MyFunCards_5m HTML Menu"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\31ec1c24\PUPautoinsaller_v1.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\31ec1c24\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\6c88b866\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\6c88b866\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0000041cT8SETUP.EXE, , \??\%Program Files% (x86)\Mozilla Firefox\plugins\NP5mStub.dll,"

[HKCR\Wow6432Node\Interface\{A36CB996-30A2-4FA7-AD3C-DDD003A80935}\TypeLib]
"(Default)" = "{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}"

[HKCR\Wow6432Node\Interface\{BE206AAC-8D83-4478-AAF6-BD3F045E79D8}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{585A666A-99B8-4F81-8F11-9A9B7EDDC894}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\Wow6432Node\Interface\{DED6233B-191B-4A35-82F9-6F31D24DA871}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{33119133-0854-469d-807A-171568457991}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5msknlcr.dll"

[HKCR\Wow6432Node\CLSID\{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mfeedmg.dll"

[HKCR\MyFunCards_5m.DynamicBarButton\CurVer]
"(Default)" = "MyFunCards_5m.DynamicBarButton.1"

[HKCR\Wow6432Node\Interface\{4E6538AC-A062-484E-9421-95B24C81126C}]
"(Default)" = "SKINSETTINGS_INTERFACE"

[HKCR\Interface\{57CFF878-D0A4-40F9-BB2C-4CDC7FF01194}\TypeLib]
"Version" = "1.0"

[HKCR\MyFunCards_5m.SkinLauncherSettings]
"(Default)" = ""

[HKCR\Interface\{683C3964-BB3D-439C-916F-1B7ED01E797C}]
"(Default)" = "IDisableAddonRebuttal"

[HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@MyFunCards_5m.com/Plugin]
"Path" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\NP5mStub.dll"

[HKCR\Wow6432Node\Interface\{A36CB996-30A2-4FA7-AD3C-DDD003A80935}]
"(Default)" = "SKINWINDOW_INTERFACE"

[HKCR\Wow6432Node\Interface\{DED6233B-191B-4A35-82F9-6F31D24DA871}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\AppDataLow\Software\MyFunCards_5m\bar]
"tiec" = "208976"

[HKCR\Wow6432Node\Interface\{67E9702B-2041-4BC5-BF82-0BC13E158C32}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall]
"Publisher" = "Mindspark Interactive Network"

[HKCR\Wow6432Node\CLSID\{8a5d512d-5ac0-44b1-9882-6252077bc607}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mhttpct.dll"

[HKCR\Wow6432Node\Interface\{9669121C-D085-4E10-AD79-47DB0CC35122}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{ACA1E7C1-19EB-4C3C-9D2C-372E69C68975}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{F16213F8-7E9B-41BE-AD99-C293B60FFCF8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{5C88B59B-FEDA-45CB-BE33-0D8209C825BD}\TypeLib]
"(Default)" = "{C9983432-AF43-449E-A0A1-EF574A26FD5E}"

[HKCR\Wow6432Node\CLSID\{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Wow6432Node\Interface\{E63CC297-9FD8-4682-B0D3-280DF3A804A7}]
"(Default)" = "ITemplateBarButtonRect"

[HKCR\Wow6432Node\CLSID\{89f650c9-517c-490f-a99c-b835680836e4}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{432732f2-4ca1-4d00-be71-699550667c05}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{5C88B59B-FEDA-45CB-BE33-0D8209C825BD}\TypeLib]
"(Default)" = "{C9983432-AF43-449E-A0A1-EF574A26FD5E}"

[HKCR\Wow6432Node\Interface\{67E9702B-2041-4BC5-BF82-0BC13E158C32}\TypeLib]
"(Default)" = "{E1CB369C-4F24-4907-84E5-44F13A41354E}"

[HKCR\Wow6432Node\CLSID\{0d5ce42b-8679-426d-b994-be1c7065b2a1}\MiscStatus]
"(Default)" = "0"

[HKCR\MyFunCards_5m.HTMLMenu.1\CLSID]
"(Default)" = "{811D33FD-97D1-4DFC-BA40-33D7A845BAD2}"

[HKCR\Wow6432Node\CLSID\{257bedb2-8226-42f8-b755-c66e2c32972c}\ProgID]
"(Default)" = "MyFunCards_5m.HTMLPanel.1"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"Visible" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{257bedb2-8226-42f8-b755-c66e2c32972c}]
"(Default)" = ""

[HKCR\MyFunCards_5m.RadioSettings]
"(Default)" = ""

[HKCR\MyFunCards_5m.RadioSettings.1]
"(Default)" = ""

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"PluginPath" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{563028cc-55f3-4678-a37a-d9b10cfb2b19}]
"AppPath" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\Wow6432Node\CLSID\{f382a6a0-351f-4041-a7c2-ea76e85f5211}]
"(Default)" = ""

[HKCR\Wow6432Node\Interface\{23119123-0854-469D-807A-171568457991}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E32C0B37-8074-4B1E-893D-E01E149E495C}]
"(Default)" = "PSEUDOTRANSPARENT_INTERFACE"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0d5ce42b-8679-426d-b994-be1c7065b2a1}]
"Policy" = "3"

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f4c28532-b9d0-4950-a2df-e83f9929242b}" = ""

[HKCR\Wow6432Node\Interface\{4E6538AC-A062-484E-9421-95B24C81126C}\TypeLib]
"(Default)" = "{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}"

[HKCR\TypeLib\{6E444154-EF7C-46E9-BD43-F0F5C2B2518C}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\625"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{563028cc-55f3-4678-a37a-d9b10cfb2b19}]
"Policy" = "3"

[HKCR\Interface\{ACA1E7C1-19EB-4C3C-9D2C-372E69C68975}\TypeLib]
"(Default)" = "{C9983432-AF43-449E-A0A1-EF574A26FD5E}"

[HKCR\Interface\{4E6538AC-A062-484E-9421-95B24C81126C}]
"(Default)" = "SKINSETTINGS_INTERFACE"

[HKCR\Interface\{ACA1E7C1-19EB-4C3C-9D2C-372E69C68975}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{8a5d512d-5ac0-44b1-9882-6252077bc607}]
"(Default)" = "HttpControl Class"

[HKCR\Interface\{5FEB1D60-0B28-4445-A911-776D5DD5DA20}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{9669121C-D085-4E10-AD79-47DB0CC35122}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar\Switches]
"nd" = "0"

[HKCR\Wow6432Node\CLSID\{da71fd14-5f7b-46ae-b8b1-44074a38f331}\InprocServer32]
"(Default)" = "C:\PROGRA~2\MYFUNC~1\bar\1.bin\5mbar.dll"

[HKCR\Wow6432Node\Interface\{43E32FB4-D5E9-41A2-9DED-F0894FB21AD2}]
"(Default)" = "ITemplateBarSettings"

[HKCR\Interface\{23119123-0854-469D-807A-171568457991}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{86FEEFC4-D55F-493B-A117-B389891B814C}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\100"

[HKCR\TypeLib\{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\MyFunCards_5m.ThirdPartyInstaller.1\CLSID]
"(Default)" = "{614ba139-bd8d-4789-8a78-8f836622ec82}"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar\Switches]
"nk" = "0"

[HKCR\Wow6432Node\CLSID\{476d2996-ce78-4a30-95f7-80dbb4c9d623}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mdlghk.dll"

[HKCR\Interface\{402BD884-83EA-4266-9629-B27893A0EF35}\TypeLib]
"(Default)" = "{585A666A-99B8-4F81-8F11-9A9B7EDDC894}"

[HKCR\Interface\{8D429109-8737-4A33-A22B-19219B68FBC7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{DED6233B-191B-4A35-82F9-6F31D24DA871}\TypeLib]
"(Default)" = "{86FEEFC4-D55F-493B-A117-B389891B814C}"

[HKCR\Wow6432Node\CLSID\{257bedb2-8226-42f8-b755-c66e2c32972c}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.HTMLPanel"

[HKCR\Interface\{402BD884-83EA-4266-9629-B27893A0EF35}]
"(Default)" = "It8HTMLPanel"

[HKCR\Wow6432Node\CLSID\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll"

[HKCR\Wow6432Node\Interface\{659B31CC-E53F-4B04-A920-8F352E76D1D6}\TypeLib]
"(Default)" = "{78E0B4F6-1636-4008-9443-B00356D1B364}"

[HKCR\Interface\{563028CC-55F3-4678-A37A-D9B10CFB2B19}]
"(Default)" = "ITemplateXMLSession"

[HKCR\MyFunCards_5m.HTMLMenu\CLSID]
"(Default)" = "{811D33FD-97D1-4DFC-BA40-33D7A845BAD2}"

[HKCR\Wow6432Node\CLSID\{63c79023-1301-4973-b78e-0727454c6a70}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{476d2996-ce78-4a30-95f7-80dbb4c9d623}]
"(Default)" = "Disable Addon Rebuttal Control"

[HKCR\MyFunCards_5m.ThirdPartyInstaller\CLSID]
"(Default)" = "{614ba139-bd8d-4789-8a78-8f836622ec82}"

[HKCR\Wow6432Node\CLSID\{04bdd2be-51e9-4031-a7a7-b882b3abea12}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mdyn.dll"

[HKCR\Wow6432Node\CLSID\{c4b22c87-45ef-4f43-89f2-40db2078864e}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll"

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = ""

[HKCR\Interface\{43E32FB4-D5E9-41A2-9DED-F0894FB21AD2}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{2A8806D0-370A-452F-82C4-7B4CB0BBF176}]
"(Default)" = "ITemplateBarFeedManager"

[HKCR\Interface\{DED6233B-191B-4A35-82F9-6F31D24DA871}]
"(Default)" = "IThirdPartyInstaller"

[HKCR\TypeLib\{78E0B4F6-1636-4008-9443-B00356D1B364}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\1306"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43e32fb4-d5e9-41a2-9ded-f0894fb21ad2}]
"Policy" = "3"

[HKCR\Wow6432Node\CLSID\{614ba139-bd8d-4789-8a78-8f836622ec82}\MiscStatus]
"(Default)" = "0"

[HKCR\MyFunCards_5m.ScriptButton.1\CLSID]
"(Default)" = "{63c79023-1301-4973-b78e-0727454c6a70}"

[HKCR\Wow6432Node\Interface\{5C88B59B-FEDA-45CB-BE33-0D8209C825BD}]
"(Default)" = "ITemplatePopupMenu"

[HKCR\Wow6432Node\CLSID\{0d5ce42b-8679-426d-b994-be1c7065b2a1}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mskin.dll"

[HKCR\Wow6432Node\CLSID\{614ba139-bd8d-4789-8a78-8f836622ec82}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.ThirdPartyInstaller"

[HKCR\Wow6432Node\CLSID\{257bedb2-8226-42f8-b755-c66e2c32972c}\Version]
"(Default)" = "1.0"

[HKCR\Wow6432Node\Interface\{CE5E4F93-C745-46F6-A04D-493021064EEA}\TypeLib]
"(Default)" = "{6C1E4E02-8456-4F9B-AA3A-BFD24BBB61FC}"

[HKCR\Wow6432Node\CLSID\{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mskin.dll"

[HKCR\Wow6432Node\CLSID\{9b709b9f-98aa-4d90-9c86-19c1d774e5b4}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5muabtn.dll"

[HKCR\Interface\{5C88B59B-FEDA-45CB-BE33-0D8209C825BD}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{C72DBC94-5EAC-4749-8B52-E19C46884749}\TypeLib]
"(Default)" = "{6C1E4E02-8456-4F9B-AA3A-BFD24BBB61FC}"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"pl" = "9"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar\Switches]
"ua" = "0"

[HKCR\Wow6432Node\Interface\{9298FA8C-796B-4D80-B25B-E0A53E171248}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{6C1E4E02-8456-4F9B-AA3A-BFD24BBB61FC}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{ACA1E7C1-19EB-4C3C-9D2C-372E69C68975}]
"(Default)" = "ITemplateHTMLMenu"

[HKCR\Wow6432Node\Interface\{882D51EE-841A-4829-884A-E85844CDCEDA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@MyFunCards_5m.com/Plugin]
"Version" = "1.1.1.1"

[HKCR\Wow6432Node\CLSID\{f382a6a0-351f-4041-a7c2-ea76e85f5211}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.RadioSettings"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"SettingsDir" = "%Program Files% (x86)\MyFunCards_5m\bar\Settings\"

[HKCR\MyFunCards_5m.SettingsPlugin.1]
"(Default)" = ""

[HKCR\Wow6432Node\CLSID\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}]
"(Default)" = "MyFunCards"

[HKCR\Wow6432Node\Interface\{43E32FB4-D5E9-41A2-9DED-F0894FB21AD2}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{9b709b9f-98aa-4d90-9c86-19c1d774e5b4}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"PartnerPixelNotSet" = ""

[HKCR\Interface\{ACA1E7C1-19EB-4C3C-9D2C-372E69C68975}\TypeLib]
"Version" = "1.0"

[HKCR\MyFunCards_5m.ScriptButton\CLSID]
"(Default)" = "{63c79023-1301-4973-b78e-0727454c6a70}"

[HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@MyFunCards_5m.com/Plugin]
"Description" = "MyFunCards Plugin"

[HKCR\Interface\{659B31CC-E53F-4B04-A920-8F352E76D1D6}]
"(Default)" = "_ITemplateXMLSessionEvents"

[HKCU\Software\Classes\Wow6432Node\CLSID\{f4c28532-b9d0-4950-a2df-e83f9929242b}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{257bedb2-8226-42f8-b755-c66e2c32972c}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\T8HTML.DLL"

[HKCR\MyFunCards_5m.DynamicBarButton.1]
"(Default)" = "Bar Button Class"

[HKCR\Interface\{563028CC-55F3-4678-A37A-D9B10CFB2B19}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll"

[HKCR\MyFunCards_5m.XMLSessionPlugin\CLSID]
"(Default)" = "{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}"

[HKCR\Wow6432Node\CLSID\{614ba139-bd8d-4789-8a78-8f836622ec82}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\MyFunCards_5m.XMLSessionPlugin]
"(Default)" = ""

[HKCR\Wow6432Node\CLSID\{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}\ProgID]
"(Default)" = "MyFunCards_5m.FeedManager.1"

[HKCR\TypeLib\{86FEEFC4-D55F-493B-A117-B389891B814C}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\MyFunCards_5m.UrlAlertButton]
"(Default)" = ""

[HKCR\Wow6432Node\CLSID\{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Wow6432Node\Interface\{762C8E84-0015-4667-BD61-2D61B69FC59C}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{882D51EE-841A-4829-884A-E85844CDCEDA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\Interface\{2A8806D0-370A-452F-82C4-7B4CB0BBF176}\TypeLib]
"(Default)" = "{625BA528-A523-4978-9A9D-63424F6352EE}"

[HKCR\Wow6432Node\Interface\{563028CC-55F3-4678-A37A-D9B10CFB2B19}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MyFunCards_5m.MultipleButton.1\CLSID]
"(Default)" = "{6c7e7816-51aa-4e5c-b5a0-660ceaea08b1}"

[HKCR\Wow6432Node\Interface\{4E6538AC-A062-484E-9421-95B24C81126C}\TypeLib]
"Version" = "1.0"

[HKCR\MyFunCards_5m.DynamicBarButton]
"(Default)" = "Bar Button Class"

[HKCR\MyFunCards_5m.SkinLauncher\CurVer]
"(Default)" = "MyFunCards_5m.SkinLauncher.1"

[HKCR\Wow6432Node\CLSID\{257bedb2-8226-42f8-b755-c66e2c32972c}\TypeLib]
"(Default)" = "{585a666a-99b8-4f81-8f11-9a9b7eddc894}"

[HKCR\Wow6432Node\CLSID\{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Wow6432Node\CLSID\{0d5ce42b-8679-426d-b994-be1c7065b2a1}]
"(Default)" = "Skin Settings"

[HKCR\Wow6432Node\CLSID\{9b709b9f-98aa-4d90-9c86-19c1d774e5b4}\ProgID]
"(Default)" = "MyFunCards_5m.UrlAlertButton.1"

[HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@MyFunCards_5m.com/Plugin\MimeTypes\application/x-myfuncards_5mplugin]
"Description" = "MyFunCards Plugin"

[HKCR\Wow6432Node\Interface\{9669121C-D085-4E10-AD79-47DB0CC35122}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{03119103-0854-469D-807A-171568457991}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\TypeLib\{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\Interface\{57CFF878-D0A4-40F9-BB2C-4CDC7FF01194}]
"(Default)" = "ITemplateBarMenu"

[HKCR\Wow6432Node\CLSID\{40391699-5229-49fc-b7d3-922717c71827}]
"(Default)" = "DataCtrl Class"

[HKCR\Wow6432Node\CLSID\{da71fd14-5f7b-46ae-b8b1-44074a38f331}]
"(Default)" = "Toolbar BHO"

[HKCR\Wow6432Node\CLSID\{9b709b9f-98aa-4d90-9c86-19c1d774e5b4}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.UrlAlertButton"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"un" = "MyFunCards"

[HKCR\Wow6432Node\Interface\{9298FA8C-796B-4D80-B25B-E0A53E171248}\TypeLib]
"(Default)" = "{86FEEFC4-D55F-493B-A117-B389891B814C}"

[HKCR\Wow6432Node\CLSID\{476d2996-ce78-4a30-95f7-80dbb4c9d623}\TypeLib]
"(Default)" = "{6e444154-ef7c-46e9-bd43-f0f5c2b2518c}"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"Maximized" = "1"

[HKCR\Wow6432Node\Interface\{8D429109-8737-4A33-A22B-19219B68FBC7}]
"(Default)" = "POPUPMENU_INTERFACE"

[HKCR\Wow6432Node\Interface\{683C3964-BB3D-439C-916F-1B7ED01E797C}\TypeLib]
"(Default)" = "{6E444154-EF7C-46E9-BD43-F0F5C2B2518C}"

[HKCR\Wow6432Node\CLSID\{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.FeedManager"

[HKCR\Wow6432Node\CLSID\{f382a6a0-351f-4041-a7c2-ea76e85f5211}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mradio.dll"

[HKCR\Wow6432Node\Interface\{8D429109-8737-4A33-A22B-19219B68FBC7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{f382a6a0-351f-4041-a7c2-ea76e85f5211}\ProgID]
"(Default)" = "MyFunCards_5m.RadioSettings.1"

[HKCR\Wow6432Node\Interface\{CE5E4F93-C745-46F6-A04D-493021064EEA}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}]
"(Default)" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}]
"(Default)" = ""

[HKCR\Wow6432Node\CLSID\{04bdd2be-51e9-4031-a7a7-b882b3abea12}\ProgID]
"(Default)" = "MyFunCards_5m.DynamicBarButton.1"

[HKCR\Wow6432Node\CLSID\{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}\TypeLib]
"(Default)" = "{4da251c3-4f2c-4c69-9e3b-966bbfeed8c2}"

[HKCR\Interface\{563028CC-55F3-4678-A37A-D9B10CFB2B19}\TypeLib]
"(Default)" = "{78E0B4F6-1636-4008-9443-B00356D1B364}"

[HKCR\Wow6432Node\CLSID\{6c7e7816-51aa-4e5c-b5a0-660ceaea08b1}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mmlbtn.dll"

[HKCR\Interface\{CE5E4F93-C745-46F6-A04D-493021064EEA}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{35FB662A-B7FE-4040-8EA9-807A664415F7}\1.0]
"(Default)" = "RADIOLib"

[HKCR\Wow6432Node\CLSID\{40391699-5229-49fc-b7d3-922717c71827}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\Interface\{23119123-0854-469D-807A-171568457991}\TypeLib]
"(Default)" = "{03119103-0854-469D-807A-171568457991}"

[HKCR\Wow6432Node\CLSID\{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}\Version]
"(Default)" = "1.0"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"ID" = "67BBFFF9-5522-4DBA-99D0-57DB4DEB95BE"

[HKCR\MyFunCards_5m.FeedManager\CurVer]
"(Default)" = "MyFunCards_5m.FeedManager.1"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"tiec" = "208976"

[HKCR\TypeLib\{35FB662A-B7FE-4040-8EA9-807A664415F7}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{9298FA8C-796B-4D80-B25B-E0A53E171248}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{78E0B4F6-1636-4008-9443-B00356D1B364}\1.0]
"(Default)" = "Messenger 1.0 Type Library"

[HKCR\Wow6432Node\Interface\{67E9702B-2041-4BC5-BF82-0BC13E158C32}]
"(Default)" = "IHttpControlEvents"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c855d636-07b5-4dc3-82c7-a35242ea1d05}]
"AppName" = "5mmedint.exe"

[HKCR\MyFunCards_5m.SkinLauncher.1]
"(Default)" = ""

[HKCR\Interface\{FAB9093C-D694-4F3B-8053-809D28D00E43}]
"(Default)" = "ITemplateBarControl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0d5ce42b-8679-426d-b994-be1c7065b2a1}]
"AppPath" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\Wow6432Node\CLSID\{63c79023-1301-4973-b78e-0727454c6a70}]
"(Default)" = ""

[HKCR\Wow6432Node\Interface\{BE206AAC-8D83-4478-AAF6-BD3F045E79D8}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{F5C77008-03F5-459E-82DB-8C2D923B3CB2}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\626"

[HKCR\TypeLib\{6E444154-EF7C-46E9-BD43-F0F5C2B2518C}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{E63CC297-9FD8-4682-B0D3-280DF3A804A7}\TypeLib]
"Version" = "1.0"

[HKCR\MyFunCards_5m.PseudoTransparentPlugin]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\Interface\{FAB9093C-D694-4F3B-8053-809D28D00E43}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{563028CC-55F3-4678-A37A-D9B10CFB2B19}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{13119113-0854-469d-807A-171568457991}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5msknlcr.dll"

[HKCR\Wow6432Node\CLSID\{476d2996-ce78-4a30-95f7-80dbb4c9d623}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\Interface\{5FEB1D60-0B28-4445-A911-776D5DD5DA20}]
"(Default)" = "_ITemplateBarSettingsEvents"

[HKCR\MyFunCards_5m.HTMLPanel]
"(Default)" = "MyFunCards_5m HTML Panel"

[HKCR\Wow6432Node\Interface\{FAB9093C-D694-4F3B-8053-809D28D00E43}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\MyFunCards_5m.Radio\CLSID]
"(Default)" = "{432732f2-4ca1-4d00-be71-699550667c05}"

[HKCR\Wow6432Node\Interface\{4A7417BD-15A2-413F-84A8-69CAD55DE283}]
"(Default)" = "IRadioSettings"

[HKCR\Interface\{F16213F8-7E9B-41BE-AD99-C293B60FFCF8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{33119133-0854-469d-807A-171568457991}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash" = "D6 EB 6A 96 AB 9F 98 54 F3 00 5A 43 AA A0 37 2B"

[HKCR\Interface\{F16213F8-7E9B-41BE-AD99-C293B60FFCF8}]
"(Default)" = "ITemplateBarFeed"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall]
"HelpLink" = "http://search.mywebsearch.com/mywebsearch/default.jhtml"

[HKCR\MyFunCards_5m.Radio.1\CLSID]
"(Default)" = "{432732f2-4ca1-4d00-be71-699550667c05}"

[HKCR\MyFunCards_5m.SkinLauncher.1\CLSID]
"(Default)" = "{13119113-0854-469d-807A-171568457991}"

[HKCR\Wow6432Node\Interface\{563028CC-55F3-4678-A37A-D9B10CFB2B19}]
"(Default)" = "ITemplateXMLSession"

[HKCR\Interface\{683C3964-BB3D-439C-916F-1B7ED01E797C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{659B31CC-E53F-4B04-A920-8F352E76D1D6}\TypeLib]
"(Default)" = "{78E0B4F6-1636-4008-9443-B00356D1B364}"

[HKCR\Wow6432Node\CLSID\{33119133-0854-469d-807A-171568457991}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.SkinLauncherSettings"

[HKCR\TypeLib\{585A666A-99B8-4F81-8F11-9A9B7EDDC894}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\Interface\{BE206AAC-8D83-4478-AAF6-BD3F045E79D8}\TypeLib]
"(Default)" = "{6C1E4E02-8456-4F9B-AA3A-BFD24BBB61FC}"

[HKCR\Interface\{43E32FB4-D5E9-41A2-9DED-F0894FB21AD2}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\MyFunCards_5m.Radio.1]
"(Default)" = ""

[HKCR\Wow6432Node\CLSID\{8a5d512d-5ac0-44b1-9882-6252077bc607}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{C72DBC94-5EAC-4749-8B52-E19C46884749}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{8D429109-8737-4A33-A22B-19219B68FBC7}\TypeLib]
"(Default)" = "{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}"

[HKCR\Wow6432Node\CLSID\{0d5ce42b-8679-426d-b994-be1c7065b2a1}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall]
"URLInfoAbout" = "http://search.mywebsearch.com/mywebsearch/default.jhtml"

[HKCR\Wow6432Node\CLSID\{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}\Version]
"(Default)" = "1.0"

[HKCR\Wow6432Node\CLSID\{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{BC6E741E-667F-48D1-9AA9-D769E3C344EF}]
"(Default)" = "_It8HTMLPanelEvents"

[HKCR\MyFunCards_5m.FeedManager]
"(Default)" = ""

[HKCR\Wow6432Node\Interface\{E32C0B37-8074-4B1E-893D-E01E149E495C}]
"(Default)" = "PSEUDOTRANSPARENT_INTERFACE"

[HKCR\Wow6432Node\CLSID\{89f650c9-517c-490f-a99c-b835680836e4}]
"(Default)" = "Popup Menu Plugin"

[HKCR\MyFunCards_5m.XMLSessionPlugin.1\CLSID]
"(Default)" = "{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}"

[HKCR\Interface\{57CFF878-D0A4-40F9-BB2C-4CDC7FF01194}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{A36CB996-30A2-4FA7-AD3C-DDD003A80935}]
"(Default)" = "SKINWINDOW_INTERFACE"

[HKCR\Wow6432Node\CLSID\{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\MyFunCards_5m.SkinLauncherSettings\CurVer]
"(Default)" = "MyFunCards_5m.SkinLauncherSettings.1"

[HKCR\Interface\{4A7417BD-15A2-413F-84A8-69CAD55DE283}\TypeLib]
"(Default)" = "{35FB662A-B7FE-4040-8EA9-807A664415F7}"

[HKCR\Wow6432Node\CLSID\{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}]
"(Default)" = ""

[HKCR\Wow6432Node\Interface\{2A8806D0-370A-452F-82C4-7B4CB0BBF176}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{811D33FD-97D1-4DFC-BA40-33D7A845BAD2}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.HTMLMenu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCR\Wow6432Node\CLSID\{6c7e7816-51aa-4e5c-b5a0-660ceaea08b1}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.MultipleButton"

[HKCR\MyFunCards_5m.RadioSettings\CurVer]
"(Default)" = "MyFunCards_5m.RadioSettings.1"

[HKCR\Interface\{E32C0B37-8074-4B1E-893D-E01E149E495C}\TypeLib]
"(Default)" = "{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"PID" = "^ZU^fox000^YY^"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCR\Wow6432Node\CLSID\{432732f2-4ca1-4d00-be71-699550667c05}\ProgID]
"(Default)" = "MyFunCards_5m.Radio.1"

[HKCU\Software\Classes\Wow6432Node\CLSID\{f4c28532-b9d0-4950-a2df-e83f9929242b}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll"

[HKCR\Interface\{762C8E84-0015-4667-BD61-2D61B69FC59C}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}" = ""

[HKCR\Interface\{9669121C-D085-4E10-AD79-47DB0CC35122}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\Wow6432Node\CLSID\{6c7e7816-51aa-4e5c-b5a0-660ceaea08b1}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{78E0B4F6-1636-4008-9443-B00356D1B364}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"Build" = "139.49634"

[HKCR\Wow6432Node\CLSID\{6c7e7816-51aa-4e5c-b5a0-660ceaea08b1}]
"(Default)" = ""

[HKCR\Interface\{659B31CC-E53F-4B04-A920-8F352E76D1D6}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{614ba139-bd8d-4789-8a78-8f836622ec82}]
"(Default)" = "MyFunCards Third Party Installer"

[HKCR\Wow6432Node\CLSID\{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}]
"(Default)" = ""

[HKCR\MyFunCards_5m.FeedManager.1\CLSID]
"(Default)" = "{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}"

[HKCR\Interface\{E63CC297-9FD8-4682-B0D3-280DF3A804A7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{23119123-0854-469D-807A-171568457991}]
"(Default)" = "ISkinLauncherSettings"

[HKCR\MyFunCards_5m.DynamicBarButton.1\CLSID]
"(Default)" = "{04bdd2be-51e9-4031-a7a7-b882b3abea12}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{da71fd14-5f7b-46ae-b8b1-44074a38f331}]
"(Default)" = ""

[HKCR\Interface\{882D51EE-841A-4829-884A-E85844CDCEDA}\TypeLib]
"(Default)" = "{E1CB369C-4F24-4907-84E5-44F13A41354E}"

[HKCR\Interface\{23119123-0854-469D-807A-171568457991}\TypeLib]
"(Default)" = "{03119103-0854-469D-807A-171568457991}"

[HKCR\Interface\{CE5E4F93-C745-46F6-A04D-493021064EEA}\TypeLib]
"(Default)" = "{6C1E4E02-8456-4F9B-AA3A-BFD24BBB61FC}"

[HKCR\Interface\{563028CC-55F3-4678-A37A-D9B10CFB2B19}\TypeLib]
"Version" = "1.0"

[HKCR\MyFunCards_5m.HTMLPanel\CurVer]
"(Default)" = "MyFunCards_5m.HTMLPanel.1"

[HKCR\Wow6432Node\Interface\{43E32FB4-D5E9-41A2-9DED-F0894FB21AD2}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\Interface\{402BD884-83EA-4266-9629-B27893A0EF35}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{4E6538AC-A062-484E-9421-95B24C81126C}\TypeLib]
"Version" = "1.0"

[HKCR\MyFunCards_5m.RadioSettings.1\CLSID]
"(Default)" = "{f382a6a0-351f-4041-a7c2-ea76e85f5211}"

[HKCR\Interface\{762C8E84-0015-4667-BD61-2D61B69FC59C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DED6233B-191B-4A35-82F9-6F31D24DA871}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{4A7417BD-15A2-413F-84A8-69CAD55DE283}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}\MiscStatus]
"(Default)" = "0"

[HKCR\Wow6432Node\Interface\{F16213F8-7E9B-41BE-AD99-C293B60FFCF8}]
"(Default)" = "ITemplateBarFeed"

[HKCR\Wow6432Node\CLSID\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\MyFunCards_5m.MultipleButton]
"(Default)" = ""

[HKCR\MyFunCards_5m.HTMLMenu.1]
"(Default)" = "MyFunCards_5m HTML Menu"

[HKCR\Wow6432Node\Interface\{683C3964-BB3D-439C-916F-1B7ED01E797C}]
"(Default)" = "IDisableAddonRebuttal"

[HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"5mffxtbr@MyFunCards_5m.com" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\Wow6432Node\CLSID\{6c7e7816-51aa-4e5c-b5a0-660ceaea08b1}\ProgID]
"(Default)" = "MyFunCards_5m.MultipleButton.1"

[HKCR\TypeLib\{86FEEFC4-D55F-493B-A117-B389891B814C}\1.0]
"(Default)" = "TYPELIB_NAME"

[HKCR\Wow6432Node\CLSID\{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}\MiscStatus]
"(Default)" = "0"

[HKCR\Wow6432Node\CLSID\{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}]
"(Default)" = ""

[HKCR\TypeLib\{E1CB369C-4F24-4907-84E5-44F13A41354E}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\905"

[HKCR\Interface\{5C88B59B-FEDA-45CB-BE33-0D8209C825BD}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{683C3964-BB3D-439C-916F-1B7ED01E797C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{BE206AAC-8D83-4478-AAF6-BD3F045E79D8}]
"(Default)" = "_IDataCtrlEvents"

[HKCR\Wow6432Node\CLSID\{89f650c9-517c-490f-a99c-b835680836e4}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Wow6432Node\Interface\{4A7417BD-15A2-413F-84A8-69CAD55DE283}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{0d5ce42b-8679-426d-b994-be1c7065b2a1}\TypeLib]
"(Default)" = "{4da251c3-4f2c-4c69-9e3b-966bbfeed8c2}"

[HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@MyFunCards_5m.com/Plugin]
"vendor" = "MyFunCards_5m"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"dir" = "%Program Files% (x86)\MyFunCards_5m\bar\"

[HKCR\Interface\{762C8E84-0015-4667-BD61-2D61B69FC59C}]
"(Default)" = "ITemplateXMLElement"

[HKCR\Wow6432Node\CLSID\{614ba139-bd8d-4789-8a78-8f836622ec82}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mtpinst.dll"

[HKCR\Interface\{E63CC297-9FD8-4682-B0D3-280DF3A804A7}]
"(Default)" = "ITemplateBarButtonRect"

[HKCR\Wow6432Node\Interface\{57CFF878-D0A4-40F9-BB2C-4CDC7FF01194}\TypeLib]
"Version" = "1.0"

[HKCU\Software\AppDataLow\Software\MyFunCards_5m\Settings\SmileyCentralBtn]
"HTMLMenuPosDeleted" = "1"

[HKCR\MyFunCards_5m.FeedManager.1]
"(Default)" = ""

[HKCR\Interface\{67E9702B-2041-4BC5-BF82-0BC13E158C32}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{432732f2-4ca1-4d00-be71-699550667c05}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mradio.dll"

[HKCR\Interface\{BC6E741E-667F-48D1-9AA9-D769E3C344EF}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{A36CB996-30A2-4FA7-AD3C-DDD003A80935}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}\TypeLib]
"(Default)" = "{78e0b4f6-1636-4008-9443-b00356d1b364}"

[HKCR\Wow6432Node\CLSID\{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}\ProgID]
"(Default)" = "MyFunCards_5m.XMLSessionPlugin.1"

[HKCR\Wow6432Node\Interface\{5C88B59B-FEDA-45CB-BE33-0D8209C825BD}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]
"CrExtP5m.exe" = "0"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"Sequence" = "1"

[HKCR\Interface\{4A7417BD-15A2-413F-84A8-69CAD55DE283}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{C72DBC94-5EAC-4749-8B52-E19C46884749}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{F5C77008-03F5-459E-82DB-8C2D923B3CB2}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"hpwl" = ".mywebsearch.com,.google.com,.yahoo.com,.bing.com,.msn.com"

[HKCR\Interface\{8D429109-8737-4A33-A22B-19219B68FBC7}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{BE206AAC-8D83-4478-AAF6-BD3F045E79D8}]
"(Default)" = "_IDataCtrlEvents"

[HKCR\Wow6432Node\CLSID\{20f5e3ba-82e9-42b9-9a2b-2a38270d3498}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mmsg.dll"

[HKCR\Interface\{9298FA8C-796B-4D80-B25B-E0A53E171248}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}\TypeLib]
"(Default)" = "{f5c77008-03f5-459e-82db-8c2d923b3cb2}"

[HKCR\Wow6432Node\CLSID\{614ba139-bd8d-4789-8a78-8f836622ec82}\TypeLib]
"(Default)" = "{86feefc4-d55f-493b-a117-b389891b814c}"

[HKCR\MyFunCards_5m.HTMLPanel.1\CLSID]
"(Default)" = "{257bedb2-8226-42f8-b755-c66e2c32972c}"

[HKCR\Wow6432Node\Interface\{8D429109-8737-4A33-A22B-19219B68FBC7}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{89f650c9-517c-490f-a99c-b835680836e4}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mskin.dll"

[HKCU\Software\Classes\Wow6432Node\CLSID\{f4c28532-b9d0-4950-a2df-e83f9929242b}]
"(Default)" = ""

[HKCR\Wow6432Node\Interface\{659B31CC-E53F-4B04-A920-8F352E76D1D6}]
"(Default)" = "_ITemplateXMLSessionEvents"

[HKCR\Wow6432Node\Interface\{F16213F8-7E9B-41BE-AD99-C293B60FFCF8}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{FAB9093C-D694-4F3B-8053-809D28D00E43}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{63c79023-1301-4973-b78e-0727454c6a70}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.ScriptButton"

[HKCR\Wow6432Node\Interface\{402BD884-83EA-4266-9629-B27893A0EF35}]
"(Default)" = "It8HTMLPanel"

[HKCR\Wow6432Node\Interface\{2A8806D0-370A-452F-82C4-7B4CB0BBF176}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{762C8E84-0015-4667-BD61-2D61B69FC59C}\TypeLib]
"(Default)" = "{78E0B4F6-1636-4008-9443-B00356D1B364}"

[HKCR\Interface\{659B31CC-E53F-4B04-A920-8F352E76D1D6}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{5FEB1D60-0B28-4445-A911-776D5DD5DA20}]
"(Default)" = "_ITemplateBarSettingsEvents"

[HKCR\MyFunCards_5m.DynamicBarButton\CLSID]
"(Default)" = "{04bdd2be-51e9-4031-a7a7-b882b3abea12}"

[HKCR\Wow6432Node\Interface\{FAB9093C-D694-4F3B-8053-809D28D00E43}]
"(Default)" = "ITemplateBarControl"

[HKCR\Wow6432Node\CLSID\{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\Interface\{BC6E741E-667F-48D1-9AA9-D769E3C344EF}\TypeLib]
"(Default)" = "{585A666A-99B8-4F81-8F11-9A9B7EDDC894}"

[HKCR\Interface\{67E9702B-2041-4BC5-BF82-0BC13E158C32}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{4E6538AC-A062-484E-9421-95B24C81126C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{8D429109-8737-4A33-A22B-19219B68FBC7}\TypeLib]
"(Default)" = "{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}"

[HKCR\Wow6432Node\Interface\{5FEB1D60-0B28-4445-A911-776D5DD5DA20}\TypeLib]
"Version" = "1.0"

[HKCR\MyFunCards_5m.ThirdPartyInstaller\CurVer]
"(Default)" = "MyFunCards_5m.ThirdPartyInstaller.1"

[HKCR\MyFunCards_5m.HTMLPanel\CLSID]
"(Default)" = "{257bedb2-8226-42f8-b755-c66e2c32972c}"

[HKCR\Interface\{DED6233B-191B-4A35-82F9-6F31D24DA871}\TypeLib]
"(Default)" = "{86FEEFC4-D55F-493B-A117-B389891B814C}"

[HKCR\Wow6432Node\Interface\{882D51EE-841A-4829-884A-E85844CDCEDA}\TypeLib]
"(Default)" = "{E1CB369C-4F24-4907-84E5-44F13A41354E}"

[HKCR\Wow6432Node\CLSID\{40391699-5229-49fc-b7d3-922717c71827}\TypeLib]
"(Default)" = "{6c1e4e02-8456-4f9b-aa3a-bfd24bbb61fc}"

[HKCR\Wow6432Node\Interface\{5FEB1D60-0B28-4445-A911-776D5DD5DA20}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{614ba139-bd8d-4789-8a78-8f836622ec82}]
"(Default)" = ""

[HKCR\Wow6432Node\Interface\{BC6E741E-667F-48D1-9AA9-D769E3C344EF}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{C9983432-AF43-449E-A0A1-EF574A26FD5E}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\1604"

[HKCR\Wow6432Node\CLSID\{257bedb2-8226-42f8-b755-c66e2c32972c}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\TypeLib\{585A666A-99B8-4F81-8F11-9A9B7EDDC894}\1.0]
"(Default)" = "HTML 1.0 Type Library"

[HKCR\MyFunCards_5m.SettingsPlugin\CurVer]
"(Default)" = "MyFunCards_5m.SettingsPlugin.1"

[HKCR\Wow6432Node\CLSID\{40391699-5229-49fc-b7d3-922717c71827}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mdatact.dll"

[HKCR\MyFunCards_5m.SettingsPlugin\CLSID]
"(Default)" = "{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}"

[HKCR\MyFunCards_5m.ScriptButton]
"(Default)" = ""

[HKCR\MyFunCards_5m.PseudoTransparentPlugin\CurVer]
"(Default)" = "MyFunCards_5m.PseudoTransparentPlugin.1"

[HKCR\TypeLib\{6C1E4E02-8456-4F9B-AA3A-BFD24BBB61FC}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\MyFunCards_5m.UrlAlertButton\CurVer]
"(Default)" = "MyFunCards_5m.UrlAlertButton.1"

[HKCR\Wow6432Node\CLSID\{33119133-0854-469d-807A-171568457991}\ProgID]
"(Default)" = "MyFunCards_5m.SkinLauncherSettings.1"

[HKCR\Wow6432Node\CLSID\{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\Interface\{5C88B59B-FEDA-45CB-BE33-0D8209C825BD}]
"(Default)" = "ITemplatePopupMenu"

[HKCR\MyFunCards_5m.XMLSessionPlugin.1]
"(Default)" = ""

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFiles0000" = "%Program Files%\Internet Explorer\ieuser.exe"

[HKCR\TypeLib\{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\405"

[HKCR\TypeLib\{E1CB369C-4F24-4907-84E5-44F13A41354E}\1.0]
"(Default)" = "HttpControl 1.0 Type Library"

[HKCR\Interface\{402BD884-83EA-4266-9629-B27893A0EF35}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{CE5E4F93-C745-46F6-A04D-493021064EEA}]
"(Default)" = "IDataCtrl"

[HKCR\Wow6432Node\Interface\{402BD884-83EA-4266-9629-B27893A0EF35}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{9669121C-D085-4E10-AD79-47DB0CC35122}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{ACA1E7C1-19EB-4C3C-9D2C-372E69C68975}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5FEB1D60-0B28-4445-A911-776D5DD5DA20}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\Wow6432Node\Interface\{9298FA8C-796B-4D80-B25B-E0A53E171248}]
"(Default)" = "_IThirdPartyInstallerEvents"

[HKCR\MyFunCards_5m.SkinLauncher]
"(Default)" = ""

[HKCR\Interface\{BE206AAC-8D83-4478-AAF6-BD3F045E79D8}\TypeLib]
"Version" = "1.0"

[HKCR\MyFunCards_5m.HTMLMenu\CurVer]
"(Default)" = "MyFunCards_5m.HTMLMenu.1"

[HKCR\MyFunCards_5m.XMLSessionPlugin\CurVer]
"(Default)" = "MyFunCards_5m.XMLSessionPlugin.1"

[HKCR\Wow6432Node\CLSID\{614ba139-bd8d-4789-8a78-8f836622ec82}\Version]
"(Default)" = "1.0"

[HKCR\TypeLib\{585A666A-99B8-4F81-8F11-9A9B7EDDC894}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\1506"

[HKCR\Wow6432Node\CLSID\{fa385ed2-3b5e-463a-bfd7-8f3e87dfe481}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.SettingsPlugin"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{563028cc-55f3-4678-a37a-d9b10cfb2b19}]
"AppName" = "5mimpipe.exe"

[HKCR\TypeLib\{C9983432-AF43-449E-A0A1-EF574A26FD5E}\1.0]
"(Default)" = "TEMPLATEHTMLMenuLib"

[HKCR\Wow6432Node\CLSID\{04bdd2be-51e9-4031-a7a7-b882b3abea12}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{23119123-0854-469D-807A-171568457991}]
"(Default)" = "ISkinLauncherSettings"

[HKCR\Interface\{DED6233B-191B-4A35-82F9-6F31D24DA871}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{614ba139-bd8d-4789-8a78-8f836622ec82}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\MyFunCards_5m.UrlAlertButton\CLSID]
"(Default)" = "{9b709b9f-98aa-4d90-9c86-19c1d774e5b4}"

[HKCR\TypeLib\{6C1E4E02-8456-4F9B-AA3A-BFD24BBB61FC}\1.0]
"(Default)" = "DataCtrl 1.0 Type Library"

[HKCR\MyFunCards_5m.PseudoTransparentPlugin\CLSID]
"(Default)" = "{d94ab7b8-12ec-4f92-a0e4-cfa52bfc5271}"

[HKCR\Interface\{2A8806D0-370A-452F-82C4-7B4CB0BBF176}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{f382a6a0-351f-4041-a7c2-ea76e85f5211}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{8D429109-8737-4A33-A22B-19219B68FBC7}]
"(Default)" = "POPUPMENU_INTERFACE"

[HKCR\Interface\{4E6538AC-A062-484E-9421-95B24C81126C}\TypeLib]
"(Default)" = "{4DA251C3-4F2C-4C69-9E3B-966BBFEED8C2}"

[HKCR\MyFunCards_5m.SettingsPlugin]
"(Default)" = ""

[HKCR\Wow6432Node\CLSID\{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}\Version]
"(Default)" = "1.0"

[HKCR\Wow6432Node\CLSID\{13119113-0854-469d-807A-171568457991}\ProgID]
"(Default)" = "MyFunCards_5m.SkinLauncher.1"

[HKCR\Interface\{BC6E741E-667F-48D1-9AA9-D769E3C344EF}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{E63CC297-9FD8-4682-B0D3-280DF3A804A7}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{9669121C-D085-4E10-AD79-47DB0CC35122}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{6E444154-EF7C-46E9-BD43-F0F5C2B2518C}\1.0]
"(Default)" = "DialogHook 1.0 Type Library"

[HKCR\Wow6432Node\Interface\{5C88B59B-FEDA-45CB-BE33-0D8209C825BD}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{9298FA8C-796B-4D80-B25B-E0A53E171248}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{63c79023-1301-4973-b78e-0727454c6a70}\InprocServer32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\5mscript.dll"

[HKCR\MyFunCards_5m.UrlAlertButton.1]
"(Default)" = ""

[HKCR\Wow6432Node\CLSID\{811D33FD-97D1-4DFC-BA40-33D7A845BAD2}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{F5C77008-03F5-459E-82DB-8C2D923B3CB2}\1.0]
"(Default)" = "Toolbar 1.0 Type Library"

[HKCR\Wow6432Node\CLSID\{811D33FD-97D1-4DFC-BA40-33D7A845BAD2}\ProgID]
"(Default)" = "MyFunCards_5m.HTMLMenu.1"

[HKCR\TypeLib\{625BA528-A523-4978-9A9D-63424F6352EE}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\Wow6432Node\CLSID\{13119113-0854-469d-807A-171568457991}]
"(Default)" = ""

[HKCR\Interface\{FAB9093C-D694-4F3B-8053-809D28D00E43}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{683C3964-BB3D-439C-916F-1B7ED01E797C}\TypeLib]
"(Default)" = "{6E444154-EF7C-46E9-BD43-F0F5C2B2518C}"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"Owner" = "98 03 00 00 F8 A4 F3 C1 3D 29 D0 01"

[HKCR\MyFunCards_5m.ThirdPartyInstaller]
"(Default)" = "MyFunCards Third Party Installer"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"sr" = "0"

[HKCR\Interface\{2A8806D0-370A-452F-82C4-7B4CB0BBF176}]
"(Default)" = "ITemplateBarFeedManager"

[HKCR\MyFunCards_5m.ScriptButton\CurVer]
"(Default)" = "MyFunCards_5m.ScriptButton.1"

[HKCR\Wow6432Node\CLSID\{04bdd2be-51e9-4031-a7a7-b882b3abea12}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.DynamicBarButton"

[HKCR\Interface\{F16213F8-7E9B-41BE-AD99-C293B60FFCF8}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{f382a6a0-351f-4041-a7c2-ea76e85f5211}\TypeLib]
"(Default)" = "{35fb662a-b7fe-4040-8ea9-807a664415f7}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b03ecee6-cb2f-4338-84a7-1358ac61a918}]
"AppPath" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\TypeLib\{03119103-0854-469D-807A-171568457991}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TypeLib\{E1CB369C-4F24-4907-84E5-44F13A41354E}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\TypeLib\{6E444154-EF7C-46E9-BD43-F0F5C2B2518C}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin"

[HKCR\TypeLib\{E1CB369C-4F24-4907-84E5-44F13A41354E}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\CLSID\{aef4838b-193b-4392-a6b9-cd6d0b1e57b8}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b03ecee6-cb2f-4338-84a7-1358ac61a918}]
"AppName" = "5mSrchMn.exe"

[HKCR\Wow6432Node\Interface\{57CFF878-D0A4-40F9-BB2C-4CDC7FF01194}]
"(Default)" = "ITemplateBarMenu"

[HKCR\MyFunCards_5m.SkinLauncherSettings.1\CLSID]
"(Default)" = "{33119133-0854-469d-807A-171568457991}"

[HKCR\Wow6432Node\CLSID\{13119113-0854-469d-807A-171568457991}\VersionIndependentProgID]
"(Default)" = "MyFunCards_5m.SkinLauncher"

[HKCR\Wow6432Node\Interface\{E32C0B37-8074-4B1E-893D-E01E149E495C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{6C1E4E02-8456-4F9B-AA3A-BFD24BBB61FC}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\MyFunCards_5m\bar\1.bin\t8res.dll\1406"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0d5ce42b-8679-426d-b994-be1c7065b2a1}]
"AppName" = "5mSkPlay.exe"

[HKCR\Interface\{43E32FB4-D5E9-41A2-9DED-F0894FB21AD2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{E32C0B37-8074-4B1E-893D-E01E149E495C}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{E63CC297-9FD8-4682-B0D3-280DF3A804A7}\TypeLib]
"(Default)" = "{F5C77008-03F5-459E-82DB-8C2D923B3CB2}"

[HKCR\Wow6432Node\Interface\{402BD884-83EA-4266-9629-B27893A0EF35}\TypeLib]
"(Default)" = "{585A666A-99B8-4F81-8F11-9A9B7EDDC894}"

[HKCR\Wow6432Node\CLSID\{89f650c9-517c-490f-a99c-b835680836e4}\Version]
"(Default)" = "1.0"

[HKCR\Wow6432Node\Interface\{23119123-0854-469D-807A-171568457991}\TypeLib]
"Version" = "1.0"

To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MyFunCards_5m Browser Plugin Loader" = "C:\PROGRA~2\MYFUNC~1\bar\1.bin\5mbrmon.exe"

"MyFunCards Search Scope Monitor" = "C:\PROGRA~2\MYFUNC~1\bar\1.bin\5msrchmn.exe /m=2 /w /h"

The Worm deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c4b22c87-45ef-4f43-89f2-40db2078864e}]
[HKCU\Software\Microsoft\RestartManager\Session0000]

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"ConfigDateStamp"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"SessionHash"
"Owner"

[HKCU\Software\AppDataLow\Software\MyFunCards_5m\bar]
"ConfigDateStamp"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"un"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"Sequence"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFiles0000"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar]
"pid2"

The Worm disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MyFunCards Plugin"

"MyFunCards Search Scope Monitor"

The process %original file name%.exe:1052 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar\Switches]
"nodns" = "0"
"ffTabs" = "0"
"hpp" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\31ec1c24\PUPautoinsaller_v1.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\31ec1c24\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\6c88b866\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\6c88b866\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\0000041cT8SETUP.EXE,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^fox000^YY^&ptb=67BBFFF9-5522-4DBA-99D0-57DB4DEB95BE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar\Switches]
"ua" = "1"
"ps" = "1"

[HKCU\Software\AppDataLow\Software\MyFunCards_5m\bar]
"HomePage" = "http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^fox000^YY^&ptb=67BBFFF9-5522-4DBA-99D0-57DB4DEB95BE"

[HKLM\SOFTWARE\Wow6432Node\MyFunCards_5m\bar\Switches]
"5mSrcAs.dll" = "1"

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\AppDataLow\Software\MyFunCards_5m\bar]
"spd"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\AppDataLow\Software\MyFunCards_5m\bar]
"tiesd"

The process rundll32.exe:4088 makes changes in the system registry.
The Worm deletes the following value(s) in system registry:
The Worm disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"MyFunCards_5mbar Uninstall"

The process 5msrchmn.exe:1476 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\AppDataLow\Software\MyFunCards_5m\bar]
"sspd" = "1"

The Worm deletes the following value(s) in system registry:

[HKCU\Software\AppDataLow\Software\MyFunCards_5m\bar]
"AlertWaitLow"
"AlertWaitHigh"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: MyFunCards
Product Name: MyFunCards
Product Version: 2, 0, 4, 9
Legal Copyright: Copyright (c) 2009, 2010, 2011, 2012
Legal Trademarks:
Original Filename: 5mSetup.exe
Internal Name: 5mSetup
File Version: 2, 0, 4, 9
File Description: MyFunCards
Comments:
Language: English (United States)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://www174.myfuncards.com/installComplete.jhtml?partner=^ZU^fox000^YY^&sa=1
hxxp://www165.myfuncards.com/myfuncards/404
hxxp://www-google-analytics.l.google.com/ga.js
hxxp://pagead46.l.doubleclick.net/tag/js/gpt.js
hxxp://googleapis.l.google.com/css?family=Cabin:400,700
hxxp://a1255.g.akamai.net/images/mfc/v3/logo_holiday_winter.jpg
hxxp://a1255.g.akamai.net/images/anx/anemone-1.2.7.js
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/lovedating.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/holidays.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/talkingecards.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/birthday.gif
hxxp://a1961.g.akamai.net/one-toolbaredits/toolbar.js
hxxp://www-google-analytics.l.google.com/r/__utm.gif?utmwv=5.6.1&utms=1&utmn=1700066071&utmhn=ecards.myfuncards.com&utmcs=utf-8&utmsr=1916x902&utmvp=1916x805&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=MyFunCards | Free eCards, Online Greetings for Birthday, Holiday, and More&utmhid=996029916&utmr=-&utmp=/myfuncards/404&utmht=1420499857708&utmac=UA-2131601-8&utmcc=__utma=105832855.502900344.1420499858.1420499858.1420499858.1;+__utmz=105832855.1420499858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1310015415&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
hxxp://www165.myfuncards.com/myfuncards/css/localization-nav.css
hxxp://a1051.g.akamai.net/myfuncards/common/css/mfc-main-compressed-22e752128725a43c6cd089fd4d58165b.css
hxxp://a1051.g.akamai.net/myfuncards/common/js/mfc-main-compressed-41f86cde3a73a7e9ec6f3e1c797ac1c1.js
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/español.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/português.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/invitations.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/careconcern.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/specialoccasions.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/thankyou.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/everyday.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/friendship.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/humor.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/characters.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/printable.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/6267_FFMicon.png
hxxp://www180.myway.com/install_css.jhtml?v=3
hxxp://pagead-googlehosted.l.google.com/safeframe/1-0-1/html/container.html
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/photocards.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/sayityourway.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/coupons.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/icons/bodybuilder.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/tbinterstitial/splash_MFC.gif
hxxp://a1255.g.akamai.net/images/fwp/wf/v3/SendWall.gif
hxxp://a1255.g.akamai.net/images/fwp/wf/v3/PostWall.gif
hxxp://a1255.g.akamai.net/images/games/survey/survey-0.0.4.min.js
hxxp://www-google-analytics.l.google.com/js/plusone.js
hxxp://e9343.d.akamaiedge.net/js/pinit.js
hxxp://www165.myfuncards.com/myfuncards/js/survey.js
hxxp://fonts.gstatic.com/s/cabin/v7/haOjnueK8Or1ztuuRtr8dvesZW2xOQ-xsNqO47m55DA.woff	216.58.209.163
hxxp://fonts.gstatic.com/s/cabin/v7/JEgmtEDzc-IH8jBshQXrYA.woff	216.58.209.163
hxxp://a1255.g.akamai.net/images/mfc/v3/sprites/default/mfc_back_default.png
hxxp://a1255.g.akamai.net/images/mfc/v3/sprites/default/mfc_sprite_02_new.png
hxxp://a1255.g.akamai.net/images/mfc/v3/sprites/default/mfc_sprite_07.png
hxxp://a1255.g.akamai.net/images/fwp/unifiedreg/mfc/reg_blueblock4.gif
hxxp://a1255.g.akamai.net/images/mfc/v3/btn/btn_sprite_conf.png
hxxp://e3821.dspe1.akamaiedge.net/en_US/all.js
hxxp://a1255.g.akamai.net/images/mfc/v3/tbinterstitial/interstitial_modal_BG_MFC.png
hxxp://a1535.g.akamai.net/getsealSmall.gif
hxxp://partnerad.l.doubleclick.net/gpt/pubads_impl_55.js
hxxp://www165.myfuncards.com/myfuncards/anemone.jhtml?anxuu=CC242A81-B59F-4829-8E3B-37A9891B3113&anxa=ecards.myfuncards.com&anxv=-&anxd=-&anxsn=&anxu=http://ecards.myfuncards.com/myfuncards/404&anxl=en-US&anxlv=1420499858940&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&size=728x90&action=display&provider=doubleclick&campaign=iac.ms-mfncds.us.dw/ros&anxui=0&anxe=Ad&anxr=388521200
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?96a3c1ffd789ac03
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f0841517bea535c9
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5c4b17abe226cd20
hxxp://a1255.g.akamai.net/images/myfuncards/groupcards/ajax-loader2.gif
hxxp://partnerad.l.doubleclick.net/gampad/ads?gdfp_req=1&correlator=2399064406984438&output=json_html&callback=callbackProxy&impl=fifs&json_a=1&sfv=1-0-1&iu_parts=23219321,iac.ms-mfncds.us.dw,ros&enc_prev_ius=/0/1/2&prev_iu_szs=728x90&prev_scp=uid=0&g=0&lang=eng&byr=0&cookie_enabled=1&lmt=1420499861&dt=1420499861100&cc=100&frm=20&biw=1900&bih=805&oid=3&adks=3932932644&oe=utf-8&gut=v2&ifi=1&u_tz=120&u_his=1&u_java=true&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&flash=0&url=http://ecards.myfuncards.com/myfuncards/404&vrg=55&vrp=55&ga_vid=502900344.1420499858&ga_sid=1420499858&ga_hid=996029916&ga_fc=true
hxxp://a1255.g.akamai.net/connect/xd_arbiter/7r8gQb8MIqE.js?version=41
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?22b1aa835b8cc10a
hxxp://e9343.d.akamaiedge.net/js/pinit_main.js?PIN_16440
hxxp://star.c10r.facebook.com/plugins/like.php?app_id=21253083321&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f3d826301a90618&domain=ecards.myfuncards.com&origin=http%3A%2F%2Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.parent&href=http://www.facebook.com/MFCMyFunCards&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=true&width=450
hxxp://star.c10r.facebook.com/plugins/login_button.php?app_id=21253083321&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f1ef8d786059d54&domain=ecards.myfuncards.com&origin=http%3A%2F%2Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.parent&locale=en_US&scope=email,publish_stream,user_photos,friends_photos,user_birthday,friends_birthday,user_photo_video_tags,friends_photo_video_tags,publish_actions&sdk=joey
hxxp://star.c10r.facebook.com/plugins/login_button.php?app_id=21253083321&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f292747c2e8d0f4&domain=ecards.myfuncards.com&origin=http%3A%2F%2Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.parent&locale=en_US&scope=email,publish_stream,user_photos,friends_photos,user_birthday,friends_birthday,user_photo_video_tags,friends_photo_video_tags,publish_actions&sdk=joey
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fe3004105c73d944
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs=
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=
hxxp://e6845.ce.akamaiedge.net/crls/secureca.crl
hxxp://pagead46.l.doubleclick.net/pagead/osd.js
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys=
hxxp://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl	64.18.20.10
hxxp://tags.expo9.exponential.com/tags/MindSparkcomSocialNetworking/MyFunCards_ROW/tags.js	204.11.109.75
hxxp://a1255.g.akamai.net/images/mfc/flogin.png
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg==
hxxp://gs1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo=
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAJeRLXDSRa3
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAJeRLXDSRa3
hxxp://a1158.b.akamai.net/MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O
hxxp://log.pinterest.com/?guid=YXaRHxVgLz8h&type=pidget&sub=www&button_count=0&follow_count=0&pin_count=0&profile_count=0&board_count=0&via=http://ecards.myfuncards.com/myfuncards/404&callback=PIN_1420499861666.f.callback[0]	54.243.238.41
hxxp://a.tribalfusion.com/displayAd.js?dver=0.4&th=8608858615	204.11.109.67
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCp142CW+FCt
hxxp://a.tribalfusion.com/j.ad?flashVer=0&ver=1.27&th=8608858615&tagKey=1444796509&site=mindsparkcomsocialnetworking&adSpace=myfuncards_row&center=1&env=display&size=728x90&busted=1&url=http://ecards.myfuncards.com/myfuncards/404&f=1&p=19798795&a=1&adContainerId=richmedia_2&rnd=19792472	204.11.109.67
hxxp://www.public-trust.com/CRL/Omniroot2025.crl	64.18.20.10
hxxp://pagead46.l.doubleclick.net/pagead/show_ads.js
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAD9M+oC6dVe
hxxp://pagead46.l.doubleclick.net/pagead/js/r20141209/r20141212/show_ads_impl.js
hxxp://a.tribalfusion.com/p.media/armPwn4svU0bnZbU66n4mZb6PPBH3WBnXWYIptAm5PBQ5cr8UVQjVcBiSmYvUWFTWbr03rZauWTbxVEQdSTMZcScZbZbPrEpRd7kVcbP2FTrodiOXqPx3dbFQGMD2mUHpHEoUHFa0brkYFYfXaiMRUJZcWUU5VdY1mrbxPFMqYErm4qJj5E35oTMpdIPwb4/2713736/frame.html	204.11.109.67
hxxp://fonts.gstatic.com/pub-config/ca-pub-7193953402062813.js	216.58.209.163
hxxp://partnerad.l.doubleclick.net/pagead/html/r20141209/r20141212/zrt_lookup.html
hxxp://a.tribalfusion.com/p.media/atmPwnUV352r2rot6oXTey2WjBSVbC2mQZdmtENTdQ9XrncXbB91aIpSFUGUbB2VtM2mFBxQbbpYqYq3Tfl4TM3mTBCXbUhTtMWoA3ZdpGvwoHQB2EZbh3tun3AbGmUvKYVMU1cYV0VvxpT743bF5TF7ZbWPr4PTQQQsFtQtbv0WbnWAYN4sBk9vZcUO6/3812116/adTag.html	204.11.109.67
hxxp://a.tribalfusion.com/p.media/asmPwn1rjfWtBVnAQJnc7ooHME5qrl5tes3PbEnFbZaXVnRXV3V1GFOmqbU3bFUTUvEWPnTPajSQsUrStfN1HbtV6Yv3GBWYbZbZaVmXq2PUeP6FC3WZbr0WJZdpdAo4A3W4cvbVcUjWsMePP3oUWF4Wrj13UInVEYvVEBbQTnJRsZbLQUEqPH7WdcN3uN/3002246/adTag.html	204.11.109.67
hxxp://gs1.wac.v2cdn.net/PublicSureServerSV.crl
hxxp://partnerad.l.doubleclick.net/pagead/ads?client=ca-pub-7193953402062813&output=html&h=90&slotname=6139752978&adk=2422171851&w=728&ea=0&flash=0&url=http://ecards.myfuncards.com/myfuncards/404&dt=1420499863608&bpp=1&bdt=-M&shv=r20141209&cbv=r20141212&saldr=sa&correlator=5722304431075&frm=23&ga_vid=502900344.1420499858&ga_sid=1420499858&ga_hid=1968356280&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=586&ady=1025&biw=1900&bih=805&isw=728&ish=90&ifk=3086771918&eid=317150304&oid=3&rx=0&eae=2&fc=8&docm=10&brdim=586,1078,-4,-4,1916,,1924,866,728,90&vis=1&abl=NS&ppjl=u&srr=1&fu=4&bc=1&ifi=1&dtd=322
hxxp://stats-adotube-1680897254.us-east-1.elb.amazonaws.com/pixel/pixel.php?c=b14e5a30ab3ced9301530edd8fe7c2d0&t=ret&s_id=0&e=30&o=i
hxxp://a.tribalfusion.com/i.match?p=b3&u=ICWDsQ999995Yb+D	204.11.109.67
hxxp://a1294.w20.akamai.net/p?c1=8&c2=6035746&c3=2074&c15=&cv=2.0&cj=1
hxxp://a1363.g.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://a1363.g.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1363.g.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.g.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d6a89aa07ce54cc9
hxxp://hostedocsp.globalsign.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEFzDrDm2SpHbhZiig2++zY=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e6845.ce.akamaiedge.net/pca3.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl	88.221.132.175
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d6a89aa07ce54cc9	88.221.132.177
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=	93.184.220.29
hxxp://ak.ecards.myfuncards.com/myfuncards/common/css/mfc-main-compressed-22e752128725a43c6cd089fd4d58165b.css	88.221.132.193
hxxp://ak.imgfarm.com/images/mfc/v3/sprites/default/mfc_back_default.png	88.221.132.183
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=	23.43.139.27
hxxp://pagead2.googlesyndication.com/pagead/show_ads.js	173.194.44.153
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs=	93.184.220.29
hxxp://pubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=2399064406984438&output=json_html&callback=callbackProxy&impl=fifs&json_a=1&sfv=1-0-1&iu_parts=23219321,iac.ms-mfncds.us.dw,ros&enc_prev_ius=/0/1/2&prev_iu_szs=728x90&prev_scp=uid=0&g=0&lang=eng&byr=0&cookie_enabled=1&lmt=1420499861&dt=1420499861100&cc=100&frm=20&biw=1900&bih=805&oid=3&adks=3932932644&oe=utf-8&gut=v2&ifi=1&u_tz=120&u_his=1&u_java=true&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&flash=0&url=http://ecards.myfuncards.com/myfuncards/404&vrg=55&vrp=55&ga_vid=502900344.1420499858&ga_sid=1420499858&ga_hid=996029916&ga_fc=true	64.233.164.157
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl	88.221.132.175
hxxp://vassg141.ocsp.omniroot.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O	88.221.132.182
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCp142CW+FCt	173.194.44.136
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl	88.221.132.175
hxxp://www.facebook.com/plugins/login_button.php?app_id=21253083321&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f1ef8d786059d54&domain=ecards.myfuncards.com&origin=http%3A%2F%2Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.parent&locale=en_US&scope=email,publish_stream,user_photos,friends_photos,user_birthday,friends_birthday,user_photo_video_tags,friends_photo_video_tags,publish_actions&sdk=joey	31.13.93.3
hxxp://www.googletagservices.com/tag/js/gpt.js	173.194.44.153
hxxp://ak.imgfarm.com/images/mfc/v3/icons/specialoccasions.gif	88.221.132.183
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f0841517bea535c9	88.221.132.177
hxxp://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68=	108.162.232.197
hxxp://ak.imgfarm.com/images/mfc/v3/logo_holiday_winter.jpg	88.221.132.183
hxxp://crl.omniroot.com/PublicSureServerSV.crl	93.184.220.20
hxxp://ak.imgfarm.com/images/mfc/v3/icons/holidays.gif	88.221.132.183
hxxp://www.myfuncards.com/installComplete.jhtml?partner=^ZU^fox000^YY^&sa=1	74.113.233.125
hxxp://www.gstatic.com/pub-config/ca-pub-7193953402062813.js	216.58.209.163
hxxp://ak.imgfarm.com/images/mfc/v3/icons/printable.gif	88.221.132.183
hxxp://ak.imgfarm.com/images/mfc/v3/icons/humor.gif	88.221.132.183
hxxp://pagead2.googlesyndication.com/pagead/osd.js	173.194.44.153
hxxp://ak.imgfarm.com/images/myfuncards/groupcards/ajax-loader2.gif	88.221.132.183
hxxp://ak.imgfarm.com/images/mfc/flogin.png	88.221.132.183
hxxp://ecards.myfuncards.com/myfuncards/404	74.113.233.126
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=	23.43.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAJeRLXDSRa3	173.194.44.136
hxxp://ak.imgfarm.com/images/mfc/v3/icons/6267_FFMicon.png	88.221.132.183
hxxp://ak.imgfarm.com/images/mfc/v3/icons/português.gif	88.221.132.183
hxxp://crl.verisign.com/pca3.crl	23.43.133.163
hxxp://ak.toolbar.mywebsearch.com/one-toolbaredits/toolbar.js	88.221.132.185
hxxp://ak.imgfarm.com/images/anx/anemone-1.2.7.js	88.221.132.183
hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo=	93.184.220.20
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7193953402062813&output=html&h=90&slotname=6139752978&adk=2422171851&w=728&ea=0&flash=0&url=http://ecards.myfuncards.com/myfuncards/404&dt=1420499863608&bpp=1&bdt=-M&shv=r20141209&cbv=r20141212&saldr=sa&correlator=5722304431075&frm=23&ga_vid=502900344.1420499858&ga_sid=1420499858&ga_hid=1968356280&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=586&ady=1025&biw=1900&bih=805&isw=728&ish=90&ifk=3086771918&eid=317150304&oid=3&rx=0&eae=2&fc=8&docm=10&brdim=586,1078,-4,-4,1916,,1924,866,728,90&vis=1&abl=NS&ppjl=u&srr=1&fu=4&bc=1&ifi=1&dtd=322	216.58.209.162
hxxp://www.facebook.com/plugins/like.php?app_id=21253083321&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f3d826301a90618&domain=ecards.myfuncards.com&origin=http%3A%2F%2Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.parent&href=http://www.facebook.com/MFCMyFunCards&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=true&width=450	31.13.93.3
hxxp://ak.imgfarm.com/images/fwp/unifiedreg/mfc/reg_blueblock4.gif	88.221.132.183
hxxp://ak.imgfarm.com/images/mfc/v3/icons/sayityourway.gif	88.221.132.183
hxxp://b.scorecardresearch.com/p?c1=8&c2=6035746&c3=2074&c15=&cv=2.0&cj=1	88.221.132.244
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl	64.18.20.10
hxxp://connect.facebook.net/en_US/all.js	23.64.223.139
hxxp://ak.imgfarm.com/images/mfc/v3/icons/bodybuilder.gif	88.221.132.183
hxxp://www.facebook.com/plugins/login_button.php?app_id=21253083321&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f292747c2e8d0f4&domain=ecards.myfuncards.com&origin=http%3A%2F%2Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.parent&locale=en_US&scope=email,publish_stream,user_photos,friends_photos,user_birthday,friends_birthday,user_photo_video_tags,friends_photo_video_tags,publish_actions&sdk=joey	31.13.93.3
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys=	93.184.220.29
hxxp://ak.imgfarm.com/images/mfc/v3/btn/btn_sprite_conf.png	88.221.132.183
hxxp://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41	88.221.132.183
hxxp://ak.imgfarm.com/images/fwp/wf/v3/SendWall.gif	88.221.132.183
hxxp://ak.imgfarm.com/images/fwp/wf/v3/PostWall.gif	88.221.132.183
hxxp://ak.webfetti.com/getsealSmall.gif	88.221.132.190
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg==	23.43.139.27
hxxp://ak.imgfarm.com/images/mfc/v3/icons/invitations.gif	88.221.132.183
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=	23.43.139.27
hxxp://ak.imgfarm.com/images/mfc/v3/icons/thankyou.gif	88.221.132.183
hxxp://apis.google.com/js/plusone.js	216.58.209.160
hxxp://crl.geotrust.com/crls/secureca.crl	23.43.133.163
hxxp://www.google-analytics.com/r/__utm.gif?utmwv=5.6.1&utms=1&utmn=1700066071&utmhn=ecards.myfuncards.com&utmcs=utf-8&utmsr=1916x902&utmvp=1916x805&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=MyFunCards | Free eCards, Online Greetings for Birthday, Holiday, and More&utmhid=996029916&utmr=-&utmp=/myfuncards/404&utmht=1420499857708&utmac=UA-2131601-8&utmcc=__utma=105832855.502900344.1420499858.1420499858.1420499858.1;+__utmz=105832855.1420499858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1310015415&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~	216.58.209.160
hxxp://ak.imgfarm.com/images/mfc/v3/icons/characters.gif	88.221.132.183
hxxp://stats.adotube.com/pixel/pixel.php?c=b14e5a30ab3ced9301530edd8fe7c2d0&t=ret&s_id=0&e=30&o=i	75.101.163.230
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fe3004105c73d944	88.221.132.177
hxxp://ak.ecards.myfuncards.com/myfuncards/common/js/mfc-main-compressed-41f86cde3a73a7e9ec6f3e1c797ac1c1.js	88.221.132.193
hxxp://ak.imgfarm.com/images/mfc/v3/icons/coupons.gif	88.221.132.183
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl	88.221.132.175
hxxp://ecards.myfuncards.com/myfuncards/css/localization-nav.css	74.113.233.126
hxxp://partner.googleadservices.com/gpt/pubads_impl_55.js	216.58.209.162
hxxp://assets.pinterest.com/js/pinit.js	23.65.117.124
hxxp://ak.imgfarm.com/images/mfc/v3/sprites/default/mfc_sprite_02_new.png	88.221.132.183
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=	23.43.139.27
hxxp://ak.imgfarm.com/images/mfc/v3/icons/birthday.gif	88.221.132.183
hxxp://pagead2.googlesyndication.com/pagead/js/r20141209/r20141212/show_ads_impl.js	173.194.44.153
hxxp://ak.imgfarm.com/images/mfc/v3/icons/lovedating.gif	88.221.132.183
hxxp://ecards.myfuncards.com/myfuncards/js/survey.js	74.113.233.126
hxxp://ak.imgfarm.com/images/mfc/v3/sprites/default/mfc_sprite_07.png	88.221.132.183
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5c4b17abe226cd20	88.221.132.177
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?96a3c1ffd789ac03	88.221.132.177
hxxp://ak.imgfarm.com/images/mfc/v3/icons/friendship.gif	88.221.132.183
hxxp://www.google-analytics.com/ga.js	216.58.209.160
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?22b1aa835b8cc10a	88.221.132.177
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEFzDrDm2SpHbhZiig2++zY=	23.43.139.27
hxxp://ak.imgfarm.com/images/mfc/v3/icons/careconcern.gif	88.221.132.183
hxxp://ak.imgfarm.com/images/mfc/v3/icons/photocards.gif	88.221.132.183
hxxp://assets.pinterest.com/js/pinit_main.js?PIN_16440	23.65.117.124
hxxp://tpc.googlesyndication.com/safeframe/1-0-1/html/container.html	216.58.209.161
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=	23.43.139.27
hxxp://ak.imgfarm.com/images/games/survey/survey-0.0.4.min.js	88.221.132.183
hxxp://download.myfuncards.com/install_css.jhtml?v=3	74.113.233.180
hxxp://fonts.googleapis.com/css?family=Cabin:400,700	173.194.71.95
hxxp://ak.imgfarm.com/images/mfc/v3/icons/talkingecards.gif	88.221.132.183
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAD9M+oC6dVe	173.194.44.136
hxxp://ak.imgfarm.com/images/mfc/v3/icons/everyday.gif	88.221.132.183
hxxp://ak.imgfarm.com/images/mfc/v3/tbinterstitial/splash_MFC.gif	88.221.132.183
hxxp://ak.imgfarm.com/images/mfc/v3/tbinterstitial/interstitial_modal_BG_MFC.png	88.221.132.183
hxxp://ak.imgfarm.com/images/mfc/v3/icons/español.gif	88.221.132.183
hxxp://googleads.g.doubleclick.net/pagead/html/r20141209/r20141212/zrt_lookup.html	216.58.209.162
hxxp://ecards.myfuncards.com/myfuncards/anemone.jhtml?anxuu=CC242A81-B59F-4829-8E3B-37A9891B3113&anxa=ecards.myfuncards.com&anxv=-&anxd=-&anxsn=&anxu=http://ecards.myfuncards.com/myfuncards/404&anxl=en-US&anxlv=1420499858940&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&size=728x90&action=display&provider=doubleclick&campaign=iac.ms-mfncds.us.dw/ros&anxui=0&anxe=Ad&anxr=388521200	74.113.233.126
accounts.google.com	216.58.209.173
fbstatic-a.akamaihd.net	88.221.132.169
oauth.googleusercontent.com	216.58.209.161
s-static.ak.facebook.com	23.64.210.110
ssl.gstatic.com	173.194.44.151
tags.bluekai.com	173.192.220.64
platform.twitter.com	199.96.57.6
ieonline.microsoft.com	204.79.197.200

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum

Traffic

GET /p.media/atmPwnUV352r2rot6oXTey2WjBSVbC2mQZdmtENTdQ9XrncXbB91aIpSFUGUbB2VtM2mFBxQbbpYqYq3Tfl4TM3mTBCXbUhTtMWoA3ZdpGvwoHQB2EZbh3tun3AbGmUvKYVMU1cYV0VvxpT743bF5TF7ZbWPr4PTQQQsFtQtbv0WbnWAYN4sBk9vZcUO6/3812116/adTag.html HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: a.tribalfusion.com

DNT: 1

Connection: Keep-Alive

Cookie: ANON_ID=awnsAGyOZbS4CJTyBqKeKkVHBb5GHTTZdOuv5Ea2aVGQDWUmSSf0OEUPE6yyKZdPYOMZbuihvUAW1cbt8h9GZbpgq

HTTP/1.1 200 OK

P3P: CP="NOI DEVo TAIa OUR BUS"

X-Function: 102

X-Reuse-Index: 1

Pragma: no-cache

Cache-Control: private, no-cache, no-store, proxy-revalidate

Content-Type: text/html

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Length: 215

Expires: 0

Connection: keep-alive
..........][email protected]..%.8...Q.L%X3 .[If...%!y..|....\....>.!..6/
.\m.C.`...k.".4.......6..f.......0\L.R.m.n{..d.....$K.8.....z#.#...x..
...-}.....w../..u.[.Y'/8...ja......Gk.g|5S...=R0...<@)x.J. ...4Ud..
F....y.....HTTP/1.1 200 OK..P3P: CP="NOI DEVo TAIa OUR BUS"..X-Functio
n: 102..X-Reuse-Index: 1..Pragma: no-cache..Cache-Control: private, no
-cache, no-store, proxy-revalidate..Content-Type: text/html..Content-E
ncoding: gzip..Vary: Accept-Encoding..Content-Length: 215..Expires: 0.
.Connection: keep-alive............][email protected]..%.8...Q.L%X3 .[If...
%!y..|....\....>.!..6/.\m.C.`...k.".4.......6..f.......0\L.R.m.n{..
d.....$K.8.....z#.#...x.....-}.....w../..u.[.Y'/8...ja......Gk.g|5S...
=R0...<@)x.J. ...4Ud..F....y.......

GET /tags/MindSparkcomSocialNetworking/MyFunCards_ROW/tags.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: tags.expo9.exponential.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: CP="NOI DEVo TAIa OUR BUS"

X-Function: 151

X-Reuse-Index: 1

Date: Mon, 05 Jan 2015 23:17:42 GMT

Last-Modified: Fri, 21 Nov 2014 17:25:27 GMT

ETag: 11821595807896387871

Expires: Tue, 06 Jan 2015 00:17:42 GMT

Cache-Control: max-age=3600, private

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Length: 13570

Connection: keep-alive
...........}.w.........@.{ .Vd9........m.l...;...Z.,.2.KR~4...a.......
...".....`0.........<>[email protected].....$]dy
../_..q.g../.U........1F...~al...MV..!._df|.....).h...X.y...*e...".A..
...9...t.\..,W.n.!..`..!-...../..:]..yS...f{......=.S..i......u.......
zU.0 ^.^..q....1..>;.?.....>{l..qU...f.:n..*........A...d(*....Y
W9........t`Y..(.......U....P..|L....D....?(g..X.2..^.......P.xY...N..
......j.N..v.q... ....$E......c...y^.......>c......i^.....Y..;;CU@.
...#.s.g..*.....!z6.<...`.4.../.5T..h..'5..(.o\z$.........=a...$B.F
!<.y.i....u...AT^E....aG..Aq.\s6MW#VVE..%...y.n........N......&S.w{
,..I1...s...U.[..*.R..0p...I_zC#.(t.Vp...z....%l.i...S>V.).j<_W.
..5.!v..S..t#.....3(o...}". X.lMh.k...$?.x>!..d.7Q@..)t .....)nr.o*
g7.>O/.y..Oc..7.].iux........i...X......2...5.2......I.JEe0..f..../
Y.'.."......./u.:.r...o."...l..u3....U$.4.t...2.....dc...-.1 ......i\q
..$.|:...%..^[email protected]..(#........E........!..00..? oM.,..4\V...
.m.h..P.........h.|..tO.....&..r.M.........J...G..*>O...i...m..&..%
..g..&..f...."....W.y..J..W....l^.F.E.....dP^..}...x..!#..B......C-.0.
,.7.Dl.8....&........y....._*]...a.H1.. ..z...#.G..d. ..d.h.....,..Z..
}$....n......5.X.6...q...Q..,........U.. .Cgp{.J.O.T>Z.W.7...F.U._.
...S..F.4.S.....]..j..s'.E...L.x...h.V.....k..'@..T.....*..7..].;.....
@.8...d.$..p.$....... >....OE..u.v]X. .Tc.....q...:..n.S0.....i...!
......\..&/......U..Y.....Q......U\..*......ioZ.5...I.jG2...Y..DX...c.
.4.#.U>1nm..\8 .a-.......><mU.[L..B.=....Z^..*T..e.kw!]..
<<< skipped >>>

GET /CRL/Omniroot2025.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: cdp1.public-trust.com

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)

Last-Modified: Thu, 01 Jan 2015 06:15:02 GMT

ETag: "2015b-6ca-50b91250442c0"

Accept-Ranges: bytes

Content-Type: application/x-pkcs7-crl

Connection: Keep-Alive

Date: Mon, 05 Jan 2015 23:19:25 GMT

Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..141203203331Z..15033
1203831Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H.................^..>....]K.................7......~./?...lG.
<<< skipped >>>

GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/ocsp-response

Date: Mon, 05 Jan 2015 23:17:42 GMT

Last-Modified: Thu, 01 Jan 2015 09:08:42 GMT

Server: ECS (ams/D1C4)

X-Cache: HIT

Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..2015010
1064605Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M..
..'.j....20141203203331Z....20150331203831Z0...*.H.............\.y_Uq.
...G..!..Y...f.g.x.......Wc..W^"4..........%...R.,[email protected]..
.d....8......RL[..(..I.I`...7.cz%].dS.|.........l........hS.H*`..Z..|Y
gAc..$.....M0..d'3.4O.b.I.}'_N....t.."h..aa.}..T..qH.k...T...f.B.hVG|,
.7...p..wp5.G.k....-en.u.td`n....A.........0...0...0...........'..0...
*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTrust1"0
 ..U....Baltimore CyberTrust Root0...140122184236Z..150122184140Z0G1.0
...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Validation-20110.
."0...*.H.............0.........?....(Fb....G... ..=..(L..wK...04..I..
....C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8..........h8GM
..*.4.MP..../[email protected]....
$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g..j.\.>
;.O....G.A........0..0... .....0......0...U.......0.0...U...........0.
..U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U......`;.l.uZ
..k.F..^|A.Tb0...*.H.............. .p.)...09W..Z.......]....}.:..Vr...
..c..U..:V^.O.....<...b*5.c.\.fF./....5'.>./ iS..R0..)..*.!..q.h
.T..ul.}&.......`.1".~.U....rB.BR.s..x..o..Y.......).4:.[.9.=....x...'
.f..\ [email protected]:J!.hRH..!z2DtL.s2.r.....Yi~..E..AzO..i.."N.$j...
b...o..i."{(3....
<<< skipped >>>

GET /images/mfc/v3/icons/lovedating.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 30 Sep 2008 13:46:53 GMT

ETag: "95bca8-113-4581d375d4d40"

Accept-Ranges: bytes

Content-Length: 275

Cache-Control: max-age=147611985

Expires: Fri, 28 Sep 2018 13:46:53 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
GIF89a ...............~...................................u...........
.......................................!.......,.... ...... $.di.h..l.
[email protected] .@:..a.......``.*T.n...p.KT q<.h\..b8?..S..H
..".>G.`[email protected]@R).bO_,..I. ...~-.b.1..U.7...?...8.4d........(!.
;....


GET /images/mfc/v3/icons/español.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 07 Jun 2010 21:58:26 GMT

ETag: "60de99-18e-48877c5b06480"

Accept-Ranges: bytes

Content-Length: 398

Cache-Control: max-age=200777479

Expires: Thu, 04 Jun 2020 21:58:26 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
GIF89a..........q./.....r..c...q.0r.0........S...q./.....s|.A.........
......}.B...........r|.A.....s..b..b........S.........................
.................................................................!....
...,[email protected],..H.$QH:[email protected].,$$...(.$0...!.,..i....
..j. ...B......k..{..C......Sw.........!........................k..B..
...j...C..S....T.....d........k....B.........A.;HTTP/1.1 200 OK..Serve
r: Apache..Last-Modified: Mon, 07 Jun 2010 21:58:26 GMT..ETag: "60de99
-18e-48877c5b06480"..Accept-Ranges: bytes..Content-Length: 398..Cache-
Control: max-age=200777479..Expires: Thu, 04 Jun 2020 21:58:26 GMT..Co
ntent-Type: image/gif..Date: Mon, 05 Jan 2015 23:17:38 GMT..Connection
: keep-alive..GIF89a..........q./.....r..c...q.0r.0........S...q./....
.s|.A...............}.B...........r|.A.....s..b..b........S...........
......................................................................
.........!.......,[email protected],..H.$QH:[email protected].,$$...(.$
0...!.,..i......j. ...B......k..{..C......Sw.........!................
........k..B.....j...C..S....T.....d........k....B.........A.;HTTP/1.1
 200 OK..Server: Apache..Last-Modified: Mon, 07 Jun 2010 21:58:26 GMT.
.ETag: "60de99-18e-48877c5b06480"..Accept-Ranges: bytes..Content-Lengt
h: 398..Cache-Control: max-age=200777479..Expires: Thu, 04 Jun 2020 21
:58:26 GMT..Content-Type: image/gif..Date: Mon, 05 Jan 2015 23:17:38 G
MT..Connection: keep-alive..GIF89a..........q./.....r..c...q.0r.0.....
...S...q./.....s|.A...............}.B...........r|.A.....s..b..b..
<<< skipped >>>

GET /images/mfc/v3/icons/everyday.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 14 Aug 2009 19:35:46 GMT

ETag: "60de9b-22a-4711f289ac880"

Accept-Ranges: bytes

Content-Length: 554

Cache-Control: max-age=175108118

Expires: Mon, 12 Aug 2019 19:35:46 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
GIF89a.....?......k.....................J....lDe.j....................
..g{.K......z..]....p..............xUs...Y.........<^....w.E.......
..Lk......d......e~ p.:......Po.~.Q......]w"........................!.
....?.,.............p8.E"..QIl:....7B..X..u(4...7...0.C..H..M...b0 .K.
...c,.8u..8..z.=& .'Y...$.u.:.0(z;9**..Y5...0...#./ ..(.*..}X5.3...%1.
$$,%<-.3..O..3....$.*....Y. ....).).....X.4.S'2I.rJ%...46I....>.
.x`E..'.....A@......'.^>.F$h. ....I*.t.PI...Vt.H..:}& .8!..?z...00.
..G.([email protected]...,F6......W)d...F.mY.Xh!....e[.(!.L......KW...'".
..%..;HTTP/1.1 200 OK..Server: Apache..Last-Modified: Fri, 14 Aug 2009
 19:35:46 GMT..ETag: "60de9b-22a-4711f289ac880"..Accept-Ranges: bytes.
.Content-Length: 554..Cache-Control: max-age=175108118..Expires: Mon, 
12 Aug 2019 19:35:46 GMT..Content-Type: image/gif..Date: Mon, 05 Jan 2
015 23:17:38 GMT..Connection: keep-alive..GIF89a.....?......k.........
............J....lDe.j......................g{.K......z..]....p.......
.......xUs...Y.........<^....w.E.........Lk......d......e~ p.:.....
.Po.~.Q......]w"........................!.....?.,.............p8.E"..Q
Il:....7B..X..u(4...7...0.C..H..M...b0 .K....c,.8u..8..z.=& .'Y...$.u.
:.0(z;9**..Y5...0...#./ ..(.*..}X5.3...%1.$$,%<-.3..O..3....$.*....
Y. ....).).....X.4.S'2I.rJ%...46I....>..x`E..'.....A@......'.^>.
F$h. ....I*.t.PI...Vt.H..:}& .8!..?z...00...G.([email protected]...,F6...
...W)d...F.mY.Xh!....e[.(!.L......KW...'"...%..;....
<<< skipped >>>

GET /images/mfc/v3/icons/photocards.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 18 Aug 2009 15:37:35 GMT

ETag: "8b388b-1fb-4716c4c28edc0"

Accept-Ranges: bytes

Content-Length: 507

Cache-Control: max-age=175439427

Expires: Fri, 16 Aug 2019 15:37:35 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
GIF89a.....?..................m..<......^z%i.5......Ur.t.D...a})..a
..d......y.J........q..}Sq.l.8..\..3f.1.....{.........\x#..o........-.
.~Xv.}.O[x"...Pn...W..).._o.=..t..c..hd.....Nm............._{'......!.
....?.,.............pH,....r.l.N..g.s&/.V.....!....8b..d...8....r%.$.c
.Z.Hd.. 2.-G<..dz....;/,=.#7..'.....>...7>....>>.....&&
gt;....%.>.29.&1..., ..(..04.....8.<.*3.7..0">.6w... ......!.
..F....>...(5.d=....X,.U..=.2..{W$^...(..A....... ...C.'(. .A...w.4
.v.E.ExTT.0c..~*[email protected]!0......P."...;....


GET /images/fwp/wf/v3/SendWall.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 11 Feb 2009 15:31:14 GMT

ETag: "16ff73-4a6-462a64b48d480"

Accept-Ranges: bytes

Content-Length: 1190

Cache-Control: max-age=159257380

Expires: Sat, 09 Feb 2019 15:31:14 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
GIF89a.. ............................................*n..W............
.....................yyy...............!.......,...... ......edi.h..l.
.p,..8....|....pH,...$.2...:.tJ.Z...v..z..0UG I<..z.n..h..C.....~..
......z.r.............................................................
...............................................I................H.....
...`..?.E *.H.b.......O... .2.7....(M.n$.1...0c..I....(Gz.9`%..>x..
J..Q..k...1....t..J..Q.J..h..C..`w...S.I.1..Dk.,..g.....&V...h]..lX.&.
.| x.U.0.".)x1...}.....W....]......?....1......|Z5...U{.]x&...r...w.o.
?....a....5.'.<.....3..\`u...7..}.......n..q.O.....7.....Wo>:...
.g........x.y....u...`.n...^o.M..|.-h u.b'...b._..~.a..~.....W..,....0
..@.......,...-..A.?..c.B.i$.E.Yd.I.i..N..#.C....XJ.d.\..b.........#.&
lt;r9...U...lf...lN.e.H:...tN...`v.....j..>......p...2*...Vj...f...
.......z....jj..r.........vZf.>.j.........:.... ..;..PA......6....F
 ...V -.z.Y.,.......~.....k....{..........n.?.................n...A...
'....R....G,...Wl...g....wL....,..$.l..(....,....0..r.4.l..8.........@
.-..D.m..H'...L.....X ..TWm..Xg...\w...`.....y...h....l....p.-..t.mw.d
/.A.............n...'.....^A..a.A..Wn...g~...,...P(!.#...n..C.....0...
.......n............;HTTP/1.1 200 OK..Server: Apache..Last-Modified: W
ed, 11 Feb 2009 15:31:14 GMT..ETag: "16ff73-4a6-462a64b48d480"..Accept
-Ranges: bytes..Content-Length: 1190..Cache-Control: max-age=159257380
..Expires: Sat, 09 Feb 2019 15:31:14 GMT..Content-Type: image/gif..Dat
e: Mon, 05 Jan 2015 23:17:38 GMT..Connection: keep-alive..GIF89a..
<<< skipped >>>

GET /images/mfc/v3/btn/btn_sprite_conf.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 03 Nov 2010 19:59:03 GMT

ETag: "1e4eed-340-4942b791ebb48"

Accept-Ranges: bytes

Content-Length: 832

Cache-Control: max-age=184465599

Expires: Sat, 31 Oct 2020 19:59:03 GMT

Content-Type: image/png

Date: Mon, 05 Jan 2015 23:17:40 GMT

Connection: keep-alive
[email protected].{....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx...?k.q....._s.%...1X..J$....8X.n..p,.}..89:....".P.$..j@*
.(...%........u...'..`...y..]..:...[.......r=.nmm.q.4T1.4...t......q..
T.......O.T..b...,HK6.....^...k)....6...3'...F......*....Y..m.....X...
.l#rl1.......!.....@<............ ..x..J.`[email protected]........*{'
...u]....*... O.E..Qv..\z,..m...z.cY...... ..x...@<.......@<....
....3LB '...n$......-...*sy/=...`P...0.{C5....-K.....Qk}e.9gu:........
[email protected].\.9...c....x.j......x.=.*..u.]'.c).q..
(..%w...c_..?x.R^J9....E.Z.6..`4....(!..l#?^....?n..Mh.'].s..x...@<
......x..... ..x..Z.l[.F.A.,[email protected].....*....P(.J%...,e......
...........x............@<.....x,..P..Ka.S..1..].].)G.!K...BR..3...
...=...D|s....1R.,%....[.T..*..$.k...y..l.&$.i....m..P.........M...L..
..IEND.B`.....


GET /images/mfc/v3/tbinterstitial/interstitial_modal_BG_MFC.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 23 Mar 2012 15:46:37 GMT

ETag: "78f64e-7647-4bbeaee0e7c94"

Accept-Ranges: bytes

Content-Length: 30279

Cache-Control: max-age=228168853

Expires: Mon, 21 Mar 2022 15:46:37 GMT

Content-Type: image/png

Date: Mon, 05 Jan 2015 23:17:40 GMT

Connection: keep-alive
.PNG........IHDR.....................sRGB.........gAMA......a...u.IDAT
x^....%U...v....3.0.0...@.$. .....>...................0.U......T...
..&.&.......{n.....S.....{o...S..So..=MVzk*q...(.K_.......a.@...... ..
..j..^{.@...:W<....}.....u..v......{w....].w.!. .G..A. ...@.......%
.j...pnoo..wvvF..'O..={v.>!.....Eq-a.D.......3.{zz.....6M.>=zU..
.>.v.#F>.@...... ..1A...%......[.l..k[[[.o..._.[.;.n.. ..$..}...
.[.6.:.y...O..g..f............M^H.^."{` *....... [email protected].@SS.>n ...
...n..^]\.wuuI\.O.0...r........Kl.y........sN..l.5kV...4{......z../..E
v..&...J`..,r..a=&/!....@...... P....Ht.&.............Z..=<.\ .M.2.
7)..\`........[..%..2.....[..V?.B......n..........q...... ...@`..HZ...
./..2._..?....u....{<m.^.x.k...3f.5-\.....-.......y.v.?A....3.Kh..w
...... ..d....vB...... ....K`@.[B..o.g..k..=~.......t{.n...nZ.`....'..
..^....O..B..3vx...s.D...D.........."=. [email protected]'P.fG"..............
..]....u.O....#{$..N?..N?(..v.k.l.8......{....M.5.w..HhGn#...~..>.@
...... ..z....Z...GVlY........c.w..S...n:...'O.:..M....S...L..S\T.....
.....F. ...@...... ...=.......5....v.!.-..t...N..$r......U.{..<....
E.]...g>............ [email protected]>....._.....o.=...?.:z.[.w....r.
..Lt....t...D&{.....7..M./..b..~..&. ...@......  ....Wz.3.8C ...w.}...
.^.G\OG.....[..oS$..;\d.0g..io~..!...@...... ....!....Mgf.....[.C...;Z
.Qo$.}.......?...... ...@......*...1..v...g..Z.!...........lE.......P.
@...... [email protected].*]..KA6...B..k....G. ...@...... ....(..'.VJw}..
.~#MZ.&^..Y..%.....P&I ...@...... 0..h...{..Q-w..l-(....j.,.>./
<<< skipped >>>

GET /images/myfuncards/groupcards/ajax-loader2.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 17 Jul 2008 12:49:57 GMT

ETag: "25e0d6-c88-45237ada82740"

Accept-Ranges: bytes

Content-Length: 3208

Cache-Control: max-age=141190100

Expires: Sun, 15 Jul 2018 12:49:57 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:41 GMT

Connection: keep-alive
GIF89a . ....>??...`ee...jqq|........UXXMPPfll...............!..NET
SCAPE2.0.....!..Created with ajaxload.info.!.......,.... . ......Iia..
..bK.$.F...R.A.T.,..2S.*05//.m.p!z...0...;$.0C....I*!.HC([email protected]...!39T5.
\.8)....`....d..wxG=Y..g...wHb..v.A=.0.V\.\.;........;...H.........0..
t%.Hs..rY<H...........b..Z.b.OEg:...GY]..=.A.OQ.s....\b.h.9.=sg...c
..e....*....f.7D..!.......,.... . ......IiY....YF5..F...R...Tb.G.J....
.L..d...&.Ymx........ \...@........ ....1..&R....H..4.1Q..|V..%.z.v...
#j0....l.Gg{0~..<.<..[.[.h.x..G...y.........[.0....G.....P.z...h
.....kz..i....y....h|z.h.G...V.........\h..[.........&. ..W.7.8...!..!
.......,.... . ......I)1....1G5d].(..R...T2..jL.{..< .[.5.M....0..)
... L...I...m..E..`....p..U....^f.%..^.......u.;..zz.}0.X....S0.ew.y.k
<..%..O.......z..{....|......%......F.i.1..0.......Y.....8.x.....z.
.@....<................8..Y<.......8...\.P.$...!......!.......,.
... . ......I.....g.EU... ..R.a.TB.......p>'...e..$.."...\.#E1C.n..
....~...J.,..,Aa.....Uw^4.I%P....u.Q.33.{0..i1T.G.gw.y}%..%'R.........
...=...........3..G.%..p..0.....JRo.5...0I..myk...x...T._}.(....^..yK.
.s.....>i_.%...n.=.....q.4e.-M..D..!.......,.... . ......I)*...')E.
d]......PR.A..:!..zr....bw..%6."G.(d$["...J...Fh....a..Q.P.`p%.../BFP\
cU...?T.t.W/p..G&OtD.a_.s.y.lD'M......q..tc.........b..2..D...M...:...
.....d..%.......4%s)....u...E3.....YU....t......D.$.JiM.<.Y.;......
d<. O..tX.<q' .B....!.......,.... . ......IiR...."J% ......EQZ..
.....Ld...-Y....h..k.Q.|...5.u...4Y.I........N.bW....u..5....r....
<<< skipped >>>

GET /images/mfc/flogin.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 01 Jun 2012 16:47:08 GMT

ETag: "918838-2e3-4c16bef59246f"

Accept-Ranges: bytes

Content-Length: 739

Cache-Control: max-age=239586651

Expires: Mon, 30 May 2022 16:47:08 GMT

Content-Type: image/png

Date: Mon, 05 Jan 2015 23:17:42 GMT

Connection: keep-alive
.PNG........IHDR...F...........}$....sRGB.........gAMA......a.....pHYs
..........o.d...xIDATXG...R.A..}.. ...Q.;..jr...&..o..@..\r....<...
..r..[[email protected].
.*p.M$..H....'_............W..<.#..#=J..E.......A..0..M.M....S;jq..
.H...i.HK..."H....6.....E.......k.uz5...i...RaFro9..P..g.c.._....3....
h.).[$..`......9._..D.S......[..v@.....".6{.Ud.n...u....H.d....(Rl....
............&..s.x u..-.a.j..........f..H.[.&.).).R....{Y.).b...d.t$'.
i ..-.E.t."l.!....!.v".)"..U....)R$i.E...:.mZ..A........E......2.j.!.F
;....9.R7.4... ..0"JyH..E...H...s...A.\.H.L.C...W....r...Cb..{H>."i
.]-.$..hY.t_.k....:}..im...A:n]..)-........#z...x:EJ.....d..Bv....1..J
J).I..Hq=<. H[..rxD.&.?.3...v..04.......IEND.B`.HTTP/1.1 200 OK..Se
rver: Apache..Last-Modified: Fri, 01 Jun 2012 16:47:08 GMT..ETag: "918
838-2e3-4c16bef59246f"..Accept-Ranges: bytes..Content-Length: 739..Cac
he-Control: max-age=239586651..Expires: Mon, 30 May 2022 16:47:08 GMT.
.Content-Type: image/png..Date: Mon, 05 Jan 2015 23:17:42 GMT..Connect
ion: keep-alive...PNG........IHDR...F...........}$....sRGB.........gAM
A......a.....pHYs..........o.d...xIDATXG...R.A..}.. ...Q.;..jr...&..o.
.@..\r....<.....r..[[email protected].
.....7..8....w.5..*p.M$..H....'_............W..<.#..#=J..E.......A.
.0..M.M....S;jq...H...i.HK..."H....6.....E.......k.uz5...i...RaFro9..P
..g.c.._....3....h.).[$..`......9._..D.S......[..v@.....".6{.Ud.n...u.
...H.d....(Rl................&..s.x u..-.a.j..........f..H.[.&.).)
<<< skipped >>>

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1363

content-transfer-encoding: binary

Cache-Control: max-age=399283, public, no-transform, must-revalidate

Last-Modified: Sat, 3 Jan 2015 14:08:53 GMT

Expires: Sat, 10 Jan 2015 14:08:53 GMT

Date: Mon, 05 Jan 2015 23:17:42 GMT

Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015010
3140853Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150103140853Z....20150110140853Z0...*.H............
..Y..lK......q..nR......qY-.H..lq.s.T......6..'~.qV...S.9T.1...i.A..3L
.....Y...........=.&..q2I.)[email protected]'lC..?..E....
..w "2.......R....0S.h...%....H...Ov.f....\q.g..g.."&.}C.L.......;._..
..`..s.:.`.V............Nk..I}OK.......{89..L.{....0...0..}0..e.......
.:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....Ge
oTrust Global CA0...141201130534Z..151216130534Z02100...U...'GeoTrust 
Global CA TGV OCSP Responder 30.."0...*.H.............0............\.h
pc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.....x.
.YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x........
......6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'....o...
A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.............0..0.
..U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0
...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-2830...*.
H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk$a...n
R9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(7...=.
.w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v.....\
.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%....
<<< skipped >>>

GET /js/plusone.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: apis.google.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=utf-8

X-UA-Compatible: IE=edge, chrome=1

Timing-Allow-Origin: *

ETag: "26d5badbf5832b70c0fe6e8e01083e3b"

Expires: Mon, 05 Jan 2015 23:17:39 GMT

Date: Mon, 05 Jan 2015 23:17:39 GMT

Cache-Control: private, max-age=1800

Content-Encoding: gzip

Transfer-Encoding: chunked

Set-Cookie: NID=67=rV_uSoATq14CAm4DXzWrFNsFlfmwtlz1qENHISRBlGImgCVLKMtZMMgv5iYjc4lhw25lv_jHUhgTPR_OD3knm4ItYerJwx9OTVQL6Lni8T-N39DOaN5WdHoBy6YqFFzO;Domain=.google.com;Path=/;Expires=Tue, 07-Jul-2015 23:17:39 GMT;HttpOnly

P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 1; mode=block

Server: GSE

Alternate-Protocol: 80:quic,p=0.02
3282.............}iw.......DM..Wd;...._ [email protected]....
...qM.a..=Wq!......e...K{5=...]J....K...}.G.e...8.!....4..qjZ7..NJ/J.q
.}....x4..Q.._.W.K......8..qp>[email protected]^.Pz..M.7(...<......F.=....
}iJ.[7Y..g.....I.....^.g..$J...8..1D.t..sC.HFWQ`..H].a>4D..Y4Id....
..q.H4N(=..S.GH.d...9J..0y.D..C\..(..c..y.^R...xC....3.De.w.g..r.QR.5z
8..yf............$...<#.cZX.!.hE.u./3$'.8......=c.E}CL...j....\c.TZ
Ls.. ?......D?.S...&.MQr.4.g.o..K..=:.h.....FW.....)vK/.9..C....t@@~..
.*~K..h|..=z.... x..............,.. ....Q....1...=?r..>8...:...?.
1...&9~?....r..W. ...%..zu..:/z....'d6....\...M.7.........,.g8/(.. ...
..c.z......$.".a.M.....W.Z..o,[email protected]?..h.......TV8.on/.E/u..$..j.
.......iu^.L#..^D.t....J:.e1.7<fz.$.a..J_6....g......5 .3.D.. .e..x
*..fV.XYX4......K.zg.-.[[email protected];..w{....H..<.3..s...u...4.!}
...{4.....u...,>.<i..|....\|\.Jz.....h......w1.....1F.'i...0.#.,
......j~.e...=/*@....V[k..!~.....O.....~..{.......dHw..y .Q...kp...I.s
.(7(r.)wv>..G..k.1.s..[eQt.M...V....... `.e.&....%.. ..,...cs,.....
b.r...e4,..H7.....0.O.,.f.C......LL..s..]O.r.U.m..6...5.#t.XzG..{... .
......Z...;.a_........<....h....4.L.H...\...lf....{...a..a...Z..[.C
.H.@>G..W..0;...{..~,...........g...}. ...}.O.`.....vbI.0..:eYyv}.$
.....`[email protected][email protected]%.4..['.3..............Sm.Db......
...1..p..U....k.K.o.fsO.?q..F..S.#.q.......s._T;.......U..C.....B.H(#\
..Kt...^...o.&...".a..fh.7..CK....U. ..~..o.N.-..b..O...*..x\...8.b..w
.t.|......y.........;..=(...3MAY._!.w.P...a.H.$.).I..|7..$.....4.^
<<< skipped >>>

GET /images/mfc/v3/icons/birthday.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 14 Aug 2009 19:32:04 GMT

ETag: "60de8f-222-4711f1b5f5500"

Accept-Ranges: bytes

Content-Length: 546

Cache-Control: max-age=175107897

Expires: Mon, 12 Aug 2019 19:32:04 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
GIF89a.....?.........n.........q..........N{.%........................
...k.#...{........t..........N.........w.:........d.....,.........i.2.
..k....o...h..}.Kn. g.#..|...............r..q. .........u........!....
.?.,.............pH,..Ha.!<t..f2y....G."...._g...0]/.S~|.B.......I.
7............"su?>....(4....('.>j..>.....:.!...G>......!..
.<'..u.. ..... ...u.=...=...=........(.j5....(.^..7..........3.3...
!.....=.,[email protected] .A...NL.0.....|..P"..#&<........|.h`.A...J(H..
...,@...#[email protected]%..2X.....U.1@p.!C.....1!.a...h..x1B...W..
.K.G..;....


GET /images/mfc/v3/icons/invitations.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 05 Dec 2013 14:15:51 GMT

ETag: "9aba8c-54e-4ecca2ab808e4"

Accept-Ranges: bytes

Content-Length: 1358

Cache-Control: max-age=311082524

Expires: Sun, 03 Dec 2023 14:15:51 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
GIF89a........................tg.9..............cu.O............Ws....
.......................................!..XMP DataXMP<?xpacket begi
n="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adob
e:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:
56:27        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22
-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http:
//ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/"
 xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:Crea
torTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:4E
B951B5451E11E3AD3C9C297785D9F2" xmpMM:DocumentID="xmp.did:4EB951B6451E
11E3AD3C9C297785D9F2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.
iid:4EB951B3451E11E3AD3C9C297785D9F2" stRef:documentID="xmp.did:4EB951
B4451E11E3AD3C9C297785D9F2"/> </rdf:Description> </rdf:RDF
> </x:xmpmeta> <?xpacket end="r"?>.....................
......................................................................
.......................................~}|{zyxwvutsrqponmlkjihgfedcba`
_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! 
.................................!.......,........@...$.di.R.=C.......
@[email protected],....R.|<[email protected]..&.V.H 1tn.....
r....~Df......$i.E.N..S.N...S*...N.}y..B...W.x[y[..|.....v.. .\.......
.....Q.3...EI.L...!.;....
<<< skipped >>>

GET /images/mfc/v3/icons/characters.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 14 Aug 2009 17:41:19 GMT

ETag: "60de96-121-4711d8f4cadc0"

Accept-Ranges: bytes

Content-Length: 289

Cache-Control: max-age=175101251

Expires: Mon, 12 Aug 2019 17:41:19 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
GIF89a.......~........................................................
......u................................!.......,............%..eZ.i.l[
..P5.....T|.L&..d.. A..h. m...`xP,...`Q....0`$0....<n...aa.n...K.A.
...y,..M....M.7.F...Mb.$}F..#.n[...=.=x..<[...<..d<..........
".......#.....#...!.;....


GET /images/mfc/v3/icons/coupons.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 05 May 2009 14:55:36 GMT

ETag: "60de98-89-4692b78adaa00"

Accept-Ranges: bytes

Content-Length: 137

Cache-Control: max-age=166364908

Expires: Fri, 03 May 2019 14:55:36 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
GIF89a ........r.....D...!.......,.... .....Z......O.`F............\A.
.....z.p<.z.........i. *.HX..l.zR..U.(...5..E.$....P....}.....}P..;
....


GET /images/fwp/wf/v3/PostWall.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 11 Feb 2009 15:30:56 GMT

ETag: "16ff6c-468-462a64a362c00"

Accept-Ranges: bytes

Content-Length: 1128

Cache-Control: max-age=159257362

Expires: Sat, 09 Feb 2019 15:30:56 GMT

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
GIF89a.. .......................%i..W....4w.>......................
........................yyy...............!.......,...... ......edi.h.
.l..p,..8....|....pH,...$.......tJ.Z...v..z..0U. Q<..z.n....|N....6
.....................|................................................
...................................................................H..
....*\.p ....&iH......y...... C~......(=..\[email protected]
y.'M./..].....>u.......0....@*..:..<)SCH.M.zT.....X.r......w=(..
s*]..4....0.... F\W....!/.Lyq......9..a.&...<.q..w..~..q`...;.L.v..
.}$.}.ga..#........A...........[......~-..z.... ...8......-..{...L.@.~
}...$.._.....W....H...&h....".........&(...N(...v.!....!~..h........V.
a...X!.1.....j...<.(_.#.x.......&.X............S..c.Xf)`.. ..._zp..
d...v.....l....`j...t.i'.\....F.t..." g...:[email protected]*.....(.z.9..
.v.g|.x.....Z...H5.O.......*....j.............. .....k.......6.....**.
.Vk...."....v..... ....k........j..... ....k..........o... ....l...j..
..7....G,...Wl...g.q..2... .,..$.l..(....,.Lr..x0..4.l..8....<....@
.-t...@@..l...L7...PG-..TWm..Xg........Z.-..d.m6..`@[email protected]...."
....|...........n...'..."...;HTTP/1.1 200 OK..Server: Apache..Last-Mod
ified: Wed, 11 Feb 2009 15:30:56 GMT..ETag: "16ff6c-468-462a64a362c00"
..Accept-Ranges: bytes..Content-Length: 1128..Cache-Control: max-age=1
59257362..Expires: Sat, 09 Feb 2019 15:30:56 GMT..Content-Type: image/
gif..Date: Mon, 05 Jan 2015 23:17:38 GMT..Connection: keep-alive..GIF8
9a.. .......................%i..W....4w.>......................
<<< skipped >>>

GET /images/mfc/v3/sprites/default/mfc_sprite_07.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 20 Nov 2013 19:09:29 GMT

ETag: "b6c4a8-163e9-4eba0853615fb"

Accept-Ranges: bytes

Content-Length: 91113

Cache-Control: max-age=309865675

Expires: Sat, 18 Nov 2023 19:09:29 GMT

Content-Type: image/png

Date: Mon, 05 Jan 2015 23:17:40 GMT

Connection: keep-alive
.PNG........IHDR.............>V.c....pHYs................OiCCPPhoto
shop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE......
.....Q,......!.........{.k........>...........H3Q5...B..........@..
$p....d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F.
...&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWf
H.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(
.I. [email protected]..._-...."[email protected]~..,/..
.;..m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<
;......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,
..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..
?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=
p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2
....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,.
.c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b2
1.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!
.[[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i.
.t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....
J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.
._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....)
.)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....
Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected].
.....<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2....
<<< skipped >>>

GET /s/cabin/v7/haOjnueK8Or1ztuuRtr8dvesZW2xOQ-xsNqO47m55DA.woff HTTP/1.1

Accept: */*

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Origin: hXXp://ecards.myfuncards.com

Accept-Encoding: gzip, deflate

Host: fonts.gstatic.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Type: font/woff

Last-Modified: Thu, 28 Aug 2014 18:25:38 GMT

Date: Wed, 17 Dec 2014 10:00:56 GMT

Expires: Thu, 17 Dec 2015 10:00:56 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 1689403

Alternate-Protocol: 80:quic,p=0.02

Transfer-Encoding: chunked
8000..wOFF.......T................................GPOS..........1.V..;
GSUB................OS/2...$...V...`l. .cmap...|...x....m...cvt ......
.,...,....fpgm... .......s.Y.7gasp...$............glyf...0..[.... . !z
hdmx..mH...2..".....head..}|...5...6....hhea..}........$.8.qhmtx..}...
.....H...Mkern......N.........loca..............[.maxp...D... ... ....
name...d.......x.D7.post...,...b....l.*.prep...........pzkNYx.$..l.Q..
....l..m..m;.....x..-.....4.........}'..E..1.....3..,4.......h...&....
[...L|..d.9N....2yT...T.UO.P....D.Q....I......S...YC..6.m....o.TN.g...
9..q..m.E.iOz..q.._.U.... _.'X.....?...N........x........U.. ..2...A@.
&5.p.e....!..)E......A^*R.|....iAK....T.3=.L_...b4..dP.i.u.eP.5..>.
....}4.<.h.%.....-..._.r|.*.s...i...c..E]..q.P.V..v8)s.U..MiY.Ghw}.
?H....!.f.e.....7..\...H.l. ...}..O.o.o..%w...X.}1.....3......P.,.../.
../...&3.ki..;.s...._4...Bi..^.....v.........r....}X..r.. ........$.&g
t;.......[x.....f~Eki...W..3...X..J..F.....}.....0..s....~..{...D.....
.X...S........<...p/.V.R.....Jf.=l.D...<..N]%k..v...ei.H.6...o.^
w...G....]....y2...N..$}0.I.K.......O.O..4.E.U)w.. .~..%\.J..........6
.Kv...h.........W. .e5...rz......2~7.{h=....I..$.!.U.......I.nKh...Y.L
f........#......q.G...uo......K.yY..P.PkP5I*...O&.X.s...Q.(A..F.l.E...
wB.B.........P.p..m.tA7-..m.d>....r:.\G...{.|N.5..d...B.0.%..{...D)
C...|......J%C%G.H.La5}.W(.#.m....._..~y...Oq..M..__.[A_...j.....RnI=4
.I.I.KV.....6.;..Jn...i.>..O..}.o).$..n..EJ.QzC./j.Q.r.7.X.U.....e2
.....[.N..< ..1.?..]Y.Y.Yu.l.{........3..|.g..v.U....8.........
<<< skipped >>>

GET /plugins/login_button.php?app_id=21253083321&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f1ef8d786059d54&domain=ecards.myfuncards.com&origin=http%3A%2F%2Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.parent&locale=en_US&scope=email,publish_stream,user_photos,friends_photos,user_birthday,friends_birthday,user_photo_video_tags,friends_photo_video_tags,publish_actions&sdk=joey HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.facebook.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 302 Found

Location: hXXps://VVV.facebook.com/plugins/login_button.php?app_id=21253083321&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f1ef8d786059d54&domain=ecards.myfuncards.com&origin=http%3A%2F%2Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.parent&locale=en_US&scope=email,publish_stream,user_photos,friends_photos,user_birthday,friends_birthday,user_photo_video_tags,friends_photo_video_tags,publish_actions&sdk=joey

X-Content-Type-Options: nosniff

X-UA-Compatible: IE=edge

Content-Type: text/html; charset=utf-8

X-FB-Debug: PcF/TI5BhPGvXSMuU5j2SUsOnxycpAeSvi32pGLiYfWAvX4Iq6bFRvsllVWzvee9hHUbBp/Y/hBhvrZR0ExxQw==

Date: Mon, 05 Jan 2015 23:17:42 GMT

Connection: keep-alive

Content-Length: 0
HTTP/1.1 302 Found..Location: hXXps://VVV.facebook.com/plugins/login_b
utton.php?app_id=21253083321&channel=http://static.ak.facebook.c
om/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f1ef8
d786059d54&domain=ecards.myfuncards.com&origin=http%3A%2F%
252Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.pare
nt&locale=en_US&scope=email,publish_stream,user_photos,friends_p
hotos,user_birthday,friends_birthday,user_photo_video_tags,fri
ends_photo_video_tags,publish_actions&sdk=joey..X-Content-Type-Optio
ns: nosniff..X-UA-Compatible: IE=edge..Content-Type: text/html; charse
t=utf-8..X-FB-Debug: PcF/TI5BhPGvXSMuU5j2SUsOnxycpAeSvi32pGLiYfWAvX4Iq
6bFRvsllVWzvee9hHUbBp/Y/hBhvrZR0ExxQw==..Date: Mon, 05 Jan 2015 23:17:
42 GMT..Connection: keep-alive..Content-Length: 0..
<<< skipped >>>

GET /PublicSureServerSV.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=864000

Content-Type: application/x-pkcs7-crl

Date: Mon, 05 Jan 2015 23:17:44 GMT

Etag: "2b0044-466d7-b5df8540"

Expires: Thu, 15 Jan 2015 23:17:44 GMT

Last-Modified: Mon, 05 Jan 2015 21:52:45 GMT

Server: ECS (ams/49B3)

X-Cache: HIT

Content-Length: 288471
0..f.0..e....0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150105213347Z..150115213347Z0..e.0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>

GET /gpt/pubads_impl_55.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: partner.googleadservices.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Wed, 03 Dec 2014 11:00:33 GMT

Date: Wed, 17 Dec 2014 09:53:07 GMT

Expires: Thu, 17 Dec 2015 09:53:07 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33367

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 1689874

Alternate-Protocol: 80:quic,p=0.02
......n.....y_...8.?..t.P)..M.6......6[.i...g....l$.%...9....,'.......
fF.....;...l0Im...g.#v.....e....}...Y.y=.D..-..K..o|.d./}.....n.O.M...
....q8.|?p......A..x.b..,.w.h...by.2...Yh3.......i6.M...lr2..i........
...l~......=.Uk.o.b..*.XX.|.....!5Gq......y... .#k.....A.....N.lvw..A.
q........-Q....... 9......dT.......*z...Z..<......x..}..`......X]..
.K...m)..*...dQ.N.<...LT. .K.Vy.fu......Kv]Wn..%.kGb......NUy.h.8.[
>...u-Y.} .M.y._........G.....~3.p ........z.o...?..P...FM>...l.
..01..`g...z<X.....;.~6..<..If.......y.#.|:z.q.q....>a{j=7 @,
.....Zj...A2.C.Y...2.G.\...R...%.[..;_.W.y........L..l......8T).....p.
.....;[email protected],..f|..'a6........k..../....
..5..c?l.....9[ENf.N':..~..O'....?.=L.A...m3.k',....g.7?W..ri|...).p..
L6.g....sR..!K...u..]u....W..ta]r?..........rFe......T5..........cgM.M
...`..].0..k.X..(A.. ..K.R.q..^..m.....=..jp..9k)...u8.g.1.[4.1.......
sv....V.....,.g..&ue.4e.t.c*>k,......,..fe...\U.0...........5..V.8.
..x...V-..R:...Y].. .s,.. ...S...._.'.u..R.................A....Y. ..n
..f....9.>....Z.;......~.Zx....>o.?.~...\.]..6....R....r... ....
....{.^......wa5.t.0.z.\[email protected]|4.......e@u5%....>..'~p..xQ
%j.%.s...T8.}.....#J...t..V.j.....R.6.. ....=g...y..I6..B....!.Y&.....
q....[.7.M.%.8.A.....Q.L...|4...n..v...[?Y.....y.........U4!.s...fa...
...f..[..3.-O$.f:m..6Db.H|.....TX...>>..\5.au.#s...,...3..C]7...
.......5..<...!w`./8l,:..u~..=t..c...=&...c...=f.8...>..^...2...
.....d.S2.,.!......./....hK.N.'-.pK......g.N..~..........B.f5tX.G.
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAJeRLXDSRa3 HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Fri, 02 Jan 2015 14:40:04 GMT

Expires: Tue, 06 Jan 2015 14:40:04 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 290259

Alternate-Protocol: 80:quic,p=0.02
0..........0..... .....0......0...0......J......h.v....b..Z./..2015010
2070411Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
..^D..I......20150102070410Z....20150109070410Z0...*.H.............?f.
.D]PA\....@}.O...'.....g'...].".........V.H'.....<O[..........p...%
RW=R.E....N..r...l.e..~...v...1f..2A....].'RL.M5......KwrO] ...].|..u.
4..3...Uk....H.k,.(V...F.#......p..Q..P......d...k.!...c....O)._.{....
Y/k|e..[t.)R[z.90A......7i..........kW..g....,HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Fri, 02 Jan 2015 14:40:04 GMT.
.Expires: Tue, 06 Jan 2015 14:40:04 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Cache-Control: public, max-age=345600..Age: 290259..Alternate-
Protocol: 80:quic,p=0.02..0..........0..... .....0......0...0......J..
....h.v....b..Z./..20150102070411Z0k0i0A0... ..........j.....p.I.#z...
(~d..J......h.v....b..Z./...^D..I......20150102070410Z....201501090704
10Z0...*.H.............?f..D]PA\....@}.O...'.....g'...].".........V.H'
.....<O[..........p...%RW=R.E....N..r...l.e..~...v...1f..2A....].'R
L.M5......KwrO] ...].|..u.4..3...Uk....H.k,.(V...F.#......p..Q..P.....
.d...k.!...c....O)._.{....Y/k|e..[t.)R[z.90A......7i..........kW..g...
.,....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAD9M+oC6dVe HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Fri, 02 Jan 2015 14:40:12 GMT

Expires: Tue, 06 Jan 2015 14:40:12 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 290252

Alternate-Protocol: 80:quic,p=0.02
0..........0..... .....0......0...0......J......h.v....b..Z./..2015010
2070456Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...3....^....20150102070456Z....20150109070456Z0...*.H.............\3.
XiP...E..........kc..d..d....Vbuq...............T&?b.....B.5x.4:.k....
\N...L..o....c. !_i.AI..b......M.?:v....%..XZ..?.R.....[....L\s.Q.{.o?
.:5...O}{.J.m.|.xC.ah.Gi...\s2.......TU.DZ.h8,.$...]<V..]...a....]U
.....V....3.D1.F.@..]....g......V..........bG^HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Fri, 02 Jan 2015 14:40:12 GMT.
.Expires: Tue, 06 Jan 2015 14:40:12 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Cache-Control: public, max-age=345600..Age: 290252..Alternate-
Protocol: 80:quic,p=0.02..0..........0..... .....0......0...0......J..
....h.v....b..Z./..20150102070456Z0k0i0A0... ..........j.....p.I.#z...
(~d..J......h.v....b..Z./....3....^....20150102070456Z....201501090704
56Z0...*.H.............\3.XiP...E..........kc..d..d....Vbuq...........
....T&?b.....B.5x.4:.k....\N...L..o....c. !_i.AI..b......M.?:v....%..X
Z..?.R.....[....L\s.Q.{.o?.:5...O}{.J.m.|.xC.ah.Gi...\s2.......TU.DZ.h
8,.$...]<V..]...a....]U.....V....3.D1.F.@..]....g......V..........b
G^..
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1697

content-transfer-encoding: binary

Cache-Control: max-age=532546, public, no-transform, must-revalidate

Last-Modified: Mon, 5 Jan 2015 03:19:06 GMT

Expires: Mon, 12 Jan 2015 03:19:06 GMT

Date: Mon, 05 Jan 2015 23:23:20 GMT

Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 C
ode Signing 2004 CA OCSP Responder..20150105031906Z0s0q0I0... ........
[email protected].!......Q...==d6|h.[x....7..`..........cV.!.....201501
05031906Z....20150112031906Z0...*.H..............S.X.....3d*L....._.u.
.M...U...#..kf.?yG$Z...g#..=.R.~..#...S=<.;..K..,.......G..%eUb..'.
..K.vBd..u8`..H..4..\..2.........1.....J........N.......'|....}.xq...9
Y..l.f.[..q)DfS%;.}I......tm>O;.......b.0..(DZ.....x{]..\[...%.D...
. ..NM........5..V.;t.l..2........0...0...0..{.........[..I|.....Zm..0
...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....Veri
Sign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/
rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000
000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA 
OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.
-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f
..;]s!.\"v...|....][email protected]. ..W....n..*
..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.
....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... 
.......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#
.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com
/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o
...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo.....
.E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|........
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAJeRLXDSRa3 HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Mon, 05 Jan 2015 15:04:40 GMT

Expires: Fri, 09 Jan 2015 15:04:40 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 29583

Alternate-Protocol: 80:quic,p=0.02
0..........0..... .....0......0...0......J......h.v....b..Z./..2015010
5130411Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
..^D..I......20150105130411Z....20150112130411Z0...*.H..............y\
....44.A...!K.t.][email protected]...`..$...'.D\.H9........V
.~.."EG..N.=..k...l.o....u.W.8K....gt.~.v...@<....ceF.24X.g...r]..L
.p.w|f.-...w.A]....|.P.F.0-..gK.."...M..z&.2.0...Tt....5.r..Y........;
..DmR<.......Ymi...,..........I....c.h..$T.k.4HTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Mon, 05 Jan 2015 15:04:40 G
MT..Expires: Fri, 09 Jan 2015 15:04:40 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Cache-Control: public, max-age=345600..Age: 29583..Alternat
e-Protocol: 80:quic,p=0.02..0..........0..... .....0......0...0......J
......h.v....b..Z./..20150105130411Z0k0i0A0... ..........j.....p.I.#z.
..(~d..J......h.v....b..Z./...^D..I......20150105130411Z....2015011213
0411Z0...*.H..............y\....44.A...!K.t.][email protected].
IS...`..$...'.D\.H9........V.~.."EG..N.=..k...l.o....u.W.8K....gt.~.v.
..@<....ceF.24X.g...r]..L.p.w|f.-...w.A]....|.P.F.0-..gK.."...M..z&
.2.0...Tt....5.r..Y........;..DmR<.......Ymi...,..........I....c.h.
.$T.k.4..
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?d6a89aa07ce54cc9 HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT

If-None-Match: "0b96c77303ecf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com

HTTP/1.1 200 OK

Cache-Control: max-age=604800

Content-Type: application/octet-stream

Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT

Accept-Ranges: bytes

ETag: "805a83f2b9cecf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 56928

Date: Mon, 05 Jan 2015 23:18:13 GMT

Connection: keep-alive
MSCF....`.......,...................I.................,E.Y .authroot.s
tl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......
_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q
.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2
.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\
YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x
%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,
....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.......
[email protected]/"...f.......k..Jm7j....R.5q....Rz.
.!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%
T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m...
_.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..
*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<
;.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|[email protected].._.....7._6...C.0...
A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?.
..........WE.Or..O>..{.'[email protected]}.o:?~....]&l
t;!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..
{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......
q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!........
.`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=..
.f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..
].|......3..y..-./....K..6{...s.<R`.}[email protected]....
<<< skipped >>>

GET /pagead/html/r20141209/r20141212/zrt_lookup.html HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: googleads.g.doubleclick.net

DNT: 1

Connection: Keep-Alive

Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

ETag: 8281997907193036559

Date: Wed, 31 Dec 2014 09:52:52 GMT

Expires: Wed, 14 Jan 2015 09:52:52 GMT

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Server: cafe

Content-Length: 5099

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=1209600

Age: 480292

Alternate-Protocol: 80:quic,p=0.02
...........;.w...... z}.UT..~..(.n.~l.6.t..^`sd[....mB....f$..@.{?.9..
....f<..q{...?....Yc....#..S.z.)..^[.yIp....Hr......2..<.q....s.
H.(..'....^LS..<]J....2?....#k...|......ic...4c.^......v!.qC...E...
.s..Ga.0.oc.g..}.{.....2_.1.8 ...{u..jx.......i.'.....<.....(.\....
...4....(..l...."GA..$^.=...x$;.q.O.M....i,.r.]...............38X.....
...E.a....$...}A.A.....Ix......FF.l..x.0...BZK(.....N......a. 2.<-e
>W.U....en>...8.X.......}....g/.....Etky..]..fMI.G7.%.iM...i...]
.i..9^A.w...yz.I......h6.....-.....T.i.(....8I.p~.q.T.Y#...?.|....M.&g
t;=...j..4.... J....;.s..G].9..G....T......'N......e......P.UL*m.A....
...4:....x.(.........p.u.Ij!x..c..4...A.\D...mY.<_d}g.....6..1l;...
0hY}.^.c...O..<..dle.0n<[email protected][& j.y..Jt.....Q.7.....J..~M
|.I...n...%M.....FtF.u.....$...})......#N.~..h.........6......._...8.m
cx!....21.G.g.hyZ...x..V j......x.IWro..Z#...lP.\^.}...S..H...).[F..&.
.2......=0........v[..z.8.c... ......k....6..."[email protected].&..*g.J=.K
[email protected]`..)..P1.NP7......1p.....2@..*"...N....GTQ...
...g.Y<[email protected] ...=...$..M....3..Y..X1#ZI...V..B.-......4...
.1w7..@..=...)(y.....l...ka.M...pohU.:CZa..!:..s..6...*[z...........#.
....n...1.........i..._>....N.Ac.....4..>.'.:......s.w6...^..?..
...-H.F.,o..;]ZxD.^.=.A;[email protected]@.4....D};..W['...O.>!...
...6g..a....n.`j..d...........=..........T~^.,..k.....Z.$.TXR......H..
".y....}.s.>.....k...0O..x.5...K.vTa9.8..._..h.....I..*|^..E.p.....
a...h._..V3...\P./.... ....Q.E..$..E8^r%.2....$..|x.,./..h..O.BGf.
<<< skipped >>>

GET /pagead/ads?client=ca-pub-7193953402062813&output=html&h=90&slotname=6139752978&adk=2422171851&w=728&ea=0&flash=0&url=http://ecards.myfuncards.com/myfuncards/404&dt=1420499863608&bpp=1&bdt=-M&shv=r20141209&cbv=r20141212&saldr=sa&correlator=5722304431075&frm=23&ga_vid=502900344.1420499858&ga_sid=1420499858&ga_hid=1968356280&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=586&ady=1025&biw=1900&bih=805&isw=728&ish=90&ifk=3086771918&eid=317150304&oid=3&rx=0&eae=2&fc=8&docm=10&brdim=586,1078,-4,-4,1916,,1924,866,728,90&vis=1&abl=NS&ppjl=u&srr=1&fu=4&bc=1&ifi=1&dtd=322 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: googleads.g.doubleclick.net

DNT: 1

Connection: Keep-Alive

Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Mon, 05 Jan 2015 23:17:44 GMT

Server: cafe

Cache-Control: private

Content-Length: 82

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic,p=0.02
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`...`
......\.[...HTTP/1.1 200 OK..P3P: policyref="hXXp://googleads.g.double
click.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR 
IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Content-Type: te
xt/html; charset=UTF-8..X-Content-Type-Options: nosniff..Content-Encod
ing: gzip..Date: Mon, 05 Jan 2015 23:17:44 GMT..Server: cafe..Cache-Co
ntrol: private..Content-Length: 82..X-XSS-Protection: 1; mode=block..A
lternate-Protocol: 80:quic,p=0.02..............(....I.O.T(...I.UJJL.N/
./.K.M.../.*)J. .H,J. Q......R`...`......\.[.....

GET /PublicSureServerSV.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=864000

Content-Type: application/x-pkcs7-crl

Date: Mon, 05 Jan 2015 23:17:44 GMT

Etag: "2b0044-466d7-b5df8540"

Expires: Thu, 15 Jan 2015 23:17:44 GMT

Last-Modified: Mon, 05 Jan 2015 21:52:45 GMT

Server: ECS (ams/49B3)

X-Cache: HIT

Content-Length: 288471
0..f.0..e....0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150105213347Z..150115213347Z0..e.0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=516849

Content-Type: application/ocsp-response

Date: Mon, 05 Jan 2015 23:17:42 GMT

Etag: "54ab0c7f-1d7"

Expires: Mon, 12 Jan 2015 11:17:42 GMT

Last-Modified: Mon, 05 Jan 2015 22:13:19 GMT

Server: ECS (ams/49A8)

X-Cache: HIT

Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0105200000Z0s0q0I0... ............([email protected]....>.i...G...&...
.cd ........\..m. B.]......20150105200000Z....20150112200000Z0...*.H..
...........4..6K....5......0..Jc..S. ...<G.v'..4.../.%...i.n.D.g.Bg
.K.....6k..f...).U..;.*.BcB..O.t....).|..(..til.'.t...........H.....f.
.._X.!........V!....9...pu.x~.x..MZ.x\..#eDT..a.s.%a......?>..J6M&l
t;........ .s0x.&r.N..Ui...]^....R...Z..L.............:.#A:.....</H
TTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=516849..C
ontent-Type: application/ocsp-response..Date: Mon, 05 Jan 2015 23:17:4
2 GMT..Etag: "54ab0c7f-1d7"..Expires: Mon, 12 Jan 2015 11:17:42 GMT..L
ast-Modified: Mon, 05 Jan 2015 22:13:19 GMT..Server: ECS (ams/49A8)..X
-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.
......>.i...G...&....cd ...20150105200000Z0s0q0I0... ............(.
[email protected]....>.i...G...&....cd ........\..m. B.]......201501052
00000Z....20150112200000Z0...*.H.............4..6K....5......0..Jc..S.
 ...<G.v'..4.../.%...i.n.D.g.Bg.K.....6k..f...).U..;.*.BcB..O.t....
).|..(..til.'.t...........H.....f..._X.!........V!....9...pu.x~.x..MZ.
x\..#eDT..a.s.%a......?>..J6M<........ .s0x.&r.N..Ui...]^....R..
.Z..L.............:.#A:.....</HTTP/1.1 200 OK..Accept-Ranges: bytes
..Cache-Control: max-age=516849..Content-Type: application/ocsp-respon
se..Date: Mon, 05 Jan 2015 23:17:42 GMT..Etag: "54ab0c7f-1d7"..Expires
: Mon, 12 Jan 2015 11:17:42 GMT..Last-Modified: Mon, 05 Jan 2015 2
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= HTTP/1.1

Cache-Control: max-age = 509335

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 05 Jan 2015 19:04:45 GMT

If-None-Match: "54aae04d-1d7"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 304 Not Modified

Accept-Ranges: bytes

Cache-Control: max-age=509335

Date: Mon, 05 Jan 2015 23:17:42 GMT

Etag: "54aae04d-1d7"

Expires: Mon, 12 Jan 2015 11:17:42 GMT

Last-Modified: Mon, 05 Jan 2015 19:04:45 GMT

Server: ECS (ams/49CA)

X-Cache: HIT
HTTP/1.1 304 Not Modified..Accept-Ranges: bytes..Cache-Control: max-ag
e=509335..Date: Mon, 05 Jan 2015 23:17:42 GMT..Etag: "54aae04d-1d7"..E
xpires: Mon, 12 Jan 2015 11:17:42 GMT..Last-Modified: Mon, 05 Jan 2015
 19:04:45 GMT..Server: ECS (ams/49CA)..X-Cache: HIT..

GET /en_US/all.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: connect.facebook.net

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

ETag: "6238d32816c5a7038f3d60fd74cab5e4"

Content-Type: application/x-javascript; charset=utf-8

Timing-Allow-Origin: *

Content-Encoding: gzip

Content-MD5: fqFhfLNqdrqfYa9vEsPOFg==

X-FB-Debug: Kc/sjpSOxevvUpaPJ6plSzR /NEqKw889XYJlBIrw5vpmIRnJE4LJ aJMaEXbdgREHX30Kbhr8MFQWuIL/ijDQ==

Content-Length: 52096

Cache-Control: public, max-age=1200

Expires: Mon, 05 Jan 2015 23:37:40 GMT

Date: Mon, 05 Jan 2015 23:17:40 GMT

Connection: keep-alive

Vary: Accept-Encoding
............{..../.....R...B.%.J.....xw....Lv)....H... %Q..k..[..h. %'
.=.g6k.}...............<...v.y...{.m<I..Eg...z........5/..~.....
...O?.[.'*6]..^.^..t.v..K.'.*e!....N..[ZL...4...7..C.T.W.k8K...I.....|
Z?:.....\...zG#).......O...J........M4..7..?...R.r1.A.%.-...:...ptY.K.
...qg1.'s.T.)...._F..._...n.&.I8....xa.L.<......u0....^g....&.T)..J
&....Z......"4:=.R8....4.h..2.V...j......)pW.p..MJA.v..oP....jg.^-.Y..
Z.F.m*......:...7..(n.#.sT....r...N..Kp.._.....\x;.g...h....B..]E..N..
$.o&_f.4.....u.`;...AE...eP.R..,F...?.oJ....~6.ge.W.F.....D-.&.....II.
..6.1.........v.i.E.q.t..lY...........h\R..1.k....1.T.Ur..;.r.9.pW. ..
......h..`..t..dT..L..l..2.....>........DE.j.O....yZ...F.2Jx<...
.:]$...>S....hY.....jY.R .&.'....z^..q....%-...|.]aM.......4.n..O:.
[email protected] .ny......[.......,X.z.c.e.k^x....^..z.....
.{.q0M..."{*.={*)f~.l.N.7?..C.h6.Q.GS&.....j.W.F.2p..A)..x.......D#.I.
@.*SS..50Tj.=...py.R.u<$J.hD.._19..=...C2....V..../...P......p....&
lt;..:.-..!3.?..ag.8B.4P....!.~.c...<.....i..70..2 ...Bgr..N..E....
z..y...c.t..../s...X.....#.....Q...H...A#.!Dz...x.....}.y.{><.nC
MG..=.kk.~P#......X..A..<.}.gj.4^$8UJ."q.tv..../P.p..>o..T....'.
....s..wL.^./.........H...4..L..Q2...O......3.;.rd...Qu.....KC.V....,.
...J.t@..:_#Z .8|h....\).3NWJ.. ...V.6.....a-.j.b.Gt....:..F....G.?O*k
..?..<.|.6.<.I...mB ..|iT.;.........D..j;.>>.....Y.......[
4..|....]F...k0.W...,..my..\/R..`E.......Q...".U.t.....~.8...2...=.J..
J#..)E...(.....M..........`.Q@....,..CoB..0.h...h.l.....n.........
<<< skipped >>>

GET /pca3.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.verisign.com

HTTP/1.1 200 OK

Server: Apache

ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"

Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT

Date: Mon, 05 Jan 2015 23:23:20 GMT

Content-Length: 933

Connection: keep-alive

Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U
....Class 3 Public Primary Certification Authority..141210000000Z..150
331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y
.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.....
..fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R
.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....
u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2..
..{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N
....* [email protected]!..Y......w
`G........070411175657Z0!..Z`[email protected].*q..080403172017Z0!..l....I..
.Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1
..7<.....e..010207211822Z0...*.H............5..v...V.._)....A... ..
..>.5]....6.(.0uFW.*:T...6$.....R...Y.N.k........%Jn..I.j*.6.3~...r
../[email protected]?....0.A.HTTP/1.1 200 OK..Server: Apache.
.ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"..Last-Modified: F
ri, 19 Dec 2014 01:00:19 GMT..Date: Mon, 05 Jan 2015 23:23:20 GMT..Con
tent-Length: 933..Connection: keep-alive..Content-Type: application/pk
ix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc
.1705..U....Class 3 Public Primary Certification Authority..1412100000
00Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A..
...{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y
..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!.
<<< skipped >>>

GET /pagead/osd.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: pagead2.googlesyndication.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 9604784682434440633

Date: Mon, 05 Jan 2015 22:54:19 GMT

Expires: Mon, 05 Jan 2015 23:54:19 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 18569

X-XSS-Protection: 1; mode=block

Age: 1403

Cache-Control: public, max-age=3600

Alternate-Protocol: 80:quic,p=0.02
............yW...8.?...tq.F..:..5.R...h..!.K..$%S3.i..g....,'........Y
[{...M...3....k1Z...vg...6B.X.%\T..ng.{U/`)....Z.._O....*oer..:..|..|.
s{.L.D.`.._FI. ..I{s..<....l..A.....z.I.k......B6.......P.x.b....1.
..r....... .!.......4.....'..`...H....LG}O......R!:.z..AQ...h0.`....l2
..[.Dt.P.5.B.`.s...n.......VHF..T.....b9.....8o.Oe......cq..yW,4t(G...
....#.w!..Fy.....`uplk_..7....G..k..M.........;..:.?.4..`Sm"X..V.b..'.
L..%e.,.8.....`......5..6,......q./...t ....,..wl...e}Y.;.8........gni
.&...%.V=.U1.vg........`...1.![....!.I{4.Y?...R.........&........T..3Y
.....%`....A..j.'X.....V t..f.X.u%.3 .6]..)7[...Grss..qW..@~P...=.....
..\O.)....af.y}...s...9j....j..w.{...s.....t.......c).Q".{SX....h,_t.b
.o....D...>.....=..Z(T.m.o|.^..A....j.!x...o.tM..xz...y.n..)......h
$...&....]..1......S.Q.7..f,.3.\...Y2....[...c.`..F... `...sq9....fen]
..[..`v_......P.....4..&.....pb...r-..)z..`.r.......;)K.t%.3L.*K....r.
.L.s:(-.....c.....,..m.....2.(.........!....|...)|.....9|...!|.XpN.y..
...._.m..jy..4).5..&..;.&.E......2~,&.jO.....L...Z...b.ln....U.....,..
.(........d..v.{..ez?......y-.....Q:.b'.O.....x.%..&;..*.[.G......hQ..
... .I..'.)T....=N...?.1..k....I.u.....c..l...`<..`q...6....X.,....
4Ke/nl.C.4n........r4x....a.{^../.........)-:...q......T]..~]v..}.P...
..../.......{Qi...........qyIU{....^.....D....Bp..h......]"..*~..`. q.
[email protected]...*[email protected]:g..}...1W...3OF35\..c..!,.S...A.n{$.
..R.7.SU...N3.Q.he.w..2i.p./ ......OM. j......b.~...)mbX....}`N.B(64..
......c.?.?.......(.j2..'.jKN>P.O.;.ch.l..6.....w..V../.e.!.(8.
<<< skipped >>>

GET /pagead/show_ads.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: pagead2.googlesyndication.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 17505132066848985518

Date: Mon, 05 Jan 2015 22:54:26 GMT

Expires: Mon, 05 Jan 2015 23:54:26 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 7529

X-XSS-Protection: 1; mode=block

Age: 1397

Cache-Control: public, max-age=3600

Alternate-Protocol: 80:quic,p=0.02
...........\ys.F.._...KQ.....5...v..I|.g.......".@...".....N..f_.....\
===}.......B....I `..OM.Y..U....XD^.[..k.}!.Lc.6..>....i.C..=O.~k$"
[%...E........Z.E.8LA.q.e......Y.......kI.&...W?t..)0q..r...$:..z....-
...[..".e.v[[....P..a.......Z.h,...uz..E...}..7...L3viS".*.}...e...O(.
T.B..k.....C...X..D......4X...C).{c.u&3m.1..F5...8..y....<...0K....
..J....It.:M.(.%....q.. n.L2D..R:....!..(...'.?.oX..Va:..,..c.r...h7..
..;.j......,Y.E.........}..]...^..;.u.3.J.......l>rx..2..........Cq
...g...D.._...5]5..g1OR.*.xF.<..O...x_...|....q..7.Mc..mz.g.J...f".
Y...Q.o..c......r..[..]?.v.....x747.~6...>.v...=S.....m.,.]....n..3
v&.)..]<..t...<..s....x../..o.].oC</8..5..f.......;.p`..-....
A.o...MkD..K.X......#..Vi..X6;<..6..!..D...4O.gD#......E...}.N._...
#)....<[email protected]../.._..>||..g.n.!...a....%4.c.B\0...~.......B.R
.t..6."b..r....D.t,...d...'...H....Z.6.D.. ..r......W.(....S..v.-...R.
...-......nw.6ji....K..|.gH...U..b.B-;....c...E...x9.C.p.t........J.[.
......4Q"..;B...<..t<:.u...z.....h.`t.v....>......gj?..-.>
.,l=..LZ....f..b...O...)..WL.....q&../.':..@H!.............3,.K..Ki...
...x.8....,.r........{....'.M...7...~W.=.......i.............GO>z..
$=.......3....M..|._.H;....iGh8.`.l._...|=..m~..K..9..Z.....<}w....
.\..t..zQ"..LM.....7.9..$$..Ba...9Tj~c^.....dGu.%.l`....-.XX..c..Y..J.
.G.w...t...^...~..P$.]..A)...*.......\vi...0.../[email protected]"...
.z{.!..1..I.{:.7....l.H...U1b... q..Vi.m..c>.o.o..RN`.L.L......@...
<.<....8..%.mKt:..7..>[email protected]...).<.tm?.>{....
<<< skipped >>>

GET /pagead/js/r20141209/r20141212/show_ads_impl.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: pagead2.googlesyndication.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 14148960368062276995

Date: Mon, 05 Jan 2015 23:17:44 GMT

Expires: Mon, 05 Jan 2015 23:17:44 GMT

Cache-Control: private, max-age=1209600

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 49924

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic,p=0.02
............g{...0...B..u...%.....l..W..d'Nl-=l*.ZD.%......$X..}.s..w.
...m0.......Y.<.._...0.g.~.Fv......l>....}.P^.mg..G..\.....)..A.
.k%..<.[,..s[n.G..^.J.S.5.i.2[,...a.Z.3.Vg<.1.[Ni........c..~g..
.e..)#.5.....]........k.d..U...yNbpN...NF...y..S..)..*.1..=......'k...
..y..;...wtm.~...f...A....}..d.M........hV:..U"2.\...l.[.L..1.Y....i..
-y.`.mQ.ny.._.#.....x.5..D6...Z...F...L!$..M.6..A.?.|m=N....U...I0.=..
u.8.:.....'...L3.....XL>.....,...P....Cr..e0......!.E1..([email protected]
...d..m(&..}.".,..DJ.R.\...(.G..x..~.....).....e.T.d......P.p2.m......
...'..8.%g2.<.N...g...k8..0S.lIX.u......B}:..C[g{?*'.....i.(./[email protected]
.a.r..)...Qy.J.......y...pD..f......L..M....si.....S...YY_..! .(A0x...
.9..CP..>l.j.1.r..S..\...}O...2m..j.]..%`u..d..r.#=.t..8K..}....h..
Xd...'../.,{&:.k..9'.....%...-C..O,/.....p:..TD..{..1%o...t...S.......
.5.u.iq.v.......m...m.2[....F..r..(.....Y..[.%.).....6.]..3...........
..s.3...> ..{..........8.A..R.T....Ey...`...[.Y.b...es....8^.....~8
..?....f.xW2^.._.li.w.my.].hT_l.i.-..R..S.:3.......iSnA[.%t....K.m...6
.A.=$..e.\......g......&..Q. N9.?....|..{.``.b..8..T.......S..S>E.A
.4..w.,..s...\(ub.....'.6.{..T.0m..`.D.h...,].M.....v...d.....|..31_21
7.....o..!}..d/......C.Ni...x.......%.<....|x_..3.p.....NU.8](.]...
........x......28.z..}....B.N..j^.(E7.fn.4...@.[....wON.U\D_/..L.....f
s.dVd..e..3.X...u0n0S....MD.0..|...c....S..S\...<....J.!w.c....'..f
.....F:.~&w<.L........_j/....g.~....dMNJ&...l.t.x..I.........l.~...
............%.~._..>.....7..k/[[l......j...CL..uX......_..0.V.i
<<< skipped >>>

GET /p?c1=8&c2=6035746&c3=2074&c15=&cv=2.0&cj=1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://a.tribalfusion.com/p.media/asmPwn1rjfWtBVnAQJnc7ooHME5qrl5tes3PbEnFbZaXVnRXV3V1GFOmqbU3bFUTUvEWPnTPajSQsUrStfN1HbtV6Yv3GBWYbZbZaVmXq2PUeP6FC3WZbr0WJZdpdAo4A3W4cvbVcUjWsMePP3oUWF4Wrj13UInVEYvVEBbQTnJRsZbLQUEqPH7WdcN3uN/3002246/adTag.html

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: b.scorecardresearch.com

DNT: 1

Connection: Keep-Alive

Cookie: UID=120c9bfd-194.221.64.106-1384780341; UIDR=1384780341

HTTP/1.1 200 OK

Content-Length: 43

Content-Type: image/gif

Date: Mon, 05 Jan 2015 23:17:45 GMT

Connection: keep-alive

Set-Cookie: UID=120c9bfd-194.221.64.106-1384780341; expires=Sun, 25-Dec-2016 23:17:45 GMT; path=/; domain=.scorecardresearch.com

Set-Cookie: UIDR=1420499865; expires=Sun, 25-Dec-2016 23:17:45 GMT; path=/; domain=.scorecardresearch.com

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"

Pragma: no-cache

Expires: Mon, 01 Jan 1990 00:00:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Content-Le
ngth: 43..Content-Type: image/gif..Date: Mon, 05 Jan 2015 23:17:45 GMT
..Connection: keep-alive..Set-Cookie: UID=120c9bfd-194.221.64.106-1384
780341; expires=Sun, 25-Dec-2016 23:17:45 GMT; path=/; domain=.scoreca
rdresearch.com..Set-Cookie: UIDR=1420499865; expires=Sun, 25-Dec-2016 
23:17:45 GMT; path=/; domain=.scorecardresearch.com..P3P: policyref="/
w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"..Pragma: no-cac
he..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Cache-Control: private, no
-cache, no-cache=Set-Cookie, no-store, proxy-revalidate..GIF89a.......
......!.......,...........D..;..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=509889

Content-Type: application/ocsp-response

Date: Mon, 05 Jan 2015 23:17:42 GMT

Etag: "54aae7c4-1d7"

Expires: Mon, 12 Jan 2015 11:17:42 GMT

Last-Modified: Mon, 05 Jan 2015 19:36:36 GMT

Server: ECS (ams/D1A6)

X-Cache: HIT

Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0104200000Z0s0q0I0... ............([email protected]....>.i...G...&...
.cd ...._.M.[........?;....20150104200000Z....20150111200000Z0...*.H..
..............gR...|..wXP.....^..}.-..'E$.3hb.jj.Aq!..(Q.,.....8.8y.".
...m;..r..._c.=...Hc.o..6Hd....].-p....^<..q........M....$=..~.3K,7
<...|.;......2..Ue...w<.!...91d!....R.h....z..jD3....T....c.v...
......7......*..D ...y;.i..0.3.g4.S........u..9...c.V(....6L....<.H
TTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=509889..C
ontent-Type: application/ocsp-response..Date: Mon, 05 Jan 2015 23:17:4
2 GMT..Etag: "54aae7c4-1d7"..Expires: Mon, 12 Jan 2015 11:17:42 GMT..L
ast-Modified: Mon, 05 Jan 2015 19:36:36 GMT..Server: ECS (ams/D1A6)..X
-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.
......>.i...G...&....cd ...20150104200000Z0s0q0I0... ............(.
[email protected]....>.i...G...&....cd ...._.M.[........?;....201501042
00000Z....20150111200000Z0...*.H................gR...|..wXP.....^..}.-
..'E$.3hb.jj.Aq!..(Q.,.....8.8y."....m;..r..._c.=...Hc.o..6Hd....].-p.
...^<..q........M....$=..~.3K,7<...|.;......2..Ue...w<.!...91
d!....R.h....z..jD3....T....c.v.........7......*..D ...y;.i..0.3.g4.S.
.......u..9...c.V(....6L....<.HTTP/1.1 200 OK..Accept-Ranges: bytes
..Cache-Control: max-age=509889..Content-Type: application/ocsp-respon
se..Date: Mon, 05 Jan 2015 23:17:42 GMT..Etag: "54aae7c4-1d7"..Expires
: Mon, 12 Jan 2015 11:17:42 GMT..Last-Modified: Mon, 05 Jan 2015 1
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= HTTP/1.1

Cache-Control: max-age = 509335

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 05 Jan 2015 19:04:45 GMT

If-None-Match: "54aae04d-1d7"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 304 Not Modified

Accept-Ranges: bytes

Cache-Control: max-age=509335

Date: Mon, 05 Jan 2015 23:17:42 GMT

Etag: "54aae04d-1d7"

Expires: Mon, 12 Jan 2015 11:17:42 GMT

Last-Modified: Mon, 05 Jan 2015 19:04:45 GMT

Server: ECS (ams/49CA)

X-Cache: HIT
HTTP/1.1 304 Not Modified..Accept-Ranges: bytes..Cache-Control: max-ag
e=509335..Date: Mon, 05 Jan 2015 23:17:42 GMT..Etag: "54aae04d-1d7"..E
xpires: Mon, 12 Jan 2015 11:17:42 GMT..Last-Modified: Mon, 05 Jan 2015
 19:04:45 GMT..Server: ECS (ams/49CA)..X-Cache: HIT..

GET /connect/xd_arbiter/7r8gQb8MIqE.js?version=41 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: static.ak.facebook.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8

X-Content-Type-Options: nosniff

X-XSS-Protection: 0

Content-Encoding: gzip

X-FB-Debug: 7 bN0sjPRRg7p1nwYqJe0iRhaeY50OabNPu3MRXfliGDdyqgYkMHI7DFRQs4ozV4/qUIh7to1GQ73Z10D0LqhQ==

Vary: Accept-Encoding

Content-Length: 9732

Cache-Control: public, max-age=27360640

Expires: Wed, 18 Nov 2015 15:28:21 GMT

Date: Mon, 05 Jan 2015 23:17:41 GMT

Connection: keep-alive
...........}...H...~..S...8"..D....Gu....Y.5.T|Br.@H.$...............l
...infn...W..>.....^.A>....'s...<.#v....0I...4....d.....e.;..
...h.....}..c.......4.....x...../FS...i[^23.#.Y./....Fi2#e......Il.d..
\J.E..<H......u3g..4I-..p....3...Ij,b.....&q.nj....9,Y.r`{..G...y.f
6.b"X.....OF...l.D.RSAd...V......k....l.c5rX.d....F.jSH;...:...l'.._].
7.[....-E.'..=sVA.1.......un..(...N...t.....dJ.-.."...vH.I/.PX.A/.....
x..4tR./...8{\).L6.,a...`.d...:$...a.c...'-....W1B....[..?...f..T~UxH.
..n..$O..V.|.S`h..K`..D...d`.J..F...W......?v...'K_H..!l..........K..s
....k..b.....l.Z`...1.z.y...ssf..Yn.......S..@...([email protected]..
@...|....{l3B$...ZM.aI...%g[..97............W.a.....n...............Et
>![...g...*R.....5.u...~8.....pF..p3......Y.1C.u.u.....".M^&.Z....5
/.O..<h.......0...........u%..=......[<*0;FY........ ..l(X0p..1.
.....y6...........)y..O..9.TI....r..`c.D./.un.0..@NW. ....Q5...J......
..V8.(L..Gd../.....d....%K7.d..}k...i...RCJ...tB`.PH..w..{Qll.z...q!.F
.....y......d...........Me.....`.8"g..6(@........5..`..c..3....v...^..
...VP@W.'...,. ....^....uV.n>&. d.y`........u.....kJ...;....f.(..[#
....t. D.}L....@I(...,L5....K.Y.[..[.I..6..5....q...R.9....&"7@[email protected]
.`.....V0...1S....*L.-.f....I~lQ.t.A..Bh.b....[.d\1.....<[email protected]
.q..J..Br.... J...Vp,.....O9..c.,!... [email protected]...*...7.$.C72
..m.zf. .>.. '........,...f..?..s.I....V...*P.F.#pUl.Hk.....J....\1
.n....Q..e....|.....N..1.C....??.=X7...^..R..$......7r......9.`S.~}...
..d.*.!..:7f..Z.......0..IH.2;...(d....,.=fu...^.^Q>....|V.}...
<<< skipped >>>

GET /js/pinit.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: assets.pinterest.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

x-amz-id-2: W0NeFIu2w7ULnbqCjM7j/VwfuSrQEGuztpj5G2CnAYRQIhvZOJWs4FuPjjjmQUo3

x-amz-request-id: 2B6E4CDA0AD3CF14

Last-Modified: Fri, 19 Dec 2014 22:54:14 GMT

x-amz-version-id: rLi86w1OsNl0TmSJrTOXDiM2lrr8ZWeB

ETag: "31cda645d48ea128da28bd1969414c12"

Content-Type: application/javascript

Server: AmazonS3

Content-Length: 319

Cache-Control: max-age=218

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
!function(a,b,c){var d,e,f;f="PIN_" ~~((new Date).getTime()/864e5),a[f
]||(a[f]=!0,a.setTimeout(function(){d=b.getElementsByTagName("SCRIPT")
[0],e=b.createElement("SCRIPT"),e.type="text/javascript",e.async=!0,e.
src=c "?" f,d.parentNode.insertBefore(e,d)},10))}(window,document,"//a
ssets.pinterest.com/js/pinit_main.js");HTTP/1.1 200 OK..x-amz-id-2: W0
NeFIu2w7ULnbqCjM7j/VwfuSrQEGuztpj5G2CnAYRQIhvZOJWs4FuPjjjmQUo3..x-amz-
request-id: 2B6E4CDA0AD3CF14..Last-Modified: Fri, 19 Dec 2014 22:54:14
 GMT..x-amz-version-id: rLi86w1OsNl0TmSJrTOXDiM2lrr8ZWeB..ETag: "31cda
645d48ea128da28bd1969414c12"..Content-Type: application/javascript..Se
rver: AmazonS3..Content-Length: 319..Cache-Control: max-age=218..Date:
 Mon, 05 Jan 2015 23:17:38 GMT..Connection: keep-alive..!function(a,b,
c){var d,e,f;f="PIN_" ~~((new Date).getTime()/864e5),a[f]||(a[f]=!0,a.
setTimeout(function(){d=b.getElementsByTagName("SCRIPT")[0],e=b.create
Element("SCRIPT"),e.type="text/javascript",e.async=!0,e.src=c "?" f,d.
parentNode.insertBefore(e,d)},10))}(window,document,"//assets.pinteres
t.com/js/pinit_main.js");....


GET /js/pinit_main.js?PIN_16440 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: assets.pinterest.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

x-amz-id-2: nAmWbbG6zow7IyChHvycPRtQNnnAihS2eznsYOqtD4pBttXAxt ilmtJIYSbtJ3B

x-amz-request-id: B0B019FB6931814E

Last-Modified: Fri, 19 Dec 2014 22:54:14 GMT

x-amz-version-id: yMIMNFUdFTSQsnfBBsi2cddq8dPa7mDc

ETag: "a1457efed2f6d0297b39c8444017156b"

Content-Type: application/javascript

Server: AmazonS3

Content-Length: 44718

Cache-Control: max-age=141

Date: Mon, 05 Jan 2015 23:17:41 GMT

Connection: keep-alive
!function(a,b,c){var d=a[c.k]={w:a,d:b,a:c,s:{},f:function(){return{ca
llback:[],get:function(a,b){var c=null;return c="string"===typeof a[b]
?a[b]:a.getAttribute(b)},getData:function(a,b){return b=d.a.dataAttrib
utePrefix b,d.f.get(a,b)},getSelection:function(){return("" (d.w.getSe
lection?d.w.getSelection():d.d.getSelection?d.d.getSelection():d.d.sel
ection.createRange().text)).replace(/(^\s |\s $)/g,"")},set:function(a
,b,c){"string"===typeof a[b]?a[b]=c:a.setAttribute(b,c)},make:function
(a){var b,c,e=!1;for(b in a)if(a[b].hasOwnProperty){e=d.d.createElemen
t(b);for(c in a[b])a[b][c].hasOwnProperty&&"string"===typeof a[b][c]&&
d.f.set(e,c,a[b][c]);break}return e},kill:function(a){"string"===typeo
f a&&(a=d.d.getElementById(a)),a&&a.parentNode&&a.parentNode.removeChi
ld(a)},replace:function(a,b){a.parentNode.insertBefore(b,a),d.f.kill(a
)},getEl:function(a){var b=null;return b=a.target?3===a.target.nodeTyp
e?a.target.parentNode:a.target:a.srcElement},listen:function(a,b,c){a&
&("undefined"!==typeof d.w.addEventListener?a.addEventListener(b,c,!1)
:"undefined"!==typeof d.w.attachEvent&&a.attachEvent("on" b,c))},call:
function(a,b){var c,e,f="?";c=d.f.callback.length,e=d.a.k ".f.callback
[" c "]",d.f.callback[c]=function(a){b(a,c),d.f.kill(e)},a.match(/\?/)
&&(f="&"),d.d.b.appendChild(d.f.make({SCRIPT:{id:e,type:"text/javascri
pt",charset:"utf-8",src:a f "callback=" e}}))},debug:function(a,b){(d.
v.config.debug||b)&&d.w.console&&d.w.console.log&&d.w.console.log(a)},
presentation:function(){var a,b,e;a=d.f.make({STYLE:{type:"text/cs
<<< skipped >>>

GET /CRL/Omniroot2025.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: cdp1.public-trust.com

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)

Last-Modified: Thu, 01 Jan 2015 06:15:02 GMT

ETag: "2015b-6ca-50b91250442c0"

Accept-Ranges: bytes

Content-Type: application/x-pkcs7-crl

Connection: Keep-Alive

Date: Mon, 05 Jan 2015 23:19:25 GMT

Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..141203203331Z..15033
1203831Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H.................^..>....]K.................7......~./?...lG.
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f0841517bea535c9 HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 05 Dec 2013 22:47:50 GMT

If-None-Match: "0af536cf2ce1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com

HTTP/1.1 200 OK

Cache-Control: max-age=86400

Content-Type: application/octet-stream

Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT

Accept-Ranges: bytes

ETag: "0b2464b1797cf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 6408

Date: Mon, 05 Jan 2015 23:17:41 GMT

Connection: keep-alive
MSCF............,...................O.......'#.........D.z .disallowed
cert.stl....2..'#CK...8T...g........g.k..".....mlI."d..m...P$"....e.J.
.......z.....\..........9g.9....~.........Q.Q......Q..DL.8.C.PS.K0.!P.
0........#.DY.8.....V.....$.C....a.0...........`......;.S.....0#...m..
. ..`0...?.!vR?.....d....`......_@..}....$...i..OR'..$....K..'Z....o.g
..*.Vc.....[nY e./.EJ...B.Y.......Ag......!....9......u..!..1Yy.......
r...Ss^@...M.Dtl\....i.k....3...B.Z.:.p.N....*......x,...ah/..].[....G
B..T..$A....SY..t.E5R..R...9!....*.*68V....1... ...Q{..."[email protected];
xd{.C.u?..e.U.=f.nx.........y.G..0.......\L .'.^....$......N=..m...Ujr
Zs...J.I.C....;......q_..e......?.T..2..bw....E.L.{...S...~.<......
...-.Q..|.l. .1..6r....[}!J..,...naPk.U.... ..{@LH..W....>.Sq...8.5
.,.z..0.jL.S..........]...yW_...Y.1..h.7...9{.....I......g.Y.,1...i8n.
6..........4.]...........=........^..n.K7...c.g).Z. .0..$7.ys.p...B.5.
].f...|(3!.|..P...j..^..j....#([email protected]..*.O..i..u....9..S.Y.n..HXW..
.F ..i...:.......!.] r......D..*ld.b.>>:Pp.....5:1 o=..5.'..4...
....hO....{.V.rx..V...%.}..u...6Wv-..".iV.b..B0.Q..,...E.Dy...x..5....
?Z.$L..1.....4...=.....g!....%..:..c..j..v~....._R.6.......;.#.Y*p..J.
4.#'..Vo...g^K...J....._.^..u...)....&/.....q....o......4.....S...,q..
...p.8IIe.....d|.3{)...M.0.X...4.."..P.......Hk.... ]!.!... ..#.x..<
;..X.........'.E(<b[.......#.. ....XiLl|[email protected] 
[email protected][email protected]..;.......mm....>~............j%..>
;.X.,V...J...C ....*..Z.8- RKGW...0./Z.__..)7g_'{.......pr......;.
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fe3004105c73d944 HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com

HTTP/1.1 200 OK

Cache-Control: max-age=86400

Content-Type: application/octet-stream

Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT

Accept-Ranges: bytes

ETag: "0b2464b1797cf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 6408

Date: Mon, 05 Jan 2015 23:17:42 GMT

Connection: keep-alive
MSCF............,...................O.......'#.........D.z .disallowed
cert.stl....2..'#CK...8T...g........g.k..".....mlI."d..m...P$"....e.J.
.......z.....\..........9g.9....~.........Q.Q......Q..DL.8.C.PS.K0.!P.
0........#.DY.8.....V.....$.C....a.0...........`......;.S.....0#...m..
. ..`0...?.!vR?.....d....`......_@..}....$...i..OR'..$....K..'Z....o.g
..*.Vc.....[nY e./.EJ...B.Y.......Ag......!....9......u..!..1Yy.......
r...Ss^@...M.Dtl\....i.k....3...B.Z.:.p.N....*......x,...ah/..].[....G
B..T..$A....SY..t.E5R..R...9!....*.*68V....1... ...Q{..."[email protected];
xd{.C.u?..e.U.=f.nx.........y.G..0.......\L .'.^....$......N=..m...Ujr
Zs...J.I.C....;......q_..e......?.T..2..bw....E.L.{...S...~.<......
...-.Q..|.l. .1..6r....[}!J..,...naPk.U.... ..{@LH..W....>.Sq...8.5
.,.z..0.jL.S..........]...yW_...Y.1..h.7...9{.....I......g.Y.,1...i8n.
6..........4.]...........=........^..n.K7...c.g).Z. .0..$7.ys.p...B.5.
].f...|(3!.|..P...j..^..j....#([email protected]..*.O..i..u....9..S.Y.n..HXW..
.F ..i...:.......!.] r......D..*ld.b.>>:Pp.....5:1 o=..5.'..4...
....hO....{.V.rx..V...%.}..u...6Wv-..".iV.b..B0.Q..,...E.Dy...x..5....
?Z.$L..1.....4...=.....g!....%..:..c..j..v~....._R.6.......;.#.Y*p..J.
4.#'..Vo...g^K...J....._.^..u...)....&/.....q....o......4.....S...,q..
...p.8IIe.....d|.3{)...M.0.X...4.."..P.......Hk.... ]!.!... ..#.x..<
;..X.........'.E(<b[.......#.. ....XiLl|[email protected] 
[email protected][email protected]..;.......mm....>~............j%..>
;.X.,V...J...C ....*..Z.8- RKGW...0./Z.__..)7g_'{.......pr......;.
<<< skipped >>>

GET /PublicSureServerSV.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=864000

Content-Type: application/x-pkcs7-crl

Date: Mon, 05 Jan 2015 23:17:44 GMT

Etag: "2b0044-466d7-b5df8540"

Expires: Thu, 15 Jan 2015 23:17:44 GMT

Last-Modified: Mon, 05 Jan 2015 21:52:45 GMT

Server: ECS (ams/49B3)

X-Cache: HIT

Content-Length: 288471
0..f.0..e....0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150105213347Z..150115213347Z0..e.0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0.......9Z0........./.E.K..110503181701Z0........./.e....12043015
1626Z0........./...|..110505033825Z0........./......110510010846Z0....
...../..3...120323133730Z0........./..G...120329202413Z0........./....
..120330125415Z0........./..lf..110512130506Z0........./.{9...12050414
4425Z0........./.|8...120504152139Z0.........0.D|v..120221182622Z0....
.....0..&...120508185313Z0.........0.. ...120412192922Z0.........0
<<< skipped >>>

GET /plugins/login_button.php?app_id=21253083321&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f292747c2e8d0f4&domain=ecards.myfuncards.com&origin=http%3A%2F%2Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.parent&locale=en_US&scope=email,publish_stream,user_photos,friends_photos,user_birthday,friends_birthday,user_photo_video_tags,friends_photo_video_tags,publish_actions&sdk=joey HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.facebook.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 302 Found

Location: hXXps://VVV.facebook.com/plugins/login_button.php?app_id=21253083321&channel=http://static.ak.facebook.com/connect/xd_arbiter/7r8gQb8MIqE.js?version=41#cb=f292747c2e8d0f4&domain=ecards.myfuncards.com&origin=http%3A%2F%2Fecards.myfuncards.com%2Ff36bce80bda4728&relation=parent.parent&locale=en_US&scope=email,publish_stream,user_photos,friends_photos,user_birthday,friends_birthday,user_photo_video_tags,friends_photo_video_tags,publish_actions&sdk=joey

X-Content-Type-Options: nosniff

X-UA-Compatible: IE=edge

Content-Type: text/html; charset=utf-8

X-FB-Debug: kndboUcDzUicYKu8Ze WK6 0/tahkF59GU T86PKCYWZURQ/XkP2 uYGWVfGnJ8IT0ehSxga7ZRoNLcBj/XbuQ==

Date: Mon, 05 Jan 2015 23:17:42 GMT

Connection: keep-alive

Content-Length: 0

GET /install_css.jhtml?v=3 HTTP/1.1

Accept: text/css

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: download.myfuncards.com

DNT: 1

Connection: Keep-Alive

Cookie: usr_info_xtra="country=UA"

HTTP/1.1 200 OK

Date: Mon, 05 Jan 2015 23:17:38 GMT

Server: Apache

Set-Cookie: userSegment=""; Domain=.myfuncards.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData= 7 fHgAwZYI4yuToJWE7gGQpOIQzZp5t4zQGD571EUAMXxEjWufoW3OKCLky6cIZxuQWljAedxSdh SiFsGi4PxDtjPYtJ788YkaDD7i8Nj5J8v4vQNQAIBJnfgkI3VAOyzsOnpuAyHairLwRFXluOsjmdsBHUN0nO2QeeZzdBUZtvQs7O1ztS9tljQP93Qn; Domain=.myfuncards.com; Path=/

Set-Cookie: anx="xrp=^ZU^yyyyyy^YYA^ua&xnt=&xh=7992&xpp=^ZU^yyyyyy^YYA^ua&xi=RUN_RUN&fv=1420499858940&xn=&xrm=&xtp=vhigh&xct=&xckoid=&xs=&lv=1420499858940&xp=vicinio&xtt=&xrt=YYA&xt=&nv=1&xu=&xrs=&oc=-&od=ecards.myfuncards.com&ob=-&xkw=&om=referral&xrco=ZU&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe31.df.jabodo.com&xgc=false&xckid=&op=404&xbkw=&xrca=yyyyyy&xrcc=ua&xft=&xad=&xcid=49b324a17349480da5f5559a25cdf0c3&xuer=3"; Version=1; Domain=.myfuncards.com; Max-Age=7776000; Expires=Sun, 05-Apr-2015 23:17:38 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Content-Length: 3395

Connection: close

Content-Type: text/css;charset=UTF-8
...........\m..6.. .....k..e...l.f...H{w...C.........M.....z!)J.w...m.
...|.!93..\..rT.R{...y..z.....0).(..iE..3mg.......>.|.....u.7..w.%.
.9...4..i[[email protected].).\.....i...(.i.n.....$\#..>.%...4;..g-..(
No.5.B...M.V_.h.W..8L.....v..B.}[email protected]..\3..^{.C-3..JnQ.o.D..
.Y..x{.mp..s..]g...%&...../..3..........]h...i...M]7..2\.e...u..C...m.
n>....Fg.>.A..!O..^..2;_,..sP.6...../*.bq.o.4......K.....3.e..EW
..0,O..@w,.u.Yz.B{[email protected]}E.F..m|...#./qF:\../..m.
.M....[..p^.i..p...UX.q.....#2:.....FN...........8*wp.q..2....X.x..dw.
.*/..Gz;..pH..*L7;,....q.J.G.*[email protected].?.......
....V...txU#.....3kr...$#.....-..2.3..90x..t`....v.8.K....f...v.......
.....1.>[email protected][email protected]..:..z.CG.....W.k..L..`....m.dp
./.........s.k*WD..#.5(Z.7^.u...F......ag..]...(...3.}..u.1|.;_...q}~a
.Z.Q.dy:]...O.ggNU......lu...........(.m.....t\M.`..NG.a.>..pj...{.
.N......G..Z..m....8.....\..X....g3..}....]..0Zl..m...*-."&?.KzaBZ..@k
....u.........)..Sl..eY..5.....[....S.Q.xfT...c..9%.g.J.m,..q...W.gF.j
.:..L...3.jw......T..H`*..G.[/....".Z....fu..d..66.w~...)..U.w..:.a...
..kM...L..r.g...."S.fj......L.g..~E..m.3Lw".T....K...`....yAy......F h
W.L..o..b]..J..$..6....s.f...n....N........|/-[~J..6...y..J.?5z.I..N7N
.j.>...b...q.MM.ni0..2z8..~*.M..O.i......D...q.k...P......-.#.?....
../.7DMj. ..c...0.A;...g.,.&...&...jYK.F0.........!.mt.......M..._-A).
......1.x...:Gk.7...o.>....a..`..kP.=.r.T2!..HpT..{".Df...`.G......
C.1.jIb.h....Qq....R.&....Mvd:..Dy...):kk?^f.4.w........Q.G.......
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=517537, public, no-transform, must-revalidate

Last-Modified: Sun, 4 Jan 2015 23:04:05 GMT

Expires: Sun, 11 Jan 2015 23:04:05 GMT

Date: Mon, 05 Jan 2015 23:23:19 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015010
4230405Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150104230405Z....20150111230405Z0...*.H........
........G..z./....,FS?..1..H.b*.!\..U.X)._...\d.V.....a.....). ......;
..9.pD.o4.....!...........5.O*....Gt...DM'...a.S../......<{;.Q#....
*..~g...p.._WB.:1.....~T....=.1...w'.p#*q..]$.NO..!..e5.`[email protected]. ..v
....~......F.....l.........3U..T...^p3.....q..i,RMX%&....#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>

GET /installComplete.jhtml?partner=^ZU^fox000^YY^&sa=1 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.myfuncards.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Mon, 05 Jan 2015 23:17:36 GMT

Server: Apache

Location: hXXp://ecards.myfuncards.com/myfuncards/404

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html; charset=iso-8859-1
df ..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<HTML
><HEAD>.<TITLE>302 Found</TITLE>.</HEAD><
;BODY>.<H1>Found</H1>.The document has moved <A HREF
="hXXp://ecards.myfuncards.com/myfuncards/404">here</A>.<P
>.</BODY></HTML>...0..

GET /images/mfc/v3/logo_holiday_winter.jpg HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://ecards.myfuncards.com/myfuncards/404

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Nov 2014 14:28:05 GMT

ETag: "a67dd2-1763-50781f8885a54"

Accept-Ranges: bytes

Content-Length: 5987

Cache-Control: max-age=310893642

Expires: Thu, 07 Nov 2024 14:28:05 GMT

Content-Type: image/jpeg

Date: Mon, 05 Jan 2015 23:17:38 GMT

Connection: keep-alive
......Exif..II*.................Ducky.......A.....qhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:91EE891032BA11E09
8A1F97534BCF3A8" xmpMM:DocumentID="xmp.did:41B378D15E1B11E49C57A8168DA
29114" xmpMM:InstanceID="xmp.iid:41B378D05E1B11E49C57A8168DA29114" xmp
:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:9C31A19B262068118083877674277294" stRef:d
ocumentID="xmp.did:91EE891032BA11E098A1F97534BCF3A8"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>....Adobe.d.......................................................
......................................................................
....................,.................................................
..........................................!..1.Aa".Q2..q...$.Bb..#.U..
RCs..%V........................!.1AQ".2..aq.....Bb..#.............?../
@[email protected][email protected][email protected].#.:}.2..G...=..,_r.O.U
F..~.....v<.[k....Z.r>......I=..}.....].D;.....z.|&....."SXX..;m
.........h.q^K.........=.'..i.E^..ub.....YmH.Kz...!....Z..Q.....-$
<<< skipped >>>

GET /images/mfc/v3/icons/specialoccasions.gif HTTP/1.1