SearchProtectToolbar_pcap_8b45af316f

by malwarelabrobot on February 17th, 2015 in Malware Descriptions.

SearchProtectToolbar_pcap.YR, mzpefinder_pcap_file.YR, SearchProtectToolbar.YR (Lavasoft MAS)
Behaviour: Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 8b45af316faedd96c9e8e3c387f017d5
SHA1: e19acb36938b40f5ad885ade4b2fbd4cc25d1984
SHA256: be28347541abe7f8a3ba0a39cd4776e48269723207a8095da3d11336852bb442
SSDeep: 12288:StTDMCWQqGG9NsH6s591LVRji68DYQ/JGqWVQwIuNRgblC:SVzzG9Gv5Hm681jWV k
Size: 589016 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:41
Analyzed on: Windows7Ada SP1 64-bit


Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Malware creates the following process(es):

cmdshell.exe:3244
BaofengUpdate.exe:3540
BaofengUpdate.exe:3968
ttv.exe:2108
ild_omiga-plus.exe:1688
wpm_v20.0.0.1714_0204.exe:3280
%original file name%.exe:2868
XTab_v4.0.exe:3704
ReversePageSetup.exe:2832
ProtectWindowsManager.exe:2492
ProtectWindowsManager.exe:2660
ProtectService.exe:3268
ProtectService.exe:676
powershell.exe:3580
powershell.exe:676
powershell.exe:3288
HPNotify.exe:1112
STab_Down_6.0.6.8.exe:3412
CrashReport_v6.2.7601.963.exe:3392

The Malware injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process cmdshell.exe:3244 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\XTab\HPNotify.exe (675 bytes)

The process BaofengUpdate.exe:3540 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\module\search.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\js.js (660 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\vi\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\style.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\quick_start.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\index.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\en\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\BFVUpdateM.dll (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\fr-LU\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\googlelogo.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\google_trends.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\pt-BR\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\defaults\preferences\fvd.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\quick_start.xul (1 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\settings.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\fr-CH\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\ru\locale.properties (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\include\speed_dial.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\fr-CA\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\pl\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\ru-MO\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\simple.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\lib\jquery-2.1.0.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\addonmanager.js (531 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\newtab.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\module\hotSearch.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\fr-BE\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\logo.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\module\mostgrid.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\default_logo.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\it-CH\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\tr\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome.manifest (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\defaults\preferences\preferences.js (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\fr\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\last_tab.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\include\tools\popup_image_helper.js (693 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (480 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\zh-CN\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\include\tools\about_blank_hook.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\lib\jquery.autocomplete.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\pack\common.js (10 bytes)
%Program Files% (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml (553 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (1 bytes)
C:\Users\Public\Desktop\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\es-419\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\install.rdf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\74C3.tmp (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\restoreprefs.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\include\tools\urlrequestor.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\pack\ga.js (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\74B2.tmp (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\en-US\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\aes.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\zh-TW\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\module\stat.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\properties.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\es\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\loading.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\icon.png (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\pack\xagainit.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\it\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\74E3.tmp (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\include\tools\misc.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\misc.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\74E4.tmp (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\remoterequest.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\lib\doT.min.js (3 bytes)

The process BaofengUpdate.exe:3968 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\wpm_v20.0.0.1714_0204.exe (974 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\WebDataJs (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\STab_Down_6.0.6.8.exe (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\RegWrite.exe (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\376.db (338 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\CrashReport_v6.2.7601.963.exe (430 bytes)

The process ttv.exe:2108 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept0.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\TornTVApp[1].exe (50000 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Torntv Downloader.lnk (982 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\decline.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\complist.txt (493 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\back_dis.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\Torntv Downloader.lnk (974 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept2.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\cdi[1].htm (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\back.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\NSISdl.dll (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\close.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\ild_omiga-plus.exe (24067 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\TornTV.com\uninst.exe (2071 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\load_2.bmp (626 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\trninj.txt (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\inetc3.dll (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\skip.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\nsProcess.dll (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept3.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\getGFGCountry8 (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\gCD (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\box.bmp (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\1clogo.bmp (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\pingcln[1].htm (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\ReversePageSetup.exe (41313 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\bmidt.txt (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\x.bmp (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\gc1 (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\brcdt.txt (432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\Uninstall.lnk (883 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\nsDialogs.dll (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept1.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF21.tmp (53703 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\TornTV.com\TornTV.exe (52816 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept_disabled.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\dAg (161 bytes)

The process ild_omiga-plus.exe:1688 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\STab_Down_6.0.6.8.exe (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\BFVUpdateM.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\wpm_v20.0.0.1714_0204.exe (16424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\loading_light.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code2.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code4.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\lpd#4.3.0.xpi (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\1.zip (47039 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\bg.png (5064 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\RegWrite.exe (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\376.db (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\conf (83 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\376.json (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\Thumbs.db (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\scrollbar.bmp (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\BaofengUpdate.exe (2461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\Thumbs.db (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\2.zip (24656 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\1[1].zip (208299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\UninstallManager.exe (60186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code6.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code5.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\DataBase (26688 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\2[1].zip (88603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\ffsearch_toolbar!1.0.0.1027.xpi (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\CrashReport_v6.2.7601.963.exe (15168 bytes)

The process wpm_v20.0.0.1714_0204.exe:3280 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (3560 bytes)

The process %original file name%.exe:2868 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Runner4.exe (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ttv.sdb (682 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\StdUtils.dll (38 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ttv.exe (19600 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Runner2.exe (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\nsProcess.dll (12 bytes)

The process XTab_v4.0.exe:3704 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\XTab\web\img\googlelogo.png (7 bytes)
%Program Files% (x86)\XTab\web\js\ie8.js (156 bytes)
%Program Files% (x86)\XTab\skin\btn.png (2 bytes)
%Program Files% (x86)\XTab\install.data (68 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-CN\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\en-US\messages.json (3 bytes)
%Program Files% (x86)\XTab\HPNotify.exe (18027 bytes)
%Program Files% (x86)\XTab\conf (1594 bytes)
%Program Files% (x86)\XTab\web\img\loading.gif (5 bytes)
%Program Files% (x86)\XTab\BrowerWatchFF.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\es-419\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\indexIE8.html (1816 bytes)
%Program Files% (x86)\XTab\web\js\library.js (4216 bytes)
%Program Files% (x86)\XTab\web\_locales\pt\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\img\arrow.png (259 bytes)
%Program Files% (x86)\XTab\web\ver.txt (5 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-BE\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\input_bk.png (2 bytes)
%Program Files% (x86)\XTab\web\_locales\pl\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\it-IT\messages.json (4 bytes)
%Program Files% (x86)\XTab\skin\conf_back.png (1623 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CA\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\img\weather\0.png (1 bytes)
%Program Files% (x86)\XTab\skin\btn_apply.png (6 bytes)
%Program Files% (x86)\XTab\skin\conf.xml (8 bytes)
%Program Files% (x86)\XTab\CmdShell.exe (1681 bytes)
%Program Files% (x86)\XTab\web\indexIE.html (1 bytes)
%Program Files% (x86)\XTab\web\_locales\ru-MO\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\js\xagainit-ie8.js (3 bytes)
%Program Files% (x86)\XTab\skin\about_bk.png (1436 bytes)
%Program Files% (x86)\XTab\web\_locales\es-ES\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\main.xml (4 bytes)
%Program Files% (x86)\XTab\web\img\default_add_logo_hover.png (1 bytes)
%Program Files% (x86)\XTab\BrowserAction.dll (33992 bytes)
%Program Files% (x86)\XTab\skin\radio_2.png (3 bytes)
%Program Files% (x86)\XTab\msvcr110.dll (22156 bytes)
%Program Files% (x86)\XTab\searchProvider.xml (8 bytes)
%Program Files% (x86)\XTab\web\_locales\it-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\ProtectService.exe (5471 bytes)
%Program Files% (x86)\XTab\web\js\js.js (18 bytes)
%Program Files% (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi (14 bytes)
%Program Files% (x86)\XTab\web\img\default_add_logo.png (1 bytes)
%Program Files% (x86)\XTab\skin\logo.png (5 bytes)
%Program Files% (x86)\XTab\web\js\xagainit2.0.js (3 bytes)
%Program Files% (x86)\XTab\web\js\xagainit.js (3 bytes)
%Program Files% (x86)\XTab\web\img\googlelogo2.png (1526 bytes)
%Program Files% (x86)\XTab\web\main.css (19 bytes)
%Program Files% (x86)\XTab\web\_locales\vi-VI\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\_locales\ru\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\img\icon48.png (3 bytes)
%Program Files% (x86)\XTab\skin\close.png (3 bytes)
%Program Files% (x86)\XTab\web\data.html (20 bytes)
%Program Files% (x86)\XTab\web\js\jquery-1.11.0.min.js (4726 bytes)
%Program Files% (x86)\XTab\web\img\logo32.ico (4 bytes)
%Program Files% (x86)\XTab\web\img\icon128.png (9 bytes)
%Program Files% (x86)\XTab\web\js\jquery.autocomplete.js (12 bytes)
%Program Files% (x86)\XTab\uninstall.exe (1343 bytes)
%Program Files% (x86)\XTab\skin\about.png (4 bytes)
%Program Files% (x86)\XTab\BrowerWatchCH.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-FR\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\img\icon16.png (628 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\settings.png (5 bytes)
%Program Files% (x86)\XTab\web\img\default_logo.png (5 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-LU\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\js\ga.js (1568 bytes)
%Program Files% (x86)\XTab\web\js\common.js (2 bytes)
%Program Files% (x86)\XTab\web\_locales\tr-TR\messages.json (4 bytes)
%Program Files% (x86)\XTab\SupTab.dll (6812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfC68A.tmp\System.dll (23 bytes)
%Program Files% (x86)\XTab\IeWatchDog.dll (20 bytes)
%Program Files% (x86)\XTab\web\_locales\pt-BR\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\img\google_trends.png (7 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-TW\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\rigth_arrow.png (2 bytes)
%Program Files% (x86)\XTab\msvcp110.dll (17526 bytes)
%Program Files% (x86)\XTab\skin\radio_1.png (3 bytes)

The process ReversePageSetup.exe:2832 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\WmiInspector.dll (3137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ilg (303164 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\nsJSON.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Reverse Page\tlg (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Reverse Page\lm (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\UserInfo.dll (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Reverse Page\ReversePage.mg.exe (7715 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\NSISEncrypt.dll (3412 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Reverse Page\mj (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\ExecDos.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\IpConfig.dll (4254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\System.dll (23 bytes)

The process ProtectWindowsManager.exe:2660 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\WindowsMangerProtect\update\conf (5 bytes)

The process ProtectService.exe:3268 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\ProgramData\IHProtectUpDate\update\conf (5 bytes)
%Program Files% (x86)\XTab\CmdShell.exe (49 bytes)

The process powershell.exe:3580 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8NW3XEZL87PL4N08F018.temp (196 bytes)

The process powershell.exe:676 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IVXIV1O9GE5U4WPR4EMY.temp (196 bytes)

The process powershell.exe:3288 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\78249WZGJQ9WG23L79D2.temp (196 bytes)

The process HPNotify.exe:1112 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\XTab\conf (1480 bytes)
%Program Files% (x86)\XTab\BrowerWatchFF.dll (24 bytes)
%Program Files% (x86)\XTab\BrowerWatchCH.dll (24 bytes)
%Program Files% (x86)\XTab\IeWatchDog.dll (24 bytes)
%Program Files% (x86)\XTab\BrowserAction.dll (49 bytes)

The process STab_Down_6.0.6.8.exe:3412 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\XTab_v4.0.exe (22248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\XTab_4.0.2.1716[1].exe (175964 bytes)

The process CrashReport_v6.2.7601.963.exe:3392 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\ca-pub-7019091094896260[1].js (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E5F99F8CA677C9C5793DF9906EE2DCB6_EA678D98129239B94A42ABA094C5C065 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\13174141385181-t222x111[1].jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\14162546390325-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\plusone[1].js (23183 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\13182151587263-t222x111[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D1F03728133589A90656A87E482B21F (1164 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_E0C5D917E8D475E602CA318326AD4367 (1432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WNIYYHNK.txt (209 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\teE39sffXW8[1].png (348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\ads[1].htm (130 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\logo-nzn[1].htm (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\geral-201309170947[1].js (30100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\beacon[1].gif (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\cb=gapi[3].js (50797 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\tp=GDDP[1].gif (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\temp_tage_file_snap.txt (239 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\13174010733176-t222x111[1].jpg (973 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\34396475[1].jpg (1300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\34396475[1].jpg (1237 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\f[5].txt (27929 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\sd[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\br_nzn_baixaki_redir_970x200_5adsx4[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\samsung-serie-8-un85hu8500g-led-plana-85-polegadas_200x200-PU93f0b_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\smartphone-samsung-galaxy-young-2-sm-g130-desbloqueado_200x200-PU92206_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\ad[1].gif (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\59Y0XIZ7.txt (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\colli-dupla-suspensao-18-aro-26_200x200-PU56929_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\samsung-serie-8-un85hu8500g-led-plana-85-polegadas_200x200-PU93f0b_1[2].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\border_3[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\sony-playstation-3-super-slim-250-gb_200x200-PU6d2de_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\batman-arkham-city-game-of-the-year-xbox-360-dvd_200x200-PU60d1c_1[1].jpg (1539 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\EngagementTracker[1].js (15833 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\colli-dupla-suspensao-18-aro-26_200x200-PU56929_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\1081796830-postmessagerelay[1].js (3519 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\api[1].js (6337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\core_rpc_shindig.random_shindig.sha1[1].js (43685 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\postmessageRelay[1].htm (616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\14113141914084-t222x111[1].jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\13154010751871-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\v12-20140904[1].css (34159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\multilaser-one-p3213_200x200-PU7a9a2_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\49514950C94E8026A2B06312597DFF49_F4692EBD578D04048E176E82BB8369BB (1360 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_7E2EB9BE5DF1000A0259A54212823269 (1432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\15220157894001[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\dc[1].js (25818 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\smartphone-sony-xperia-m2-aqua-d2403-desbloqueado_200x200-PU938d5_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\baixaki-970x200-v3[1].css (25257 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\ads[3].htm (12032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\batman-arkham-origins-xbox-360-dvd_200x200-PU7cac8_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\s[1].htm (143 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\skullcandy-lowrider_200x200-PU32da5_1[1].jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\lg-42lb5800-led-plana-42-polegadas_200x200-PU8ec48_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\bubbleDropB_3[1].png (117 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\P2VKJK85.txt (581 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0D6ED27B76F0582A8D2120DF24D1E180_6D67D1E0E4036DF8A4093F1E3164563C (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\badge[1].htm (7407 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 (3372 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\adfscript[1].js (117 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9NFM038F.txt (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\uolbig[2].png (3667 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\req[1].js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D (2568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\bubbleSprite_3[1].png (318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\cb=gapi[1].js (144453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\dUp7KUSc4BP[1].js (239457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\lg-42lb5800-led-plana-42-polegadas_200x200-PU8ec48_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\cb=gapi[1].js (33362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\container[1].htm (381 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\13175143861206-t222x111[1].jpg (276 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\f[1].txt (100080 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\ct[1].js (879 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\www-subscribe-embed-vfl_1m0to[1].css (17350 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\tectoy-p-4200_200x200-PU92573_1[2].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\14181700895757-t100x100[1].jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\bxklogowhite[1].png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\usr[1].js (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\10428031_1488501004743557_4035099531574139235_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\req[1].js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\tv-led-47-smart-tv-lg-cinema-3d-3-hdmi-47lb7050-photo29126535-7-25-35[1].jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_536F38716B4262025EAB04ABEE364EBB (2590 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_E0C5D917E8D475E602CA318326AD4367 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\13174113586180-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\tectoy-p-4200_200x200-PU92573_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\DU1Ia251o0y[1].htm (3181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\Adform.RMB[1].js (52774 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_536F38716B4262025EAB04ABEE364EBB (926 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\EHPCOOZN.txt (88 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\b[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7244230F57E689B1486DC70978E234BE_D6A1274B2254D1D71A7CEBC37E718FAD (1416 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2PP3FQC4.txt (71 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot (4286 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\Adform.Bootstrap[1].js (8849 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\2568[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\DRT4YCWO\googleads.g.doubleclick[1].xml (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_7DCDC9B86C5DA37FEB2732F7D1A586E5 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\zrt_lookup[1].htm (1406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\10941422_1603748019858908_5153882750002538320_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\jquery-1.10.2.min[1].js (62266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\adfserve[1].js (5041 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\pixel[1].htm (199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\13164117027081[1].jpg (9680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\rs=AGLTcCNa6HF5McJpnLoKfF8V_HFNxB-E_Q[1].js (88174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\uolbig[1].png (4698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\rta[1].js (163 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\subscribe_embed[1].htm (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\ads[2].htm (5002 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\subscribe_embed[1].htm (387 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\rs=AGLTcCN_ffnhJwljR7QYNFadR9tsMfeiSw[2].js (3145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\14155921387307-t222x111[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\skullcandy-lowrider_200x200-PU32da5_1[1].jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\X8O6J1UL.txt (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\243876176599B58BACB1BDDE5842175A (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\login_button[1].htm (3307 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\4BOC62A8.txt (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_CD73118ADBF2FB54465E799E511D8DF4 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\cb=gapi[1].js (21982 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7B3D1XDI.txt (367 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\smartphone-samsung-galaxy-young-2-sm-g130-desbloqueado_200x200-PU92206_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\aoc-e2060vwt-led-19-5-polegadas_200x200-PU922c4_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35C21096DDABA77AE4D988E68D76D867_1F44ADB9468521D38A9AE7D9F08FD55B (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\1499539_767960309952502_26315973551761358_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\16006432992429916137[1].jpg (3484 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\13175556396214-t222x111[1].jpg (1578 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\f[1].txt (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\f[1].txt (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FCD2CC3451EF5F3DB8D4B7DD511B2F77_64FBBF7EBC3C3336620E795DDC157490 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6C4UEYVQ.txt (313 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\13174210386182-t222x111[1].jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\13182326342264-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\dantes-inferno-xbox-360-dvd_200x200-PU39013_1[1].jpg (1565 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\f[1].txt (9087 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\13192241950335-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_F1D51C5B2AE8FF7A6BB176A8AD14CC25 (1312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\65KAW4KJ.txt (79 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\icon-reply[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\batman-arkham-origins-xbox-360-dvd_200x200-PU7cac8_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FCD2CC3451EF5F3DB8D4B7DD511B2F77_64FBBF7EBC3C3336620E795DDC157490 (1560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\f[2].txt (297 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_7DCDC9B86C5DA37FEB2732F7D1A586E5 (1480 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DYKUEN09.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D (2808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\cb=gapi[1].js (71 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\boot[1].js (3043 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\13192629930341-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\rs=AGLTcCN_ffnhJwljR7QYNFadR9tsMfeiSw[1].js (147470 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\15195944615002[1].jpg (2108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\samsung-lt24d310-led-24-0-polegadas_200x200-PU92088_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\sony-playstation-3-super-slim-250-gb_200x200-PU6d2de_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\D1HNAB2E.txt (260 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\b1[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\DU1Ia251o0y[2].htm (3421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\multilaser-p3214_200x200-PU7d9ea_1[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\multilaser-p3214_200x200-PU7d9ea_1[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\10351399_732629260133160_7838800426852444414_n[1].png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\q48e3OS1ir7[1].js (150772 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\photo[1].png (2186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\dc634773cd47817b[1].js (16817 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\logo-rex-white[1].png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\postmessageRelay[1].htm (616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\14133415261218-t222x111[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\loading[1].gif (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\tv-led-47-smart-tv-lg-cinema-3d-3-hdmi-47lb7050-photo29126535-7-25-35[1].jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0IXB13VG.txt (296 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FS46GHPS.txt (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\791981695816463102[1].jpg (7263 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (2870 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\batman-arkham-city-game-of-the-year-xbox-360-dvd_200x200-PU60d1c_1[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 (984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\10922842_483900255084599_4257958379412702112_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\O2MDXVFX.txt (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\yet_another_cleaner_bxk[1].exe (869 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\13174354391195-t222x111[1].jpg (1198 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\rex[1].htm (1035 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BSUZ3IIJ.txt (96 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\52K00BH5.txt (733 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\doodle-rex[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\rex-default[1].png (1160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\kZt1ORfyc-V3C9VmeWM_Laj0UcuN02K-WUcryq-hFWs[1].js (3967 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82414F9D7AB8999991FFEB2BC378A4EB_024E96258E41C9E7E84DEC1F63616DFD (2926 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\58TNLT5V.txt (593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\ads[1].htm (12266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\18A0FVK4.txt (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\GooglePlusSignIn[1].htm (62 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\ads[1].htm (10890 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35C21096DDABA77AE4D988E68D76D867_1F44ADB9468521D38A9AE7D9F08FD55B (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\13191426569319-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\www-subscribe-embed-card-vfl5g8Fkv[1].css (2127 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\cb=gapi[3].js (5520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\rs=AGLTcCN_ffnhJwljR7QYNFadR9tsMfeiSw[1].js (26811 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_7E2EB9BE5DF1000A0259A54212823269 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\uolbig[2].png (4666 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D1F03728133589A90656A87E482B21F (3242 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\kingston-ssdnow-v300-sv300s37a-120-gb-interno_200x200-PU733c4_1[2].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FK0IMU3U.txt (400 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\6909852[1].gif (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (2380 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E5F99F8CA677C9C5793DF9906EE2DCB6_EA678D98129239B94A42ABA094C5C065 (1488 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\www-hitchhiker-vflDkjvEN[1].png (20967 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\14164751962337-t474x237[1].jpg (2888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\H96Y8U7D.txt (226 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\edifier-r2700-128w-rms_200x200-PU77db1_1[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\logo-nzn[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\700241160990608663[1].jpg (4084 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_F663F250E172D75637EE387588AB955D (1488 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\YJHF04D2.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\samsung-galaxy-tab-3-lite-7-0-sm-t110-wi-fi-8-gb_200x200-PU8d50b_1[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\49514950C94E8026A2B06312597DFF49_F4692EBD578D04048E176E82BB8369BB (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6YVWRXQA.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\dantes-inferno-xbox-360-dvd_200x200-PU39013_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\kingston-ssdnow-v300-sv300s37a-120-gb-interno_200x200-PU733c4_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82414F9D7AB8999991FFEB2BC378A4EB_024E96258E41C9E7E84DEC1F63616DFD (942 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\photo[1].jpg (2391 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\f[2].txt (27063 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\gplus-dd4b38-20[1].png (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\10292469_1530369137250615_3206636263686630584_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\x_button_blue2[1].png (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\cb=gapi[2].js (17102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\13152816858826[1].jpg (5587 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\samsung-galaxy-tab-3-lite-7-0-sm-t110-wi-fi-8-gb_200x200-PU8d50b_1[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\like_box[1].htm (4932 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\aep-full-11.2.1.min[1].js (28163 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TOL7RIQC.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_F1D51C5B2AE8FF7A6BB176A8AD14CC25 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\signin[1].htm (6379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\LVx-xkvaJ0b[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\000000_new_ico[1].gif (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\border_3[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (942 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\__utm[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_CD73118ADBF2FB54465E799E511D8DF4 (1432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BYWF7VTC.txt (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\unload[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\br_nzn_baixaki_redir_970x200_5adsx4-1.0.5.min[1].js (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\iqVGY7gYXlg[1].gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0UMS6Y44.txt (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\14161108993313-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\bxklogo[1].png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FFGDY4J1.txt (79 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\f[3].txt (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\AGL2Q5BI.txt (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0D6ED27B76F0582A8D2120DF24D1E180_6D67D1E0E4036DF8A4093F1E3164563C (1448 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_9E706C5FABDFA9B4009CD1C9BCAA0D86 (2590 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\rs=AGLTcCN7-UH8ZkbWEEO0yrEIHoLl8NTQOg[1].css (90488 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7244230F57E689B1486DC70978E234BE_D6A1274B2254D1D71A7CEBC37E718FAD (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\887FDFEF9DC62EF73EB288690D5944B1_69D8D47AB1AD575C0CF624C7D137AD1B (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\1GAFGNCT.txt (871 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\uolbig[1].png (4286 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\55HK7XUM.txt (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\dwnld109843[1].htm (3242 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\2OV5E1OA\www.facebook[1].xml (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\activeview[1].gif (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\f[4].txt (12967 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\13174246578188-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\pubads_impl_56[1].js (65761 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\13170147267117[1].jpg (7632 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\4[1].json (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\243876176599B58BACB1BDDE5842175A (412 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\f[3].txt (86443 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\13182738923272-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\multilaser-one-p3213_200x200-PU7a9a2_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_F663F250E172D75637EE387588AB955D (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\css[1].css (186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0NVSE8XA.txt (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\client_plusone[1].js (27185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\spacer[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\google-logo[1].png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\_sprites20130903[1].png (3920 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\www-subscribe-embed[1].js (27348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\yet_another_cleaner_bxk[2].exe (996260 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7BZV8TY5.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\samsung-lt24d310-led-24-0-polegadas_200x200-PU92088_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\smartphone-sony-xperia-m2-aqua-d2403-desbloqueado_200x200-PU938d5_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\f[2].txt (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\css[2].css (186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WVIN7FN4.txt (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\www-subscribe-embed-card[1].js (6649 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\887FDFEF9DC62EF73EB288690D5944B1_69D8D47AB1AD575C0CF624C7D137AD1B (1952 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\jquery.min[1].js (51506 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\edifier-r2700-128w-rms_200x200-PU77db1_1[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\tm13767[1].js (6072 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\f[2].txt (26633 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\aoc-e2060vwt-led-19-5-polegadas_200x200-PU922c4_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\all[1].js (89904 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\cb=gapi[2].js (83733 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VNJNF0DD.txt (296 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_9E706C5FABDFA9B4009CD1C9BCAA0D86 (926 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\bubbleDropR_3[1].png (116 bytes)

Registry activity

The process cmdshell.exe:3244 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "CF 5D 08 04 D2 49 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4A 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "57 89 BB 09 D2 49 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "57 89 BB 09 D2 49 D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process BaofengUpdate.exe:3540 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Mozilla\Extends]
"AppID" = "[email protected]"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Search Page" = "http://www.istartsurf.com/web/?type=ds&ts=1424081939&from=ild&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.istartsurf.com/web/?type=ds&ts=1424081939&from=ild&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Search_URL" = "http://www.istartsurf.com/web/?type=ds&ts=1424081939&from=ild&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E\@""%systemroot%\system32\windowspowershell\v1.0]
"powershell.exe"",-111" = "Performs object-based (command-line) functions"

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E\@""%windir%\System32]
"ie4uinit.exe"",-738" = "Start Internet Explorer without ActiveX controls or browser extensions."

[HKLM\SOFTWARE\Wow6432Node\omiga-plusSoftware\omiga-plushp]
"Time" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName" = "istartsurf"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.istartsurf.com/web/?type=ds&ts=1424081939&from=ild&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKCU\Software\Mozilla\Extends]
"UID" = "267123711_198339_B48A115F"

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page" = "http://www.istartsurf.com/?type=hp&ts=1424081939&from=ild&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = "http://www.istartsurf.com/web/?type=ds&ts=1424081939&from=ild&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL" = "http://www.istartsurf.com/?type=hp&ts=1424081939&from=ild&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command]
"(Default)" = "%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe http://www.istartsurf.com/?type=sc&ts=1424081939&from=ild&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1424081939&from=ild&uid=267123711_198339_B48A115F"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
"(Default)" = "%Program Files% (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1424081939&from=ild&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1424081939&from=ild&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Wow6432Node\omiga-plusSoftware\omiga-plushp]
"oem" = "ild"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.istartsurf.com/?type=hp&ts=1424081939&from=ild&uid=267123711_198339_B48A115F"
"Search Page" = "http://www.istartsurf.com/web/?type=ds&ts=1424081939&from=ild&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.istartsurf.com/?type=hp&ts=1424081939&from=ild&uid=267123711_198339_B48A115F"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://www.istartsurf.com/web/?type=ds&ts=1424081939&from=ild&uid=267123711_198339_B48A115F&q={searchTerms}"
"DisplayName" = "istartsurf"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.istartsurf.com/?type=hp&ts=1424081939&from=ild&uid=267123711_198339_B48A115F"

[HKCU\Software\Mozilla\Extends]
"ptid" = "ild"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.istartsurf.com/?type=hp&ts=1424081939&from=ild&uid=267123711_198339_B48A115F"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName" = "istartsurf"

[HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]"

The process BaofengUpdate.exe:3968 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process ttv.exe:2108 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}]
"id0" = "16022015"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\1ClickDownload]
"LastInstall0" = "30427601"
"LastInstall3" = "30427601"
"LastInstall2" = "30427601"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "40 ED A5 E9 D1 49 D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\TornTV.com\uninst.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\7711c0f3\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\7711c0f3\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\nsProcess.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\376.json, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\376.db, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\CrashReport_v6.2.7601.963.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\RegWrite.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\STab_Down_6.0.6.8.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\wpm_v20.0.0.1714_0204.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\XTab_v4.0.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseÅ”"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload]
"DisplayVersion" = "2.1 Build 26473"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload]
"Publisher" = "TornTV.com"
"DisplayName" = "TornTV"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "40 ED A5 E9 D1 49 D0 01"

[HKLM\SOFTWARE\TornTv Downloader]
"Lib" = "16.02.2015"

[HKCU\Software\1ClickDownload]
"UID" = "302894767"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 42 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}]
"fn2" = "ssc-"
"fn1" = "v6y-"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\1ClickDownload]
"LastInstallY" = "30427601"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}]
"fd1" = "16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "40 ED A5 E9 D1 49 D0 01"

[HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}]
"fd2" = "16"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\TornTv Downloader]
"ir"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process ild_omiga-plus.exe:1688 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "37 1A DA F2 D1 49 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\7711c0f3\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\7711c0f3\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\nsProcess.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\376.json,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 44 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "A3 B6 95 F7 D1 49 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "A3 B6 95 F7 D1 49 D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process wpm_v20.0.0.1714_0204.exe:3280 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 46 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process %original file name%.exe:2868 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\7711c0f3\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\7711c0f3\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\nsProcess.dll,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process XTab_v4.0.exe:3704 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\XTab"

[HKLM\SOFTWARE\Wow6432Node\supTab]
"ptid" = "ild"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"TopResultURL" = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IETR02"
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0]
"(Default)" = "SupTabLib"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURL" = "http://www.bing.com/favicon.ico"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\XTab\SupTab.dll"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
"(Default)" = "IETabPage Class"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32]
"(Default)" = "%Program Files% (x86)\XTab\SupTab.dll"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}]
"(Default)" = "IIETabPage"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\Version]
"(Default)" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName" = "Bing"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"FaviconURL" = "http://www.google.com/favicon.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}"

[HKLM\SOFTWARE\Wow6432Node\SupDp]
"dir" = "%Program Files% (x86)\XTab"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"FaviconURL" = "http://do-search.com//favicon.ico"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}]
"(Default)" = "IIETabPage"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"TopResultURL" = "http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"TopResultURL" = "http://www.istartsurf.com/web/?type=ds&ts=1424081939&from=ild&uid=267123711_198339_B48A115F&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback" = "http://www.bing.com/favicon.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"DisplayName" = "Google"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"DisplayName" = "e"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{E733165D-CBCF-4FDA-883E-ADEF965B476C}.ico"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"

The process ReversePageSetup.exe:2832 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "40 ED A5 E9 D1 49 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 43 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "37 1A DA F2 D1 49 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "37 1A DA F2 D1 49 D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process ProtectWindowsManager.exe:2492 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\services\eventlog\Application\WindowsMangerProtect]
"EventMessageFile" = "C:\ProgramData\WindowsMangerPro㿜ŭ"
"TypesSupported" = "7"

The process ProtectWindowsManager.exe:2660 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 04 00 00 00 09 00 00 00 00 00 00 00"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"AutoConfigURL"
"ProxyServer"

The process ProtectService.exe:3268 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 05 00 00 00 09 00 00 00 00 00 00 00"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"AutoConfigURL"
"ProxyServer"

The process ProtectService.exe:676 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\IHProtect]
"ptid" = "ild"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"

The process powershell.exe:3580 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"

The process powershell.exe:676 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"

The process powershell.exe:3288 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"

The process STab_Down_6.0.6.8.exe:3412 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "A3 B6 95 F7 D1 49 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 47 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "CF 5D 08 04 D2 49 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "CF 5D 08 04 D2 49 D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process CrashReport_v6.2.7601.963.exe:3392 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm]
"fdwSupport" = "1"
"aFormatTagCache" = "01 00 00 00 10 00 00 00 02 00 00 00 32 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"cFormatTags" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4B 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm]
"cFormatTags" = "2"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"cFilterTags" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm]
"cFilterTags" = "0"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Total]
"(Default)" = "91467"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"fdwSupport" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "CF 5D 08 04 D2 49 D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"cFormatTags" = "2"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]
"CrashReport.exe" = "9999"

[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"aFormatTagCache" = "01 00 00 00 10 00 00 00 31 00 00 00 14 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"fdwSupport" = "1"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\doubleclick.net]
"(Default)" = "6"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm]
"aFormatTagCache" = "01 00 00 00 10 00 00 00 11 00 00 00 14 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "4C D3 72 0A D2 49 D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm]
"cFilterTags" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"cFilterTags" = "0"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com]
"(Default)" = "21"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm]
"fdwSupport" = "1"
"cFormatTags" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates\35E540F4D36E94D9005B18DCE27CA2AE8CA0020D]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 35 E5 40 F4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "4C D3 72 0A D2 49 D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"aFormatTagCache" = "01 00 00 00 10 00 00 00 06 00 00 00 12 00 00 00"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates]
"35E540F4D36E94D9005B18DCE27CA2AE8CA0020D"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]
"CrashReport.exe"

Dropped PE files

MD5 File path
a7998c55467d4884cb509e5c4cfdcfa2 c:\Program Files (x86)\XTab\BrowerWatchCH.dll
fbde6af89f9b351243c3f736a48a0543 c:\Program Files (x86)\XTab\BrowerWatchFF.dll
5785680870eff9ba7b4f58c726552013 c:\Program Files (x86)\XTab\BrowserAction.dll
77590ce0cdeb6bbee8dc056fea0b107c c:\Program Files (x86)\XTab\CmdShell.exe
c04d8bc933470b3913e4e3e6c3115793 c:\Program Files (x86)\XTab\HPNotify.exe
a330b7929278b18a33e29bd4bb69abc3 c:\Program Files (x86)\XTab\IeWatchDog.dll
b32a88b91e59bfb553a9bebf78a1e567 c:\Program Files (x86)\XTab\ProtectService.exe
fece5b81614bd16ff043051f338183a0 c:\Program Files (x86)\XTab\SupTab.dll
3e29914113ec4b968ba5eb1f6d194a0a c:\Program Files (x86)\XTab\msvcp110.dll
4ba25d2cbe1587a841dcfb8c8c4a6ea6 c:\Program Files (x86)\XTab\msvcr110.dll
852f4db9b269f52c54f37568d703825e c:\Program Files (x86)\XTab\uninstall.exe
3525b3c9cafced38e0ab2334da7fb449 c:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
3525b3c9cafced38e0ab2334da7fb449 c:\Users\All Users\WindowsMangerProtect\ProtectWindowsManager.exe
b40ad40514725dfb0cc37b3e7d41aab1 c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\yet_another_cleaner_bxk[1].exe
e876e34992e87644578f4e5d59f9d4a0 c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\TornTVApp[1].exe
e50423c905e23a8df146a831218dbeda c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Runner2.exe
e5bc53dd0865324ce2a3417427725885 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Runner4.exe
881390fe5aa2bd7645dd965bb568bef6 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\CrashReport_v6.2.7601.963.exe
01a3e528d2caa830c1b9276159c1a892 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\RegWrite.exe
0a1d8c442bf10ba569bc89cf7dfc3855 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\STab_Down_6.0.6.8.exe
55bae15d523e4fabaa551023703d3fd9 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\XTab_v4.0.exe
3525b3c9cafced38e0ab2334da7fb449 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\wpm_v20.0.0.1714_0204.exe
faa7f034b38e729a983965c04cc70fc1 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\nsProcess.dll
faa7f034b38e729a983965c04cc70fc1 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\nsProcess.dll
87edc8b919eb09a43600fceabf946a6b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\ttv.exe
e876e34992e87644578f4e5d59f9d4a0 c:\Users\"%CurrentUserName%"\AppData\Roaming\TornTV.com\TornTV.exe
504ed721f656e9d4b041c24f30525e94 c:\Users\"%CurrentUserName%"\AppData\Roaming\TornTV.com\uninst.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 22738 23040 4.45908 c69726ed422d3dcfdec9731986daa752
.rdata 28672 4496 4608 3.59034 a2c7710fa66fcbb43c7ef0ab9eea5e9a
.data 36864 110456 1024 3.20082 e59cdcb732e4bfbc84cc61dd68354f78
.ndata 147456 49152 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 196608 27736 28160 3.67123 80562bb898806f1e87b73fc6e4e3d595

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://bringsomedata.com/rs.php?p=torntv 54.246.89.43
hxxp://torntvz.net/pingcln.php?partner=extra&product=TornTV&build=18_4 54.228.243.236
hxxp://data.infopackinst.com/cdi.asp?st=-1&uid=302894767&tuid=3090520&sref=TTV_18-4N_extra&vmdt=|vm|pm|pm4|&bld=18IJ&cnt=ua 176.34.177.58
hxxp://data.infopackinst.com/cdi.asp?st=bf&uid=302894767&tuid=3090520&sref=TTV_18-4N_0_ie_extra&bundles=TTV:1|IMI:|V6Y:1|SSC:1|WEX:|CLX:|PMD:1&bld=18IJ&cnt=ua 176.34.177.58
hxxp://blob.dm2prdstr01a.store.core.windows.net/packs/TornTVApp.exe
hxxp://a1123.d.akamai.net/sd?is=fm
hxxp://reversepage.com/mg?alpha=GywvMnlKPjccAAVAABh2JGVtIXxFPysOOWAgeDYwXz4mNBwfB3pSVE5jMjErNThcEgYGWTQwSBouCB8eA3EiRAZoWGQrCjxxTD5eFCpZSigAZCRjJQ0pek55bV8tcGUdYHMkfE5NL0QXGXMzNChHOipnBRtaQTAtXmlzODJWOBd3XmNzPCN/Sno8NyZiKlNeCVMyKWkhCD8nCHRuVHguNhB8NQMJKHQnMg==
hxxp://reversepage.com/mg?alpha=GywvMnkiGmURTysUABh2Gmh8P3kbai1DeGhBX3ITaH5uJwlOIzJAYWgfLjxZMTM3EQweLzcxTg5YDWhvCCQVPwxjezN9cksKQzZrVi9y
hxxp://reversepage.com/mg?alpha=ISU/MA86P14ydWMdEBoAHmx9Iwp/JVN8dGt6AA==
hxxp://reversepage.com/fp?alpha=KxoYLm4nXEwTJBNfNwRhKl5LI24rRg5fLwwbTDE6bA8BaX09MRVZBSoqBl5KdBEeDhJYcXJaXUYBQQMOJ1ISJx0wbltHYQg1CCstFEM6TQ90BwN6Lz8eUFBmWHwabnIkSEElaX9jHlEJK10BKCJ0ChhzEyhtfiwoKh1Jcno4HSdwFSNlHWMqL1sLLStTTn5GPXlUGW87bw9FW35dfApodzBJTShseXYfDRAtWhQvNmcNHmtEenwieDplQUQSIHEaOndQVXwPYTAkGVJ0bA5PLVAQDXIILXBpEk9Sb1x0HGxwOxoHZGYZP0YMX24bFFxqIVlDL0dpAjovJTQYTnBCOAohd0xIal00GX4yCy0mXxNnMnFtAx53Lz8WSlVzWgEebnUkSkdOGgoSGVgMGkAdRQ==
hxxp://reversepage.com/ii?alpha=KxoYLm4ePDkDel8mNwRhKl5LI24rRhQGYwspDD8reUZSaSs+a3oNRnwaR30vF11KLgRyKiNuVWMRS3J5K1FkLAZEHkQyb3hADistDlljAT0GUEM3c3laHEQtCnkbaXFfSTJNaGNlbVhzNFxyWU5qBGwNGzYafylZQR08ewpdSWQ4RQMVWSQud0QOKj5JGmxebW8YHngwOx9NRDoIImguLSASEXArIjlaDRZ9DVJafShqEHoSNWxoJS43HFdzfitNZThPEEcmbTt3I209ZBReJwA5ZGFHIWZiWA5OfltwBz4raV0bey0rJBUlWXoaW2tgIUgNHEt1OClrbycbWRI6cRkxbVscRwRjNGo4Hjt9AlgtGTM3FhRvNCMeU1VoXXUKLydvDR1rPm4mSQtbOVIUKSF3GkI4TnoyISFZaUsVKzt2X3xLRhxcD2Z4GQJfb24UA3geKmQCCCEwfRIERD8beRNsbixLRi42L2sYWAosWA4tOX0Ob3EQK2ZyKTpjWEQUBWkeJnsEVX4ndTk4Ex5NYhVeKxEweWUOHEFeZl0mNx4vChgnaxIXbX0rOEtVAT8SCSlDd0BuIhxG
hxxp://reversepage.com/if?alpha=LhdgLTk7PERrYzQzTwc2L1MzIDkuS2wFNA4kdDx8fEsqanw7ZgIOEXkXP354ElAyLVN3J1ttAmYcM3EuLlwcL1FBEzwxOH1Ndih6C1QbAmoDXTs0JHxXZEd6D3RjaiZaREpOP2ZoFVskMVEKWhlvCRQOTDMXByoORBBEeF1YRBw7GhMYQWlqIxcPdjUWbE8fZw9MPzg2YARoFzRbbyRiJyhHOSU8eXVhXUksUn4taHIXMS0TXCNRIiJnWXEtcGkXCnkaFmdgbllySnY2bEweFEM7cgpgeWc5BGIEZiQmMWJAS1BjeHgyKzVWMHULKHQvMR11fkEzM1drbW1SdyRtJj9Ffg0fVn1ne28sL3Y4DVBVUzx8ayQjM21RdghmBig+f1s4VnpufjgyPwVHJkV6NWlsBmN4RD4iW209a0JkYW96EUc9RVAUPDEpIAgqeTIFGmMdbDBSJSR1IHdrCH0NLXIMYXkCaXglbTUmVlM6C35rZTsXND5IJ2ESLnswB2wgIitCFihPShAkOz0NQXQoZlYSABd/YW0bOzR6RylBXyU+My1wOCBleXg+OjxLNDw2D0gRYnU8Ox4+FVtpImFENwVBdjI1Vg==
hxxp://data.infopackinst.com/country.asp?st=ssc&uid=302894767&tuid=3090520&sref=TTV_18-4N_0_ie_extra&bld=18IJ&cnt=ua 176.34.177.58
hxxp://www.girlliuxiaowei.com/home/ild_omiga-plus.exe 208.43.230.100
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action1=xa.geoip&action2=visit&action3=ild.visit.omiga-plus&update1=ref,ild&update2=identifier,installer&update3=version,6.3.76.1518&update4=nation,us&update5=language,en 65.255.35.150
hxxp://www.inisxriy.com/infv3/index/2507/bnd/6.3.76.1518/ed8e7a2c3c3d57fa0799857417cd7bdb 50.23.120.57
hxxp://www.inisxriy.com/files/zip_r3/2507_d98918ad4ee11960d244725a02510abc/1.zip 50.23.120.57
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=ild.dlzip1.omiga-plus.finish,6 65.255.35.150
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.hp 65.255.35.150
hxxp://log.very911.com/install.gif?bundle=istartsurf&ptid=ild&uid=267123711_198339_B48A115F 184.173.191.224
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.ds 65.255.35.150
hxxp://download.dynect.mozilla.net/?product=firefox-34.0.5-complete&os=win&lang=en-US
hxxp://www.google.com/ 173.194.113.210
hxxp://www.google.com.ua/?gfe_rd=cr&ei=FsThVISHE42u8web64DoCQ 173.194.113.216
hxxp://a1284.g.akamai.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.regok 65.255.35.150
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.nt.ff.tab 65.255.35.150
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.finish 65.255.35.150
hxxp://www.inipegcc.com/infv3/index/2507/3rd/6.3.76.1518/67b56c90fe9de8486cb88bd9cca81bcc 50.23.120.56
hxxp://www.inipegcc.com/files/zip_r3/2507_8264f25961fbc8f29354e4754a828cac/2.zip 50.23.120.56
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.wpm 65.255.35.150
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.ient 65.255.35.150
hxxp://www.kmu79.com/inf/geturl/ild?name=yac_baixaki 23.246.221.165
hxxp://www.inifkhjr.com/files/third/2015/01/16/172511/350/XTab_4.0.2.1716.exe 50.23.120.54
hxxp://xa.xingcloud.com/v4/sof-windowspm/?action=visit.heartbeat.wpmvt&update3=version,20.0.0.1714 65.255.35.150
hxxp://xa.xingcloud.com/v4/sof-windowspm/?action=visit.heartbeat.wpmvt 65.255.35.150
hxxp://xa.xingcloud.com/v4/sof-ient/267123711_198339_B48A115F?action0=xa.geoip&action2=visit&update0=ref,ild&update1=nation,us&update2=language,en&update3=version,2.8.8.28&update4=chptid,ild 65.255.35.150
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.CrashReport_v6 65.255.35.150
hxxp://xa.xingcloud.com/v4/sof-ient/267123711_198339_B48A115F?action1=install.ild 65.255.35.150
hxxp://xa.xingcloud.com/v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.RegWrite 65.255.35.150
hxxp://xa.xingcloud.com/v4/sof-windowspm/?action0=xa.geoip&action1=visit&action2=install&update0=ref,wpmvt&update1=nation,us&update2=language,en 65.255.35.150
hxxp://up.soft365.com/Fan/rebirth?uid=267123711_198339_B48A115F&ptid=ild&ver=4.0.1.1716&dname=istartsurf 174.36.247.67
hxxp://xa.xingcloud.com/v4/searchprotect/267123711_198339_B48A115F?action0=xa.geoip&action1=visit&action2=install 65.255.35.150
hxxp://xa.xingcloud.com/v4/searchprotect/267123711_198339_B48A115F?action=visit.heartbeat.ild&update0=ref,ild&update1=nation,us&update2=language,en&update3=version,4.0.1.1716 65.255.35.150
hxxp://a38.w3.akamai.net/site/dwnld109843.htm
hxxp://a38.w3.akamai.net/usuarios/din/prog.asp?cod=109843&versao=6.0.51
hxxp://pagead46.l.doubleclick.net/pagead/show_ads.js
hxxp://googleadapis.l.google.com/css?family=Open Sans:400,700
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.9.1/jquery.min.js
hxxp://a38.w3.akamai.net/inc/v12/geral-201309170947.js
hxxp://a38.w3.akamai.net/inc/v12/v12-20140904.css
hxxp://a38.w3.akamai.net/bxk_v12/bxklogo.png
hxxp://a38.w3.akamai.net/b.gif
hxxp://a38.w3.akamai.net/2014/05/14/14181700895757-t100x100.jpg
hxxp://a1294.w20.akamai.net/c2/8756095/ct.js
hxxp://ibxk.com.br/bxk_v12/logo-nzn.png 107.23.21.160
hxxp://a38.w3.akamai.net/2015/02/13/13170147267117.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=474px:237
hxxp://tag.navdmp.com/tm13767.js 108.168.143.94
hxxp://a38.w3.akamai.net/2015/02/13/13164117027081.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111
hxxp://a38.w3.akamai.net/2015/02/13/13152816858826.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111
hxxp://e3821.dspe1.akamaiedge.net/pt_BR/all.js
hxxp://a38.w3.akamai.net/2015/02/14/14164751962337-t474x237.jpg
hxxp://a38.w3.akamai.net/2015/02/14/14162546390325-t222x111.jpg
hxxp://a38.w3.akamai.net/usuarios/din/GooglePlusSignIn.aspx
hxxp://pagead46.l.doubleclick.net/tag/js/gpt.js
hxxp://a38.w3.akamai.net/2015/02/14/14161108993313-t222x111.jpg
hxxp://pagead46.l.doubleclick.net/pagead/js/r20150210/r20141212/show_ads_impl.js
hxxp://stats.l.doubleclick.net/dc.js
hxxp://www.google.com.ua/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE.eot 173.194.113.216
hxxp://a1294.w20.akamai.net/b?c1=2&c2=8756095&ns__t=1424081964253&ns_c=iso-8859-1&c8=YAC download - Baixaki&c7=http://www.baixaki.com.br/site/dwnld109843.htm&c9=
hxxp://a38.w3.akamai.net/2015/02/14/14155921387307-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/14/14133415261218-t222x111.jpg
hxxp://pagead46.l.doubleclick.net/pagead/html/r20150210/r20141212/zrt_lookup.html
hxxp://a38.w3.akamai.net/2015/02/14/14113141914084-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13154010751871-t222x111.jpg
hxxp://navdmp.com/usr?v=7&acc=13767&upd=1&new=1&wct=1 184.172.27.198
hxxp://a38.w3.akamai.net/2015/02/13/13192629930341-t222x111.jpg
hxxp://pagead46.l.doubleclick.net/gpt/pubads_impl_56.js
hxxp://a38.w3.akamai.net/2015/02/13/13192241950335-t222x111.jpg
hxxp://pagead-googlehosted.l.google.com/safeframe/1-0-1/html/container.html
hxxp://rtax.criteo.com/delivery/rta/rta.js?netId=2028&cookieName=cto_rta&rnd=44384999123&varName=crtg_content 178.250.0.100
hxxp://a38.w3.akamai.net/2015/02/13/13191426569319-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13182738923272-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13182326342264-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13182151587263-t222x111.jpg
hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.6.3dc&utms=1&utmn=1410390823&utmhn=www.baixaki.com.br&utmcs=iso-8859-1&utmsr=1683x901&utmvp=792x554&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=YAC download - Baixaki&utmhid=112016769&utmr=-&utmp=/site/dwnld109843.htm&utmht=1424081964576&utmac=UA-144680-1&utmcc=__utma=248450708.1811958267.1424081965.1424081965.1424081965.1;+__utmz=248450708.1424081965.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~
hxxp://a38.w3.akamai.net/2015/02/13/13175556396214-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13175143861206-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13174010733176-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13174113586180-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13174141385181-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13174210386182-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13174246578188-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/13/13174354391195-t222x111.jpg
hxxp://pagead46.l.doubleclick.net/pagead/osd.js
hxxp://a38.w3.akamai.net/bxk_v12/logo-nzn.png
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=728x15_0ads_al&output=html&h=15&adk=3318342544&w=728&lmt=1424081964&channel=0894689340&alt_color=ffffff&color_bg=FFFFFF&color_border=FFFFFF&color_link=003399&color_text=000000&color_url=006600&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1424081964302&bdt=490&shv=r20150210&cbv=r20141212&saldr=sb&correlator=4023535356706&frm=20&ga_vid=1811958267.1424081965&ga_sid=1424081965&ga_hid=112016769&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=thread-000008b4-id-00000000&dfs=16&adx=32&ady=226&biw=792&bih=554&eid=317150304&oid=3&rx=0&eae=0&fc=24&brdim=4,42,0,0,1683,,800,600,792,554&vis=1&rsz=0|0||d&abl=XS&ppjl=u&fu=1024&bc=1&ifi=2&xpc=n4sAAB5Bsq&p=http://www.baixaki.com.br&dtd=487
hxxp://a38.w3.akamai.net/b1.gif
hxxp://a38.w3.akamai.net/bxk_v12/_sprites20130903.png
hxxp://navdmp.com/req?v=7&upd=1&new=1&id=16281561560&acc=13767&tit=YAC download - Baixaki&utm=248450708.1424081965.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) 184.172.27.198
hxxp://a38.w3.akamai.net/bxk_v12/bxklogowhite.png
hxxp://a38.w3.akamai.net/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
hxxp://a38.w3.akamai.net/loading.gif
hxxp://navdmp.com/req?v=7&upd=1&new=1&id=16281561560&acc=13767&tit=YAC download - Baixaki&utm=248450708.1424081965.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&id=16281561560&acc=13767&tit=YAC download - Baixaki&utm=248450708.1424081965.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) 184.172.27.198
hxxp://code.jquery.netdna-cdn.com/jquery-1.10.2.min.js
hxxp://pagead46.l.doubleclick.net/pagead/000000_new_ico.gif
hxxp://a38.w3.akamai.net/logo-rex-white.png
hxxp://a38.w3.akamai.net/ns/rexposta/layout/rex-default.png?w=220&h=165&mode=crop
hxxp://a1872.g.akamai.net/aep/tag/br/br_nzn_baixaki_redir_970x200_5adsx4.js
hxxp://a38.w3.akamai.net/feeds/1ff5774796573f3285f879ba12fc0d65/bxk-premium-games/home/4/
hxxp://a38.w3.akamai.net/doodle-rex.jpg
hxxp://a38.w3.akamai.net/icon-reply.png
hxxp://pagead46.l.doubleclick.net/pagead/js/r20150210/r20141212/expansion_embed.js
hxxp://a38.w3.akamai.net/rexposta/2015/02/15/15195944615002.jpg?w=220&h=165&mode=crop
hxxp://a38.w3.akamai.net/rexposta/2015/02/15/15220157894001.jpg?w=220&h=165&mode=crop
hxxp://star.c10r.facebook.com/plugins/login_button.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f2dc39e66d61a04&domain=www.baixaki.com.br&origin=http%3A%2F%2Fwww.baixaki.com.br%2Ff345a9391477eea&relation=parent.parent&container_width=0&locale=pt_BR&login_text=Entrar usando Facebook&scope=email,user_birthday,user_about_me,user_activities,user_hometown,user_location,user_interests,publish_stream&sdk=joey&size=medium
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d01bf5b2e7ff11ba
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0c3c4bdcec0f4f0d
hxxp://a749.dsw4.akamai.net/connect/xd_arbiter/DU1Ia251o0y.js?version=41
hxxp://a38.w3.akamai.net/dl/c/cf4e57c3bac15f9fb2508102d4482b60/uolbig.png?1423655848?width=194&height=97
hxxp://a38.w3.akamai.net/dl/f/f16e4752a5583bf08c56d63d94295650/uolbig.png?1423713990?width=194&height=97
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?eb74688e1ecda676
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2df522542230fc24
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?66899ad98b7babe8
hxxp://star.c10r.facebook.com/plugins/like_box.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f8e0d2ecac1abc&domain=www.baixaki.com.br&origin=http%3A%2F%2Fwww.baixaki.com.br%2Ff345a9391477eea&relation=parent.parent&container_width=306&header=false&height=190&href=http://www.facebook.com/baixaki&locale=pt_BR&sdk=joey&show_border=true&show_faces=true&stream=false&width=300
hxxp://a38.w3.akamai.net/dl/2/2797d42805e8b92b976b55313bc9b7f6/uolbig.png?1423728504?width=194&height=97
hxxp://a38.w3.akamai.net/dl/e/e3219d0df1ba54cad5dc95a74904ace4/uolbig.png?1423707463?width=194&height=97
hxxp://a1872.g.akamai.net/dhtml/aep/aep-full-11.2.1.min.js
hxxp://e6845.ce.akamaiedge.net/crls/secureca.crl
hxxp://a1872.g.akamai.net/aep/template/br_nzn_baixaki_redir_970x200_5adsx4-1.0.5.min.js
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs=
hxxp://a1872.g.akamai.net/aep/css/baixaki-970x200-v3.css
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys=
hxxp://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl 64.18.20.10
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg==
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDM203LqIY3d
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCALebVD3Ci3F
hxxp://gs1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo=
hxxp://pagead46.l.doubleclick.net/pagead/js/adsbygoogle.js
hxxp://a1158.b.akamai.net/MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O
hxxp://www.google.com.ua/pub-config/ca-pub-7019091094896260.js 173.194.113.216
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA69BoQh3hT6
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=728x90&output=html&h=90&slotname=2838063472&adk=3718522017&w=728&ea=0&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1424081966441&bpp=17&bdt=156&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=397520784.1424081967&ga_sid=1424081967&ga_hid=938764724&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=24&ady=136&biw=776&bih=554&isw=728&ish=90&ifk=3993913476&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=28,178,0,0,1683,,800,600,728,90&vis=1&rsz=0|0|om|&abl=NS&ppjl=u&fu=4&bc=1&ifi=1&dtd=111
hxxp://www.public-trust.com/CRL/Omniroot2025.crl 64.18.20.10
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1424081966864&bpp=1&bdt=54&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=1261287858.1424081967&ga_sid=1424081967&ga_hid=1984809558&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=109
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDsqJhnahKJA
hxxp://gs1.wac.v2cdn.net/PublicSureServerSV.crl
hxxp://afp.e-planning.net/eb/4/12164/dc634773cd47817b?rnd=0.7241717793267197&fv=11.7&ma=20&n=4f0x1c0&crs=UTF-8&cb=AEP.ads&ccb=AEP.syncCookies
hxxp://pagead46.l.doubleclick.net/simgad/700241160990608663
hxxp://pagead46.l.doubleclick.net/pagead/adview?ai=CugQsLsThVKrjI6H_7QaftYDADo61y94Flu6b9McBwI23ARABIABgpZ6khpgjggEXY2EtcHViLTcwMTkwOTEwOTQ4OTYyNjDIAQmpAs2AMRWJvoE-qAMBmAQAqgSNAU_Q9pP-bBP84TdpTkHgmDwH8MxOob5yhVhzm-tg2csGnmh9PR7NVfcg6LZmz3SMhJPdLR1XbveetueYDl36Qu09a013y2N8BqQ_Tdf20UJMPvlqUQ6V4cSQoDZAenF2GE-KRFKZVOCPIJuV2VZgCWL-H4ISsSuoQU5MO0MAdz0KJG4EZYP8ULu8KX9FuYAGzoHh86ujoLggoAYh2AcA&sigh=2caWVStwP6U&vis=1
hxxp://pagead46.l.doubleclick.net/pagead/js/r20150210/r20110914/abg.js
hxxp://pagead46.l.doubleclick.net/pagead/images/google-logo.png
hxxp://pagead46.l.doubleclick.net/pagead/drt/s?v=r20120211
hxxp://googleadapis.l.google.com/css?family=Open Sans:400,600
hxxp://a1359.sa.akamai.net/console-de-videogame/sony-playstation-3-super-slim-250-gb_200x200-PU6d2de_1.jpg
hxxp://a1359.sa.akamai.net/celular-e-smartphone/smartphone-samsung-galaxy-young-2-sm-g130-desbloqueado_200x200-PU92206_1.jpg
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6Yw==
hxxp://df6du6ip3rmgn.cloudfront.net/images/tv-led-47-smart-tv-lg-cinema-3d-3-hdmi-47lb7050-photo29126535-7-25-35.jpg
hxxp://df6du6ip3rmgn.cloudfront.net/thumbs/1/18/10/34396475.jpg
hxxp://a1359.sa.akamai.net/som-automotivo/multilaser-one-p3213_200x200-PU7a9a2_1.jpg
hxxp://a1359.sa.akamai.net/tv/lg-42lb5800-led-plana-42-polegadas_200x200-PU8ec48_1.jpg
hxxp://a1359.sa.akamai.net/monitor/samsung-lt24d310-led-24-0-polegadas_200x200-PU92088_1.jpg
hxxp://a1359.sa.akamai.net/tv/samsung-serie-8-un85hu8500g-led-plana-85-polegadas_200x200-PU93f0b_1.jpg
hxxp://pagead46.l.doubleclick.net/bg/kZt1ORfyc-V3C9VmeWM_Laj0UcuN02K-WUcryq-hFWs.js
hxxp://a1359.sa.akamai.net/som-automotivo/multilaser-p3214_200x200-PU7d9ea_1.jpg
hxxp://a1359.sa.akamai.net/celular-e-smartphone/smartphone-sony-xperia-m2-aqua-d2403-desbloqueado_200x200-PU938d5_1.jpg
hxxp://a1359.sa.akamai.net/caixa-de-som-para-pc/edifier-r2700-128w-rms_200x200-PU77db1_1.jpg
hxxp://a1359.sa.akamai.net/dvd-player/tectoy-p-4200_200x200-PU92573_1.jpg
hxxp://a1359.sa.akamai.net/bicicleta/colli-dupla-suspensao-18-aro-26_200x200-PU56929_1.jpg
hxxp://a1359.sa.akamai.net/hd/kingston-ssdnow-v300-sv300s37a-120-gb-interno_200x200-PU733c4_1.jpg
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=6752265473&adk=742962455&w=300&ea=0&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1424081968440&bpp=15&bdt=42&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=2102100500.1424081969&ga_sid=1424081969&ga_hid=980917080&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=678&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=1935280145&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=682,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=140
hxxp://a1359.sa.akamai.net/jogos/batman-arkham-origins-xbox-360-dvd_200x200-PU7cac8_1.jpg
hxxp://a1359.sa.akamai.net/monitor/aoc-e2060vwt-led-19-5-polegadas_200x200-PU922c4_1.jpg
hxxp://a1359.sa.akamai.net/fone-de-ouvido-headset/skullcandy-lowrider_200x200-PU32da5_1.jpg
hxxp://a1359.sa.akamai.net/jogos/dantes-inferno-xbox-360-dvd_200x200-PU39013_1.jpg
hxxp://a1359.sa.akamai.net/tablet/samsung-galaxy-tab-3-lite-7-0-sm-t110-wi-fi-8-gb_200x200-PU8d50b_1.jpg
hxxp://a1359.sa.akamai.net/jogos/batman-arkham-city-game-of-the-year-xbox-360-dvd_200x200-PU60d1c_1.jpg
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEHBLv1jEBStiRA+Q66Kydvk=
hxxp://pagead46.l.doubleclick.net/simgad/791981695816463102
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA6iR0vHFpqB
hxxp://pagead46.l.doubleclick.net/xbbe/pixel?d=COmvGBCUmxsYu8XYAw&v=APEucNWv3qQwKXGn9CemT46FcVnBYbOhla7GGDsFVVqUhj-RfQqYaVKMGQGcmrkasDqinvyfcbtISl6-zilKufG5jlb4G65nB2RI1rUS0rDyNoI4XpPsDpQ
hxxp://pagead46.l.doubleclick.net/xbbe/creative/ad?d=APEucNWsK7i9UP5jgsr-97PmfxX_qIvtLp46wF_zUyqrcPja0qcu62p1tn6tPLYtD1rDC0me-nR0XQO4CGgitDeZAL1nEZA09uckbqtnAIyHBKlrSfMDuGbHNSwRpFwTKcs9EhvNO-mP6Fz7DwkfeL2_UJqaleQul43gItsQydm-OicabVCCpVC4dDRCoeoSTmHSOmYzfPyha0Fup7mKSXK2NnnZkiWJFLJxlIvPuXSOhD-D5RVMXNTo5Cd8bIOjYjKZkGkRUVqAd-sLUYagHL5J2fda39MWuhx_m-wXCYrGwoiAoY08d_ezJsCtbdBpw0DY937PNuwdf4A_-zirX63lHsNkoUi4ZhkN1iJyFIQWQznVEQXydILxP0XrgfOg8ZIqYJz-xnoltyZUyDKfsBS03y5LNovaDQ&pr=VOHELgAI8aoK23-hAAAan9WtyDrH28dHbQ3QUA
hxxp://pagead46.l.doubleclick.net/xbbe/beacon?data=APEucNW2KotOYoSKfK0eV7Uz8InsbwbAMVUZZyiZVObxzYA_DVqFWzc4cjfPUZsYRzMFCd_3rBHDtJtIn28jBDNgD6B7YY4Lbw
hxxp://s1-eu.adform.net/stoat/435/s1.adform.net/load/v/0.0.18/e/zgADY/i/wAA/r:adqa/FCTest:engagement/EngagementTracker
hxxp://pagead46.l.doubleclick.net/pixel?google_nid=lotameddp&google_cm
hxxp://pagead46.l.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
hxxp://www.google.com.ua/s2/oz/images/stars/po/bubblev1/border_3.gif 173.194.113.216
hxxp://www.google.com.ua/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png 173.194.113.216
hxxp://www.google.com.ua/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png 173.194.113.216
hxxp://e6845.ce.akamaiedge.net/gu.crt
hxxp://www.google.com.ua/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png 173.194.113.216
hxxp://bcpad5.dub.loc.crwdcntrl.net/gmap/?google_gid=CAESEJQ7Crt3Zloia91zfQ1vCFo&google_cver=1
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAUrS5AHQf/JoVwhLSfIhlY=
hxxp://prod-mkt-d.d.xx.openx.com.akadns.net/w/1.0/sd?id=537072991&val=CAESEFX62yVRjgt0VB5JGzFZd_4&google_cver=1
hxxp://bcpad5.dub.loc.crwdcntrl.net/map/ct=y/tpid=CAESEJQ7Crt3Zloia91zfQ1vCFo&cver=1/c=899/tp=GDDP
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6eA==
hxxp://prod-mkt-d.d.xx.openx.com.akadns.net/w/1.0/sd?cc=1&id=537072991&val=CAESEFX62yVRjgt0VB5JGzFZd_4&google_cver=1
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBQL/mvtX4G40i11eM+z5k7NQa9tkwQUC1Dsd+8qm//sA6EK/63G5CoYxz4CAwCDew==
hxxp://data.infopackinst.com/ping2.asp?uid=302894767&tuid=3090520&sref=TTV_18-4N_0_ie_extra&gid=27&bundles=TTV:1|IMI:|V6Y:1|SSC:1|WEX:|CLX:|PMD:1&fmrp=&avdt=||x||&grid=16022015_16022015&tba=1||vm|pm|pm4||ge||vm|pm|pm4|1&yodt=&sawdt=|&imdt=&fmdt2=&wsdt=&pngrp=|0:success|2:OK|4:OK&dct=|wxp|msd|icw|opb|dtm|ws8|&dip=&bld=18IJ&cnt=ua 176.34.177.58
hxxp://pagead46.l.doubleclick.net/activeview?id=osdim&avi=Bp-bRLsThVKrjI6H_7QaftYDADgCW7pv0xwEAABABOAHIAQmgBiHCEwMQgAE&ti=1&adk=3718522017&p=136,24,226,752&tos=1133,0,0,0,0&mtos=1133,1133,1133,1133,1133&rs=1&ht=0&tfs=1281&tls=2414&fp=client=ca-pub-7019091094896260&url=http%3A%2F%2Fwww.baixaki.com.br%2Fsite%2Fdwnld109843.htm&correlator=8754882170701&ifk=3993913476&eid=317150304&oid=3&afp=&format=728x90&output=html&slotname=2838063472&flash=0&dt=1424081966441&adx=24&ady=136&ifi=1&tdl=1487&abd=1-0-5&r=u&bs=776,554&bos=800,600&ps=1348,4155&ss=1683,901&tt=1026&pt=1389&deb=1-1-1-3-6-11&tvt=1134&iframe_loc=http://www.baixaki.com.br/site/dwnld109843.htm&is=728,90&uc=5
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEFRZo2V/HDmSXmUpYR/trsw=
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEAdvEkaBRZwo1UjWl8QOABs= 178.255.83.1
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQCJu4vX6KBCDTazDOA5oCs6Cf2BAQUmeRAX2sUXj4F2d3TY1T8Yrj3AKwCEDMnuhAflYDHQTFEqFhIr/s= 178.255.83.1
hxxp://clients.l.google.com/b3rNON
hxxp://s2s.yac.mx/ads/adsavess?sid=yac&ptid=bxk&subid=${SUBID}&lplink=hxxp://www.yac.mx/download/config/down.php?pt=bxk 50.97.45.26
hxxp://www.yac.mx/download/config/down.php?pt=bxk 184.173.128.178
hxxp://dl2.yac.mx/download/dl/yet_another_cleaner_bxk.exe 75.126.133.148
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?3c306ce4ed367e41
hxxp://www.theviilage.com/windowspm/up?ptid=wpmvt&sid=WindowsMangerProtect&ln=en_us&ver=20.0.0.1714&uid=&upv= 208.43.69.149
hxxp://thumbs.buscape.com.br/tv/samsung-serie-8-un85hu8500g-led-plana-85-polegadas_200x200-PU93f0b_1.jpg 62.208.24.49
hxxp://thumbs.buscape.com.br/som-automotivo/multilaser-one-p3213_200x200-PU7a9a2_1.jpg 62.208.24.49
hxxp://thumbs.buscape.com.br/bicicleta/colli-dupla-suspensao-18-aro-26_200x200-PU56929_1.jpg 62.208.24.49
hxxp://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc 173.194.113.205
hxxp://gu.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBQL/mvtX4G40i11eM+z5k7NQa9tkwQUC1Dsd+8qm//sA6EK/63G5CoYxz4CAwCDew== 23.43.139.27
hxxp://i4.zst.com.br/images/tv-led-47-smart-tv-lg-cinema-3d-3-hdmi-47lb7050-photo29126535-7-25-35.jpg 54.192.46.24
hxxp://thumbs.buscape.com.br/tv/lg-42lb5800-led-plana-42-polegadas_200x200-PU8ec48_1.jpg 62.208.24.49
hxxp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar 87.245.202.26
hxxp://pagead2.googlesyndication.com/pagead/show_ads.js 173.194.113.218
hxxp://img.ibxk.com.br/2015/02/13/13170147267117.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=474px:237 213.155.152.195
hxxp://img.ibxk.com.br/b1.gif 213.155.152.195
hxxp://www.facebook.com/plugins/login_button.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f2dc39e66d61a04&domain=www.baixaki.com.br&origin=http%3A%2F%2Fwww.baixaki.com.br%2Ff345a9391477eea&relation=parent.parent&container_width=0&locale=pt_BR&login_text=Entrar usando Facebook&scope=email,user_birthday,user_about_me,user_activities,user_hometown,user_location,user_interests,publish_stream&sdk=joey&size=medium 31.13.91.2
hxxp://pagead2.googlesyndication.com/pagead/images/x_button_blue2.png 173.194.113.218
hxxp://thumbs.buscape.com.br/monitor/aoc-e2060vwt-led-19-5-polegadas_200x200-PU922c4_1.jpg 62.208.24.49
hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo= 93.184.220.20
hxxp://install.reversepage.com/mg?alpha=ISU/MA86P14ydWMdEBoAHmx9Iwp/JVN8dGt6AA== 8.34.112.60
hxxp://obj.ibxk.com.br/inc/v12/v12-20140904.css 195.12.225.83
hxxp://gu.symcb.com/gu.crt 23.43.133.163
hxxp://thumbs.buscape.com.br/som-automotivo/multilaser-p3214_200x200-PU7d9ea_1.jpg 62.208.24.49
hxxp://pagead2.googlesyndication.com/pagead/000000_new_ico.gif 173.194.113.218
hxxp://img.ibxk.com.br/2015/02/14/14133415261218-t222x111.jpg 213.155.152.195
hxxp://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211 173.194.113.217
hxxp://thumbs.buscape.com.br/dvd-player/tectoy-p-4200_200x200-PU92573_1.jpg 62.208.24.49
hxxp://connect.facebook.net/pt_BR/all.js 23.64.223.139
hxxp://img.ibxk.com.br/2015/02/13/13174113586180-t222x111.jpg 213.155.152.195
hxxp://img.ibxk.com.br/2015/02/14/14164751962337-t474x237.jpg 213.155.152.195
hxxp://install-cdn.reversepage.com/sd?is=fm 195.12.225.74
hxxp://thumbs.buscape.com.br/jogos/batman-arkham-city-game-of-the-year-xbox-360-dvd_200x200-PU60d1c_1.jpg 62.208.24.49
hxxp://img.ibxk.com.br/2015/02/13/13152816858826.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111 213.155.152.195
hxxp://img.ibxk.com.br/bxk_v12/bxklogo.png 213.155.152.195
hxxp://gtssl2-ocsp.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEFRZo2V/HDmSXmUpYR/trsw= 23.43.139.27
hxxp://vassg141.ocsp.omniroot.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O 88.221.132.153
hxxp://clients1.google.com/ocsp 173.194.113.195
hxxp://thumbs.buscape.com.br/fone-de-ouvido-headset/skullcandy-lowrider_200x200-PU32da5_1.jpg 62.208.24.49
hxxp://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41 87.245.202.42
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js 216.58.211.10
hxxp://www.baixaki.com.br/usuarios/din/prog.asp?cod=109843&versao=6.0.51 195.12.225.83
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDsqJhnahKJA 173.194.113.195
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAUrS5AHQf/JoVwhLSfIhlY= 93.184.220.29
hxxp://akfs.nspmotion.com/aep/tag/br/br_nzn_baixaki_redir_970x200_5adsx4.js 87.245.202.56
hxxp://bcp.crwdcntrl.net/gmap/?google_gid=CAESEJQ7Crt3Zloia91zfQ1vCFo&google_cver=1 1.103.192.16
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=728x90&output=html&h=90&slotname=2838063472&adk=3718522017&w=728&ea=0&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1424081966441&bpp=17&bdt=156&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=397520784.1424081967&ga_sid=1424081967&ga_hid=938764724&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=24&ady=136&biw=776&bih=554&isw=728&ish=90&ifk=3993913476&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=28,178,0,0,1683,,800,600,728,90&vis=1&rsz=0|0|om|&abl=NS&ppjl=u&fu=4&bc=1&ifi=1&dtd=111 173.194.113.217
hxxp://img.ibxk.com.br/2014/05/14/14181700895757-t100x100.jpg 213.155.152.195
hxxp://img.ibxk.com.br/2015/02/13/13174010733176-t222x111.jpg 213.155.152.195
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1424081966864&bpp=1&bdt=54&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=1261287858.1424081967&ga_sid=1424081967&ga_hid=1984809558&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=109 173.194.113.217
hxxp://ns.ibxk.com.br/rexposta/2015/02/15/15220157894001.jpg?w=220&h=165&mode=crop 195.12.225.83
hxxp://install.reversepage.com/ii?alpha=KxoYLm4ePDkDel8mNwRhKl5LI24rRhQGYwspDD8reUZSaSs+a3oNRnwaR30vF11KLgRyKiNuVWMRS3J5K1FkLAZEHkQyb3hADistDlljAT0GUEM3c3laHEQtCnkbaXFfSTJNaGNlbVhzNFxyWU5qBGwNGzYafylZQR08ewpdSWQ4RQMVWSQud0QOKj5JGmxebW8YHngwOx9NRDoIImguLSASEXArIjlaDRZ9DVJafShqEHoSNWxoJS43HFdzfitNZThPEEcmbTt3I209ZBReJwA5ZGFHIWZiWA5OfltwBz4raV0bey0rJBUlWXoaW2tgIUgNHEt1OClrbycbWRI6cRkxbVscRwRjNGo4Hjt9AlgtGTM3FhRvNCMeU1VoXXUKLydvDR1rPm4mSQtbOVIUKSF3GkI4TnoyISFZaUsVKzt2X3xLRhxcD2Z4GQJfb24UA3geKmQCCCEwfRIERD8beRNsbixLRi42L2sYWAosWA4tOX0Ob3EQK2ZyKTpjWEQUBWkeJnsEVX4ndTk4Ex5NYhVeKxEweWUOHEFeZl0mNx4vChgnaxIXbX0rOEtVAT8SCSlDd0BuIhxG 8.34.112.60
hxxp://thumbs.buscape.com.br/caixa-de-som-para-pc/edifier-r2700-128w-rms_200x200-PU77db1_1.jpg 62.208.24.49
hxxp://thumbs.buscape.com.br/celular-e-smartphone/smartphone-samsung-galaxy-young-2-sm-g130-desbloqueado_200x200-PU92206_1.jpg 62.208.24.49
hxxp://i4.zst.com.br/thumbs/1/18/10/34396475.jpg 54.192.46.24
hxxp://img.ibxk.com.br/2015/02/14/14155921387307-t222x111.jpg 213.155.152.195
hxxp://thumbs.buscape.com.br/jogos/dantes-inferno-xbox-360-dvd_200x200-PU39013_1.jpg 62.208.24.49
hxxp://akfs.nspmotion.com/aep/css/baixaki-970x200-v3.css 87.245.202.56
hxxp://thumbs.buscape.com.br/tablet/samsung-galaxy-tab-3-lite-7-0-sm-t110-wi-fi-8-gb_200x200-PU8d50b_1.jpg 62.208.24.49
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA69BoQh3hT6 173.194.113.195
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?66899ad98b7babe8 87.245.202.24
hxxp://img.ibxk.com.br/logo-rex-white.png 213.155.152.195
hxxp://img2.clickjogos.com.br/dl/c/cf4e57c3bac15f9fb2508102d4482b60/uolbig.png?1423655848?width=194&height=97 195.12.225.83
hxxp://img.ibxk.com.br/2015/02/13/13175556396214-t222x111.jpg 213.155.152.195
hxxp://akfs.nspmotion.com/aep/template/br_nzn_baixaki_redir_970x200_5adsx4-1.0.5.min.js 87.245.202.56
hxxp://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png 173.194.113.216
hxxp://img3.clickjogos.com.br/dl/e/e3219d0df1ba54cad5dc95a74904ace4/uolbig.png?1423707463?width=194&height=97 213.155.152.195
hxxp://googleads.g.doubleclick.net/pagead/html/r20150210/r20141212/zrt_lookup.html 173.194.113.217
hxxp://ocsp.geotrust.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6Yw== 23.43.139.27
hxxp://img.ibxk.com.br/bxk_v12/_sprites20130903.png 213.155.152.195
hxxp://b.scorecardresearch.com/c2/8756095/ct.js 87.245.202.51
hxxp://img.ibxk.com.br/2015/02/14/14113141914084-t222x111.jpg 213.155.152.195
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6eA== 23.43.139.27
hxxp://bcp.crwdcntrl.net/map/ct=y/tpid=CAESEJQ7Crt3Zloia91zfQ1vCFo&cver=1/c=899/tp=GDDP 1.103.192.16
hxxp://stats.g.doubleclick.net/dc.js 64.233.161.154
hxxp://code.jquery.com/jquery-1.10.2.min.js 94.31.29.53
hxxp://crl.omniroot.com/PublicSureServerSV.crl 93.184.220.20
hxxp://img.ibxk.com.br/2015/02/14/14162546390325-t222x111.jpg 213.155.152.195
hxxp://install.reversepage.com/fp?alpha=KxoYLm4nXEwTJBNfNwRhKl5LI24rRg5fLwwbTDE6bA8BaX09MRVZBSoqBl5KdBEeDhJYcXJaXUYBQQMOJ1ISJx0wbltHYQg1CCstFEM6TQ90BwN6Lz8eUFBmWHwabnIkSEElaX9jHlEJK10BKCJ0ChhzEyhtfiwoKh1Jcno4HSdwFSNlHWMqL1sLLStTTn5GPXlUGW87bw9FW35dfApodzBJTShseXYfDRAtWhQvNmcNHmtEenwieDplQUQSIHEaOndQVXwPYTAkGVJ0bA5PLVAQDXIILXBpEk9Sb1x0HGxwOxoHZGYZP0YMX24bFFxqIVlDL0dpAjovJTQYTnBCOAohd0xIal00GX4yCy0mXxNnMnFtAx53Lz8WSlVzWgEebnUkSkdOGgoSGVgMGkAdRQ== 8.34.112.60
hxxp://img.ibxk.com.br/b.gif 213.155.152.195
hxxp://obj.ibxk.com.br/inc/v12/geral-201309170947.js 195.12.225.83
hxxp://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png 173.194.113.216
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2df522542230fc24 87.245.202.24
hxxp://thumbs.buscape.com.br/monitor/samsung-lt24d310-led-24-0-polegadas_200x200-PU92088_1.jpg 62.208.24.49
hxxp://pagead2.googlesyndication.com/pagead/js/r20150210/r20141212/show_ads_impl.js 173.194.113.218
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQCJu4vX6KBCDTazDOA5oCs6Cf2BAQUmeRAX2sUXj4F2d3TY1T8Yrj3AKwCEDMnuhAflYDHQTFEqFhIr/s= 178.255.83.1
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=728x15_0ads_al&output=html&h=15&adk=3318342544&w=728&lmt=1424081964&channel=0894689340&alt_color=ffffff&color_bg=FFFFFF&color_border=FFFFFF&color_link=003399&color_text=000000&color_url=006600&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1424081964302&bdt=490&shv=r20150210&cbv=r20141212&saldr=sb&correlator=4023535356706&frm=20&ga_vid=1811958267.1424081965&ga_sid=1424081965&ga_hid=112016769&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=thread-000008b4-id-00000000&dfs=16&adx=32&ady=226&biw=792&bih=554&eid=317150304&oid=3&rx=0&eae=0&fc=24&brdim=4,42,0,0,1683,,800,600,792,554&vis=1&rsz=0|0||d&abl=XS&ppjl=u&fu=1024&bc=1&ifi=2&xpc=n4sAAB5Bsq&p=http://www.baixaki.com.br&dtd=487 173.194.113.217
hxxp://img.ibxk.com.br/2015/02/13/13154010751871-t222x111.jpg 213.155.152.195
hxxp://thumbs.buscape.com.br/jogos/batman-arkham-origins-xbox-360-dvd_200x200-PU7cac8_1.jpg 62.208.24.49
hxxp://goo.gl/b3rNON 173.194.113.194
hxxp://partner.googleadservices.com/gpt/pubads_impl_56.js 173.194.113.218
hxxp://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEFX62yVRjgt0VB5JGzFZd_4&google_cver=1 1.117.192.17
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCALebVD3Ci3F 173.194.113.195
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDM203LqIY3d 173.194.113.195
hxxp://img.ibxk.com.br/bxk_v12/bxklogowhite.png 213.155.152.195
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d01bf5b2e7ff11ba 87.245.202.24
hxxp://img.ibxk.com.br/icon-reply.png 213.155.152.195
hxxp://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFX62yVRjgt0VB5JGzFZd_4&google_cver=1 1.117.192.17
hxxp://fonts.googleapis.com/css?family=Open Sans:400,700 173.194.71.95
hxxp://akfs.nspmotion.com/dhtml/aep/aep-full-11.2.1.min.js 87.245.202.56
hxxp://cm.g.doubleclick.net/pixel?google_nid=lotameddp&google_cm 173.194.113.205
hxxp://www.facebook.com/plugins/like_box.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f8e0d2ecac1abc&domain=www.baixaki.com.br&origin=http%3A%2F%2Fwww.baixaki.com.br%2Ff345a9391477eea&relation=parent.parent&container_width=306&header=false&height=190&href=http://www.facebook.com/baixaki&locale=pt_BR&sdk=joey&show_border=true&show_faces=true&stream=false&width=300 31.13.91.2
hxxp://thumbs.buscape.com.br/celular-e-smartphone/smartphone-sony-xperia-m2-aqua-d2403-desbloqueado_200x200-PU938d5_1.jpg 62.208.24.49
hxxp://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/border_3.gif 173.194.113.216
hxxp://img.ibxk.com.br/2015/02/13/13164117027081.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111 213.155.152.195
hxxp://bid.g.doubleclick.net/xbbe/beacon?data=APEucNW2KotOYoSKfK0eV7Uz8InsbwbAMVUZZyiZVObxzYA_DVqFWzc4cjfPUZsYRzMFCd_3rBHDtJtIn28jBDNgD6B7YY4Lbw 173.194.113.217
hxxp://img.ibxk.com.br/2015/02/13/13182326342264-t222x111.jpg 213.155.152.195
hxxp://img.ibxk.com.br/doodle-rex.jpg 213.155.152.195
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= 93.184.220.29
hxxp://img.ibxk.com.br/2015/02/13/13175143861206-t222x111.jpg 213.155.152.195
hxxp://img.ibxk.com.br/2015/02/13/13192241950335-t222x111.jpg 213.155.152.195
hxxp://ns.ibxk.com.br/rexposta/2015/02/15/15195944615002.jpg?w=220&h=165&mode=crop 195.12.225.83
hxxp://gb.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEHBLv1jEBStiRA+Q66Kydvk= 23.43.139.27
hxxp://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE.eot 173.194.113.207
hxxp://www.baixaki.com.br/usuarios/din/GooglePlusSignIn.aspx 195.12.225.83
hxxp://thumbs.buscape.com.br/console-de-videogame/sony-playstation-3-super-slim-250-gb_200x200-PU6d2de_1.jpg 62.208.24.49
hxxp://img.ibxk.com.br/2015/02/13/13192629930341-t222x111.jpg 213.155.152.195
hxxp://filestock.blob.core.windows.net/packs/TornTVApp.exe 23.99.160.78
hxxp://install.reversepage.com/mg?alpha=GywvMnlKPjccAAVAABh2JGVtIXxFPysOOWAgeDYwXz4mNBwfB3pSVE5jMjErNThcEgYGWTQwSBouCB8eA3EiRAZoWGQrCjxxTD5eFCpZSigAZCRjJQ0pek55bV8tcGUdYHMkfE5NL0QXGXMzNChHOipnBRtaQTAtXmlzODJWOBd3XmNzPCN/Sno8NyZiKlNeCVMyKWkhCD8nCHRuVHguNhB8NQMJKHQnMg== 8.34.112.60
hxxp://img.ibxk.com.br/2015/02/14/14161108993313-t222x111.jpg 213.155.152.195
hxxp://thumbs.buscape.com.br/hd/kingston-ssdnow-v300-sv300s37a-120-gb-interno_200x200-PU733c4_1.jpg 62.208.24.49
hxxp://pagead2.googlesyndication.com/pagead/osd.js 173.194.113.218
hxxp://img.ibxk.com.br/2015/02/13/13174246578188-t222x111.jpg 213.155.152.195
hxxp://img.ibxk.com.br/2015/02/13/13182151587263-t222x111.jpg 213.155.152.195
hxxp://img.ibxk.com.br/loading.gif 213.155.152.195
hxxp://pagead2.googlesyndication.com/pagead/js/r20150210/r20110914/abg.js 173.194.113.218
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl 87.245.202.48
hxxp://pagead2.googlesyndication.com/pagead/images/google-logo.png 173.194.113.218
hxxp://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png 173.194.113.216
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== 23.43.139.27
hxxp://pagead2.googlesyndication.com/simgad/791981695816463102 173.194.113.218
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?eb74688e1ecda676 87.245.202.24
hxxp://install.reversepage.com/if?alpha=LhdgLTk7PERrYzQzTwc2L1MzIDkuS2wFNA4kdDx8fEsqanw7ZgIOEXkXP354ElAyLVN3J1ttAmYcM3EuLlwcL1FBEzwxOH1Ndih6C1QbAmoDXTs0JHxXZEd6D3RjaiZaREpOP2ZoFVskMVEKWhlvCRQOTDMXByoORBBEeF1YRBw7GhMYQWlqIxcPdjUWbE8fZw9MPzg2YARoFzRbbyRiJyhHOSU8eXVhXUksUn4taHIXMS0TXCNRIiJnWXEtcGkXCnkaFmdgbllySnY2bEweFEM7cgpgeWc5BGIEZiQmMWJAS1BjeHgyKzVWMHULKHQvMR11fkEzM1drbW1SdyRtJj9Ffg0fVn1ne28sL3Y4DVBVUzx8ayQjM21RdghmBig+f1s4VnpufjgyPwVHJkV6NWlsBmN4RD4iW209a0JkYW96EUc9RVAUPDEpIAgqeTIFGmMdbDBSJSR1IHdrCH0NLXIMYXkCaXglbTUmVlM6C35rZTsXND5IJ2ESLnswB2wgIitCFihPShAkOz0NQXQoZlYSABd/YW0bOzR6RylBXyU+My1wOCBleXg+OjxLNDw2D0gRYnU8Ox4+FVtpImFENwVBdjI1Vg== 8.34.112.60
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl 64.18.20.10
hxxp://img.ibxk.com.br/2015/02/13/13174354391195-t222x111.jpg 213.155.152.195
hxxp://tpc.googlesyndication.com/safeframe/1-0-1/html/container.html 216.58.209.193
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl 87.245.202.48
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?3c306ce4ed367e41 87.245.202.24
hxxp://img.ibxk.com.br/2015/02/13/13191426569319-t222x111.jpg 213.155.152.195
hxxp://pagead2.googlesyndication.com/activeview?id=osdim&avi=Bp-bRLsThVKrjI6H_7QaftYDADgCW7pv0xwEAABABOAHIAQmgBiHCEwMQgAE&ti=1&adk=3718522017&p=136,24,226,752&tos=1133,0,0,0,0&mtos=1133,1133,1133,1133,1133&rs=1&ht=0&tfs=1281&tls=2414&fp=client=ca-pub-7019091094896260&url=http%3A%2F%2Fwww.baixaki.com.br%2Fsite%2Fdwnld109843.htm&correlator=8754882170701&ifk=3993913476&eid=317150304&oid=3&afp=&format=728x90&output=html&slotname=2838063472&flash=0&dt=1424081966441&adx=24&ady=136&ifi=1&tdl=1487&abd=1-0-5&r=u&bs=776,554&bos=800,600&ps=1348,4155&ss=1683,901&tt=1026&pt=1389&deb=1-1-1-3-6-11&tvt=1134&iframe_loc=http://www.baixaki.com.br/site/dwnld109843.htm&is=728,90&uc=5 173.194.113.218
hxxp://img.ibxk.com.br/2015/02/13/13174141385181-t222x111.jpg 213.155.152.195
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl 87.245.202.48
hxxp://img2.clickjogos.com.br/dl/f/f16e4752a5583bf08c56d63d94295650/uolbig.png?1423713990?width=194&height=97 195.12.225.83
hxxp://img.ibxk.com.br/ns/rexposta/layout/rex-default.png?w=220&h=165&mode=crop 213.155.152.195
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0c3c4bdcec0f4f0d 87.245.202.24
hxxp://www.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki 195.12.225.83
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA6iR0vHFpqB 173.194.113.195
hxxp://www.baixaki.com.br/site/dwnld109843.htm 195.12.225.83
hxxp://install.reversepage.com/mg?alpha=GywvMnkiGmURTysUABh2Gmh8P3kbai1DeGhBX3ITaH5uJwlOIzJAYWgfLjxZMTM3EQweLzcxTg5YDWhvCCQVPwxjezN9cksKQzZrVi9y 8.34.112.60
hxxp://img.ibxk.com.br/2015/02/13/13174210386182-t222x111.jpg 213.155.152.195
hxxp://www.clickjogos.com.br/feeds/1ff5774796573f3285f879ba12fc0d65/bxk-premium-games/home/4/ 195.12.225.83
hxxp://fonts.googleapis.com/css?family=Open Sans:400,600 173.194.71.95
hxxp://www.gstatic.com/pub-config/ca-pub-7019091094896260.js 173.194.113.215
hxxp://stats.g.doubleclick.net/__utm.gif?utmwv=5.6.3dc&utms=1&utmn=1410390823&utmhn=www.baixaki.com.br&utmcs=iso-8859-1&utmsr=1683x901&utmvp=792x554&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=YAC download - Baixaki&utmhid=112016769&utmr=-&utmp=/site/dwnld109843.htm&utmht=1424081964576&utmac=UA-144680-1&utmcc=__utma=248450708.1811958267.1424081965.1424081965.1424081965.1;+__utmz=248450708.1424081965.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~ 64.233.161.154
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= 93.184.220.29
hxxp://download.mozilla.org/?product=firefox-34.0.5-complete&os=win&lang=en-US 63.245.217.39
hxxp://img.ibxk.com.br/2015/02/13/13182738923272-t222x111.jpg 213.155.152.195
hxxp://img.ibxk.com.br/bxk_v12/logo-nzn.png 213.155.152.195
hxxp://www.googletagservices.com/tag/js/gpt.js 173.194.113.217
hxxp://b.scorecardresearch.com/b?c1=2&c2=8756095&ns__t=1424081964253&ns_c=iso-8859-1&c8=YAC download - Baixaki&c7=http://www.baixaki.com.br/site/dwnld109843.htm&c9= 87.245.202.51
hxxp://pagead2.googlesyndication.com/simgad/700241160990608663 173.194.113.218
hxxp://img3.clickjogos.com.br/dl/2/2797d42805e8b92b976b55313bc9b7f6/uolbig.png?1423728504?width=194&height=97 213.155.152.195
hxxp://s1.adform.net/stoat/435/s1.adform.net/load/v/0.0.18/e/zgADY/i/wAA/r:adqa/FCTest:engagement/EngagementTracker 37.157.6.252
hxxp://crl.geotrust.com/crls/secureca.crl 23.43.133.163
hxxp://bid.g.doubleclick.net/xbbe/creative/ad?d=APEucNWsK7i9UP5jgsr-97PmfxX_qIvtLp46wF_zUyqrcPja0qcu62p1tn6tPLYtD1rDC0me-nR0XQO4CGgitDeZAL1nEZA09uckbqtnAIyHBKlrSfMDuGbHNSwRpFwTKcs9EhvNO-mP6Fz7DwkfeL2_UJqaleQul43gItsQydm-OicabVCCpVC4dDRCoeoSTmHSOmYzfPyha0Fup7mKSXK2NnnZkiWJFLJxlIvPuXSOhD-D5RVMXNTo5Cd8bIOjYjKZkGkRUVqAd-sLUYagHL5J2fda39MWuhx_m-wXCYrGwoiAoY08d_ezJsCtbdBpw0DY937PNuwdf4A_-zirX63lHsNkoUi4ZhkN1iJyFIQWQznVEQXydILxP0XrgfOg8ZIqYJz-xnoltyZUyDKfsBS03y5LNovaDQ&pr=VOHELgAI8aoK23-hAAAan9WtyDrH28dHbQ3QUA 173.194.113.217
hxxp://pagead2.googlesyndication.com/bg/kZt1ORfyc-V3C9VmeWM_Laj0UcuN02K-WUcryq-hFWs.js 173.194.113.218
hxxp://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js 173.194.113.218
hxxp://pagead2.googlesyndication.com/pagead/js/r20150210/r20141212/expansion_embed.js 173.194.113.218
hxxp://googleads.g.doubleclick.net/pagead/adview?ai=CugQsLsThVKrjI6H_7QaftYDADo61y94Flu6b9McBwI23ARABIABgpZ6khpgjggEXY2EtcHViLTcwMTkwOTEwOTQ4OTYyNjDIAQmpAs2AMRWJvoE-qAMBmAQAqgSNAU_Q9pP-bBP84TdpTkHgmDwH8MxOob5yhVhzm-tg2csGnmh9PR7NVfcg6LZmz3SMhJPdLR1XbveetueYDl36Qu09a013y2N8BqQ_Tdf20UJMPvlqUQ6V4cSQoDZAenF2GE-KRFKZVOCPIJuV2VZgCWL-H4ISsSuoQU5MO0MAdz0KJG4EZYP8ULu8KX9FuYAGzoHh86ujoLggoAYh2AcA&sigh=2caWVStwP6U&vis=1 173.194.113.217
s.ytimg.com 216.58.209.206
uip.semasio.net 77.66.54.155
securepubads.g.doubleclick.net 173.194.113.218
accounts.google.com 216.58.209.205
d.agkn.com 54.194.188.131
oauth.googleusercontent.com 216.58.209.193
apis.google.com 173.194.113.201
time.windows.com 134.170.185.211
yt3.ggpht.com 216.58.209.161
www.youtube.com 173.194.113.192
afp.nspmotion.com 75.126.225.197
lh3.googleusercontent.com 216.58.209.161
ps.eyeota.net 54.93.50.215
fbstatic-a.akamaihd.net 87.245.202.26
fbcdn-profile-a.akamaihd.net 88.221.133.41
s-static.ak.facebook.com 23.64.210.110
secure.adnxs.com 37.252.162.25
track.adform.net 85.235.246.2
server.adformdsp.net 86.58.179.99
dns.msftncsi.com 131.107.255.255
ib.adnxs.com 37.252.163.87


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
SURICATA HTTP response header invalid
ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)

Traffic

GET /mg?alpha=GywvMnkiGmURTysUABh2Gmh8P3kbai1DeGhBX3ITaH5uJwlOIzJAYWgfLjxZMTM3EQweLzcxTg5YDWhvCCQVPwxjezN9cksKQzZrVi9y HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: install.reversepage.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 16 Feb 2015 10:18:42 GMT
Content-Length: 2004
t1GuzwDobdudSoAqk7NfoAnqxw/iRvHYS9Nm J8WuQjuy0GrbfurZKdrybUs Vu52i3zf9
LHUMg nPdjz2i vDObEbmNQpVS5o4XlA279EaZIevLHucNqOZDrVPY2EnxdrCTF/4/6Ogy
8EbMmAy VaHEOet73N8X4xeqwFLnULSeKpwG/tlYo1Hk1kedDpryV4sc7Mca9Cej5lOaLa
bbTe1Dp8UXu276/jH3R6DDB7ob6M9gpXKInBHvRfXXVPdRn9M9ywq4wQzvDaTYEYIRjbMI
5zXT/TuzSOnzUYVnvocO0kmxgFumeOznP lQ3qUxqRj4zz/0N72SHPIToNEErhaUniqcBp
KCW7MfspQQlw3Es1e9Df3NGPQAneJchGq h0L0XK7FF7Ry7Oo7y0L2kBe NPPPL w1ypsT
9xSqjwTrR4aIKZsH/tlQt1H7n0nZBJDwUbFfotoe5AG2r0vTZvifFrgB7stBq237q2Sna8
mqNvlbudot83/Sx1DIHrzKSPZRkJEnhRCAv2WiT GUAohDxLNEpBHtyyLwCa6hCp968NEA
o1W6mVCxafvtCORP95xD4RnuxiCrNZaSAPgCgcJS60KHvC6MALfBDLBc5IkA10OB4layEu
rKTqsCqu9DlCO 2FTgU7bLD6Zv6 wjqVigkAX5TaKYYKVjiY0XuV3t623RY8DTZJkCqIsU
7B/bgxaSD5z0QKsc9N0wzSW 91 jevLODq0StIhZp3jQ6DPgAbiXFLcbt4gp/2eVngb A5
nCSvdRwMUonA wzxSwUvqZALUAnPhEoD7wyw/6RvHlUZ18 ZEO6EOmnlqgebyzOORP8ZxN
 RLjyy/zNcqJAO4Cso9doF2G3XzQUPDBQq9N7dhf2SmjwmXnUbreDeUM6bkSonbv1EL1Vb
CHVL5uwtUO90zhvRS2B7mGbvF2nIgX1QaixgS4WpeTKsVBuZtGs178nwGtAITkV dH9tsA
/Ujp5V DbPnzTfVZtIx2unj94ny/ReOVEr5bucM/42Cfjxa5XanCSvFRzt0jkQK/lxTsSf
qPAIZNk7NboV il1i9Rr/6QJQtpp9kymOVyxnwbf/9NqcZoLQIuAX02SPhY6yhJfIJq8xR
8Wi vDObEbmNQoBY okMlA 0zWerFPbdGPAIp99ssGHo1GDuV6WMR/AxvP8/6VbntwC2Er
mQIvJ7nNFQ/h /xkX2UYapJ4UWucEMuEjklknZB4fjUaAz doF5wGI61WSZL6HSuBcsYwZ
8HTt7SnqUebbW70W99kpqzWVhRP4E 2ZUvBBh4JqkkG1hxTsDLjISdkVkeFX50e65ifCM 
mvEoFu6NUOuxKPgFagcu3mOPF/3q4ItRP03T/bS7OIAOkCoddw50aRlimHP4C2WL9T 44E
lw20zWWsD/3dBPAWoKEc03n90VnkfqOEUPAn8Pwy6Q gnBmrEvjeKeNBkZEH/kX1zVPuWM
7dIIYRv4Z4t0nhjAC4CY3yWedH/s8A4gHnoVmCa vSXuUS I9Uvm77pXzgW OaFflN
<<< skipped >>>

GET /fp?alpha=KxoYLm4nXEwTJBNfNwRhKl5LI24rRg5fLwwbTDE6bA8BaX09MRVZBSoqBl5KdBEeDhJYcXJaXUYBQQMOJ1ISJx0wbltHYQg1CCstFEM6TQ90BwN6Lz8eUFBmWHwabnIkSEElaX9jHlEJK10BKCJ0ChhzEyhtfiwoKh1Jcno4HSdwFSNlHWMqL1sLLStTTn5GPXlUGW87bw9FW35dfApodzBJTShseXYfDRAtWhQvNmcNHmtEenwieDplQUQSIHEaOndQVXwPYTAkGVJ0bA5PLVAQDXIILXBpEk9Sb1x0HGxwOxoHZGYZP0YMX24bFFxqIVlDL0dpAjovJTQYTnBCOAohd0xIal00GX4yCy0mXxNnMnFtAx53Lz8WSlVzWgEebnUkSkdOGgoSGVgMGkAdRQ== HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: install.reversepage.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 16 Feb 2015 10:18:48 GMT
Content-Length: 0
....


GET /ii?alpha=KxoYLm4ePDkDel8mNwRhKl5LI24rRhQGYwspDD8reUZSaSs+a3oNRnwaR30vF11KLgRyKiNuVWMRS3J5K1FkLAZEHkQyb3hADistDlljAT0GUEM3c3laHEQtCnkbaXFfSTJNaGNlbVhzNFxyWU5qBGwNGzYafylZQR08ewpdSWQ4RQMVWSQud0QOKj5JGmxebW8YHngwOx9NRDoIImguLSASEXArIjlaDRZ9DVJafShqEHoSNWxoJS43HFdzfitNZThPEEcmbTt3I209ZBReJwA5ZGFHIWZiWA5OfltwBz4raV0bey0rJBUlWXoaW2tgIUgNHEt1OClrbycbWRI6cRkxbVscRwRjNGo4Hjt9AlgtGTM3FhRvNCMeU1VoXXUKLydvDR1rPm4mSQtbOVIUKSF3GkI4TnoyISFZaUsVKzt2X3xLRhxcD2Z4GQJfb24UA3geKmQCCCEwfRIERD8beRNsbixLRi42L2sYWAosWA4tOX0Ob3EQK2ZyKTpjWEQUBWkeJnsEVX4ndTk4Ex5NYhVeKxEweWUOHEFeZl0mNx4vChgnaxIXbX0rOEtVAT8SCSlDd0BuIhxG HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: install.reversepage.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 16 Feb 2015 10:18:48 GMT
Content-Length: 84
xJgrS2XOwmlPENv7FjckwtVpX3rAl2xGF82UTRtl0Iw1AXKbum5hV9rIahh32995SwvOsA
AVe5WlKouC/rVG....


POST /if?alpha=LhdgLTk7PERrYzQzTwc2L1MzIDkuS2wFNA4kdDx8fEsqanw7ZgIOEXkXP354ElAyLVN3J1ttAmYcM3EuLlwcL1FBEzwxOH1Ndih6C1QbAmoDXTs0JHxXZEd6D3RjaiZaREpOP2ZoFVskMVEKWhlvCRQOTDMXByoORBBEeF1YRBw7GhMYQWlqIxcPdjUWbE8fZw9MPzg2YARoFzRbbyRiJyhHOSU8eXVhXUksUn4taHIXMS0TXCNRIiJnWXEtcGkXCnkaFmdgbllySnY2bEweFEM7cgpgeWc5BGIEZiQmMWJAS1BjeHgyKzVWMHULKHQvMR11fkEzM1drbW1SdyRtJj9Ffg0fVn1ne28sL3Y4DVBVUzx8ayQjM21RdghmBig+f1s4VnpufjgyPwVHJkV6NWlsBmN4RD4iW209a0JkYW96EUc9RVAUPDEpIAgqeTIFGmMdbDBSJSR1IHdrCH0NLXIMYXkCaXglbTUmVlM6C35rZTsXND5IJ2ESLnswB2wgIitCFihPShAkOz0NQXQoZlYSABd/YW0bOzR6RylBXyU+My1wOCBleXg+OjxLNDw2D0gRYnU8Ox4+FVtpImFENwVBdjI1Vg== HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Filename: ilg
User-Agent: NSIS_Inetc (Mozilla)
Host: install.reversepage.com
Content-Length: 31555
Connection: Keep-Alive
Cache-Control: no-cache

alpha=FzBnMi8AaF9 MzhuaB9ZAH4kNGMMJWQfcyILbnBvBw1aIQ==|,|FzBnMi8RZGRCd3EgaCJOMVgYAWMMJUFEQwQdMDJwfTBveUYzDCcwEFEjF0ghGHc CzdCG0lcD15wYyx6R3V7Yw4scEM2aUMxaw==|,|FzBnMi8xdxwcFhhhdSlQNTxscwALWVcNeiMdCSFnTA1KZGo2HSMVLWktKGUiJ0I3OhN0C1dZYTl7|,|FzBnMi8Pc285b2IzZhl0AUMSGgcROCJucBEYXDQh|,|FzBnMi99QWxZYnkNaAJuEX09P2NiYHENdj4AdQd2SDUrKTpDSWQ2Q2MHeCl9PiYReldhN3gtZXpAP3NPG2BuRFgMO1ddL0YGQzZrVi9y|,|FzBnMi9SRwplN2dtaB9ODHA0PTcRY3ARcnENOi1uQD9vNHYbEjJUTAVzXA8ZIndrLA==|,|FzBnMi8ZLicsPipTaAJuEX09PxBecHAdenEIJy9uATJkeXcTEjNUHUwsLiRzW3A/LxJTA1h0LCFgYTl7|,|FzBnMi9eZlsWSllCaAJuEX09PxBecHAdenFTdSZuWSB/YXsuc05WBk5u|,|FzBnMi89PDkuDwRZcgd0FVoXcyVDam9efD4DOCFtRXFnfXQXXGpUXA8ZIgZObg==|,|FzBnMi89PDkuDgFZ
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 16 Feb 2015 10:18:49 GMT
Content-Length: 41
{"status":"OK","url":null,"message":null}..



GET /console-de-videogame/sony-playstation-3-super-slim-250-gb_200x200-PU6d2de_1.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "c01a6130f9087b7f6b41c93493199807"
Last-Modified: Wed, 04 Jun 2014 19:29:50 GMT
Server: nginx
x-amz-id-2: ScyFPGfUFdF5FOcDrFt8PINUSHahqCzxtA4e8OKBqly1iw1cBPbtkNVYOUx8nUW2
x-amz-request-id: C3477530EED01CB6
X-Origin-ResponseTime: 1424076079.896
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 6660
Cache-Control: max-age=80512
Expires: Tue, 17 Feb 2015 08:41:20 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....^.^.....C..............................................
......................C...............................................
......................................................................
..A...........................!1..AQa.."q.2Br..#Rb....$C..D...%4Ss....
..............................................1.!"Aa.............?....
[email protected]([email protected]([email protected]([email protected]([email protected]([email protected]([email protected]([email protected](..
[email protected]([email protected](.........}..'h....u.......X....8$....41...s .I....k>
;.....!..kAW.hb.[J|..%j>..!A..W.}..n.>...........k..y...ov....n.
-.M..d..3....x........Q....#[email protected]([email protected](.....A......v@..: .......
...j$......@...>..R..[z.-E6...row....2j...!..:.........b..T..u.....
:PH?.........tp ...J.$.p.>.J$.q'!....d...v.....Or.>..:...s...c..
.*....l.k....C....hs.-.?..`..........h...Ks....wt./..?CPf.$5).:..u...h
PRH.".%[email protected]([email protected](<'...........\6.k..Wd.G.jH..D=..et...s.:'*...
.qo-Kqj[.%JR.*Q'$.y.O2|h".PGm4..Nh#....($fi[l.T.d....?..1AG......hu>
;..O?.....?..h_..o....>4..y........./k]B......#1V.u..P.....k....c..
/....\[email protected]../..2*...]..."U.c../....... .A7
@.P([email protected]<Q..."..z.,u...-...S.$.7.......:..t...
.PL .Gn.a..21A."..Z^.1.H....I.J..s..A. B.f.P..Y.d...*.4....U...$t.._..
..EcGn.....=c..{..y%/(6~....F....sp4.u.WZ`.x..S......y... .........X..
..'/.j..[..i...l....=a.2..hWh..A.o...\[email protected](....?..]........p...#..
../.....;j..P?..a'.....A.J..U.t .......A0..Gm^......*....aK.^.....f.a.
.#.....8.............v..=...~......P[...[9T9(...tp ..?.Z>lz.Z..
<<< skipped >>>

GET /som-automotivo/multilaser-one-p3213_200x200-PU7a9a2_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "b2230d45bd64df5bcee71ad518855b87"
Last-Modified: Thu, 21 Aug 2014 19:04:25 GMT
Server: nginx
x-amz-id-2: Vqf/RFLccPOZsI6S00 LESBhmr5n3cOG X2 RWpZa CBSaX7hjyCDJuKunHy8q9N
x-amz-request-id: 3144127DC83916DC
X-Origin-ResponseTime: 1424036142.248
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 6855
Cache-Control: max-age=40574
Expires: Mon, 16 Feb 2015 21:35:42 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.]...........................!.1A.."Qaq.......2U....#BEV.....VFR...$
4CTrst....Sbcduv......................................2...............
.......!..1A..Qaq.".....R..#2B...............?........................
......................................................................
......................................................................
........................................uwuO.tM...r..5..1...4."'......
..3..........g.{]W.AC........u^..>.......u^..>.<.....u^...w..
G...E.{4.......M?.....O....(.=.U...Z.......%@..U..C..tpi.z...u^[email protected]`
.).=.U...P.xp`.).=.U........S.z*.........8....U^.@;....<.5G.....|&l
t;.1..5O............5O......y.c....U^........*..S..S.....:.ET.D.ww...?
.5..i...)......o.*...|=.7..w.*~.......>M...i...'..u..u....o./...A."
..h......hh$..<.$.-...jX....Z...8...I$.A>L.%.e..........?.....D.
..6,4y...V......3.....5. ......H??.b.....t...q......{9.{k5\T.........O
gjq.,-I.4~...o...&.&..u6..h.....".#...I.............u..TW..G..p>...
..[..[u.l..<.......6...........J9...5...n...h.D...^.i.7.gq....#....
.y.{.xO L.?..k_.X.........O.n..f.........-........4r.....[..Y..*hY....
....Y..*..{.@..~..e.....t...v.>}K..SG*..A.....Yc.2j.\.....N.>}L.
.&....'.....E.iZ....R.q9.1O.*'Br...5..-..w..'=.KQ....[.....9.2N....._.
t.........S\...t..I................k..n...x......\.|..N.J}=.......
<<< skipped >>>

GET /monitor/samsung-lt24d310-led-24-0-polegadas_200x200-PU92088_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "ce73548f24ee5cfb7d7990cee54a790a"
Last-Modified: Wed, 10 Dec 2014 12:24:05 GMT
Server: nginx
x-amz-id-2: fkc3m5SFwAoLyJeoL1q9X pjYHjfDw0VjfJqEL6gbp75EvVL9zNAPeb1VYDN0VKl
x-amz-request-id: F94BB8B71AB52E84
X-Origin-ResponseTime: 1424022838.338
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 12586
Cache-Control: max-age=27270
Expires: Mon, 16 Feb 2015 17:53:58 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.............C..............................................
......................C...............................................
............................."........................................
.............................................................pj.x-..ph
...s[S^..55...s.f........z.1Qu..'.g|..0WgJ..<W>...= .M..qB_C..&g
t;.........`...U.Z.o.j>..b...sJ..=..]..V.  .`.....|.p_..O..!.&pU..2
:..^....zw..5zny...=Z[..Y>...2..Js..>...-}..z..#...._....,....b6
....tt..^.-..B...;u....9.]Dm..-V.r.9 ..?.^9-..8c._X.;.DZ..>{.b.....
KW(.8....l..)......*..b>O......y.&....mQ...B.Q..h......{x5t.Q=.H.f.
u.=......oO5O7U.T..9.BV..F.W...;..4..j.gW..OVe(..o{e...z.....o.2..IT..
...n.gL..Bm.T..;vk......z.N.......{..AmW..b.|..U..\.....vc.......|=.V.
1.V}...%.~.H..7....>w.............C...........,|....w.....2..#[.ZD{
..W......,Qp.>..c.....w.......o..K.(..s..../.q..y?IG.........|~qz..
.......0......................... ................................"6 &
0`!#%............d....n.Sk..[.........^&;u.Lv......3..&|..d..6<..c.
..,..b..6,OQ6....>..../..K....>......O.nl6M..N......7..x..\p...7
..qG.1Y....s.*g.....~.....8b..X......rD.....;...G..1E.<Vc..q[..W8..
.3B..k.....2........_.p..{.P!5..L8#.U..v..Q.<}2B..K...<".$Un(qG.
.....?...sv.ZKb...p..*......2U....H...7Y3..l.......O...!E".b..R....,..
.........<{1...?.n.x.._.&.`...$ce........=.H..L.#%..%.N..`..V<V.
......=.XU...a6S.:..U."...T.(..7......w............?.T.b....n..S.7<
...X.....3.*[email protected]\p..|.l../~..^..;`...E...s!...W
<<< skipped >>>

GET /som-automotivo/multilaser-p3214_200x200-PU7d9ea_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "89ec92288dda20704c5fbb72022b9af4"
Last-Modified: Tue, 23 Sep 2014 18:34:26 GMT
Server: nginx
x-amz-id-2: YVCLW3PdHqal5VqcgGUGbVQ5yGq2zhRgfvL32eqkNMCjZnPkwnTCRhRJfMFRil7o
x-amz-request-id: C46714E3680FF2AF
X-Origin-ResponseTime: 1424009094.208
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 7686
Cache-Control: max-age=13526
Expires: Mon, 16 Feb 2015 14:04:54 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.V.........................!..1.A."Qaq.....#2SU.......3R...$BCE...4DTb
cr.....Ft......................................4......................
.!.1AQ.a.."2q....R...#3B..b.............?.............................
......................................................................
......................................................................
..................................B...]!...v.h.7Ok<...f0F\..o1....0
xn.~.?{..H.d....S..{....A.xm...-.~.?].!....[E.~.?].!.....w...z.*<6.
G}..?..............].....G.m..#..S....7^..?].........Q..(|8tO......A..
q...o.w.....&....."..?>]..n....t.>....G]..^..~}........AC.....m.
...AO..D..u...AO..D..u...AO..E|.t....S....5.>.}t...4g.7O.........ph
..\..4.I....'....=...%.........c.a.............>..3,[email protected] ...5..
wq.q...z...Gp.............}.v\.|..|..}..:&.,P..[\W...CICL.8.I.....X7..
..9 ...G.N~...=..h...2.....i....Q..k.}...t...............5...j\..U. .D
c.(..c8..zC......\ .r3......m).Dp.3.....9...4g....t....OMj..h..]...Y..
b.....U..[.%.8."s.6....fd|..1....6...\.x...........G.......z.2..i....9
......pkK..a..'.\.$.......Q..)...>Ylv.x.g;.L..i.. ......j...t...^.f
........s.\.~..Q...p.......... 4Ke.......g...l..M.`.....m...k..t.W.~..
Ko...[.....t.....z-.....M..~..(..SA..7.]...FS7.k....W..Z..oUle.N.|..7.
G..J{".......z.e.8.t..U..RYt.E<.2..k..vr9.{].p6 .....B#\..Pi.QY
<<< skipped >>>

GET /caixa-de-som-para-pc/edifier-r2700-128w-rms_200x200-PU77db1_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "3389357ab8808d5cea115166c3fa8c02"
Last-Modified: Tue, 10 Dec 2013 18:17:10 GMT
Server: nginx
x-amz-id-2: qC6p daX9eGV280PtbsPTj28Q hDVrkE4Fv1YPE8regSf9F5mc4/7K2AYGnlChhi
x-amz-request-id: 3D961A41BEB8C1B5
X-Origin-ResponseTime: 1424049841.549
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 7747
Cache-Control: max-age=54273
Expires: Tue, 17 Feb 2015 01:24:01 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
..I..........................!1..A.Qaq.."2...B.....#Rr.$3Sb.....CDs..%
c...........................................................?...!..!..
!..!..!..!..!..!..!..!..!..!..!..!..!..!..!.....a...&.aZz..UI:D.~.....
i>jY.5..^......25..e<..............(.mT#D...N....H..U Tl..e....'
...o...3.v..*}..4u.|.R.6....>}..^(K...-b.3T....-Z......<.....f0.
.f.@..'....."..'.. -....;.. .qZ...7..m.~.....hG..f....#..|}.B..B..B..B
..B....A...N...YOb.aH......Hy_.....I.. ...xa.f...Z....%.)..p2..[.....-
..5W..y.....p....6.p.*PBTO[..yx..l........c..&./..O.>9...<..Q.O.
....:..j..dV2.....-.....R..2..eU.. ..f.,.%4.D[s..E..b.p..4C.J....r....
.....f-....TUP.... .Q.~.4....Y6.Z-......1&....u~..I...I...Kn<...).L
...P...=K.h......e.`.. ......q.$%.J..........r.4..t.....T")......N....
.T..S..P.......P.?4.K!Y.....~b6..T.6....\..%9 ...L.('.n.I..._..<7..
EU..5".:YJ-...y."...$\y..;p..X7.Te*8...1]EI...4..M..l...q...8V...5....
,%V......c..o.&..#.......O.N.......*.....;..N..*7..Ia...jF. i.,.......
P.Gd.'Mo}L`.3O.fXQg.9...........<.qo.UR...N..&.I....[..fs(.....I~r8
.EU....W..D.....A..)Q\..p..D..-....y).......N....L...78..Zr.(..!.bSJ..
[email protected]..=~B<....>0..M..q%.....f...\.$......0s...K..9
..R.....?|s|...E...a..$].JY....wD..7Q..1...w...;o.8s]..2.....d....5.^`
..%..k.a.......-5..0M.......^9w...D..L....D..bd.e$..'d..|cw..w..%~
<<< skipped >>>

GET /bicicleta/colli-dupla-suspensao-18-aro-26_200x200-PU56929_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "8ceb571c66374ea3ee22499e090d5e36"
Last-Modified: Fri, 20 Dec 2013 12:08:10 GMT
Server: nginx
x-amz-id-2: BNFIbYA/LkKkszcTW/ qWImPb3I0b5zTUCpUlTL/BASpzaemmQQOdHvA7dXhEwfW
x-amz-request-id: 94D170FF2A7CB91B
X-Origin-ResponseTime: 1424017426.324
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 11043
Cache-Control: max-age=21858
Expires: Mon, 16 Feb 2015 16:23:46 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..D...........................!.1.AQa."q.#2B..Rb..3r....4C....]c....
...............................4.......................!1..A."Qaq.....
2....#3B.Rb.............?..y8..JW.=.L3.tDk#N $.He............<.kq..
....!%.....`[email protected])[..NG0../......A..Z......b...s.......A.{.0.bO... .
.v2.....a.b2...........&..<B.JS...... ....0.8F{.g...Q...a..>\C..
<BH.0.6.u#.F6.H....0..O......c.8...s.....89.\1.'#.p.{@.r2.8..#..@I.
[email protected]#.....Q.;.%[email protected]]E..GJ(..v..-....O..8.v.....
...\4z...I....=G.b.Q..S.'..D...(}...V.$)*...c.j>..:^..........9.=..
.J.......8..-....fZ'......0>..4.V...gK\...I..}.->P..-......d.#..
G.3,.e..{|..O!..n.'`[email protected].. ..zh...a..q..@"...d..B...
...>p.zy..N.....!F..! ys...}....V.6.T.(...$.x..&...M$.L...[,..AB..d
...w..{..........TJ...D...W.T.s..i1.u..a.....................c.jSj...d
L.L57,.....h?B....i.1...BTN...B...L.. [email protected]).......)...s
.fo..@..*}R.a....u$9<.R..>.......v6A..>\GM....S.JB..`|..ae.I.
>.I...;....<j...aF..Ma.M...tE&......V....z......U.z..g..J..T.P..
.|.=...:.....?.n.).7Q~D0.....2...mpa Jw .X...D...g@..?.[w hU.e......y.
.G.....d..._.m2.Y.gh.}S..../.."...9.-...VJ.....N<.J.&.o...J...)....
.R$..J.[6u....=p..i...{n.x..J...t%[email protected]."...*.B.[.........I...
.Q..~......3&...H.Z.%m,'.e.~....=T...io.;...3.q..~=.......K{sR..iU
<<< skipped >>>

GET /jogos/batman-arkham-origins-xbox-360-dvd_200x200-PU7cac8_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "072a865b068e92981b13ad25255628bd"
Last-Modified: Sun, 08 Dec 2013 07:14:23 GMT
Server: nginx
x-amz-id-2: eumQFJkSOhIK2icGQYpQ8k9ReDOWyBASFBq7JKPWOfqN1NuUKPUFJV0ZTN9AmzDe
x-amz-request-id: 698FEBCDB611593E
X-Origin-ResponseTime: 1424017934.876
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 15199
Cache-Control: max-age=22367
Expires: Mon, 16 Feb 2015 16:32:15 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....d.d.....C..............................................
......................C...............................................
......................................................................
..W..........................!..1."AQa.q.27Bs......#Sr....$3Rb.8ct....
..&45..6DFe........................................C..................
.....!...1q."35AQa..........2RST.c..br..BC#D...............?........I.
Yu.....$I...i.q.nvn.....mp,}..lM...*2m'...8....!..Mm.vR.R-...q.....^..
_I_!K.....%.{.;.........?......C...Q..8d..J.....s...W./.9._.......E ..
...s...W./..B..A.8....J......;......C...P~N9?.R.h........_....)~T...N.
...'.p}...._...9._......E ...p}...._...y._......E ...p}...._....)~T...
N....'.p}...._...9._....s"p.3..Q.._C.)*2.V...K..F<n......i...{_#.i.
W.jB.......3'.g..}....IR%.....YR@...{|S..N....J.....i ?<.NV/JN.HB..
.......N....E*..i............3.....}..f...OCS.Ria..JBZ]..s....U0.UvcVV
..m.../W..t.{.=..|L.|...M&.Up.._...xINV........j.#uN>....l...\i/..%
.S....._o..ly.]j.k..:...y....Z.jT.....9r..o.!i.....{FB....g..?V0....
.<...or...ETr{)[..[N.WgfN.Q.._2f(...WU..q...t.\..~....bt}*.]....].T
d.......h.0.`.......`...&ig3U........%...$.......S.V..J.. .nq......xv.
Y>m...l.......q.[O..[...>......K.P.TzS.I\.u..dY....oI$..<....
.:....Rn.^w...../.......&...^...1.<[email protected]....;A~....n...8.
.4.'..XX......~-.|.Y...7..[...s...'-m&.b. ...Ao.... ..\........].U.J..
..$.....Qv.>......W...f3YLU6$........n\.:..H..q../..^....[[.;....{.
%.sy[...ss-fj.r..9......Ah...n....Sa..p{.A....18.L...tr..{R...%l..
<<< skipped >>>

GET /fone-de-ouvido-headset/skullcandy-lowrider_200x200-PU32da5_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "c69360ace5a61483f20eaaf7b723a8a5"
Last-Modified: Thu, 05 Dec 2013 12:07:37 GMT
Server: nginx
x-amz-id-2: oin4MVjadDmS8IQ/bFfZ9Wq1QtmdlhfS7OZ8BuOWhwkHW/Q5kBhACrsBSe4VCRvu
x-amz-request-id: 3CF6DD902173AEA4
X-Origin-ResponseTime: 1424022963.637
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 5951
Cache-Control: max-age=27395
Expires: Mon, 16 Feb 2015 17:56:03 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..B............................!1."A.2Qaq..#..3BRb....$%....CScr......
...............................................!1.AQa............?..."
 ""." "".!8._...z..=L.....K .Z..=.}.a....i^.I......].#....q...l.:..P=`
k..........oi..u..].......V. 6..P.$...;.G_.....L...7*[.#*.."..x.f...p.
..(.......................I......Q.I..a{...]..WMU}.....X.|..z26...@O..
...q....T.....k......rS..Lw.?.{.........n...#..P4.e..>9jd.w... 0..s
.....{..........?E-....s.j.......4..)w#..y.....*c..Aj.\....W....I"o.3[
.A..Gu.....f..A....Ek....,.~x.}.......6....H.W..Y-m\`..#..a...G^.I[...
....#....Z..i}M.......9{8...uF....=......;.....^...;....i..F.l......OQ
`.v>n4....g..*.t..k.?..f....ed....p.Ii....V...c...{A]O]AQ$.. .6...M
3s.....~...k.?..=..Tz..7=,......SJ=...b?..>.E..........8B.r.....X..
..........|[email protected]/V....z...""." ""." ""." ""....
......dusQOp..#....4........:).S.i%...{..Mv.e...}|8.~..5.q..Rj.....Ac.
E...$......=2H.[#....'.v.....).=..G...4.(...<<....~J...........K
...#.F......B{r......m...}......:.r..,......j.d..p.S..<L... #...h..
:..DZe...i.#?.V8..gOo.<...b......_......g.u'.8.=r.B..4......m...cj.
.WSJ[5;.. .vz9...:u]..UX..o.6...;..C...........)..v[n....-.....1SG!...
....S.V.5..k ....-I./.Q.6......Q.....<...i.. ..N]|.....cv./N\...v..
P..B<A$~P...hi..M.^.g.}_....\...l.......K...p25......[......#!.
<<< skipped >>>

GET /tablet/samsung-galaxy-tab-3-lite-7-0-sm-t110-wi-fi-8-gb_200x200-PU8d50b_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "a303fd8aa799825b9f0ea76a7cf61ae8"
Last-Modified: Wed, 04 Jun 2014 19:42:44 GMT
Server: nginx
x-amz-id-2: nYhXgXuoGBWCHeznW3LJ1G7J8oCzlSNhFseavcCteRYKF7ItVb FXzdGzIZTQ3ii
x-amz-request-id: 8E073FB9719FD387
X-Origin-ResponseTime: 1424052222.325
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 7053
Cache-Control: max-age=56654
Expires: Tue, 17 Feb 2015 02:03:42 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
.Z..........................!."1AQ....23aqrt..Rs.......#$4BCEFSTu.....
.6Dd....&5bce%U......................................A................
........!.1A.Qq....."#2Ba...CRbr......S.$5T..............?......"  N
.9.c ..XL...G..g...]..J#a.t....._.....A..-h... -.Yq'siZ?X.MU.....r.#.T
.....Z.~.R......,...R.......^..*..s..?..J.W=$p..sR] X...Z..wt,..^..o.n
..K..a...............S.YP.....?...M./..:=;#........].!..... .4..]Dh&l.
.Fs...v...C......~Z........S..2..&......>.....}...jc.8(.. '..c{Y[..
.p$i.f|}.0.FB. [email protected]@...at..~.......T.~
.....S..o.:..;s....7..X./...W.j)(.......%..FA..2.wmN...u9.PE...6..s*..
..WU..D....cr.#h.$-..M..8..wi=...K.8.......2.]?.O.........R.]?...t_.^/
Q%......,=d.X?_..AJ.A.....w..6..{....:..O.......g.....6...../..}......
..V...'.....j.T.rg.-..Z.,.0..^..e.....}`.?.Q.=Z..A..C......b.z...9Q&vh
gw."...I.n.y.,.........l9'......... /S.....wc..#..{Y.$pc[.T#$.......)t
...V.........I.U-..wpO~6.KjH....\Iv...Y=.h.. .ON........ .uic $l....G.
............x\B...%.imZ.~.......~7..J..o.....^......Gb...h..'......z.J
.......U..Nk[.W*.i..]l.:V:W.8...\CK...... ...j`k.o...hk.^.p..wo.......
.R.Wv....,....e.wM..9..`.....x.F..P.Z5......W.*..Ns..w..z.b.....Q..WI}
.S...T w.7......%....LH.Rr.9..." ...""...." 1.C..?u..N;.y..S.xJ/v.EN..
g.:..!o...._Yl....6F...D....C.l..T..r.Q.$,..$.f.9p.Z|{.3...K=K%..7
<<< skipped >>>

GET /celular-e-smartphone/smartphone-samsung-galaxy-young-2-sm-g130-desbloqueado_200x200-PU92206_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "7e158876585302d04f2103c0d43c380e"
Last-Modified: Tue, 23 Sep 2014 14:31:05 GMT
Server: nginx
x-amz-id-2: btSMTlQ3 2420UPUsHfbzDoeyXa2RmlCE9Cq6snEl2xu061 Rhs6cQi35Tg95TAF
x-amz-request-id: 7F2B2CC7EFACB6A0
X-Origin-ResponseTime: 1424065920.638
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 12814
Cache-Control: max-age=70352
Expires: Tue, 17 Feb 2015 05:52:00 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.a..........................!...1."AQaq.......#'BRuv....&35Dbfrst...
...$Se..........4VWcd.......................................<......
.................!1..AQ..aq...."Rb...#2..B.T..$Dr...............?...@(
.......j]Kk..9......\6.......O...........8.%~.I.S.l-E.1....9i....e=...
....Z...Lw...=..z..X.Q4.C($.Js......\...-i7...7R....d....BqQrNH..~`.4.
.M>.[.I?.tR..u}.....=.0.?,.K.q:.......?......v... .0W......b..$.]..
..."'.'.P.....^?..R..N.i(.O.v..('.]...{.4.\.p..M...j.8.J...SF.:...9...
.. .K..v....i...g.n.aQ}...-.J}$.J>.._@\:.P.uU.%..9...[a.%FX[n$.A...
..T.c@(......P..@(...x.>v..... ..........s.m.l..H...{....xZB.Cim..T
.VYfA.--........Z.S.).k.)..W....Y..].Z.I..RKZ..-.:c......KQZKI.....;..
...}.h....B.... .JQ..rI>[email protected]%.6...9C.(.nC.........d........0f....
.o.......?..P ....el..G..=) p.&dx.G.<CIm..A.8......@ .i.zd.}.....j.
.$.Z.DfR...^.\m -8.....}...~...vaLN....0....RG..E.].6Z..4.4[..r^.v...-
.?j.L.....k.i..........s......j.....f.....z.k...-....r...:..Q.J.......
A.@(......P..@(......6..R.".E..&~..KM)`|)...~g....._...T....K...K..L..
..[@........j......@u:.$..N..e...B...$.A..Fh..].6..gMH..Q.=fc..q..jA..
e-...t...N..?.P..........A..7y.) .A..A...H5...;Rnn.B..{.....J.....[B..
.'...!i...`[email protected].*#....;....P.D...-.w.
E.[S}...;..u.)jJ..<..J..M.......F.}.u..n...HO..4....T...P..@(..
<<< skipped >>>

GET /tv/lg-42lb5800-led-plana-42-polegadas_200x200-PU8ec48_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "a625cf037fe9ebe67203868d14d52567"
Last-Modified: Tue, 12 Aug 2014 18:29:55 GMT
Server: nginx
x-amz-id-2: T7E4HTGzzewro8d3 f5XzvJdt89F34PUo9QJ1MnVxCPRFCf9zqMlaq4fkOaEggN 
x-amz-request-id: 1D10BFF1393355F4
X-Origin-ResponseTime: 1424075331.147
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 11090
Cache-Control: max-age=79763
Expires: Tue, 17 Feb 2015 08:28:51 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
.]..........................!...1AQ."a..#q.23T........BRt......$6Dbdr.
...%'47CEScs..Uu......................................0...............
.........!1..AQ.aq.".....2...#B............?...)J"R..%)J"R..%)J"R..%)J
"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..% .
........`.1. .....L.Ucw....:..#..)8..2..!.|(..R.Q.D.G...$.....E4X.`..'
(......n)U....7.u~.e..5.?(.....~...eD...*..lgG......e_..3...3..J......
.z~Q."?..?T9?._?.9.~.......QW..O..7...$...~.}......G.r?R.E\.U@.(....O.
[email protected]..:%.oiU.?(..>,.?.%~......c.....W.h.U..T.........._.
...C........%.kiUU?(n....B.:d.....>P...*Ci'[email protected]*....nN31.g.N&
lt;?K..;~...W....S.............n.M..G.J..n.....En...e.Ifd..!.H.PN@*.H.
.C8......(.3._.-......1Z\S.kZ..j?.5.-.8.w...q....D.K.w.lFTw_[...U..LW@
.tM.4.LF?........lK.jS......N.....R;We.7p..p.bBA)..0.<....|....>
...&.&~...T_f>.....U._e-8.@[W>.Jr&.g......)......yPNGL...r...t.5
[email protected]>..U.kb...R..G...3..s..TWPm......3..`...`d.%]8.5/...
....I.U.Dc...c... m........ ...I....y....2q..Z..>..F....]..)....7..
3.....ke.... {..w...*..).?...G..nu.e}).......r}.....R.J..0p3.S........
q&U..zB.L..|<..6iBX...#^..#K.].....c.....>.~-........2...GYH..w 
g..H.{....6.j..=m.o.;...kQ....2T..e..>...'<T.d....>.}?5=.....
E.,..7/X.t....{....",4....J........Ty#...-..?..h...dV...JK...;...c
<<< skipped >>>

GET /tv/samsung-serie-8-un85hu8500g-led-plana-85-polegadas_200x200-PU93f0b_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "303ea02d694af1c52b98460ffe640ad3"
Last-Modified: Mon, 15 Dec 2014 17:21:14 GMT
Server: nginx
x-amz-id-2: hyKcOKdmmELrcXLNOf3WkrQDyTRZpM H65oHrM7qGTs9h6N35pFdc6B9PSWVH0v1
x-amz-request-id: CC0CC453AF73AD66
X-Origin-ResponseTime: 1424075118.496
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 13255
Cache-Control: max-age=79549
Expires: Tue, 17 Feb 2015 08:25:18 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
..U..........................!..."1A.Qa.#2q...BST......3Rb.$MWs.....
.G.6CEFcder.....................................9.....................
...!1A.Qaq..."...B......2.#.CRbSr.............?..N...)JQ....)JQ....)JQ
....)JQ....)JQ....)JQ....)JQ....)JQ....)JQ....)JQ....)JQ....)JQ....)JQ
..}...........}.^C?.4.s]q..j.#*Q9?<...u..~.......f. C.. 9...H!{..c.
}..).c.}.. .g-.....Y.k..lC..........I.....1.....?......?.....X.lg<6
>....H....c..~5e.......;Z1....}......}.......e[.s....~5...C....~5e.
..?).UY.v&.............}.........>Y_.W.X....9.E~5?.F....uU.h.?.....
......;......|.:[email protected]....&........_|S...!.. ..B..
@u......%.P.......~5Y........v.n.J.F...Hk..w...5..|...'.......u.H.$>
;......f......J3..T...Hk..w...5..|...c.....:.....5?........G..4V......
...~..C_|S...!.. .`.g...G.....~R..'J.......I..:.?V.......!..)..~.....&
....3.~...c*.tq\\%.>....D.. ~ ..........C_|S...!.. .(..I..Fg.d/....
.c..IL....Dv\...v&i_Ob|bp$4I...|..*.q.....g.q._..!o(.;ty...f....L.^.wa
....@..'.{..X$}...ES...3.r...[$A..5...&..N..^v`K..G..N|5.........z....
`R....V.e.Rt.:*[email protected].!.T.....Z.|U.C.w.%.~.FN.j'BP.&
lt;.....FB76.>."....K..{..I..h...*.ecEW"[email protected]{.!^..
..........F.4F.JU.|q_...e)C.8.? sg.....97c.S.U....y..J&.h..E%...sXO...
..|jw..L. .Gv.O).?....=.*{5....<.....(.|.K.9b.:..j.*.V..HN ..R.
<<< skipped >>>

GET /celular-e-smartphone/smartphone-sony-xperia-m2-aqua-d2403-desbloqueado_200x200-PU938d5_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "60129e535b02d223a3781d8da4534a7c"
Last-Modified: Tue, 21 Oct 2014 15:50:37 GMT
Server: nginx
x-amz-id-2: EgNGSYwFIa zb9plATcIa62HlHdQ60ygyf99e1TK/3pEdyZsdr9613LyTn/vaNRt
x-amz-request-id: 2F40ECD237178FE4
X-Origin-ResponseTime: 1424041827.153
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 6790
Cache-Control: max-age=46258
Expires: Mon, 16 Feb 2015 23:10:27 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
..^...........................!1...AQ"aqu...2.......#8UW...37BDRTbdt..
...&(Scrs.......$'45ev....................................4...........
.............!.1A.2Q.."[email protected]..
....H......R......I .9.....Y..l...u.R..pqe,...\fY.O...tk..<o:....#.
v.<=.$-.o. s.K....2K..J.K.........1O....l........Q. ..b..*........=
..6[..S|.?./.}Ge..u?...r......w;.. u...0v...7.wbfO....`=j[.....f....S.
o.-M.4.\...{ee.h.I<e......Gz..02Z.....}Oe...7..}r{.{-....f... .=.W.
o3.v7{.1h.!. &..R.^?.MK.......}j;,|.k....$.......2...../.......c;r..v.
.]..L.e<.:.Z..9.$e.......H8=...Tju;..j..#.gH.p._...[..?"......D@...
DD....D@s_XI......?..!..1CN3.6..B.n...F....?..$.N.....S.ENa...J..g..\.
.T..V[>6...Ij2.%.gU;[email protected].... ~eq.>.|X>..,.*..OOj
-;z..jvYn.....F.vp"s.I$.pk........gu.?.....^_k:...}0..A..7...}.C...Z7H
ECS...dls....9.Q...J...27.<n....p. j....C.S.n.V>*....c>..|.A.
...... h\6!p.C.m..C.'7....W..B]Cu.3Rj.<.-%..3........5.]Ku.......y.
...|..,..0.c.]Y...C..; .`....u...[w....E,0.VX..d....'..<.!..\].....
'./..I...[kPtl.:gS\,..R6.A.g.7....F..0.Me........>......$...o...6..
....9.{x.>...$....z....n.I.......}_m......0..." ...""...." 9..8..].
.p...Qa...t...H.l)L..8.._..Q..(..,...........Y..B.....s..<V/Y6\U...
2.......3by..{.M9l..<.S....9...XJ.d.5....Fr..|..._Rg"......*...
<<< skipped >>>

GET /dvd-player/tectoy-p-4200_200x200-PU92573_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "1572582f760a1e78e13cfcb0d8b61b4d"
Last-Modified: Thu, 28 Aug 2014 20:44:09 GMT
Server: nginx
x-amz-id-2: CEi5k4wzEhV476e/Lll06550GjEvqFj7tRf4ay2sV1GO0lbKuAOGWWkDutKpU1cv
x-amz-request-id: 7429CB47E13DC2C2
X-Origin-ResponseTime: 1424015308.255
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 10370
Cache-Control: max-age=19739
Expires: Mon, 16 Feb 2015 15:48:28 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
.H..........................!...1A."Qaq...#2B.Rrs..$3b.....C.....Mc.
...................................@........................!..1AQa.."
q...2...#R....3Bb..4.$5D................?..N...)JQ....)JQ....)JQ....)J
Q....)JQ....)JQ....)JQ....)JQ...(..R.D.)DJR.D.)DJR.D.)DJR.D.)DJR.D.)DJ
R.D........;.*zMgV..2...\...6A6..?.?....y~#.3.Y[....H..|..Kii...@7....
.]...).J.Zb.Z.Q.%.N8.LHk.E.....S.<...Vu}.}[3;...5..?..S.....j..jqjR
...D..D.I9$..I.....:...L....Co....CM...G....5Vu]ED.a...........2U.;T].
v~.w 3..V.G}.......m.8.&.,..{.G.u9....$...v...B.;..e0........}..h..v{.
.z..r.........h.N.}A...."E.GI..R..~.si?"[email protected]>.....f0..$...;
.B.W.j.6..$.......v..<..I..P9....'.u_M...v........b.>..3.5$h...Z
..BY..]..}...KI.....j..P.iXA.x-i..g.9...Kdn...k..z.J.:?....Kz.F. p.".(
.~=....S.....MW..........c)...'r?......c.rT....(.d.$qoxt.U`.X.......M.
.......d!..RMer t.s........sJR.]R...)JQ....)JQ....)J.... 'D4,.GzY^....
...o.v...2O....]\..\..f..*$lQ6.q..yZ.j.........S5E.*n.oQ.#.....q..8H.$
yM|.\55.u..-..9...2.9[.>$.........Rz.{....jmA'..LW.N{........8..I..
..* .I<..I.ueQ.~_.................C.......v..D..XT....4.|.....$..j.
.....y...G.r..K...O=.U....@{.i=...:Eij.{......*K...Ac.P.q.D...y..V.Gj.
M..1../.......T.......`.h{&....E..i...... ...2?..A.....Z..z..}C.dy.5.w
..0........1........Ou.-...^.7.-...6$...t! .]kv=U....."a.....aL\-.
<<< skipped >>>

GET /hd/kingston-ssdnow-v300-sv300s37a-120-gb-interno_200x200-PU733c4_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "9d9ff95ca00ac4577a4a8d3d6fb1e0f3"
Last-Modified: Sat, 28 Dec 2013 05:58:57 GMT
Server: nginx
x-amz-id-2: oKrKiKRUJ 7W/au3q0MWmiije0PPvdkcZ NP55iMTrdAV4YuNUIvNUMcBGLAjxG6
x-amz-request-id: 54299B1D740B9A0B
X-Origin-ResponseTime: 1424064023.049
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 9839
Cache-Control: max-age=68454
Expires: Tue, 17 Feb 2015 05:20:23 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.G..........................!.1..A."Qq.2a....#B...Cbr.....RTcs....$3t.
..................................8........................!1.AQ2aq...
".......#...BRbr...............?..N.P..@(......P..@(......P..@(......P
..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P..@(
......P..@(......P..@(......P..@(......./.]>.7IV.R.v...2...Q..H 8G.
.1..>..5s..i.4p.......:..?.....................l.......O-. ....^.r.
T=.ZC.'..$..l.r.(>!4,...FW.K.7......!...)s.1......2..~..Q./../.....
..O..K...k.fT......@s@(......P..@(......P...crH.....<X.G\......a..X
?....b..ey..g.e.I....6.M...... c.oZJ.:}.%..^.......)N..M.....'PD....\.
d/ay..Bwc8.1.sUUh.]I?z93.<J..<<.../m...>..e....}.&?en.....
.l.....us..;TV.V..x.h......>...?!L..L.r.l...7-..g.[Z.?...\..&......
..e....-.{..'..l.f&V.......^....1.|........<z.../..>.........F._
..:.[G..d.y.-2......O...3;nW*&v....J>.d..}.W............=.($....?..
%..9.9... ....=IKz....}Jk.2...t.%E..4.k...0.....%...i.=J..f.m.......H9
..\.. }..(...4..P..@([email protected][Y.'.......T..V.. .3I-N..9.7&..P....X
..t.Ui..}..qS...} .r_.u.....m......&...#~c.Sgs*Js...G....WY...Ft.....&
gt;O...A...p.a..z....U"..RZ..oD..".j.C!W........-.....}.T....TM....2_.
..>).."..5R.....{.iu(%hM1.b.1Yi._..op$g.=....q..<......:.*..p.3K
......7o.W..W...5..^..7....y.5... d..><W...V*.V..>....|..
<<< skipped >>>

GET /monitor/aoc-e2060vwt-led-19-5-polegadas_200x200-PU922c4_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "8228a1d71cd4dd807142e32ff6f50d91"
Last-Modified: Fri, 03 Oct 2014 21:23:18 GMT
Server: nginx
x-amz-id-2: BfCnfh6ycnhLRP5TUIqb0jyjlABdcsUhZDg2/6zaluLuJSiux1NtSCpJv6LdkX2V
x-amz-request-id: C3BF72F6D63C5409
X-Origin-ResponseTime: 1424066690.012
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 14078
Cache-Control: max-age=71121
Expires: Tue, 17 Feb 2015 06:04:50 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
..b...........................!..1.."A...2Qaq..#BER....3DTV...........
$%&5CFUcrst....'6.....4bdf....................................=.......
................!..1AQ.aq...."R...2B.....b....#$3r..............?...@(
......P..@(......P..@(......P..@(......P..@(......P..@(......P..@(....
..P..@(......P..@(......P..@(..e..X .r<...;..U...........W..g..j.s_
Z.{...\6..5.....g..j.s_Z..g....-_Nk.P................s..k.k_Z.......-.
Nk.P..................ZG............?Nk.P..............q.........=..6|
2.W.Z...C7.U.~...c.Z..fV..{...m.j.!.......e..."..e?u.}).m....9....(...
.....!}%............#.@E...~........?[O......@<.m._....h...AyiB&GZ.
t..RI?......v.....*[.Y#j..8...g.$.. .E..n.<u...j...O......(..^X=-..
.C.. [email protected]_.{...@\...?..#.[.@\......~kj...{.....
.-j4..=.'_......P.H.....W..Y.C..h.s......YVhx^".....9..K............e.
..9C....v....X...h..~)Z....i....P.&8.iO.3...m....s\\...g.....e.T.-.:.s
9y....=....j.........h...6.........h...mg......y_R..|S.!.Z...)H*$.....
~...1r.*.y...2.I}..9II.IP.#......,.8..u...c.Q.(.HrT.|R................
t6........P..H...qq..h...=..G.2...HG............d.d.Rz-....:S.(t~.y...
\Q...j.......&.7...l..).4:?Q.NO..(.q..E=..G.2...m...G..{i.4:?S..OG.r..
...c.m=..G.7.9.d.Q..O..m=..G.y.MO....=....Oa.....2r8....._DO...C..<
.d.v..[.~....m=..G.7.9=..TxH...>.{.....y.S._9O..w.S......O2...?
<<< skipped >>>

GET /jogos/dantes-inferno-xbox-360-dvd_200x200-PU39013_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "8a54f346065bdcfdddfbf8fad5dd5f41"
Last-Modified: Fri, 06 Dec 2013 08:18:12 GMT
Server: nginx
x-amz-id-2: kZ0YNeuQfAaS3HJEFlzDSGClc6Pu490wS64iYFbojXKPzMBdU7Nt7F1MePuOiIo0
x-amz-request-id: 175A01E13A6C79D7
X-Origin-ResponseTime: 1424059844.673
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 15111
Cache-Control: max-age=64275
Expires: Tue, 17 Feb 2015 04:10:44 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..T...........................!.1."AQ.2a..#q.BR..$3....Hbv...&ru....
.(56CSet......................................./......................
..!.1A."Q...#2aq.3B.R..............?.....0B...'..?.m...\r.K.:..%T..A.I
.N.?.).mf)".-V&..@={..L.ESs.an..5.-U..........A.$.. q.*.cQ&...fx.t.s..
>....\%jR.W..j.H.O~......H...V.........!...........a........Jr..._.
.b%....Jc......_...8.Nh.*X.*1. ....w_..!..#..R%......*(A#.......Ly....
4......o.S!....a".......,|....F.u..{...XO..A..Ljp.....@..@]....nm....V
..2.!...%...8O`.{.....L.....$....t..#.S.D.A.". }.......Z.P....,....H..
.S.?.......n.................Jrjb.......Q..........g.I.........R..(..O
.z.b.._L...O..=5..i}..y..?..........d0.h..q_z.!.e3b..&(...H..wmR6.w^..
...7i..5...R.......[...v!.z...v2)..F....m.(R..$=.JS...be......O. bI..#
..V^P6).#.>Q.......#...r..vZA..G.=....2=3j.Yn:.PU.)......54..... ..
.........=...4....u....2$W.q!......."......1.......W.....*...B.)[V....
..M..}..n....D.........Z:..D..7;l.Od...}S.M$..kh...........$F..Jv.O...
.0.n..n...$....;{[..t.hh.....|3...^.0g,..0.y.f`............0B.........
HA..|f..x..u....&.....UZ...Ct.....M........$N..B.y/....j..._..D.....e.
......q...Zo..T."2....tT.........P..........x...LGS.....!..^to;...@...
.0..s..e..1..j..>.....K...I.....|..Y...u.i.............R....[.R .Y~
.&G....M..n......qN5...e.N.L.N.$Co..S....uI ....j@@..6.....,.C.m&g
<<< skipped >>>

GET /jogos/batman-arkham-city-game-of-the-year-xbox-360-dvd_200x200-PU60d1c_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "7456f170db41e5f16ae4563779657103"
Last-Modified: Fri, 27 Dec 2013 20:54:16 GMT
Server: nginx
x-amz-id-2: 05V On3Dy0hK5Ywa3xcz5oSFq8DeBlssV4xg4ROSUkQgAlT3mAYbYb5nGlMn5UEC
x-amz-request-id: 67D4FAA5BFD14780
X-Origin-ResponseTime: 1424014834.950
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 16787
Cache-Control: max-age=19266
Expires: Mon, 16 Feb 2015 15:40:35 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..\...........................!1..".AQ..2aq..#7.....3BRr...$4SVbcst...
.%6u........'8CDW......................................C..............
..........!1.AQ."aq.....2RS....Bb...#3C..r....45s..............?.....4
!......e.*..Ra...Pyi*.!.,.....>.H4i...Xcv.X.R\......u.....o:..Je...
......=HP....u.3.......... .....U......Nu......y........$....7Z.......
......YII..=>.r.T.s.=F1.g........Z.~w....H..G..Zo.m...c.u...R?.....
.r}.{.....?...Z.4y..z..)a&.h?.d.)..%'.g.}]..N......eED.c*jhS.<.9%.=
FN{..t...,;.n...........{..H...'...g./s.....nP..-#........5..VM)&..L..
....J8....x...Yt......f".!.Q.......$.z..lwO..3..aNphfgO[;.......;.y.H.
.N..................:O.z........D.. .<[email protected]....>0
...M,&.i....e.&.S.,..q\G..*$......K...._3...E'..|RS.'\?..'............
?.z.....D..QzlYq..lE..!.....9J.....:.A.[G...Q..tz....> ....Oy.\..J$
...1OzT:..8[[email protected]!.."......9...5>..Q..t....5.:~.....
%..Uw}....M<...j.....5....PX..@q..;/=....Q...f.....<U.:.g.......
0..4t.,#..s.N~.~.i.F..>.h..ih.B\?...........0..%..v=........5..O.S.
......p.5..q..Bj.a. u*9.....L.l_b..c..a'.._..5md1..X..a.KQ3....2...r..
..C@(.c.z.z ......u.....M......jqG$.<.''.p..UB.$1fVj..$...q.q$..j.x
{Z\.*...%RH.....\.'P.k%n....|J..6/3(...M..`..4h...*4h.....F.#_....}wHl
.../.SUW...G...._.!.s...y..{..84.....t...\.a.R.s......u.mF5Z|..4..
<<< skipped >>>


GET /packs/TornTVApp.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: filestock.blob.core.windows.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Length: 827648
Content-Type: application/octet-stream
Content-MD5: 6HbjSZLodkRXj05dWfnUoA==
Last-Modified: Tue, 10 Feb 2015 16:09:27 GMT
ETag: 0x8D213631408AA4D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: fe8821c8-0001-0048-7b9f-02cc6c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 16 Feb 2015 10:18:40 GMT
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$...................
......0.......!.......7.......0......-.......-................>....
... .......%.....Rich............PE..L....PaQ.................&...`...
...!........@....@.......................................@............
.....................H................................`...=...F.......
...........................@............@..`..........................
..text....$.......&.................. ..`.rdata.......@.......*.......
.......@[email protected]... ...,[email protected]..............
..2..............@[email protected]..~....`[email protected].........
......................................................................
......................................................................
......................................................................
......................................................................
...............................................V...N(....?.......-...D
$..t.V.o...Y..^....N(............,..j.../C.........u..M.. ....e...E..x
..|<h..C.P.....YY..t  E.u&j..E.P.M.. ...P.N(.E...5....M..........M.
.........J......U..Q...@. E..e..P.u..u.......E.....U..QS3.9E.VW...E.}.
.E..u.;.}.3....x.V.u......;.YY~....p. u..;.G.9E.~.3..}..u.;.u..M.S....
......4....M.P.E.V..W......E._^[....V.t$....t$..t$..).....^......H...t
[email protected]....|$..W.|$.u...t.hW....
S.....j.W....u.........W.....R...W.t$.W.6.|......_..^...U..Q.u..E.
<<< skipped >>>


GET /dl/f/f16e4752a5583bf08c56d63d94295650/uolbig.png?1423713990?width=194&height=97 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img2.clickjogos.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.6.0
Content-Type: image/png
Content-Length: 44997
Last-Modified: Thu, 12 Feb 2015 04:06:30 GMT
ETag: "54dc26c6-afc5"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Accept-Ranges: bytes
Cache-Control: max-age=2272341
Expires: Sat, 14 Mar 2015 17:31:46 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
.PNG........IHDR...3...........R?....gAMA......a.....sRGB.........PLTE
%..S..]..t!. ..N..0..o!....j..H..B..W..4..d..8.....y#..'....}%.s*.f#..
..V.._...P..7..,.<..>.../..=.B.._"..4..3..G...x.D.j*..X..;.z/.j.
..bT.yh ...3.......K...gR..n..r.|[.M...b....s\t.......z8"..A...o....mX
.E.\7.P$.B .....[K.......j-.G8..{....V..P?.cL.......f.....ca...|C..O..
.....l=....O ......`.&..pa.......yk.N .......\........tR.UA5.,.s..d..A
,.[!.............|).ZH..o...................kl..................G'#.P&
lt;3&..t*....xn.8..........[0'......z> .|z......qN........y.v]SJ82.
.....&.......uqHEl. L9.....vQ.wt....SO.n>.h[....hc.....syc..h".....
e...d;=.....,.w......._P...~.......=3._).........MED.........`SV...\E$
rgf..M........4nW0.h...U.u.....yL$.9..0..Z..0{ut..!..C9 E.........5.Z.
..TN........~..~...thZ....M4_fHs..g(.s..._........6/.DT.)z..Jq.t..m.|.
.%:.....h.;..Y......cIDATx.t..O.Y...i...#.."..9x.FA)&t<..2.....I.7Q
i*....I5....1.`....VF.E.....a.8..B..d.[....^..W...{...2.[..........8..
..............c..g.s^[email protected]_..(::.:...E'.^...[..s.A....M$
.y.........z.....j@A.<.n.~.T..gb{{...Og.y.....A.f...z<=.[.'.a.#.
8.k. .0*8..6E..ut...F....?Pf..[...1s L..}.u=u....3.k.S...3kA.Z(.......
.6.6q....'0........Y.j...E...zzz.k..F..G"4J.Nh}..........D...To..1....
...D.!.!Z....YK.(4B. .......nx..M.1...>8.O...3......d<.!..I...Cg
...lr............?....C..z....2(zp:[email protected]|J.=uQ..8.."3.......-..H....9.
...#.i.........B.@.......,g....h...Ah=....]........1..8J.. ....!......
.c;'.1j..zfu..5....;.4.0M.Z?..![..c.Q.$B.......ss.]. ..!8!x.0..GZ.
<<< skipped >>>


GET /pingcln.php?partner=extra&product=TornTV&build=18_4 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: torntvz.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: text/html
Date: Mon, 16 Feb 2015 10:18:19 GMT
Server: Apache/2.2.20 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.6-13ubuntu3.9
Content-Length: 248
Connection: keep-alive
ua[ws]v6y:1[wns]phd:1,ssc:1,gop:1[sas]v6y:1[sans]phd:1,ssc:1,gop:1[ofr
1]bbg:0[pms]v6y:1[pmns]phd:1,ssc:1,gop:1[ofr2][opt]rs:0,[slws][slns]op
b:1,||ua[ws]ta1:0[wns]ss8:0[sas]ta1:0[sans]ss8:0[ofr1]bbg:0[pms]ta1:0[
pmns]ss8:0[ofr2][opt]rs:0,[slws][slns]HTTP/1.1 200 OK..Content-Type: t
ext/html..Date: Mon, 16 Feb 2015 10:18:19 GMT..Server: Apache/2.2.20 (
Ubuntu)..Vary: Accept-Encoding..X-Powered-By: PHP/5.3.6-13ubuntu3.9..C
ontent-Length: 248..Connection: keep-alive..ua[ws]v6y:1[wns]phd:1,ssc:
1,gop:1[sas]v6y:1[sans]phd:1,ssc:1,gop:1[ofr1]bbg:0[pms]v6y:1[pmns]phd
:1,ssc:1,gop:1[ofr2][opt]rs:0,[slws][slns]opb:1,||ua[ws]ta1:0[wns]ss8:
0[sas]ta1:0[sans]ss8:0[ofr1]bbg:0[pms]ta1:0[pmns]ss8:0[ofr2][opt]rs:0,
[slws][slns]..



GET /pagead/html/r20150210/r20141212/zrt_lookup.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
ETag: 8281997907193036559
Date: Tue, 10 Feb 2015 22:13:15 GMT
Expires: Tue, 24 Feb 2015 22:13:15 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 5099
X-XSS-Protection: 1; mode=block
Age: 475569
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=1209600
...........;.w...... z}.UT..~..(.n.~l.6.t..^`sd[....mB....f$..@.{?.9..
....f<..q{...?....Yc....#..S.z.)..^[.yIp....Hr......2..<.q....s.
H.(..'....^LS..<]J....2?....#k...|......ic...4c.^......v!.qC...E...
.s..Ga.0.oc.g..}.{.....2_.1.8 ...{u..jx.......i.'.....<.....(.\....
...4....(..l...."GA..$^.=...x$;.q.O.M....i,.r.]...............38X.....
...E.a....$...}A.A.....Ix......FF.l..x.0...BZK(.....N......a. 2.<-e
>W.U....en>...8.X.......}....g/.....Etky..]..fMI.G7.%.iM...i...]
.i..9^A.w...yz.I......h6.....-.....T.i.(....8I.p~.q.T.Y#...?.|....M.&g
t;=...j..4.... J....;.s..G].9..G....T......'N......e......P.UL*m.A....
...4:....x.(.........p.u.Ij!x..c..4...A.\D...mY.<_d}g.....6..1l;...
0hY}.^.c...O..<..dle.0n<[email protected][& j.y..Jt.....Q.7.....J..~M
|.I...n...%M.....FtF.u.....$...})......#N.~..h.........6......._...8.m
cx!....21.G.g.hyZ...x..V j......x.IWro..Z#...lP.\^.}...S..H...).[F..&.
.2......=0........v[..z.8.c... ......k....6..."[email protected].&..*g.J=.K
[email protected]`..)..P1.NP7......1p.....2@..*"...N....GTQ...
...g.Y<[email protected] ...=...$..M....3..Y..X1#ZI...V..B.-......4...
.1w7..@..=...)(y.....l...ka.M...pohU.:CZa..!:..s..6...*[z...........#.
....n...1.........i..._>....N.Ac.....4..>.'.:......s.w6...^..?..
...-H.F.,o..;]ZxD.^.=.A;[email protected]@.4....D};..W['...O.>!...
...6g..a....n.`j..d...........=..........T~^.,..k.....Z.$.TXR......H..
".y....}.s.>.....k...0O..x.5...K.vTa9.8..._..h.....I..*|^..E.p.....
a...h._..V3...\P./.... ....Q.E..$..E8^r%.2....$..|x.,./..h..O.BGf.
<<< skipped >>>


GET /pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar HTTP/1.1
Host: download.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=900000-1199999
Connection: keep-alive


HTTP/1.1 206 Partial Content
Last-Modified: Wed, 26 Nov 2014 16:59:55 GMT
ETag: "4b1e700-2dc5623-508c5f506dac8"
Server: Apache
X-Backend-Server: ftp3.dmz.scl3.mozilla.com
Content-Type: application/octet-stream
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache-Info: cached
Cache-Control: max-age=602314
Expires: Mon, 23 Feb 2015 09:37:36 GMT
Date: Mon, 16 Feb 2015 10:19:02 GMT
Content-Range: bytes 900000-1199999/47994403
Content-Length: 300000
Connection: keep-alive
d,.f.\s..H.vB9..b.I`.b..8%..g..m....x..*.....{....?..u;f....._nU._....
..y q....].~..N...=....c.:..wuz. g...O?....*-..U..,..]u.iE...9..s.gN..
5.A.v....;BK..H.....>.J..T.n.#. .......^:...9.giR..h.s..dX[:..D..3.
..I.`.5..pb.s.-..........P...M.3.,.Z.....t.&Z$nJ."o'.\..O.h.B,Y.......
W.........!<.eu.BWsJ.=...Z.l....~..l'...l..9l|....d.x....Fw.B.Gv8..
..2.XJ.Ed..r...V.J.%.$.~^..N..b.....!..w h-..3.......C[m......R.*/[email protected]
Jg..L.......t.#A....X......D.B.....w.d...$6....8.I....GP..e...o\.UJ.u.
.yX.I....c..<KG..T......L..mT..,7rA..g..".?....../.&...dI......&.. 
.k..p.....s..J\..J..p....!.1(...U...A=.......D.....{.H.....v..5!..w...
....&.s|......=...V...Ig..Dp..@k..*...o".......Q..r..l]u.u/...(.i.....
.(..j........1.g7..f._N..eVm..~...)%.hX0Zm............z.w...R.".^.hI.Q
..nZ@..|[email protected]..._.....(!$....gR..;O.$$#...w.{.k.hB.4.?.
....u.$...&}.......Od.. ....".......;[[email protected]$.n.[...B?n.....
.$.\%2........!S...l.(.k...:......c...h.f/...x..VZ..A..R*~....dHh.....
9...I.m [email protected]<...i.v./-.\-......d..~h..H. ..6.M
..0....Z.A.T....N..K @....j%....U:.^..z...~.I.....F"..J...`.......1F$.
..s.D......x$O6....;r.P./.es4.*......n.{g._.U..R?(......|.....B.......
m.N....p&.Z......*..ZQ..VR..[..8@".1xy.P..........z.n^.<....^...n3.
..1...'Ki../[email protected]..<.M$..2..|.v.n/6...V.
.......lE/......w8-........-R..\e...WA...756.H.]/d.....-......'.......
.. ..4J@.<.S.4....Fu6%...du.iP.....*>........%/..>#..}....._.
..c.b.f..!...D%L...../.......,...o&u...#..1...Ex.k.P.. .S.J/......
<<< skipped >>>


GET /cdi.asp?st=-1&uid=302894767&tuid=3090520&sref=TTV_18-4N_extra&vmdt=|vm|pm|pm4|&bld=18IJ&cnt=ua HTTP/1.1
User-Agent: Inetc3A (Mozilla; pm ; FW 4; WinNT 6.1|Windows 7 Professional N; wd 21032013; ge |w|4v|c; sd 121827-175240; fl 0; ie 10; ch 02|39.0.2171.95; ff 1; dbw ie|; hb 0 px 0 co L2 pm 1)
Host: data.infopackinst.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDACDQTBDA=ABKCLFNAGIFODBGCLHDEBAKE; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 Feb 2015 10:18:19 GMT
150216:193.138.244.231HTTP/1.1 200 OK..Cache-Control: private..Content
-Length: 22..Content-Type: text/html..Server: Microsoft-IIS/7.5..Set-C
ookie: ASPSESSIONIDACDQTBDA=ABKCLFNAGIFODBGCLHDEBAKE; path=/..X-Powere
d-By: ASP.NET..Date: Mon, 16 Feb 2015 10:18:19 GMT..150216:193.138.244
.231..



GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?eb74688e1ecda676 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..C
ache-Control: max-age=86400..Date: Mon, 16 Feb 2015 10:19:25 GMT..Conn
ection: keep-alive..



GET /PublicSureServerSV.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=864000
Content-Type: application/x-pkcs7-crl
Date: Mon, 16 Feb 2015 10:19:27 GMT
Etag: "2b0045-4741e-89987140"
Expires: Thu, 26 Feb 2015 10:19:27 GMT
Last-Modified: Mon, 16 Feb 2015 03:54:05 GMT
Server: ECS (ams/49B3)
X-Cache: HIT
X-Cnection: close
X-Cntnt-Length: 291870
Content-Length: 291870
0..t.0..s....0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150216035036Z..150226035036Z0..rQ0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>


GET /inf/geturl/ild?name=yac_baixaki HTTP/1.1
Accept: */*
Accept-Encoding: */*
Accept-Language: */*
Content-Type: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Loader
Connection: Keep-alive
Host: VVV.kmu79.com


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:18:56 GMT
Content-Type: application/url
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.14p1
2e..hXXp://VVV.baixaki.com.br/site/dwnld109843.htm..0..HTTP/1.1 200 OK
..Server: nginx..Date: Mon, 16 Feb 2015 10:18:56 GMT..Content-Type: ap
plication/url..Transfer-Encoding: chunked..Connection: keep-alive..X-P
owered-By: PHP/5.2.14p1..2e..hXXp://VVV.baixaki.com.br/site/dwnld10984
3.htm..0..



GET / HTTP/1.1
Host: VVV.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=FsThVISHE42u8web64DoCQ
Content-Length: 262
Date: Mon, 16 Feb 2015 10:19:02 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.08
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=FsThVISHE42u
8web64DoCQ">here</A>...</BODY></HTML>..HTTP/1.1 3
02 Found..Cache-Control: private..Content-Type: text/html; charset=UTF
-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=FsThVISHE42u8web6
4DoCQ..Content-Length: 262..Date: Mon, 16 Feb 2015 10:19:02 GMT..Serve
r: GFE/2.0..Alternate-Protocol: 80:quic,p=0.08..<HTML><HEAD&g
t;<meta http-equiv="content-type" content="text/html;charset=utf-8"
>.<TITLE>302 Moved</TITLE></HEAD><BODY>.<
;H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://
VVV.google.com.ua/?gfe_rd=cr&ei=FsThVISHE42u8web64DoCQ">here<
;/A>...</BODY></HTML>....



GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 04 Feb 2015 20:30:01 GMT
ETag: "2015b-6ca-50e490d4402ee"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Mon, 16 Feb 2015 10:21:06 GMT
Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..150204200915Z..15050
5201415Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H.............Xb.F.M4hYy.h~...2.... .. ~.A4...F...gyQ.....:_..g.|
<<< skipped >>>


GET /home/ild_omiga-plus.exe HTTP/1.0
Host: VVV.girlliuxiaowei.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:18:50 GMT
Content-Type: application/octet-stream
Content-Length: 321632
Last-Modified: Tue, 13 Jan 2015 10:17:13 GMT
Connection: close
Expires: Thu, 19 Feb 2015 10:18:50 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........>.P.P.P
.P.P.P.K...H.P.K...o.P.K.....P.Y...R.P.Y..._.P.P.Q.-.P.K...Z.P.EH..Q.P
.K...Q.P.RichP.P.........PE..L......T.................................
.... ....@.......................... ......S.....@....................
.............h...........\...............`.......l ..`"...............
................|..@............ ...............................text..
.a........................... ..`.rdata....... ......................@
[email protected].......*[email protected]...\..................
.........@[email protected][email protected].................
......................................................................
......................................................................
......................................................................
......................................................................
.................................................."C...t.......U..V...
.."C...t...E..t.V.9y.......^]............................U..j.hd.C.d..
...P...SV.t.C.3.P.E.d......u.3.S....k...]..^..^..^..^..^..^..^..^ .E..
;.u(.E.P.M..E.|RC...s..h0.C..M.Q.E..#C......WV.#h........M.d......Y^[.
.].....U..j.h..C.d.....PVW.t.C.3.P.E.d......u.V.E......bg...F.3....;.t
.P..w......~..F.;.t.P..w......~..F.;.t.P..w......~..F.;.t.P..w........
~..E......2j...M.d......Y_^..].............U...E.VP....s.....#C...^]..
[email protected]..^..].......U..QVW..j..M.
<<< skipped >>>


GET /gmap/?google_gid=CAESEJQ7Crt3Zloia91zfQ1vCFo&google_cver=1 HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/xbbe/pixel?d=COmvGBCUmxsYu8XYAw&v=APEucNWv3qQwKXGn9CemT46FcVnBYbOhla7GGDsFVVqUhj-RfQqYaVKMGQGcmrkasDqinvyfcbtISl6-zilKufG5jlb4G65nB2RI1rUS0rDyNoI4XpPsDpQ
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bcp.crwdcntrl.net
Connection: Keep-Alive


HTTP/1.1 302 Found
Date: Mon, 16 Feb 2015 10:19:29 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Cache-Control: no-cache
Pragma: no-cache
X-Server: 172.25.10.184
Set-Cookie: _cc_cc=ctst;Path=/;Domain=crwdcntrl.net
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://bcp.crwdcntrl.net/map/ct=y/tpid=CAESEJQ7Crt3Zloia91zfQ1vCFo&cver=1/c=899/tp=GDDP
....


GET /map/ct=y/tpid=CAESEJQ7Crt3Zloia91zfQ1vCFo&cver=1/c=899/tp=GDDP HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/xbbe/pixel?d=COmvGBCUmxsYu8XYAw&v=APEucNWv3qQwKXGn9CemT46FcVnBYbOhla7GGDsFVVqUhj-RfQqYaVKMGQGcmrkasDqinvyfcbtISl6-zilKufG5jlb4G65nB2RI1rUS0rDyNoI4XpPsDpQ
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bcp.crwdcntrl.net
Connection: Keep-Alive
Cookie: _cc_cc=ctst


HTTP/1.1 200 OK
Date: Mon, 16 Feb 2015 10:19:29 GMT
Content-Type: image/gif
Content-Length: 49
Connection: keep-alive
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Cache-Control: no-cache
Pragma: no-cache
X-Server: 172.25.11.166
Set-Cookie: _cc_aud="ABR4nGNgYGAIeXjEkAEOABtiAis=";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Fri, 13-Nov-2015 10:19:29 GMT;Max-Age=23328000
Set-Cookie: _cc_cc="ACZ4nGNQSEo0MkkzMUhNNUg1T0w1tUhJS042TTU0NjU2Mkg2SklmAIKQh0cMGRAAAHXVC7s=";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Fri, 13-Nov-2015 10:19:29 GMT;Max-Age=23328000
Set-Cookie: _cc_id=ba24f40ee0e7ae58dfcc5e135320c2dc;Path=/;Domain=crwdcntrl.net;Expires=Fri, 13-Nov-2015 10:19:29 GMT
Set-Cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Fri, 13-Nov-2015 10:19:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Date
: Mon, 16 Feb 2015 10:19:29 GMT..Content-Type: image/gif..Content-Leng
th: 49..Connection: keep-alive..P3P: CP=NOI DSP COR NID PSAa PSDa OUR 
UNI COM NAV..Cache-Control: no-cache..Pragma: no-cache..X-Server: 172.
25.11.166..Set-Cookie: _cc_aud="ABR4nGNgYGAIeXjEkAEOABtiAis=";Versio
n=1;Path=/;Domain=crwdcntrl.net;Expires=Fri, 13-Nov-2015 10:19:29 GMT;
Max-Age=23328000..Set-Cookie: _cc_cc="ACZ4nGNQSEo0MkkzMUhNNUg1T0w1tUhJ
S042TTU0NjU2Mkg2SklmAIKQh0cMGRAAAHXVC7s=";Version=1;Path=/;Domain=cr
wdcntrl.net;Expires=Fri, 13-Nov-2015 10:19:29 GMT;Max-Age=23328000..Se
t-Cookie: _cc_id=ba24f40ee0e7ae58dfcc5e135320c2dc;Path=/;Domain=crwdcn
trl.net;Expires=Fri, 13-Nov-2015 10:19:29 GMT..Set-Cookie: _cc_dc=1;Pa
th=/;Domain=crwdcntrl.net;Expires=Fri, 13-Nov-2015 10:19:29 GMT..Expir
es: Thu, 01 Jan 1970 00:00:00 GMT..GIF89a...................!.......,.
..........T..;..
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.CrashReport_v6 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:24 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.45 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:19:24 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.45 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /w/1.0/sd?id=537072991&val=CAESEFX62yVRjgt0VB5JGzFZd_4&google_cver=1 HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/xbbe/pixel?d=COmvGBCUmxsYu8XYAw&v=APEucNWv3qQwKXGn9CemT46FcVnBYbOhla7GGDsFVVqUhj-RfQqYaVKMGQGcmrkasDqinvyfcbtISl6-zilKufG5jlb4G65nB2RI1rUS0rDyNoI4XpPsDpQ
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: us-u.openx.net
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Set-Cookie: i=b29b88f0-adee-4d70-5603-ceaacd3ce446|1424081969; Version=1; Expires=Tue, 16-Feb-2016 10:19:29 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
Server: OXGW/10.91.1
P3P: CP="CUR ADM OUR NOR STA NID"
Location: hXXp://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEFX62yVRjgt0VB5JGzFZd_4&google_cver=1
Date: Mon, 16 Feb 2015 10:19:29 GMT
Content-Length: 0
Connection: close



GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/ocsp-response
Date: Mon, 16 Feb 2015 10:19:26 GMT
Last-Modified: Thu, 12 Feb 2015 09:08:42 GMT
Server: ECS (ams/D1C4)
X-Cache: HIT
Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..2015021
1214611Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M..
..'.j....20150204200915Z....20150505201415Z0...*.H.............45v2..8
..w......V..`.`-.xP^..u..>.......,.}.....G.....6.... .e\#".=..X/...
...$..Bu.t.........a2.C...1.UU=~.w.....v..|>..........m*......8PL/.
..W6..wZ2.......-2B1.<dk......E....v... .B...%...(..7.UG..6......).
......OWu.Q..{..S.).u........v(../yA}.Oi$=...[......0...0...0.........
..'..0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....Cybe
rTrust1"0 ..U....Baltimore CyberTrust Root0...150114195242Z..160114195
229Z0G1.0...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Validati
on-20110.."0...*.H.............0.........?....(Fb....G... ..=..(L..wK.
..04..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8.....
.....h8GM..*.4.MP..../[email protected].
..2.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g
..j.\.>.O....G.A........0..0... .....0......0...U.......0.0...U....
.......0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U....
..`;.l.uZ..k.F..^|A.Tb0...*.H.............n.h\Ch*G.c..yr..."._....J.-.
...j.t%..e.....([email protected]!m...sZH.N..>.S....K..........7wi3..x.D..l
..ud.....CC......<.&.2. ..d...T.......;.S....\... ......m.6......#(
.&....q.[z.........r..T....W...7ea.}..B.1........al.]i.F...-.0c...y.=?
....E...........'>..O.._..
<<< skipped >>>


GET /aep/template/br_nzn_baixaki_redir_970x200_5adsx4-1.0.5.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: akfs.nspmotion.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "f8b954e5d772ece78d209a3049ab2617:1423842013"
Last-Modified: Fri, 13 Feb 2015 15:40:13 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Encoding: gzip
Content-Length: 959
Date: Mon, 16 Feb 2015 10:19:26 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........W...8..W"?@"....U.b.........R!o2.k........w...n...Z...`.3..
_f&..z. .....BK..P.`..?.x.b....@&....x.....<....d..n.]V*u.T!...*...
[email protected]..;..2*p......J.........s:....rv.*.......e1N.._.B.'...5..
.Mn......~`@...=I.9.C.{..4.......W.?..i&.....Y1l}..^...S4..R.a.......0
Vv...5_.#... W..r.C'.$.d..:.K%..Q.o...3...<.[...e.. ..(.H~...;.8q.y
.G.........B`.....;*.6.6O.Ka.Kb.z]r..B..XH..*KM..w.. ............S..=.
.K...QRt{4....P.v1cLF.^........z2>..t,.9..X(o.P~.E.<......B7ia8.
U8<..?.l.8y.H<.d.N.....c...K.m..i3.z...r.T/k.I.....s.dv.Fy....J&
lt;.......^vz8...v.S.t.\<[email protected].....[..Z..;.E...PFN.....e`.g.....
(...2...?N..^`B....jA...I....*....zu..y.}.........kF....i..Y.....VK...
R.....2........V&!;r0....Z:....=..W..Zr.)B..c...M..2.....O..~...q...)\
.....%.\...)..y]N/.........]....R..}..d...............P>.A.l..Y.=i.
..e.......B5#].!4o.1.\...m.Z...#.\[email protected]<x.e....iW.Rv...F7..g.F
g.4.<....$;.5yR4..fL.z.;.w.6.Y..c.,..kv...uw.....a.uM.u.......M|...
st....&U....HTTP/1.1 200 OK..Server: Apache..ETag: "f8b954e5d772ece78d
209a3049ab2617:1423842013"..Last-Modified: Fri, 13 Feb 2015 15:40:13 G
MT..Accept-Ranges: bytes..Content-Type: application/x-javascript..Cont
ent-Encoding: gzip..Content-Length: 959..Date: Mon, 16 Feb 2015 10:19:
26 GMT..Connection: keep-alive..Vary: Accept-Encoding.............W...
8..W"?@"....U.b.........R!o2.k........w...n...Z...`.3.._f&..z. .....BK
..P.`..?.x.b....@&....x.....<....d..n.]V*u.T!...*[email protected]..
;..2*p......J.........s:....rv.*.......e1N.._.B.'...5...Mn......~`
<<< skipped >>>


GET /tm13767.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: tag.navdmp.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:19:24 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 25 Nov 2014 17:36:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 17 Feb 2015 10:19:24 GMT
Cache-Control: max-age=86400
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Set-Cookie: ac3=1;Domain=.navdmp.com;Path=/;Max-Age=31556926
Content-Encoding: gzip
ebe..............]s.6...B..K....4M...Ir7..5M.......%..j...$..g........
)qm7..l$.....@...<.......x..A.n.yWemQW......i.Est.x..i.<..;^.sZ6
.jk.u.F.y..E5j.........*K..jm.b..._l3BP]..e7.;....cN.......-/.E..n...k
.z5B..u.Z..?...Y}..fK..m..j......5.t.Z.....O/..0.:...Y.I.....&[L.E.d..
A..W"..H...ox..........`c.....9v............F....z.....-...t.M........
`.....H.....cM..k^CG ..z.. .......d.4.X*.).LH>!.....].E.3A.4O.j}A9O
'...G7E..7Ge-.8Z.M.......KZ.....[.]....T ...gb....m...l..^.g.........V
b..)..[3..UY......P...LG.CJ....l...N...I,z....k?.......[.....l......p6
6.....V.......V.jH..........H.....Y=..u.(.,?........1mG....#".G.;.....
..X..5(.o_]H....U.r......;..l.N..{.Hg.......Z......K..|S....v..'......
.K....f....T..7.ah.>.....z.....K h/F.....N.pf...[tf..o.r6... g.....
..;.E..".F.Y..J...z..m.....%wN.6A...:R....5..a..K.......(;.Z4.5vu.{.x.
.].. ...d...hZ*C.. ..H..............9.sb5t.t..8Y...n..aK/.....=.....i.
G)...'.o....}=E.Zs.18.1...E...&.....YQ70..O.~....;.....I={..JB7..tCZ..
..Ne.p.Y....NU.p.g..:.8.i..I/...Y,.o9....mL..K.........%#.i....r.....W
e~./... ..(qmz4...........@[email protected]
...LN...g..)...............AD.W....vd....AzCk;CR......L.. .G.P..L...,H
..K`..$'Ad...I|0j._.T.9.. [email protected]{.................y.~.....m@5..%.}..e..
.lv.....l=..M..;.. ..=Y....`........A.4P.h.C...].V.D%#...&CF..!.||.m.C
....;...i.....Q...X|..6..<LA.cr...l.v..N...?4..\.T.......^v5.....Z.
.$..3.[..V.]E..i..L..&....... ..E....\..}..Nc...#.t.0.....D...zO X.\l.
u.Z..r!...7.#b.a....."p..."g..".......f..c.x....k...a.#.... ...*..
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEHBLv1jEBStiRA+Q66Kydvk= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: gb.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1456
content-transfer-encoding: binary
Cache-Control: max-age=456989, public, no-transform, must-revalidate
Last-Modified: Sat, 14 Feb 2015 17:13:00 GMT
Expires: Sat, 21 Feb 2015 17:13:00 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015021
4171300Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...pK.X.. bD.....v.....20150214171300Z....20150221171300Z0...*.H.....
[email protected],`.e..>/.....|\...J..b_ ......Q.P.S.Ee.f.?
.>..Xx.......<..... [email protected]?...Y.|[email protected][...... 5..
)f4.G....G...\....I TM.7*.z..y=.UaLS...X....(e.#.........~..O...P.s.l3
T........&P;.\dRJ'..l......|<5.z4..i..8.8L...F.0..}...........n....
0...0...0..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0..
.U....GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1
50406235959Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust
 SSL CA - G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b
._...>.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%.
..6'.e.....3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~
8...~WL..%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M
.....=RE...Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0..
.U.%..0... .......0...U...........0... .....0......0"..U....0...0.1.0.
..U....TGV-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..
J.G...~.2.L0...*.H.............E.L.W..;..C@..?....JF;[email protected]..........
.a.^.a..)OB...|..f.../9.Q...:_-7....yG...FF...[.^[email protected]......$x...
..N.4....RjP....r [email protected].$.2..Lb ...RZ..6.....2T|..L......z....:q
!.G..O.1....OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..
>.*&-8-..
<<< skipped >>>


GET /xbbe/beacon?data=APEucNW2KotOYoSKfK0eV7Uz8InsbwbAMVUZZyiZVObxzYA_DVqFWzc4cjfPUZsYRzMFCd_3rBHDtJtIn28jBDNgD6B7YY4Lbw HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bid.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
Date: Mon, 16 Feb 2015 10:19:29 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: xbfe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..Date: Mon, 
16 Feb 2015 10:19:29 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 
00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Content-Type: 
image/gif..X-Content-Type-Options: nosniff..Server: xbfe..Content-Leng
th: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p
=0.08..GIF89a.............!.......,...........D.;..



GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d01bf5b2e7ff11ba HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
....


GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2df522542230fc24 HTTP/1.1


Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..C
ache-Control: max-age=86400..Date: Mon, 16 Feb 2015 10:19:25 GMT..Conn
ection: keep-alive..



GET /bxk_v12/bxklogo.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 4804
Cache-Control: max-age=27682746
Expires: Sat, 02 Jan 2016 19:58:30 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
.PNG........IHDR...............%.....IDATx..\.|M..?J..*5..<..<5.
uDUMEQC..c..V..H..4"1$...K...<.PjN.5.G.*.Md......9.nw............[g
........k..SEy&....C.....z5.H.~.?uE=...u|.....2j~cHq.b8Uc.aI......R..Y
.^...............e.....x...V!.....OJ..4.q..c....J3....w..*.2..w.^....{
%._.H.*..l(. .jy.....R;.I^>o.....-..Q.OB.........4....uN&.Ge.Cx.ZLJ
..A..( .......OEM.TT.l@..)(I.%.B........O...g...f....._..#q..j..>uH
tv...F..6b..l..../"no...2..4......!.a[...a...F|.o...&D.4b..l.....%....
..~.(.)..=..lb.{......n.D......o..d..mf..3....cc..[.....e..Xs..u...D .
~...k'[email protected]..."."."4'Tp..y..<
!.0.......6..&!.p.0..........0...K.5....GD...L.n..u.!..L.U..Xq...G...g
....K{.tu.W..4...4.J.......[.pW....z. ...D.'..n.m.B.'.:....LN.7q..Q..A
W..QE...<...J.....'u......U......>..<...x.....).m".....K...&l
t;;.o(...0...5.L. ...9...yp....yvT..fI..'.J.......I..;.._.......A..Y&l
t;..F~.D.!.....y.."9u....P....b.<.r..@..@..'...Yx. ..../EH.:o&4$...
.."....>Msn.XB.-y.....}....j<.g.G#_?..Yp>..G.....N..m..F94...
..a.g......:#......][email protected]..%.{......M..b...._.]".04.....g;.R.M.....Z
../.r..w.....Z..q..4h.%......<...=.T.21..................:.6.... .L
X.j..:.lU$...F.6V.t.e...Q..q........_...l...........BX....(...[@......
.P...mw.l.^.kE.....o....-.v......N.|....w }..^....U..x......Nr[....../
2....6"l.........([email protected].... ...KB.......!Fj....u....<...e
...*M."....{.2.....CK5......C....;S.......Z.f.?K..*a...]..J..|B.~..V..
h.....3......................l.tJpC.. ...2...%T.A1.\.h.ohgn{...|w.
<<< skipped >>>

GET /2015/02/13/13170147267117.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=474px:237 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 106943
Cache-Control: max-age=31383593
Expires: Sun, 14 Feb 2016 15:59:17 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...o./.K
Ez..'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G
.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G
.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G
.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G
.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G
.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G.KE.'.G
.KE.'.G.KE.;.J9......v..J9.........Q...........})p(..,'>.s.K.F..a9.
..J\.0(......R.Q.@XN}(........s.G>...`P...J9.........Q...........})
p(..,'>.s.K.F..a9...J\.0(......R.Q.@XN}(........s.G>...`P...J9..
.......Q..;[email protected]........~$.P....#..5.e.gR...P=.....G...'.NIn5..
Ga.z.`u..?...$.|.......bQ....W..h..q..~.C......0.......',B.g_.c..8`X..
.e,E4..Dp.$...'=.(#o&.B....H.\ZY.Z.......".=..W.O.&._..5....%h......K.
.........j..../..;.. .9".....).\.....D..G>...`WQ.a9...J\.0(....
<<< skipped >>>

GET /2015/02/13/13152816858826.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 73979
Cache-Control: max-age=31383708
Expires: Sun, 14 Feb 2016 16:01:12 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?......(.
..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...
(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..sM..6&l
t;...#%..t..................i..] ...k...... ]xN...{....}......J.j..Wm.
..A.........5....wa.j^.e..4.Z}Q.VU..Vj..z.........Mp.~.:.s5Q........b.
B.w...,........X.m>Ta........TIp..S......o..(.T...ou....cZ.UZ.n.R..
....._.L..|....r.k....Cu.UJj.3UY C.. .7.....V..v.5T.?..._........../.w
j....[u".._t|zU................".gl}ty'4.V....~..QE..QE..QE..QE..QE..Q
E..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE.
.QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..Q
E..QE..QE..QE..QE..QE..QE..QE...IJ.......-.....g.......Z...8...O....'.
4.....~...^..g..v...........W....h...j...=.L:....V.Z.....t.R.:.G..F...
.<q|....=/dP.Fej..Y....I".7..o.T........=..WcM.*.....8..>deK....
....-..Z^W.7....K.}.0..\.....%..*\....".Z.E.j.EQ...I....de.-Wm..Z.
<<< skipped >>>

GET /2015/02/14/14162546390325-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 10482
Cache-Control: max-age=31394412
Expires: Sun, 14 Feb 2016 18:59:36 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..4.,...
Y.L.O.Sc..?..j..e..x........E.....jd.c.}j... ..J.|......{M....QijA..?*
.....g....e`..#..^....=.....z..<'._.k...../.a.\`....2.x"0.....m..U`
.V.........9.i/...?a...K.........,.]?M...l.....j....).A<....h...f..
..q.h.`i.....[V..ywvWI.....".4....{=.oW.k....._..h.n.o.H.#[email protected].
`..j..f..Y......H....M.c5.g.........._..)>....O.<bO.El....?p.7..
".."{.v..X...Lz...k|1.......C.....k......^{[email protected]..../.z..&f..Hh.8.^.%
.....#.........>.6..n!......P.rA....\..t.W..U...1......../._.......
..R|j.$...-...K`...7.m.H.-...ko..G.gd...~'.i.M.;j.]y..f..q..K.n....O.C
|.w<..7.z~...4.{i..Rk.....O.....g.[?..u.w.................=...V.g.x
G.o.<A._.-ol.Y......b.6.V.7cV.i?.'......J.......~.O.I4:Tw2.4.o.C"..
we#.N....5.k......>.._./...]|i.^..O..i..._^[[.d.$..y.z.9.:z........
....}.'..m.x.m.W...f.....x.."6.I..:..v.?.......-.......X.e..x..p:w.S..
..i".)".&*..Q....A........_|4...2.|5}u.....T.)[)#..k..5.$.c..x....
<<< skipped >>>

GET /2015/02/14/14155921387307-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 16540
Cache-Control: max-age=31390736
Expires: Sun, 14 Feb 2016 17:58:20 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....:MJ 
...pN.:.....]..>U.....G. {x>..T.....K{EX._o8.~...-,.u..(...Q.v..
...C...p..y-..%..U[ 'R.j.<=..{..u...n.'....9 X.-..K}.?1CG.x..{.....
.........y-.yP.......xCZ..O.I"e.,.AW....x..v...>..>tr,P......8..
2}.aI....../o.=y&.%...4{Q@.;..@>.............9[.B.K....y.D..5i.[...
6.:.o.@*.. ..E$....k.E.Z.....k._..DR.. t~.3......z.....#o.:.~-.G.|3.{.
......c.?D.H...kjt..vwF........?.z....:G..-..K....C...........X..V....
..k.o.F.'......$....Y.f^..k.w......i...p|".._....%...uq)......X.B.K...
............M.......POk.Au..Ek.aHG..,.U*I..I..?..\.=5;2|<g9M._..!..
.N....k..>...x........G.p....'G..e.T. .'?-}..|~.......*..W.t..h.{j.
.a."[email protected]..$.....(.YwJ}.......K......
M....~.y.-.K...i......eH.q......q.8S...z..VS.f.......#KV.?.!..V.-....[
.b77j..yC.M379vi..;.......x~M%.-KX..H.....'..`...h.~gs.F..q.f....m._x%
em>.... y...#.......8........M..K.&.=..$:,...d.1..>vVl.a.Ho.
<<< skipped >>>

GET /2015/02/14/14113141914084-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 4276
Cache-Control: max-age=31374730
Expires: Sun, 14 Feb 2016 13:31:34 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..~.(..C
....(...(....f=.d............?...|_.R.... .e.Z.X..ml..&P.F.,..le,..d..
.O.-...x...\..W...#.....1...OJ...8..x.0.a....N<.....i...d.juj..W..x
..9?.i...r..8..........f..' ......=_UQ_..lc.......'.g.}G....G.........
..........Q...O......../...}UE.......?.....}G....G...................Q
...O......../...}UE.......?.....}G....G...................Q...O.......
./...}UE.......?.....}G....G...................Q...O......../...}U.3G.
.?..O......Q...".....9?.i...r..8.........!....hW6............v'.=.w...
..G.}uA.N9.=;.........p.{5.#.....g...'...W..........{........!Q.X.....
..1^o_X..o..%.:...M/..Hb....<...`.V.....ZG...j......(...`..(...(...
(...(...(...............G...Q.c..b.....qW.?....3..6.U.0~....j?...S....
*.../[email protected](. ..7.>.xGQ...J.H........A.6...fc
..>..q.U......kWz_......g..5..A..\........F..PV...#._.x.....gI....A
..[^Dl}..A.._.b..c.J.......8_..T....\.Z....v..>S6.*F..A....=[..
<<< skipped >>>

GET /2015/02/13/13192629930341-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 9398
Cache-Control: max-age=31316841
Expires: Sat, 13 Feb 2016 21:26:45 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..[..&.,
b...8{....~e.J..$...A.P ..,zVV.m...t.M. ].cvqU....X~.x. ..*u....o.&.I.
..k....t...._*.e...a..f..O..(..1r.7.vd..k.......-.t.....O....{..@.....
q.c....P.....].-.....K..q5....~.6.U...~..3K.....o.....T.9....>.....
.MKT...8c..G.Q..j...m.Q.J.....=......5Y<;."K.k.v..n.at..UW%.G?w....
/.....%X....R%].K.C&;|.GO.yo..Q.c.-..f.'.l...\B..|.......2......U..>
;...7.....5.............r.,[email protected]..:. ...U...{E.....'nO.u.....Z,w
......6...b..._M.u......d.x.....}.dv.Z..RS...u.'.........6....C.Awf.k.
P...1Qr"b<.........E6......A.I.O.X...F.s...#.2.......E...f...O.6...
[email protected]%. .O.... N0.....NnR...>..........
....m...7~../.........0..6.=....q..On..#.........i#'.%....Km.}.:..i&.z
.h.....O...>4..Qh.MJG.Y.c........._.....o..}....KO.....,..&l...dL..
PO....xwF...ma.B..S.FMz....{.$o&e.X..3...w-.....1x....G/W.....i.......
$.t .}CC.uW.e....<......`...8..\.7.-......X.{..[Y|......$(.p...
<<< skipped >>>

GET /2015/02/13/13191426569319-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 11680
Cache-Control: max-age=31316072
Expires: Sat, 13 Feb 2016 21:13:56 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...qM4.s
Ln3C..qL.R2g5..5I$7$....S.^}.C.O........yi.\.....8..?#..).Wo.$..Mr.-f.
..e.....H.`..H...eS]..h...z...<W.b...,......-..K...$.z.k....q..Y.0.
.]...n........~....I..N.k"...".I.G..HF..K.p.2.Oc_O|`.)u.....<..[..x
gU......11...bdlu.. ..~D..g..O.R.......A...[;...T.08.l.W...:.....>.
...|k.Rx.._...j/...X..A!...;I..?...c.....[..d..Y..~Y...K. :Z......^.8#
..W'7F~...WI.:sE........#....J.^.u>[email protected]...&g
t;.k&..a.kg.M%.rK..m...N.."2.p}..|W.....t[..k.>...TX^^....@E.....`6
T...._.k~>.....n..Io6.%...2..w<.....@<c...WI].z.G..o..J..)s.$
...j.....w;......G..*....w..lY.v.....~..*.vI.O..;m.W.d.r.j...>..PA{
...H.g.P........~.z...5...N.).%..(..gn.2. .......K.R..>...R.S......
.v.0.n.. |.....~T..P...g>...S._.|...&..<Q.."..sp.s..s...u..c.../
./..?...=..wu..(.} ...*....G......t.]>..s.$.A....v98.88l....oN.UJw.
....q.XRu0t#...z.{}...S.....WT..c..\x...........f.G......W.5......
<<< skipped >>>

GET /2015/02/13/13182326342264-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 11169
Cache-Control: max-age=31312964
Expires: Sat, 13 Feb 2016 20:22:08 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.....p1.
.A..Y..R..f;V.....^...X.g.`.....2zU.=?wj.....4.F....m,.qW .I..t.z..5..
......&.y.q...31...x........r.k.......U}...?....-.v.<.......Fsv.o.\
.Q.....v=..(.H.v=..~....G~..u...A..o...tWwzD.A(..r.#...W.iW.z..]Y\[.[.
.d..).E*..]...rM^.?C$Y.9_..m1.5..#mG%..QsOff.<......G..Z.<.C.W2.
..3d.._...tw.....T..g.........}.9XshD.....u...?{..U...a..8.._./...3...
.*..{.5}OKW.>.U~c"*G{..h....b....5.,Dg-.g.~.'..)s..V...h,59e.n.V..5
.......F.......X.-.k........&......e.^6...ffA.[3..........y...^].. 4..
.G..f>.rk.)...O...4~...........\."....h....Q..../.7......J..<}..
........p[.0....K}-.....O.z.>..o...7.o..Y...?...o.6.....n@.[f...s.G
.~.~.....h.[|F.../[]...%...(.......*..K....Vb.G.?tq....i.....r..R..M..
.....).....[.....]Cyu.H.-.q..w.e.e.GL..2k.| .fh. ....garm.|.E.....4{&l
t;.T.X.....lg....7.._..P.Y...1..i&'....t..N..j......g...~...;|E.K.V.F.
...ZE...L....A... ..P...g.G..{....J........='O...Z.u....W.._..D...
<<< skipped >>>

GET /2015/02/13/13175556396214-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 13418
Cache-Control: max-age=31311333
Expires: Sat, 13 Feb 2016 19:54:57 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..o.?.&l
t;..x.P..]s....<.-?Nv....5.}...c.q!..8...2....x"..|1./.....:L.[.j..
w3....h..(.2."..v.....?.> .|>.........&........4..f.k.6...4..X.i
3 ....((El...~......|I......yl..o.....l.....".`......M.._.D)#...^.....
..........vms..%...$c..........Fh6..".....Wi...bm_^..}... ....Mr.6.@..
.x...X.I^;W.?.o..[~....u{{I|C.....-....XfF......*...A!.CW.|d......&?.{
9uHo5.....Y...Y.... ..,....Q....nK..5.o..~.....q..........ik...o......
9ody...v.......9.W.....>.V....2.Q..U...i-....0?....9l...c..L...G.S.
:.. .[S..ki....i.A:..5?.@]w..Y.A.zW.g.........3....S...j....=.).......
.Tg...DNp.6.*.|.,<..G...J|.q.F~....<.f.}[email protected];..@.....
........%......~.qc'.!.3..[e...U.$.%u`q.{YF.c..A...p..... .X/RK.....x&
YB...{er...F. .]....x..g...q....Q......j..H.......f..GP.r&s....e .....
I...........`...|..B.."E..d.......A..#..~.....]..f...&.O..$.._.Aa.....
.A..q_...p...k.:..m.,.K..'k.......9.....8 ...z...........^..v.y...
<<< skipped >>>

GET /2015/02/13/13174010733176-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 9648
Cache-Control: max-age=31310412
Expires: Sat, 13 Feb 2016 19:39:36 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..~4|ei.
Yt.YX..G......&|^..uy#....K.p$......W.|S......K.....$..Y....u...|,....
xc.....K8.;.s..........g.U..s..o..c...>.;........*.|z...?c...w.<
Y..W.I...1.l.....[...e..).-|1..=.i..n#[email protected]........^...}..:|)../.d6...K
.2;.$.*...5..h{Oz[.\~.>..<....&..... .q....3.} ....T.....!xw[...
>..M5.~~...4.#.rV2{..v.......4.....5k..d..T-.._.W.'.........../..j.
:...._...'..mj.o<........B..qW..V....zZ^I..c..w.Vc..bj...F......|).
(i..o.......7.!.y=X .?..z...SY.......P......O^s........ #......?no...~
g..$. ...........3........&.t..Vz.......2..K[....,.C!..Z2.>.....4s.
..>..5..M.?0.2.^ ....*.).....W...y..WrYN.D.d...q.9..|M......m|m....
....~.o.~r.=.b.......u..\n...).....j...k.....Q.05W5*..3............K.8
=:.5=6.........Q.........0.{..v;]7._..U..bm7...d<../.X......4......
..s..[..=.HMw..9k.&.O.<.......*..B..4d.Zv.Gn.....4..O.....}.O..*...
f-.....P.i...tq_...%..x.......Y..k...Z..0.6..I....#....'...i.3}...
<<< skipped >>>

GET /2015/02/13/13174141385181-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 4774
Cache-Control: max-age=31310524
Expires: Sat, 13 Feb 2016 19:41:28 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..B.(..&
lt;...(...(...(.....&.6.-.=...|.... ?...j......=..J.2_e..q...vi...7s.8
.._......R1.Mo...|.k.h ..Y~..G.....Qoi.B.y.2..Tzt.....O.......U...f..(
...m].^.....Y.<=:...iE7...m'gd..ft.W8.4....[..*......4RE...J...t.7.
..O..x?.8v..=. ..d..k/.6h..n...t2,....I^.Jr..&..G..4kS..R....i.?F.u.B.
&.k..V.kd2.#}.P2I...0|M....$.;...1Y.O......7S....~._......Zt...p..!.i.
H...S.....d.......?..r.<...x...-kN.....-{.Yh.$...Ko...1...j......'.
J...........aE.W.1.N.QE..QE..QE..QE.}.E.W....0.QE..QE..QC0Tff..2I.)...
........;.v.f..... ...A6..y...._..kz.j.{..........c......k.....xX*..z.
..%.^}...0q..U.:..`$..Zi.....e.w..W......~hm..F..j..S..I-.,6.Fv. ..BI.
....!.&....uM...K..s.H...pU..H8...O;...).O...Q..i...}...k.......... ..
Q..2ZJ$..7..T...f.....&....Bf..t.%.n..C.v..b.so......$3)GF.WS..]YE,..o
..3\2.N..)A.s....T.;....r.s..]...X.E.......s%.K...<[.?...J.:......r
d;~.G''.......~$j.^.........P.B.......?.5.|......]............6{*.
<<< skipped >>>

GET /2015/02/13/13174246578188-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 15649
Cache-Control: max-age=31310569
Expires: Sat, 13 Feb 2016 19:42:13 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..k...z.
.[...%...Nkj.O....U.r..K...k..G.ksM....f........o,z.^elE......U...n..s
]w...........{..4.....\v.".E..:.j.O:[..K.@u..*O .$.Y..)C..j...g..7...j
m.t..O..j..`1...q]Yl........Z]t....FT.)....x'...\..x..............g..u
0v.R.D!...b..o..a...N.....;W.G.-#.>.............|.c...L..G....)..8.
..z........D.mB.........._......\.v....s_.gY?.e....c.........Ykm/k.v&g
t;...c.E..[I..s^..w...N..........'...|{..m.K.d....Eyp.L.l3.D..".3..>
;......8.g.i...t/..&..MOXo2KK..R...2e..p.R(......5xG...?Q.=.F...n.[.7j
n=G..`.........E..h.~.k7...]#vLHWAf....d..L..s...<\i...E...X.J-.#}.
.vo...0.....*..Z..v.....~..hQj....8.ks)..f.md...p.O...9.d.1........7.u
..F..j.yC3.5.E...d.T..y.q.3..|#.x... .~..'.3j~>....=;L...........&l
t;.F.r..u..g8................ ..{}9^.Yn..%....t.$ 9- En~c.....J......a
kc..I/.*q_...3W......e^..b......C.4..|..TqiZ?...i.....n|U.Hl4H....P_O$
...|.......#W.V.:..Y..6.....4w.F.6.v..h.[.Z[..........~].....<Z
<<< skipped >>>

GET /bxk_v12/logo-nzn.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Connection: Keep-Alive
Host: img.ibxk.com.br


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 1631
Cache-Control: max-age=26751192
Expires: Wed, 23 Dec 2015 01:12:36 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
.PNG........IHDR...d...(......x_C....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:AC156233AE0311E3AC25FC
791834BC1C" xmpMM:DocumentID="xmp.did:AC156234AE0311E3AC25FC791834BC1C
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:AC156231AE0311E3
AC25FC791834BC1C" stRef:documentID="xmp.did:AC156232AE0311E3AC25FC7918
34BC1C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>........IDATx..ZAr.0.5...^ iz.wr.d...".6l
.6.uG.%.v.l .v..2..(S..M.A}..5}nUO,......yc..!....?Cc.......`08..-..8'
..?.>?n....".....y~a....#[email protected].
..c.G..".g.p..x.C.2AX..r..9w....|.Cz.c|..tU.-....^q..s..9.D\..........
......r;....^T.L....(..<v.!...K.?.Kp.,j..)...a..&......rR......5...
Ie!..Q.a.k....'..bc<e.B....#...Opa..3..3."<...).]..~..z.K.OQ...Y
e1..x-..9dJ..e.,.gl...>......fC.'... <...vP.......U:d./.......M.
>.RT..).V..`....U..=r........5x.A..Y....K.qf.6G...e...y."..5...Is.`
m..3c....&%..MC;..%.....Z.I....../_eG. ..9. F...QQ<L......TXNO%
<<< skipped >>>

GET /bxk_v12/_sprites20130903.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 67153
Cache-Control: max-age=26751012
Expires: Wed, 23 Dec 2015 01:09:36 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
.PNG........IHDR.......K........Z....sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.03.09.13..k.....tEXtSoftware.Adobe Fireworks CS6
...... .IDATx...y.\U......;...JH.!$...i.!a1(.."....:...:... 2....:....
...GP...qD...0...B..!.l$!d.,..r..GU'.....v.....t...sH..s.s..Xk..w.j...
..B-...Z.1...c"~/.|..%_=[.x.).;"R...".Q.E..P.8F..q.B-...Z.1...c.j.....
...Y.xq..""..H-...i.CN>..j.CD...Z.1E.S..[..i..qLQ..:......E.S.9...E
..Fj......*g$..4R.8.w......Z.1...c.j..(."...&...}...g...guKK..4R.8F..q
.B-...Z.1...c.j..(.".Q.E..3....g...>[...H.4R.8&g5..|.......D#..c.:.
.9.H..H-.....u.-R.4R.8..sj.c.....".....rF".K#..c.B..c4R.8F..q.B-...Z.1
..D.^uO.W.......%RC..E..P.8F..q.B-...Z.1...c.j..(."....'.t=O...j.ED...
Z.19......j.CD...Z.1E.S..[..i..qLQ..:......E.S.9...E..Fj.....V9#....Z.
1Z.C.1..E..P.8F..q.B-...i....K.zfo.X..DjH#..c.j..(.".Q.E..P.8F..q.B-..
.Z.19Cmo..{.......@#..crV.5w<\[email protected]..?..".)..Z..".O#..c.:
..9.H..H-.....*g$..4R.8F t.8F#..c.j..(.".Q.E...B.C.J..u.D....!..".Q.E.
.P.8F..q.B-...Z.1...c.j....|r.D.%.......Fj....&...j.CD...Z.1E.S..[..i.
.qLQ..:......E.S.9...E..Fj......rF".K#..c.B..c4R.8F..q.B-...Z.1..D/...
%_={..E..%RC..E..P.8F..q.B-...Z.1...c.j..(."......[...-.V_D$...E......
...Z....h..qLQ..:......E.S.9...E..Fj...uN.sl....Z.1.u.U.H.qi..q.V..q.F
j..(.".Q.E..P.8.w.........v..--...H-...Z.1...c.j..(.".Q.E..P.8F..qL.P.
v.......H#.H-....D.xX3>E..Fj...uN.sl....Z.1E.S..[..i..qLY..:...?..E
..[.[..D..Fj..h....h..q.B-...Z.1...c|..~..sK.z..3..--...H-...Z.1...c.j
..(.".Q.E..P.8F..qL.P...G....T./"...."..YM....[[email protected]..?.
<<< skipped >>>

GET /loading.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/gif
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 4178
Cache-Control: max-age=26751212
Expires: Wed, 23 Dec 2015 01:12:56 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
GIF89a . .........................~~~.................................
...>>>VVV```|||......JJJlll...............,,,^^^...LLL.......
......................................................................
....!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,.... . .
[email protected]$.8.Gq.$N..A.3(..L....V....K|P(...:.(..r.B..._@X!/...BxBnb}E.g.
...o.r..E.g..^..oWD.c.....JC.g......oqm.o..........E.....{p~....r...D.
...}..M....d......K......r...........o....|..........].q.....` 9C.f).$
'.=...}.C.^.u..-.H..!...............O.K"1......5.&{j.T. .BBo..e....6..
<[email protected]?..1..)..G.b.K... .!.......,.... . [email protected]$&4.Bq.$..D..b(..
.....V....[4.._..:.t:"[email protected]..)...g.Bk_.o..E.g~.....#r.JD.g.xl.oWF.C
....~mg......o.D.....B.....w...K.!.......C.........wE... ...d....X....
.........r................s'...xM.&T$$..|M...C..... .A...Bl..d......K.
d.V..?oFl-X. .L[.J*.....6..!."...5\@....p..oI..m...N!Q.Xm..@...%2u:uH2
.\.R.#.a..!.......,.... . [email protected]$...Bq.$&.D...(..L....V....[$.....:4
P(.r.s..._...I...g.BxB.o..E g.w^.....r..FgW..oWD.cB......g......o.D%#.
.......v. JE..i.n...E...~..".#.L...d$....L....X.."yrv..E............d.
......)xWO.<2......I.&..1a......"..UJ.(q.z... ..k.Q.\" ....*.tRj...
O.}C....7":..s..dE& ...R*."#..-......=.L......Q.2s:d .q..V..... .!....
...,.... . [email protected]$...Aq.4...B..d&.."t ....jQ.P(....q8...Hy.."..3\HV$
.QB.m.{Oe..u....p.zB.eRu.mTD..C....W......m.D.....C.e..t.B..].....c.~.
....aV.jU.....U.f{.........L.....{[H.....U.........{............i.98..
\q....*....3...n..%...L.\[email protected]...*..9....}.t...I.*D9.x.
<<< skipped >>>

GET /logo-rex-white.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 3036
Cache-Control: max-age=27683711
Expires: Sat, 02 Jan 2016 20:14:36 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
.PNG........IHDR.......(.............tEXtSoftware.Adobe ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:3CAD8D266B5D11E49783
A7B9537C32D7" xmpMM:DocumentID="xmp.did:3CAD8D276B5D11E49783A7B9537C32
D7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3CAD8D246B5D11
E49783A7B9537C32D7" stRef:documentID="xmp.did:3CAD8D256B5D11E49783A7B9
537C32D7"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>K.k....LIDATx..\..NW.~3c.!....0..V.Re,.
..4T.XZ..T...V.*.].Re.....Am..XK--... ...e..9..../o....O..N...s....w..
.....&...)!.V.n.....n..a.a5a..I......5.$B...........He&..f.,..0...{,..
.2.0.a...7...G..J.a.YA...jN8.=..T......$.&dy....H..Z.b]e........Kh..m\
...../..[.. ..N..w..U.1.......A..Bu1........U..uy..<UI...pr%w.p.F.m
<o.~..bQ.c...l...E....Ty\...E..T.#.`G.?.>jMH.\p..n.B'......B..*.
..\L.w..Q.".>..!...\U..z.XW)B#\G..'...L....2.y.......S...<W. ...
.C$9....n3y...P.v1..(..a..v&.L8IHU...,U....#q..u...|.......B....}x..$.
.B/.,lH5);.....;.6...."....[...&}.I.SM.i.I...B6..E....>Q.~.wU.l
<<< skipped >>>

GET /doodle-rex.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 9853
Cache-Control: max-age=27683801
Expires: Sat, 02 Jan 2016 20:16:06 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......<...../hXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-
c014 79.156797, 2014/08/20-09:53:02        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="ht
tp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.
0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Window
s)" xmpMM:InstanceID="xmp.iid:20951CC16B5B11E4BD9ED5BC4F06C7D6" xmpMM:
DocumentID="xmp.did:20951CC26B5B11E4BD9ED5BC4F06C7D6"> <xmpMM:De
rivedFrom stRef:instanceID="xmp.iid:20951CBF6B5B11E4BD9ED5BC4F06C7D6" 
stRef:documentID="xmp.did:20951CC06B5B11E4BD9ED5BC4F06C7D6"/> </
rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket e
nd="r"?>....Adobe.d................................................
......................................................................
...........................P...............z..........................
........................................!1.AQaq"2..R..B3...#.br..S.4C$
D....................1..............?..7$..OSy... ?.....l".......c.@..
B. .^....,|[..#[email protected]..... .uQf......@.......... K..^.....
.B...........2.#[email protected]......@.......]3.[..r..ysQ....qP..6....
..`Y...k...T.U.....?!T.@6A.....@...@!.".5...a$...C...'....|L......./..
\.D........?....H........@......`/..M{[email protected].,..&.X...H5{.9._.
<<< skipped >>>


GET /b?c1=2&c2=8756095&ns__t=1424081964253&ns_c=iso-8859-1&c8=YAC download - Baixaki&c7=http://VVV.baixaki.com.br/site/dwnld109843.htm&c9= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: b.scorecardresearch.com
Connection: Keep-Alive
Cookie: UID=120c9bfd-194.221.64.106-1384780341; UIDR=1384780341


HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
Set-Cookie: UID=120c9bfd-194.221.64.106-1384780341; expires=Sun, 05-Feb-2017 10:19:24 GMT; path=/; domain=.scorecardresearch.com
Set-Cookie: UIDR=1424081964; expires=Sun, 05-Feb-2017 10:19:24 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
HTTP/1.1 204 No Content..Content-Length: 0..Date: Mon, 16 Feb 2015 10:
19:24 GMT..Connection: keep-alive..Set-Cookie: UID=120c9bfd-194.221.64
.106-1384780341; expires=Sun, 05-Feb-2017 10:19:24 GMT; path=/; domain
=.scorecardresearch.com..Set-Cookie: UIDR=1424081964; expires=Sun, 05-
Feb-2017 10:19:24 GMT; path=/; domain=.scorecardresearch.com..P3P: pol
icyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"..Pragm
a: no-cache..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Cache-Control: pr
ivate, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate..



GET /tag/js/gpt.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.googletagservices.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 90382392203365194
Date: Mon, 16 Feb 2015 09:48:08 GMT
Expires: Mon, 16 Feb 2015 10:48:08 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 15221
X-XSS-Protection: 1; mode=block
Age: 1876
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=3600
...........}is.......G....X8v........5$.!75.....IN....u.,.-6p.}yU.K...
........)....v~^....C?...;.u.s~&Q.H...Y.6......c.......<.......5..E
<.|?p..`.o#....r..K.v...-./.W.yC.H.F.a=.._[.d....V6;..x:hq6.C].....
.1....3....$n.0B..nn..b.D...&...t......4...4...<5..c..J.D.Q.]...Pp.
.`......%...j.hd...W..V...g(m.....1RCo-.q.5....`<...j ...4."..AQ..t
'5.P..LB...nP7.). e....I......;..8.)f./.y.\0..#6-.&u....._....E..>.
..4.....2...Y.H..E..[M.sp..W,.....bb;..>l;n.....7 v...U/........Z..
&.%....,...Ts..o2'[email protected]#.(Q-.[..........
..q7..0..[.\Vk.....t....Oj...`_nm..l.J...vZ..}...j...2j.Y.4..g........
.Ea......y.c.C..<....g...K.9.4.jp.K....'.....A.[.;.;p~.aJ .#1rvy^..
q...........tF...v.|.vzq..F..)?S.......X..F..9K...x...n4..5{ms.....hl.
!..].t...e.N......"....._...........x......k..}..Y.......u.%U...5a....
.i.....n Z;a.........R..W|#.....C.s.N..:.C....1...iC:.u.T....^;.|w!.E.
..f.X..^..,w....!E)...R.`..|...neQ.A6....nv.=.)../f|T([email protected].._...
..........}..B.9...X).. ...t........\V(.Z.!.=..TD.!K.\M.$S.4.H..V ^..N
.3...#.....j...f.q.....m..?.......].....X...&..;<eg .-..r......%,..
q.E.(.U?......*6;N.....!.lm.^A~.JX..k@..>.....u..i.Xs6.X.#..^O..3".
|6....1.......... .p....4.$....F.../2....d.F.....K`C.......Y6.no..].n.
...9b.-....3o#....`>........K....k.W...~lm...........5...h....dKD .
....dN.Dl..r..HBQ#.G...s.ov<.odK.........a\.9Q.W..D...............x
...e._h./....L..8%...K......{.../;T.T.P......J...}./T..|.....}|../...#
.....s.rP..2;...|........|..-..n[.0..s.....5 .C...n.tM.....=...(.,
<<< skipped >>>


GET /gu.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: gu.symcb.com


HTTP/1.1 200 OK
Server: Apache
ETag: "ebaa3b442a69dbf9824c53532dbf4eaa:1409358011"
Last-Modified: Sat, 30 Aug 2014 00:20:11 GMT
Content-Type: text/plain
Date: Mon, 16 Feb 2015 10:19:29 GMT
Content-Length: 1096
Connection: keep-alive
0..D0..,........:x0...*.H........0B1.0...U....US1.0...U....GeoTrust In
c.1.0...U....GeoTrust Global CA0...140829222458Z..220520222458Z0f1.0..
.U....US1.0...U....GeoTrust Inc.1.0...U....Domain Validated SSL1 0...U
....GeoTrust DV SSL CA - G40.."0...*.H.............0.........A.z...1C.
...\.c..m..j.-.u...[.4....m....n....0.@.]..S.."..N....E|A.X.L...U._F..
...,..... ...4......p...?-.|.(..(.9....E....g.U{...8\......r.O......d.
>.b.....Z...}......*........(.Q.PA...x..........2..5...;.Z><.
..C./...[...^.>....wr'..u.cK.6..\.._y..2...c#.........0...0...U.#..
0....z.h.....d..}.}e...N0...U.......P.w.*..........*..>0...U.......
0.......0...U...........05..U....0,0*.(.&.$hXXp://g.symcb.com/crls/gtg
lobal.crl0... ........"0 0... .....0...hXXp://g.symcd.com0L..U. .E0C0A
..`.H...E..60301.. ........%hXXp://VVV.geotrust.com/resources/cps0...*
.H.............3$...).5./..B....K..v.....S.'....:..\yZ..tCS...]Y...d..
:.Y.....W.\.......z.2..N..(...b....).F....].....;.4........<,7.M..S
>PC..VA.S.l.....YW02.&N.%..Hp.uU`..;.^Z<.[..bBHa........_.... .\
.4J......HuU.........">..R0.g....-L0............o.f...\......Z.....
...HTTP/1.1 200 OK..Server: Apache..ETag: "ebaa3b442a69dbf9824c53532db
f4eaa:1409358011"..Last-Modified: Sat, 30 Aug 2014 00:20:11 GMT..Conte
nt-Type: text/plain..Date: Mon, 16 Feb 2015 10:19:29 GMT..Content-Leng
th: 1096..Connection: keep-alive..0..D0..,........:x0...*.H........0B1
.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...1
40829222458Z..220520222458Z0f1.0...U....US1.0...U....GeoTrust Inc.
<<< skipped >>>


POST /ocsp HTTP/1.1
Host: clients1.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive

0i0g0E0C0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.._..S...a..0.0... .....0...
0... .....0..
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 16 Feb 2015 10:19:02 GMT
Expires: Fri, 20 Feb 2015 10:19:02 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.08
0..........0..... .....0......0...0......J......h.v....b..Z./..2015021
6070717Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
._..S...a....20150216070717Z....20150223070717Z0...*.H..............@v
.m6/.0..oa.y.$0....`.(... .....4I...2.F...,,..9...if.FU8..;:..^..Z9..M
...g.......@.>....)`.A.......uH..m...P...J..Arg.b3.;.{|.*ZF..E...O.
.8k....4....."....I.q#. 1G....5G|.^$^..bW.`.R.3............t.....c.U.=
.......i.TR._BR.=0X.......;...%....{.]2.....S.HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Mon, 16 Feb 2015 10:19:02 GMT.
.Expires: Fri, 20 Feb 2015 10:19:02 GMT..Cache-Control: public, max-ag
e=345600..Server: ocsp_responder..Content-Length: 463..X-XSS-Protectio
n: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protocol: 80:
quic,p=0.08..0..........0..... .....0......0...0......J......h.v....b.
.Z./..20150216070717Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h
.v....b..Z./.._..S...a....20150216070717Z....20150223070717Z0...*.H...
[email protected]/.0..oa.y.$0....`.(... .....4I...2.F...,,..9...if.FU8.
.;:..^..Z9..M...g.......@.>....)`.A.......uH..m...P...J..Arg.b3.;.{
|.*ZF..E...O..8k....4....."....I.q#. 1G....5G|.^$^..bW.`.R.3..........
..t.....c.U.=.......i.TR._BR.=0X.......;...%....{.]2.....S.....
<<< skipped >>>

POST /ocsp HTTP/1.1


Host: clients1.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive

0i0g0E0C0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....mP
-...0.0... .....0...
0... .....0..
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 16 Feb 2015 10:19:03 GMT
Expires: Fri, 20 Feb 2015 10:19:03 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.08
0..........0..... .....0......0...0......J......h.v....b..Z./..2015021
6070050Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...mP..-.....20150216070050Z....20150223070050Z0...*.H................
.3%b....>;5Q.l.Bk..)..A...J.6$...6..a.z.?,.'.....R.$1......G!..!.2v
........q|.m,.)C.{)..s.Waw....h>)Z}nP...v."T.....V...>8........j
...I..I...eb...wu6.-H....G.....p.9..K.~d..H...A......|c7.Z .yN.d......
..I.9....=..|{.*;..?..u}#....=`....."..89/....`...*FHTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Mon, 16 Feb 2015 10:19:0
3 GMT..Expires: Fri, 20 Feb 2015 10:19:03 GMT..Cache-Control: public, 
max-age=345600..Server: ocsp_responder..Content-Length: 463..X-XSS-Pro
tection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protoco
l: 80:quic,p=0.08..0..........0..... .....0......0...0......J......h.v
....b..Z./..20150216070050Z0k0i0A0... ..........j.....p.I.#z...(~d..J.
.....h.v....b..Z./....mP..-.....20150216070050Z....20150223070050Z0...
*.H.................3%b....>;5Q.l.Bk..)..A...J.6$...6..a.z.?,.'....
.R.$1......G!..!.2v........q|.m,.)C.{)..s.Waw....h>)Z}nP...v."T....
.V...>8........j...I..I...eb...wu6.-H....G.....p.9..K.~d..H...A....
..|c7.Z .yN.d........I.9....=..|{.*;..?..u}#....=`....."..89/....`...*
F..
<<< skipped >>>


GET /dl/2/2797d42805e8b92b976b55313bc9b7f6/uolbig.png?1423728504?width=194&height=97 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img3.clickjogos.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.6.0
Content-Type: image/png
Content-Length: 45286
Last-Modified: Thu, 12 Feb 2015 08:08:24 GMT
ETag: "54dc5f78-b0e6"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Accept-Ranges: bytes
Cache-Control: max-age=2272484
Expires: Sat, 14 Mar 2015 17:34:09 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
.PNG........IHDR...3...........R?....gAMA......a.....sRGB.........PLTE
  "##%...003&&*FEH**,IHL...779MLPXW[[\_...??B`adBBEddh...jai<<&g
t;336,-0UTXNAG...QOSf^f`\b89>(!..."tv|......lnr...PRW......y..uz.lp
w...... %#...qrw....$)ijm...RGKdhm......PU[...||.Y`eV[a...0*&...flsHKP
gW\mdlQ9>%*/^bh4- ....39...T>-...o]U@ELk_^...XIP...8?F...KOU....
........}eZ...H;Aqee.... )kXN|tztd\mu}... -89-%...:10TX]A4 A4:cM?YPWeS
Jtkspgox_UlPCbPU...^V^L8*...{id^MHeI6..t.'1tXKC/ ...`C [email protected]\P5.
/9A...J>5...lH'...b[V%3?B:3...2DR.zs<&..qg.......xkX@E..._em"...
.....\E5...RC8..{)<KJ-.]<!..s.tpZSOAJRKE?wnk..s....~.....O.L/3..
i..>.........xP)i<..hN...oO4...wU?|_G..u..y.xy.._..A..[.........
........B.p\\5....xE..uK....mK<O[.......\0.W!........W.z?........i.
e#..>..a.v ..&....i4..U.\H.|a.....Z.....'...KXc..H.}.../....i/....u
y.......[[.fe3WtF..`..m..U..;}[email protected]..
.R.!....(.HpOd..1(.......p......L&.m...%( ...`%...4qN...36M....8I....j
..97..|..........}........}...ho..{{.Q1*\3{.T*.....!*.J....r3.r.....P.
T9...,..k.... [,f.Y..9...ap8.....Z..|``@..{........e....../k.{.5&..A..
R.......j.D-..Z....t.L."kiG.. [.....L......b./..uu..C..rhhh\.09).TLJ-c
..........W.....I:5.....7...3..fb..g.9...`.. D.v..q...z.B.xQ.Y..Z....3
Fl.....D...r.,.7.R.]#.\...5". .........."=zT$.p..>.r.Jg.%..)..j.7F.
.JeCG..EV.l.........L..X,`.7...BR'...I..B<>. h...]..Z=..3.h.....
......hH......=Ah..p..rx.q%..P....q.,..,.,O.....\...'.....3fU...y.@]..
>..}....S...~.qG..>[email protected]*.......
<<< skipped >>>


GET /download/dl/yet_another_cleaner_bxk.exe HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dl2.yac.mx
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:19:59 GMT
Content-Type: application/octet-stream
Content-Length: 1167792
Last-Modified: Tue, 10 Feb 2015 03:13:52 GMT
Connection: keep-alive
Expires: Wed, 18 Mar 2015 10:19:59 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......<.ydx..7x
..7x..7_Hz7{..7_Hl7i..7x..7...7q..7s..7q..7y..7q..7y..7Richx..7.......
.................PE..L....l.K.................d.......B...3...........
.@....................................................................
..............`..................(....................................
........................................................text...@b.....
..d.................. ..`.rdata...............h..............@[email protected]
...|[email protected].........................
......rsrc........`......................@..@.........................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
......G..H.P.u..u..u...|[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.hp HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:00 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.52 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:19:00 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.52 ms","message":"store 1 ac
tion and 0 update "}..0......


GET /v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.nt.ff.tab HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.76 ms","message":"store 1 action and 0 upd
ate "}..0..



GET /download/dl/yet_another_cleaner_bxk.exe HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;)
Host: dl2.yac.mx
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:20:00 GMT
Content-Type: application/octet-stream
Content-Length: 1167792
Last-Modified: Tue, 10 Feb 2015 03:13:52 GMT
Connection: keep-alive
Expires: Wed, 18 Mar 2015 10:20:00 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......<.ydx..7x
..7x..7_Hz7{..7_Hl7i..7x..7...7q..7s..7q..7y..7q..7y..7Richx..7.......
.................PE..L....l.K.................d.......B...3...........
.@....................................................................
..............`..................(....................................
........................................................text...@b.....
..d.................. ..`.rdata...............h..............@[email protected]
...|[email protected].........................
......rsrc........`......................@..@.........................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
......G..H.P.u..u..u...|[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>


GET /xbbe/creative/ad?d=APEucNWsK7i9UP5jgsr-97PmfxX_qIvtLp46wF_zUyqrcPja0qcu62p1tn6tPLYtD1rDC0me-nR0XQO4CGgitDeZAL1nEZA09uckbqtnAIyHBKlrSfMDuGbHNSwRpFwTKcs9EhvNO-mP6Fz7DwkfeL2_UJqaleQul43gItsQydm-OicabVCCpVC4dDRCoeoSTmHSOmYzfPyha0Fup7mKSXK2NnnZkiWJFLJxlIvPuXSOhD-D5RVMXNTo5Cd8bIOjYjKZkGkRUVqAd-sLUYagHL5J2fda39MWuhx_m-wXCYrGwoiAoY08d_ezJsCtbdBpw0DY937PNuwdf4A_-zirX63lHsNkoUi4ZhkN1iJyFIQWQznVEQXydILxP0XrgfOg8ZIqYJz-xnoltyZUyDKfsBS03y5LNovaDQ&pr=VOHELgAI8aoK23-hAAAan9WtyDrH28dHbQ3QUA HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: bid.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 16 Feb 2015 10:19:29 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Date: Mon, 16 Feb 2015 10:19:29 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-r
evalidate..Content-Type: image/gif..X-Content-Type-Options: nosniff..S
erver: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alte
rnate-Protocol: 80:quic,p=0.08..GIF89a.............!.......,..........
.D.;..



GET /files/third/2015/01/16/172511/350/XTab_4.0.2.1716.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.inifkhjr.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:18:56 GMT
Content-Type: application/octet-stream
Content-Length: 2463400
Last-Modified: Fri, 16 Jan 2015 09:25:11 GMT
Connection: keep-alive
Expires: Wed, 18 Mar 2015 10:18:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
p.y....I^.@..,....s..pG0......V...PL...N..PL...N..PL...N.n..0.@......,
...QO..9}.$...U...ZM\....!../...x...........Sw@.*H&......Kw........p..
.rr.F.n.U...C..N"SPN.?`E.....}[email protected].[..%o....C.....~F...PL...N..
PL...NQ.b.5..kM.QYD........h.;..{.......- .{.tG.K.........|ag12.$.....
.,8..A....W...".$:.[.pJ..s.h..x.4M...-6.4M...-6...R.}.J...PL...N}V.#R.
.m...w......PL...N.i...o)...PL...NJR!Yw..v..PL...N..PL...N..PL...N..PL
...N..PL...N.....3$...PL...N..PL...N..PL...N..d...8"....._r...j...Z...
PL...N.....Tq...&..8.{..E...Qe.t7W...S..PL...N..<....Ncx....z..n..t
!..J...Z.9...PL...N...4.u..5.;.6z..=.. .e..Q* ..`M...PL...N...4.u...iw
U.>..H....f3...PL...N..PL...Nj.G.....bd6..q\..B.=S-....#VY;....PL..
.N..<....N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N.
.PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...
N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL.
..N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..P
L...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N.H..h.......:....
.....4.C.A..rM8L.Q..D../......_,..b.9.......OnKA.zj\,.....b.8mW...'...
.u.~?..5../...i........x.....7.._...dL.W....^...t.....?N2..0.W&.VS...o
..$.?...E......Zp..Px.....gPF...1.....y..... ._1d.{..D..!..&P.....0.q.
.....K....NIa..GT1d.{..D...A...1.P$...S.3.l..bD(,...0..C.f.m..M...aD.^
p..j6..8.:..."..a..........z.[.Y..,S..6ue...I.%g.nxO...K.{.7..T<.*u
....q.i...Sf.A.&..#..?.'...;..Z....@.[.........G..8.Pz...@`.b...k..._.
 .....!...,.K.... ....r.m.R....#.2../ ..\{}...&..X,?...%..........
<<< skipped >>>


GET /feeds/1ff5774796573f3285f879ba12fc0d65/bxk-premium-games/home/4/ HTTP/1.1
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept: */*
Accept-Language: en-US
Origin: hXXp://VVV.baixaki.com.br
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.clickjogos.com.br
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/1.6.0
Content-Type: application/json; charset=utf-8
Status: 200 OK
X-UA-Compatible: IE=Edge,chrome=1
ETag: "9263e1b27c2f261d9f0285efc766c2ec"
X-Request-Id: 82b5993036a3434b972db0ac5eece50d
X-Runtime: 0.062592
X-Rack-Cache: miss
X-Powered-By: Phusion Passenger 4.0.38
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Content-Length: 3290
Cache-Control: max-age=245
Expires: Mon, 16 Feb 2015 10:23:30 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
{"games":[{"name":"Imperia Online","long_description":"Um mundo rico p
ara explorar, terras que n\u00e3o acabam mais. A \u00fanica habilidade
 de que necessita \u00e9 a de administrar. Construa um reino, treine s
eus homens, prepare-se para as eras de batalha e para as eras de paz. 
Prepare-se para a era de Imperia.","short_description":"Controle um re
ino em Imperia","url":"hXXp://a2g-secure.com/?E=8KDi2K7xx9UgyB+b5yKw
ewwUzfnVGPGN\u0026s1=","classification":"10","thumb":"hXXp://img3.clic
kjogos.com.br/dl/e/e3219d0df1ba54cad5dc95a74904ace4/uolbig.png?1423707
463","instructions":"[mouse] seleciona pr\u00e9dios e a\u00e7\u00f5es"
,"categories":"Jogos Premium, Jogos em Portugu\u00eas, Jogos de Estrat
\u00e9gia Online, Jogos de Administrar, Jogos de Castelos, Jogos Medie
vais, Jogos Multiplayer"},{"name":"Drakensang Online","long_descriptio
n":"Explore um mundo hostil e repleto de segredos obscuros, desvendand
o mist\u00e9rios e ajudando a popula\u00e7\u00e3o local como um podero
so guerreiro. Enfrente monstros colossais e ganhe muitas recompensas p
elos seus feitos.","short_description":"Enfrente monstros e drag\u00f5
es online","url":"hXXp://a2g-secure.com/?E=LenPoRAHG2+NILVzIpaPEg=
=\u0026s1=","classification":"10","thumb":"hXXp://img2.clickjogos.co
m.br/dl/c/cf4e57c3bac15f9fb2508102d4482b60/uolbig.png?1423655848","ins
tructions":"[mouse] faz todas as a\u00e7\u00f5es do jogo\r\n[1] a [7] 
utilizam a habilidade/item equipado","categories":"Jogos de A\u00e7\u0
0e3o e Aventura, Jogos de Luta, Jogos de Espadas, Jogos de RPG, Jo
<<< skipped >>>


GET /celular-e-smartphone/smartphone-samsung-galaxy-young-2-sm-g130-desbloqueado_200x200-PU92206_1.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "7e158876585302d04f2103c0d43c380e"
Last-Modified: Tue, 23 Sep 2014 14:31:05 GMT
Server: nginx
x-amz-id-2: btSMTlQ3 2420UPUsHfbzDoeyXa2RmlCE9Cq6snEl2xu061 Rhs6cQi35Tg95TAF
x-amz-request-id: 7F2B2CC7EFACB6A0
X-Origin-ResponseTime: 1424065920.638
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 12814
Cache-Control: max-age=70352
Expires: Tue, 17 Feb 2015 05:52:00 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.a..........................!...1."AQaq.......#'BRuv....&35Dbfrst...
...$Se..........4VWcd.......................................<......
.................!1..AQ..aq...."Rb...#2..B.T..$Dr...............?...@(
.......j]Kk..9......\6.......O...........8.%~.I.S.l-E.1....9i....e=...
....Z...Lw...=..z..X.Q4.C($.Js......\...-i7...7R....d....BqQrNH..~`.4.
.M>.[.I?.tR..u}.....=.0.?,.K.q:.......?......v... .0W......b..$.]..
..."'.'.P.....^?..R..N.i(.O.v..('.]...{.4.\.p..M...j.8.J...SF.:...9...
.. .K..v....i...g.n.aQ}...-.J}$.J>.._@\:.P.uU.%..9...[a.%FX[n$.A...
..T.c@(......P..@(...x.>v..... ..........s.m.l..H...{....xZB.Cim..T
.VYfA.--........Z.S.).k.)..W....Y..].Z.I..RKZ..-.:c......KQZKI.....;..
...}.h....B.... .JQ..rI>[email protected]%.6...9C.(.nC.........d........0f....
.o.......?..P ....el..G..=) p.&dx.G.<CIm..A.8......@ .i.zd.}.....j.
.$.Z.DfR...^.\m -8.....}...~...vaLN....0....RG..E.].6Z..4.4[..r^.v...-
.?j.L.....k.i..........s......j.....f.....z.k...-....r...:..Q.J.......
A.@(......P..@(......6..R.".E..&~..KM)`|)...~g....._...T....K...K..L..
..[@........j......@u:.$..N..e...B...$.A..Fh..].6..gMH..Q.=fc..q..jA..
e-...t...N..?.P..........A..7y.) .A..A...H5...;Rnn.B..{.....J.....[B..
.'...!i...`[email protected].*#....;....P.D...-.w.
E.[S}...;..u.)jJ..<..J..M.......F.}.u..n...HO..4....T...P..@(..
<<< skipped >>>

GET /tv/lg-42lb5800-led-plana-42-polegadas_200x200-PU8ec48_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "a625cf037fe9ebe67203868d14d52567"
Last-Modified: Tue, 12 Aug 2014 18:29:55 GMT
Server: nginx
x-amz-id-2: T7E4HTGzzewro8d3 f5XzvJdt89F34PUo9QJ1MnVxCPRFCf9zqMlaq4fkOaEggN 
x-amz-request-id: 1D10BFF1393355F4
X-Origin-ResponseTime: 1424075331.147
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 11090
Cache-Control: max-age=79763
Expires: Tue, 17 Feb 2015 08:28:51 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
.]..........................!...1AQ."a..#q.23T........BRt......$6Dbdr.
...%'47CEScs..Uu......................................0...............
.........!1..AQ.aq.".....2...#B............?...)J"R..%)J"R..%)J"R..%)J
"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..% .
........`.1. .....L.Ucw....:..#..)8..2..!.|(..R.Q.D.G...$.....E4X.`..'
(......n)U....7.u~.e..5.?(.....~...eD...*..lgG......e_..3...3..J......
.z~Q."?..?T9?._?.9.~.......QW..O..7...$...~.}......G.r?R.E\.U@.(....O.
[email protected]..:%.oiU.?(..>,.?.%~......c.....W.h.U..T.........._.
...C........%.kiUU?(n....B.:d.....>P...*Ci'[email protected]*....nN31.g.N&
lt;?K..;~...W....S.............n.M..G.J..n.....En...e.Ifd..!.H.PN@*.H.
.C8......(.3._.-......1Z\S.kZ..j?.5.-.8.w...q....D.K.w.lFTw_[...U..LW@
.tM.4.LF?........lK.jS......N.....R;We.7p..p.bBA)..0.<....|....>
...&.&~...T_f>.....U._e-8.@[W>.Jr&.g......)......yPNGL...r...t.5
[email protected]>..U.kb...R..G...3..s..TWPm......3..`...`d.%]8.5/...
....I.U.Dc...c... m........ ...I....y....2q..Z..>..F....]..)....7..
3.....ke.... {..w...*..).?...G..nu.e}).......r}.....R.J..0p3.S........
q&U..zB.L..|<..6iBX...#^..#K.].....c.....>.~-........2...GYH..w 
g..H.{....6.j..=m.o.;...kQ....2T..e..>...'<T.d....>.}?5=.....
E.,..7/X.t....{....",4....J........Ty#...-..?..h...dV...JK...;...c
<<< skipped >>>

GET /tv/samsung-serie-8-un85hu8500g-led-plana-85-polegadas_200x200-PU93f0b_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "303ea02d694af1c52b98460ffe640ad3"
Last-Modified: Mon, 15 Dec 2014 17:21:14 GMT
Server: nginx
x-amz-id-2: hyKcOKdmmELrcXLNOf3WkrQDyTRZpM H65oHrM7qGTs9h6N35pFdc6B9PSWVH0v1
x-amz-request-id: CC0CC453AF73AD66
X-Origin-ResponseTime: 1424075118.496
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 13255
Cache-Control: max-age=79550
Expires: Tue, 17 Feb 2015 08:25:18 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
..U..........................!..."1A.Qa.#2q...BST......3Rb.$MWs.....
.G.6CEFcder.....................................9.....................
...!1A.Qaq..."...B......2.#.CRbSr.............?..N...)JQ....)JQ....)JQ
....)JQ....)JQ....)JQ....)JQ....)JQ....)JQ....)JQ....)JQ....)JQ....)JQ
..}...........}.^C?.4.s]q..j.#*Q9?<...u..~.......f. C.. 9...H!{..c.
}..).c.}.. .g-.....Y.k..lC..........I.....1.....?......?.....X.lg<6
>....H....c..~5e.......;Z1....}......}.......e[.s....~5...C....~5e.
..?).UY.v&.............}.........>Y_.W.X....9.E~5?.F....uU.h.?.....
......;......|.:[email protected]....&........_|S...!.. ..B..
@u......%.P.......~5Y........v.n.J.F...Hk..w...5..|...'.......u.H.$>
;......f......J3..T...Hk..w...5..|...c.....:.....5?........G..4V......
...~..C_|S...!.. .`.g...G.....~R..'J.......I..:.?V.......!..)..~.....&
....3.~...c*.tq\\%.>....D.. ~ ..........C_|S...!.. .(..I..Fg.d/....
.c..IL....Dv\...v&i_Ob|bp$4I...|..*.q.....g.q._..!o(.;ty...f....L.^.wa
....@..'.{..X$}...ES...3.r...[$A..5...&..N..^v`K..G..N|5.........z....
`R....V.e.Rt.:*[email protected].!.T.....Z.|U.C.w.%.~.FN.j'BP.&
lt;.....FB76.>."....K..{..I..h...*.ecEW"[email protected]{.!^..
..........F.4F.JU.|q_...e)C.8.? sg.....97c.S.U....y..J&.h..E%...sXO...
..|jw..L. .Gv.O).?....=.*{5....<.....(.|.K.9b.:..j.*.V..HN ..R.
<<< skipped >>>

GET /celular-e-smartphone/smartphone-sony-xperia-m2-aqua-d2403-desbloqueado_200x200-PU938d5_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "60129e535b02d223a3781d8da4534a7c"
Last-Modified: Tue, 21 Oct 2014 15:50:37 GMT
Server: nginx
x-amz-id-2: EgNGSYwFIa zb9plATcIa62HlHdQ60ygyf99e1TK/3pEdyZsdr9613LyTn/vaNRt
x-amz-request-id: 2F40ECD237178FE4
X-Origin-ResponseTime: 1424041827.153
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 6790
Cache-Control: max-age=46259
Expires: Mon, 16 Feb 2015 23:10:27 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
..^...........................!1...AQ"aqu...2.......#8UW...37BDRTbdt..
...&(Scrs.......$'45ev....................................4...........
.............!.1A.2Q.."[email protected]..
....H......R......I .9.....Y..l...u.R..pqe,...\fY.O...tk..<o:....#.
v.<=.$-.o. s.K....2K..J.K.........1O....l........Q. ..b..*........=
..6[..S|.?./.}Ge..u?...r......w;.. u...0v...7.wbfO....`=j[.....f....S.
o.-M.4.\...{ee.h.I<e......Gz..02Z.....}Oe...7..}r{.{-....f... .=.W.
o3.v7{.1h.!. &..R.^?.MK.......}j;,|.k....$.......2...../.......c;r..v.
.]..L.e<.:.Z..9.$e.......H8=...Tju;..j..#.gH.p._...[..?"......D@...
DD....D@s_XI......?..!..1CN3.6..B.n...F....?..$.N.....S.ENa...J..g..\.
.T..V[>6...Ij2.%.gU;[email protected].... ~eq.>.|X>..,.*..OOj
-;z..jvYn.....F.vp"s.I$.pk........gu.?.....^_k:...}0..A..7...}.C...Z7H
ECS...dls....9.Q...J...27.<n....p. j....C.S.n.V>*....c>..|.A.
...... h\6!p.C.m..C.'7....W..B]Cu.3Rj.<.-%..3........5.]Ku.......y.
...|..,..0.c.]Y...C..; .`....u...[w....E,0.VX..d....'..<.!..\].....
'./..I...[kPtl.:gS\,..R6.A.g.7....F..0.Me........>......$...o...6..
....9.{x.>...$....z....n.I.......}_m......0..." ...""...." 9..8..].
.p...Qa...t...H.l)L..8.._..Q..(..,...........Y..B.....s..<V/Y6\U...
2.......3by..{.M9l..<.S....9...XJ.d.5....Fr..|..._Rg"......*...
<<< skipped >>>

GET /dvd-player/tectoy-p-4200_200x200-PU92573_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "1572582f760a1e78e13cfcb0d8b61b4d"
Last-Modified: Thu, 28 Aug 2014 20:44:09 GMT
Server: nginx
x-amz-id-2: CEi5k4wzEhV476e/Lll06550GjEvqFj7tRf4ay2sV1GO0lbKuAOGWWkDutKpU1cv
x-amz-request-id: 7429CB47E13DC2C2
X-Origin-ResponseTime: 1424015308.255
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 10370
Cache-Control: max-age=19740
Expires: Mon, 16 Feb 2015 15:48:28 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
.H..........................!...1A."Qaq...#2B.Rrs..$3b.....C.....Mc.
...................................@........................!..1AQa.."
q...2...#R....3Bb..4.$5D................?..N...)JQ....)JQ....)JQ....)J
Q....)JQ....)JQ....)JQ....)JQ...(..R.D.)DJR.D.)DJR.D.)DJR.D.)DJR.D.)DJ
R.D........;.*zMgV..2...\...6A6..?.?....y~#.3.Y[....H..|..Kii...@7....
.]...).J.Zb.Z.Q.%.N8.LHk.E.....S.<...Vu}.}[3;...5..?..S.....j..jqjR
...D..D.I9$..I.....:...L....Co....CM...G....5Vu]ED.a...........2U.;T].
v~.w 3..V.G}.......m.8.&.,..{.G.u9....$...v...B.;..e0........}..h..v{.
.z..r.........h.N.}A...."E.GI..R..~.si?"[email protected]>.....f0..$...;
.B.W.j.6..$.......v..<..I..P9....'.u_M...v........b.>..3.5$h...Z
..BY..]..}...KI.....j..P.iXA.x-i..g.9...Kdn...k..z.J.:?....Kz.F. p.".(
.~=....S.....MW..........c)...'r?......c.rT....(.d.$qoxt.U`.X.......M.
.......d!..RMer t.s........sJR.]R...)JQ....)JQ....)J.... 'D4,.GzY^....
...o.v...2O....]\..\..f..*$lQ6.q..yZ.j.........S5E.*n.oQ.#.....q..8H.$
yM|.\55.u..-..9...2.9[.>$.........Rz.{....jmA'..LW.N{........8..I..
..* .I<..I.ueQ.~_.................C.......v..D..XT....4.|.....$..j.
.....y...G.r..K...O=.U....@{.i=...:Eij.{......*K...Ac.P.q.D...y..V.Gj.
M..1../.......T.......`.h{&....E..i...... ...2?..A.....Z..z..}C.dy.5.w
..0........1........Ou.-...^.7.-...6$...t! .]kv=U....."a.....aL\-.
<<< skipped >>>

GET /hd/kingston-ssdnow-v300-sv300s37a-120-gb-interno_200x200-PU733c4_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "9d9ff95ca00ac4577a4a8d3d6fb1e0f3"
Last-Modified: Sat, 28 Dec 2013 05:58:57 GMT
Server: nginx
x-amz-id-2: oKrKiKRUJ 7W/au3q0MWmiije0PPvdkcZ NP55iMTrdAV4YuNUIvNUMcBGLAjxG6
x-amz-request-id: 54299B1D740B9A0B
X-Origin-ResponseTime: 1424064023.049
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 9839
Cache-Control: max-age=68455
Expires: Tue, 17 Feb 2015 05:20:23 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.G..........................!.1..A."Qq.2a....#B...Cbr.....RTcs....$3t.
..................................8........................!1.AQ2aq...
".......#...BRbr...............?..N.P..@(......P..@(......P..@(......P
..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P..@(
......P..@(......P..@(......P..@(......./.]>.7IV.R.v...2...Q..H 8G.
.1..>..5s..i.4p.......:..?.....................l.......O-. ....^.r.
T=.ZC.'..$..l.r.(>!4,...FW.K.7......!...)s.1......2..~..Q./../.....
..O..K...k.fT......@s@(......P..@(......P...crH.....<X.G\......a..X
?....b..ey..g.e.I....6.M...... c.oZJ.:}.%..^.......)N..M.....'PD....\.
d/ay..Bwc8.1.sUUh.]I?z93.<J..<<.../m...>..e....}.&?en.....
.l.....us..;TV.V..x.h......>...?!L..L.r.l...7-..g.[Z.?...\..&......
..e....-.{..'..l.f&V.......^....1.|........<z.../..>.........F._
..:.[G..d.y.-2......O...3;nW*&v....J>.d..}.W............=.($....?..
%..9.9... ....=IKz....}Jk.2...t.%E..4.k...0.....%...i.=J..f.m.......H9
..\.. }..(...4..P..@([email protected][Y.'.......T..V.. .3I-N..9.7&..P....X
..t.Ui..}..qS...} .r_.u.....m......&...#~c.Sgs*Js...G....WY...Ft.....&
gt;O...A...p.a..z....U"..RZ..oD..".j.C!W........-.....}.T....TM....2_.
..>).."..5R.....{.iu(%hM1.b.1Yi._..op$g.=....q..<......:.*..p.3K
......7o.W..W...5..^..7....y.5... d..><W...V*.V..>....|..
<<< skipped >>>

GET /monitor/aoc-e2060vwt-led-19-5-polegadas_200x200-PU922c4_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "8228a1d71cd4dd807142e32ff6f50d91"
Last-Modified: Fri, 03 Oct 2014 21:23:18 GMT
Server: nginx
x-amz-id-2: BfCnfh6ycnhLRP5TUIqb0jyjlABdcsUhZDg2/6zaluLuJSiux1NtSCpJv6LdkX2V
x-amz-request-id: C3BF72F6D63C5409
X-Origin-ResponseTime: 1424066690.012
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 14078
Cache-Control: max-age=71122
Expires: Tue, 17 Feb 2015 06:04:50 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
..b...........................!..1.."A...2Qaq..#BER....3DTV...........
$%&5CFUcrst....'6.....4bdf....................................=.......
................!..1AQ.aq...."R...2B.....b....#$3r..............?...@(
......P..@(......P..@(......P..@(......P..@(......P..@(......P..@(....
..P..@(......P..@(......P..@(..e..X .r<...;..U...........W..g..j.s_
Z.{...\6..5.....g..j.s_Z..g....-_Nk.P................s..k.k_Z.......-.
Nk.P..................ZG............?Nk.P..............q.........=..6|
2.W.Z...C7.U.~...c.Z..fV..{...m.j.!.......e..."..e?u.}).m....9....(...
.....!}%............#.@E...~........?[O......@<.m._....h...AyiB&GZ.
t..RI?......v.....*[.Y#j..8...g.$.. .E..n.<u...j...O......(..^X=-..
.C.. [email protected]_.{...@\...?..#.[.@\......~kj...{.....
.-j4..=.'_......P.H.....W..Y.C..h.s......YVhx^".....9..K............e.
..9C....v....X...h..~)Z....i....P.&8.iO.3...m....s\\...g.....e.T.-.:.s
9y....=....j.........h...6.........h...mg......y_R..|S.!.Z...)H*$.....
~...1r.*.y...2.I}..9II.IP.#......,.8..u...c.Q.(.HrT.|R................
t6........P..H...qq..h...=..G.2...HG............d.d.Rz-....:S.(t~.y...
\Q...j.......&.7...l..).4:?Q.NO..(.q..E=..G.2...m...G..{i.4:?S..OG.r..
...c.m=..G.7.9.d.Q..O..m=..G.y.MO....=....Oa.....2r8....._DO...C..<
.d.v..[.~....m=..G.7.9=..TxH...>.{.....y.S._9O..w.S......O2...?
<<< skipped >>>

GET /jogos/dantes-inferno-xbox-360-dvd_200x200-PU39013_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "8a54f346065bdcfdddfbf8fad5dd5f41"
Last-Modified: Fri, 06 Dec 2013 08:18:12 GMT
Server: nginx
x-amz-id-2: kZ0YNeuQfAaS3HJEFlzDSGClc6Pu490wS64iYFbojXKPzMBdU7Nt7F1MePuOiIo0
x-amz-request-id: 175A01E13A6C79D7
X-Origin-ResponseTime: 1424059844.673
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 15111
Cache-Control: max-age=64276
Expires: Tue, 17 Feb 2015 04:10:44 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..T...........................!.1."AQ.2a..#q.BR..$3....Hbv...&ru....
.(56CSet......................................./......................
..!.1A."Q...#2aq.3B.R..............?.....0B...'..?.m...\r.K.:..%T..A.I
.N.?.).mf)".-V&..@={..L.ESs.an..5.-U..........A.$.. q.*.cQ&...fx.t.s..
>....\%jR.W..j.H.O~......H...V.........!...........a........Jr..._.
.b%....Jc......_...8.Nh.*X.*1. ....w_..!..#..R%......*(A#.......Ly....
4......o.S!....a".......,|....F.u..{...XO..A..Ljp.....@..@]....nm....V
..2.!...%...8O`.{.....L.....$....t..#.S.D.A.". }.......Z.P....,....H..
.S.?.......n.................Jrjb.......Q..........g.I.........R..(..O
.z.b.._L...O..=5..i}..y..?..........d0.h..q_z.!.e3b..&(...H..wmR6.w^..
...7i..5...R.......[...v!.z...v2)..F....m.(R..$=.JS...be......O. bI..#
..V^P6).#.>Q.......#...r..vZA..G.=....2=3j.Yn:.PU.)......54..... ..
.........=...4....u....2$W.q!......."......1.......W.....*...B.)[V....
..M..}..n....D.........Z:..D..7;l.Od...}S.M$..kh...........$F..Jv.O...
.0.n..n...$....;{[..t.hh.....|3...^.0g,..0.y.f`............0B.........
HA..|f..x..u....&.....UZ...Ct.....M........$N..B.y/....j..._..D.....e.
......q...Zo..T."2....tT.........P..........x...LGS.....!..^to;...@...
.0..s..e..1..j..>.....K...I.....|..Y...u.i.............R....[.R .Y~
.&G....M..n......qN5...e.N.L.N.$Co..S....uI ....j@@..6.....,.C.m&g
<<< skipped >>>

GET /jogos/batman-arkham-city-game-of-the-year-xbox-360-dvd_200x200-PU60d1c_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "7456f170db41e5f16ae4563779657103"
Last-Modified: Fri, 27 Dec 2013 20:54:16 GMT
Server: nginx
x-amz-id-2: 05V On3Dy0hK5Ywa3xcz5oSFq8DeBlssV4xg4ROSUkQgAlT3mAYbYb5nGlMn5UEC
x-amz-request-id: 67D4FAA5BFD14780
X-Origin-ResponseTime: 1424014834.950
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 16787
Cache-Control: max-age=19267
Expires: Mon, 16 Feb 2015 15:40:35 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..\...........................!1..".AQ..2aq..#7.....3BRr...$4SVbcst...
.%6u........'8CDW......................................C..............
..........!1.AQ."aq.....2RS....Bb...#3C..r....45s..............?.....4
!......e.*..Ra...Pyi*.!.,.....>.H4i...Xcv.X.R\......u.....o:..Je...
......=HP....u.3.......... .....U......Nu......y........$....7Z.......
......YII..=>.r.T.s.=F1.g........Z.~w....H..G..Zo.m...c.u...R?.....
.r}.{.....?...Z.4y..z..)a&.h?.d.)..%'.g.}]..N......eED.c*jhS.<.9%.=
FN{..t...,;.n...........{..H...'...g./s.....nP..-#........5..VM)&..L..
....J8....x...Yt......f".!.Q.......$.z..lwO..3..aNphfgO[;.......;.y.H.
.N..................:O.z........D.. .<[email protected]....>0
...M,&.i....e.&.S.,..q\G..*$......K...._3...E'..|RS.'\?..'............
?.z.....D..QzlYq..lE..!.....9J.....:.A.[G...Q..tz....> ....Oy.\..J$
...1OzT:..8[[email protected]!.."......9...5>..Q..t....5.:~.....
%..Uw}....M<...j.....5....PX..@q..;/=....Q...f.....<U.:.g.......
0..4t.,#..s.N~.~.i.F..>.h..ih.B\?...........0..%..v=........5..O.S.
......p.5..q..Bj.a. u*9.....L.l_b..c..a'.._..5md1..X..a.KQ3....2...r..
..C@(.c.z.z ......u.....M......jqG$.<.''.p..UB.$1fVj..$...q.q$..j.x
{Z\.*...%RH.....\.'P.k%n....|J..6/3(...M..`..4h...*4h.....F.#_....}wHl
.../.SUW...G...._.!.s...y..{..84.....t...\.a.R.s......u.mF5Z|..4..
<<< skipped >>>

GET /console-de-videogame/sony-playstation-3-super-slim-250-gb_200x200-PU6d2de_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "c01a6130f9087b7f6b41c93493199807"
Last-Modified: Wed, 04 Jun 2014 19:29:50 GMT
Server: nginx
x-amz-id-2: ScyFPGfUFdF5FOcDrFt8PINUSHahqCzxtA4e8OKBqly1iw1cBPbtkNVYOUx8nUW2
x-amz-request-id: C3477530EED01CB6
X-Origin-ResponseTime: 1424076079.896
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 6660
Cache-Control: max-age=80512
Expires: Tue, 17 Feb 2015 08:41:20 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....^.^.....C..............................................
......................C...............................................
......................................................................
..A...........................!1..AQa.."q.2Br..#Rb....$C..D...%4Ss....
..............................................1.!"Aa.............?....
[email protected]([email protected]([email protected]([email protected]([email protected]([email protected]([email protected]([email protected](..
[email protected]([email protected](.........}..'h....u.......X....8$....41...s .I....k>
;.....!..kAW.hb.[J|..%j>..!A..W.}..n.>...........k..y...ov....n.
-.M..d..3....x........Q....#[email protected]([email protected](.....A......v@..: .......
...j$......@...>..R..[z.-E6...row....2j...!..:.........b..T..u.....
:PH?.........tp ...J.$.p.>.J$.q'!....d...v.....Or.>..:...s...c..
.*....l.k....C....hs.-.?..`..........h...Ks....wt./..?CPf.$5).:..u...h
PRH.".%[email protected]([email protected](<'...........\6.k..Wd.G.jH..D=..et...s.:'*...
.qo-Kqj[.%JR.*Q'$.y.O2|h".PGm4..Nh#....($fi[l.T.d....?..1AG......hu>
;[email protected]."#g....#...Z#a;.l...t.~...4..q._..D.]Yg..8.&
lt;...T.h....J..p.0..> .b:8\bKiq.."........:.[Ze...^.q...._..B.....
.lc..Bz.:....fn.i..U...Y.NT.....q...........F...........7.].pm.8..L.&.
.W.B.Z,....H,..#....!.......$...J..R|...2.:[email protected]....)HP.I......Y.s..
...%~c.....Q.t..).......T...B\HZ....I.....^..........V1....f1AY.;8.E.Q
.@...*[email protected]<D...Fud..)v
.-Yj..8.m..!1..:...G. d...4Gov.gm{..6.%k..2;.r..J..n:[email protected]..
....Ln-.v.Sa...z..k.d>..........M..c.]F...w..=j...C.N.. .......
<<< skipped >>>

GET /som-automotivo/multilaser-one-p3213_200x200-PU7a9a2_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "b2230d45bd64df5bcee71ad518855b87"
Last-Modified: Thu, 21 Aug 2014 19:04:25 GMT
Server: nginx
x-amz-id-2: Vqf/RFLccPOZsI6S00 LESBhmr5n3cOG X2 RWpZa CBSaX7hjyCDJuKunHy8q9N
x-amz-request-id: 3144127DC83916DC
X-Origin-ResponseTime: 1424036142.248
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 6855
Cache-Control: max-age=40574
Expires: Mon, 16 Feb 2015 21:35:42 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.]...........................!.1A.."Qaq.......2U....#BEV.....VFR...$
4CTrst....Sbcduv......................................2...............
.......!..1A..Qaq.".....R..#2B...............?........................
......................................................................
......................................................................
........................................uwuO.tM...r..5..1...4."'......
..3..........g.{]W.AC........u^..>.......u^..>.<.....u^...w..
G...E.{4.......M?.....O....(.=.U...Z.......%@..U..C..tpi.z...u^[email protected]`
.).=.U...P.xp`.).=.U........S.z*.........8....U^.@;....<.5G.....|&l
t;.1..5O............5O......y.c....U^........*..S..S.....:.ET.D.ww...?
.5..i...)......o.*...|=.7..w.*~.......>M...i...'..u..u....o./...A."
..h......hh$..<.$.-...jX....Z...8...I$.A>L.%.e..........?.....D.
..6,4y...V......3.....5. ......H??.b.....t...q......{9.{k5\T.........O
gjq.,-I.4~...o...&.&..u6..h.....".#...I.............u..TW..G..p>...
..[..[u.l..<.......6...........J9...5...n...h.D...^.i.7.gq....#....
.y.{.xO L.?..k_.X.........O.n..f.........-........4r.....[..Y..*hY....
....Y..*..{.@..~..e.....t...v.>}K..SG*..A.....Yc.2j.\.....N.>}L.
.&....'.....E.iZ....R.q9.1O.*'Br...5..-..w..'=.KQ....[.....9.2N....._.
t.........S\...t..I................k..n...x......\.|..N.J}=.......
<<< skipped >>>

GET /monitor/samsung-lt24d310-led-24-0-polegadas_200x200-PU92088_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "ce73548f24ee5cfb7d7990cee54a790a"
Last-Modified: Wed, 10 Dec 2014 12:24:05 GMT
Server: nginx
x-amz-id-2: fkc3m5SFwAoLyJeoL1q9X pjYHjfDw0VjfJqEL6gbp75EvVL9zNAPeb1VYDN0VKl
x-amz-request-id: F94BB8B71AB52E84
X-Origin-ResponseTime: 1424022838.338
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 12586
Cache-Control: max-age=27269
Expires: Mon, 16 Feb 2015 17:53:58 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.............C..............................................
......................C...............................................
............................."........................................
.............................................................pj.x-..ph
...s[S^..55...s.f........z.1Qu..'.g|..0WgJ..<W>...= .M..qB_C..&g
t;.........`...U.Z.o.j>..b...sJ..=..]..V.  .`.....|.p_..O..!.&pU..2
:..^....zw..5zny...=Z[..Y>...2..Js..>...-}..z..#...._....,....b6
....tt..^.-..B...;u....9.]Dm..-V.r.9 ..?.^9-..8c._X.;.DZ..>{.b.....
KW(.8....l..)......*..b>O......y.&....mQ...B.Q..h......{x5t.Q=.H.f.
u.=......oO5O7U.T..9.BV..F.W...;..4..j.gW..OVe(..o{e...z.....o.2..IT..
...n.gL..Bm.T..;vk......z.N.......{..AmW..b.|..U..\.....vc.......|=.V.
1.V}...%.~.H..7....>w.............C...........,|....w.....2..#[.ZD{
..W......,Qp.>..c.....w.......o..K.(..s..../.q..y?IG.........|~qz..
.......0......................... ................................"6 &
0`!#%............d....n.Sk..[.........^&;u.Lv......3..&|..d..6<..c.
..,..b..6,OQ6....>..../..K....>......O.nl6M..N......7..x..\p...7
..qG.1Y....s.*g.....~.....8b..X......rD.....;...G..1E.<Vc..q[..W8..
.3B..k.....2........_.p..{.P!5..L8#.U..v..Q.<}2B..K...<".$Un(qG.
.....?...sv.ZKb...p..*......2U....H...7Y3..l.......O...!E".b..R....,..
.........<{1...?.n.x.._.&.`...$ce........=.H..L.#%..%.N..`..V<V.
......=.XU...a6S.:..U."...T.(..7......w............?.T.b....n..S.7<
...X.....3.*[email protected]\p..|.l../~..^..;`...E...s!...W
<<< skipped >>>

GET /som-automotivo/multilaser-p3214_200x200-PU7d9ea_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "89ec92288dda20704c5fbb72022b9af4"
Last-Modified: Tue, 23 Sep 2014 18:34:26 GMT
Server: nginx
x-amz-id-2: YVCLW3PdHqal5VqcgGUGbVQ5yGq2zhRgfvL32eqkNMCjZnPkwnTCRhRJfMFRil7o
x-amz-request-id: C46714E3680FF2AF
X-Origin-ResponseTime: 1424009094.208
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 7686
Cache-Control: max-age=13525
Expires: Mon, 16 Feb 2015 14:04:54 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.V.........................!..1.A."Qaq.....#2SU.......3R...$BCE...4DTb
cr.....Ft......................................4......................
.!.1AQ.a.."2q....R...#3B..b.............?.............................
......................................................................
......................................................................
..................................B...]!...v.h.7Ok<...f0F\..o1....0
xn.~.?{..H.d....S..{....A.xm...-.~.?].!....[E.~.?].!.....w...z.*<6.
G}..?..............].....G.m..#..S....7^..?].........Q..(|8tO......A..
q...o.w.....&....."..?>]..n....t.>....G]..^..~}........AC.....m.
...AO..D..u...AO..D..u...AO..E|.t....S....5.>.}t...4g.7O.........ph
..\..4.I....'....=...%.........c.a.............>..3,[email protected] ...5..
wq.q...z...Gp.............}.v\.|..|..}..:&.,P..[\W...CICL.8.I.....X7..
..9 ...G.N~...=..h...2.....i....Q..k.}...t...............5...j\..U. .D
c.(..c8..zC......\ .r3......m).Dp.3.....9...4g....t....OMj..h..]...Y..
b.....U..[.%.8."s.6....fd|..1....6...\.x...........G.......z.2..i....9
......pkK..a..'.\.$.......Q..)...>Ylv.x.g;.L..i.. ......j...t...^.f
........s.\.~..Q...p.......... 4Ke.......g...l..M.`.....m...k..t.W.~..
Ko...[.....t.....z-.....M..~..(..SA..7.]...FS7.k....W..Z..oUle.N.|..7.
G..J{".......z.e.8.t..U..RYt.E<.2..k..vr9.{].p6 .....B#\..Pi.QY
<<< skipped >>>

GET /caixa-de-som-para-pc/edifier-r2700-128w-rms_200x200-PU77db1_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "3389357ab8808d5cea115166c3fa8c02"
Last-Modified: Tue, 10 Dec 2013 18:17:10 GMT
Server: nginx
x-amz-id-2: qC6p daX9eGV280PtbsPTj28Q hDVrkE4Fv1YPE8regSf9F5mc4/7K2AYGnlChhi
x-amz-request-id: 3D961A41BEB8C1B5
X-Origin-ResponseTime: 1424049841.549
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 7747
Cache-Control: max-age=54272
Expires: Tue, 17 Feb 2015 01:24:01 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
..I..........................!1..A.Qaq.."2...B.....#Rr.$3Sb.....CDs..%
c...........................................................?...!..!..
!..!..!..!..!..!..!..!..!..!..!..!..!..!..!.....a...&.aZz..UI:D.~.....
i>jY.5..^......25..e<..............(.mT#D...N....H..U Tl..e....'
...o...3.v..*}..4u.|.R.6....>}..^(K...-b.3T....-Z......<.....f0.
.f.@..'....."..'.. -....;.. .qZ...7..m.~.....hG..f....#..|}.B..B..B..B
..B....A...N...YOb.aH......Hy_.....I.. ...xa.f...Z....%.)..p2..[.....-
..5W..y.....p....6.p.*PBTO[..yx..l........c..&./..O.>9...<..Q.O.
....:..j..dV2.....-.....R..2..eU.. ..f.,.%4.D[s..E..b.p..4C.J....r....
.....f-....TUP.... .Q.~.4....Y6.Z-......1&....u~..I...I...Kn<...).L
...P...=K.h......e.`.. ......q.$%.J..........r.4..t.....T")......N....
.T..S..P.......P.?4.K!Y.....~b6..T.6....\..%9 ...L.('.n.I..._..<7..
EU..5".:YJ-...y."...$\y..;p..X7.Te*8...1]EI...4..M..l...q...8V...5....
,%V......c..o.&..#.......O.N.......*.....;..N..*7..Ia...jF. i.,.......
P.Gd.'Mo}L`.3O.fXQg.9...........<.qo.UR...N..&.I....[..fs(.....I~r8
.EU....W..D.....A..)Q\..p..D..-....y).......N....L...78..Zr.(..!.bSJ..
[email protected]..=~B<....>0..M..q%.....f...\.$......0s...K..9
..R.....?|s|...E...a..$].JY....wD..7Q..1...w...;o.8s]..2.....d....5.^`
..%..k.a.......-5..0M.......^9w...D..L....D..bd.e$..'d..|cw..w..%~
<<< skipped >>>

GET /bicicleta/colli-dupla-suspensao-18-aro-26_200x200-PU56929_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "8ceb571c66374ea3ee22499e090d5e36"
Last-Modified: Fri, 20 Dec 2013 12:08:10 GMT
Server: nginx
x-amz-id-2: BNFIbYA/LkKkszcTW/ qWImPb3I0b5zTUCpUlTL/BASpzaemmQQOdHvA7dXhEwfW
x-amz-request-id: 94D170FF2A7CB91B
X-Origin-ResponseTime: 1424017426.324
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 11043
Cache-Control: max-age=21857
Expires: Mon, 16 Feb 2015 16:23:46 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..D...........................!.1.AQa."q.#2B..Rb..3r....4C....]c....
...............................4.......................!1..A."Qaq.....
2....#3B.Rb.............?..y8..JW.=.L3.tDk#N $.He............<.kq..
....!%.....`[email protected])[..NG0../......A..Z......b...s.......A.{.0.bO... .
.v2.....a.b2...........&..<B.JS...... ....0.8F{.g...Q...a..>\C..
<BH.0.6.u#.F6.H....0..O......c.8...s.....89.\1.'#.p.{@.r2.8..#..@I.
[email protected]#.....Q.;.%[email protected]]E..GJ(..v..-....O..8.v.....
...\4z...I....=G.b.Q..S.'..D...(}...V.$)*...c.j>..:^..........9.=..
.J.......8..-....fZ'......0>..4.V...gK\...I..}.->P..-......d.#..
G.3,.e..{|..O!..n.'`[email protected].. ..zh...a..q..@"...d..B...
...>p.zy..N.....!F..! ys...}....V.6.T.(...$.x..&...M$.L...[,..AB..d
...w..{..........TJ...D...W.T.s..i1.u..a.....................c.jSj...d
L.L57,.....h?B....i.1...BTN...B...L.. [email protected]).......)...s
.fo..@..*}R.a....u$9<.R..>.......v6A..>\GM....S.JB..`|..ae.I.
>.I...;....<j...aF..Ma.M...tE&......V....z......U.z..g..J..T.P..
.|.=...:.....?.n.).7Q~D0.....2...mpa Jw .X...D...g@..?.[w hU.e......y.
.G.....d..._.m2.Y.gh.}S..../.."...9.-...VJ.....N<.J.&.o...J...)....
.R$..J.[6u....=p..i...{n.x..J...t%[email protected]."...*.B.[.........I...
.Q..~......3&...H.Z.%m,'.e.~....=T...io.;...3.q..~=.......K{sR..iU
<<< skipped >>>

GET /jogos/batman-arkham-origins-xbox-360-dvd_200x200-PU7cac8_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "072a865b068e92981b13ad25255628bd"
Last-Modified: Sun, 08 Dec 2013 07:14:23 GMT
Server: nginx
x-amz-id-2: eumQFJkSOhIK2icGQYpQ8k9ReDOWyBASFBq7JKPWOfqN1NuUKPUFJV0ZTN9AmzDe
x-amz-request-id: 698FEBCDB611593E
X-Origin-ResponseTime: 1424017934.876
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 15199
Cache-Control: max-age=22366
Expires: Mon, 16 Feb 2015 16:32:15 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....d.d.....C..............................................
......................C...............................................
......................................................................
..W..........................!..1."AQa.q.27Bs......#Sr....$3Rb.8ct....
..&45..6DFe........................................C..................
.....!...1q."35AQa..........2RST.c..br..BC#D...............?........I.
Yu.....$I...i.q.nvn.....mp,}..lM...*2m'...8....!..Mm.vR.R-...q.....^..
_I_!K.....%.{.;.........?......C...Q..8d..J.....s...W./.9._.......E ..
...s...W./..B..A.8....J......;......C...P~N9?.R.h........_....)~T...N.
...'.p}...._...9._......E ...p}...._...y._......E ...p}...._....)~T...
N....'.p}...._...9._....s"p.3..Q.._C.)*2.V...K..F<n......i...{_#.i.
W.jB.......3'.g..}....IR%.....YR@...{|S..N....J.....i ?<.NV/JN.HB..
.......N....E*..i............3.....}..f...OCS.Ria..JBZ]..s....U0.UvcVV
..m.../W..t.{.=..|L.|...M&.Up.._...xINV........j.#uN>....l...\i/..%
.S....._o..ly.]j.k..:...y....Z.jT.....9r..o.!i.....{FB....g..?V0....
.<...or...ETr{)[..[N.WgfN.Q.._2f(...WU..q...t.\..~....bt}*.]....].T
d.......h.0.`.......`...&ig3U........%...$.......S.V..J.. .nq......xv.
Y>m...l.......q.[O..[...>......K.P.TzS.I\.u..dY....oI$..<....
.:....Rn.^w...../.......&...^...1.<[email protected]....;A~....n...8.
.4.'..XX......~-.|.Y...7..[...s...'-m&.b. ...Ao.... ..\........].U.J..
..$.....Qv.>......W...f3YLU6$........n\.:..H..q../..^....[[.;....{.
%.sy[...ss-fj.r..9......Ah...n....Sa..p{.A....18.L...tr..{R...%l..
<<< skipped >>>

GET /fone-de-ouvido-headset/skullcandy-lowrider_200x200-PU32da5_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "c69360ace5a61483f20eaaf7b723a8a5"
Last-Modified: Thu, 05 Dec 2013 12:07:37 GMT
Server: nginx
x-amz-id-2: oin4MVjadDmS8IQ/bFfZ9Wq1QtmdlhfS7OZ8BuOWhwkHW/Q5kBhACrsBSe4VCRvu
x-amz-request-id: 3CF6DD902173AEA4
X-Origin-ResponseTime: 1424022963.637
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 5951
Cache-Control: max-age=27394
Expires: Mon, 16 Feb 2015 17:56:03 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..B............................!1."A.2Qaq..#..3BRb....$%....CScr......
...............................................!1.AQa............?..."
 ""." "".!8._...z..=L.....K .Z..=.}.a....i^.I......].#....q...l.:..P=`
k..........oi..u..].......V. 6..P.$...;.G_.....L...7*[.#*.."..x.f...p.
..(.......................I......Q.I..a{...]..WMU}.....X.|..z26...@O..
...q....T.....k......rS..Lw.?.{.........n...#..P4.e..>9jd.w... 0..s
.....{..........?E-....s.j.......4..)w#..y.....*c..Aj.\....W....I"o.3[
.A..Gu.....f..A....Ek....,.~x.}.......6....H.W..Y-m\`..#..a...G^.I[...
....#....Z..i}M.......9{8...uF....=......;.....^...;....i..F.l......OQ
`.v>n4....g..*.t..k.?..f....ed....p.Ii....V...c...{A]O]AQ$.. .6...M
3s.....~...k.?..=..Tz..7=,......SJ=...b?..>.E..........8B.r.....X..
..........|[email protected]/V....z...""." ""." ""." ""....
......dusQOp..#....4........:).S.i%...{..Mv.e...}|8.~..5.q..Rj.....Ac.
E...$......=2H.[#....'.v.....).=..G...4.(...<<....~J...........K
...#.F......B{r......m...}......:.r..,......j.d..p.S..<L... #...h..
:..DZe...i.#?.V8..gOo.<...b......_......g.u'.8.=r.B..4......m...cj.
.WSJ[5;.. .vz9...:u]..UX..o.6...;..C...........)..v[n....-.....1SG!...
....S.V.5..k ....-I./.Q.6......Q.....<...i.. ..N]|.....cv./N\...v..
P..B<A$~P...hi..M.^.g.}_....\...l.......K...p25......[......#!.
<<< skipped >>>

GET /tablet/samsung-galaxy-tab-3-lite-7-0-sm-t110-wi-fi-8-gb_200x200-PU8d50b_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "a303fd8aa799825b9f0ea76a7cf61ae8"
Last-Modified: Wed, 04 Jun 2014 19:42:44 GMT
Server: nginx
x-amz-id-2: nYhXgXuoGBWCHeznW3LJ1G7J8oCzlSNhFseavcCteRYKF7ItVb FXzdGzIZTQ3ii
x-amz-request-id: 8E073FB9719FD387
X-Origin-ResponseTime: 1424052222.325
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 7053
Cache-Control: max-age=56653
Expires: Tue, 17 Feb 2015 02:03:42 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
.Z..........................!."1AQ....23aqrt..Rs.......#$4BCEFSTu.....
.6Dd....&5bce%U......................................A................
........!.1A.Qq....."#2Ba...CRbr......S.$5T..............?......"  N
.9.c ..XL...G..g...]..J#a.t....._.....A..-h... -.Yq'siZ?X.MU.....r.#.T
.....Z.~.R......,...R.......^..*..s..?..J.W=$p..sR] X...Z..wt,..^..o.n
..K..a...............S.YP.....?...M./..:=;#........].!..... .4..]Dh&l.
.Fs...v...C......~Z........S..2..&......>.....}...jc.8(.. '..c{Y[..
.p$i.f|}.0.FB. [email protected]@...at..~.......T.~
.....S..o.:..;s....7..X./...W.j)(.......%..FA..2.wmN...u9.PE...6..s*..
..WU..D....cr.#h.$-..M..8..wi=...K.8.......2.]?.O.........R.]?...t_.^/
Q%......,=d.X?_..AJ.A.....w..6..{....:..O.......g.....6...../..}......
..V...'.....j.T.rg.-..Z.,.0..^..e.....}`.?.Q.=Z..A..C......b.z...9Q&vh
gw."...I.n.y.,.........l9'......... /S.....wc..#..{Y.$pc[.T#$.......)t
...V.........I.U-..wpO~6.KjH....\Iv...Y=.h.. .ON........ .uic $l....G.
............x\B...%.imZ.~.......~7..J..o.....^......Gb...h..'......z.J
.......U..Nk[.W*.i..]l.:V:W.8...\CK...... ...j`k.o...hk.^.p..wo.......
.R.Wv....,....e.wM..9..`.....x.F..P.Z5......W.*..Ns..w..z.b.....Q..WI}
.S...T w.7......%....LH.Rr.9..." ...""...." 1.C..?u..N;.y..S.xJ/v.EN..
g.:..!o...._Yl....6F...D....C.l..T..r.Q.$,..$.f.9p.Z|{.3...K=K%..7
<<< skipped >>>


GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "51dff7c69a24b508bd5d601f6799f5c2:1424080522"
Last-Modified: Mon, 16 Feb 2015 09:55:22 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Content-Length: 856
Connection: keep-alive
Content-Type: application/pkix-crl
0..T0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150216094300Z..150226094300Z0..<
0....X...140427081922Z0....v...140618150003Z0........140429180917Z0...
.....140709194633Z0........140416233935Z0........140521155053Z0.....).
.140617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..140
606204021Z0........100729164439Z0........140606222139Z0....%...0205141
81157Z0........140725020038Z0........100729164732Z0....M\..14043000044
2Z0.....-..140617185011Z0....uU..150118022133Z0....V...140624123102Z0.
.......120627171025Z0........100301134531Z0........140618143256Z0.....
...120627171017Z0.....>..140711125531Z0....[...100730213120Z0....j.
..140226123519Z0...*.H............zU....=.Z....4......IE<..k...IA.K
.. .]5....Co.7.T......:...d...".n.4.?L#*......j..0.fV...xum.-4..*.....
G.U>8...i|......l...'[...HTTP/1.1 200 OK..Server: Apache..ETag: "51
dff7c69a24b508bd5d601f6799f5c2:1424080522"..Last-Modified: Mon, 16 Feb
 2015 09:55:22 GMT..Date: Mon, 16 Feb 2015 10:19:25 GMT..Content-Lengt
h: 856..Connection: keep-alive..Content-Type: application/pkix-crl..0.
.T0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equif
ax Secure Certificate Authority..150216094300Z..150226094300Z0..<0.
...X...140427081922Z0....v...140618150003Z0........140429180917Z0.....
...140709194633Z0........140416233935Z0........140521155053Z0.....)..1
40617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..14060
6204021Z0........100729164439Z0........140606222139Z0....%...02051
<<< skipped >>>


GET /pt_BR/all.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: connect.facebook.net
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "f5fff8e7e7f98050ae98569c6a4d9c97"
Content-Type: application/x-javascript; charset=utf-8
Timing-Allow-Origin: *
Content-Encoding: gzip
Content-MD5: XcUJ60dRtWG2VoCDG1NZfQ==
X-FB-Debug: wKNK9PzG Ycre9qUUpqB/6euQmrkjGWzz4YxagjrCBL9PTMlp0EOrG3jbvC05qItGoLc4OvVrIqEijIDSPPuJg==
Content-Length: 52553
Vary: Accept-Encoding
Cache-Control: public, max-age=1200
Expires: Mon, 16 Feb 2015 10:39:24 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
............{..../...^..$.1.(J..4...%.....=.l(....H... %Q..k..[..h. %'
.s~.l.......U.U.G?.?99}......=.?>~/..'.|....xR/].?...j5o:o.........
~....~.b..,.....A'l....q..R.r..:.$.......J.~Xz3.:.G.x......(.Tk.......
....j.%...w4..../.........>._......&.......z]*_.&<..$......f.$.]
...$z.n.Y....$UuJ..c..........[.Iz...G.0^X5.4...'.pv..2.t.....l..;U.l.
.In`0.....m....N.................y.Z4A..7`...,./f.R..]4..T.0.....W.h.z
.V..B..".........M.7......U'.z......&...-..8..F(..N..<q...@:...tW.e
.S.......Y<.g.e9t]5.N3.hP..vA....%'...1.....$.)....Y....Qr*a.)Q..I&
lt;/..pRRh...{..... .....p.x.}\..y<[VG..7.{.o.7/....j..Zc.*j.*.w..D
.N..o...U'H.K.....5..0.6$]...U.#[email protected]..=e...l. .K.*[email protected]...
.....q?.N.I.<...:.t:Z..o.6.Z........nf.....u./.a|I..;:.qWX...z..<
;,M.[...N0...T....=.......9..F..h.2B...[.....&.....{.f6...^..c....^.).
.....c.....^u.L......J...J...)[.......P4..|[email protected]..\.`P.&%...
9...2..C.%......G....yOt87\...G...R<....wL.&dOo...Lj.9....f.K.g7..r
.....{5.1.9..g..}.....A.........s.......a.<.=3..m.o...1............
xl...7..>f.ff..3.d......e .b7.5.H.G.jnT..<.F.j..d..^...^...vp_w.
......P..l`.......H~p..i&.,l.c<.B....(...N...H....A)....1\.....:...
&........K....W.K..9.#El.,[email protected].._.|.....y.
m>.&=...(..j.....H%..Z i..W......."..|.....c..mX........C37..B...,/
..?.......G=.....<.h..Gs...<"_.U..?3....f!;. ......>-..p..F..
....M>...hwA.Q.......q4).Gp[.x5..Ts.X...e5..K.....D.'..1......=n...
8G... ...uAJ....J#@i.z..|84...<!*Xt.....$.......&.;... .$.$.G..
<<< skipped >>>


GET /ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.baixaki.com.br
Connection: Keep-Alive
Cookie: __utma=248450708.1811958267.1424081965.1424081965.1424081965.1; __utmb=248450708.1.10.1424081965; __utmc=248450708; __utmz=248450708.1424081965.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)


HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-IISpeed: IISpeed-1
X-Page-Speed: 1.7
Content-Length: 2382
Cache-Control: no-cache
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
Vary: Accept-Encoding
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"~..7N...O.<y...<M...L_~..
..I.......wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`.
.e.u.......GG.5.J.-.e.Y.......ui.g3..c?&.=^.mF8.........>:..m.l..\.
.......Gm....(..t..M.~v.........w?.  ..-...x.....O.......%..h.4..../&g
t;.....EQ^?...U.L_..?...EV.....y[L.QC.n7y]..n_...E..H.M..|;....i......
...f.....>.._..%.jv...Y}Q,......y5]7..Z.e.......gi;/..]6m..|.=.W.ym
......i.jy!.....y...../)...xR....V.i.g.y..Qv....ESL..h.....,_...fUf..&
e5}.a.s.3......<.T..p.]...o......~...j.h....?Xn/..v....W...?z..`...
.9..mu.(......;..$......r....../..f...;..U....-.eNh.U...w..Ksj.],.6...
f@;:@?.l6 ...m.z......u...$N&:......i..O......9...zuq'..m...XV..*.Z...
...I..D.N....|B.R...D....?../mV.....'#...Q..U.>*..V..............0.
v.]....4.0Y.m....J...:/in..._1.........]_L.....G...w.......N.>...m3
L..!$...7q...g.TI.tg...) ...#.E.;...f..yt....<.N.=.Jb...M.gMNs.MB).
ys#..7..nlr....Q..Y|...]Y4./Vi.._.Kw.?...I.E./"s...cb../.<.2..1.h.d
&...m..*3...(2..3m....?>..............'3".Mr....YuE....G)3.....w...
S.M.BGsF.K.D...G>5.n.%.|s......V............U.AS...7d#.j...........
...Xd...|.j......v.....R..d........1......,)8d{.......,B..E.n[."..{.-B
...Q..d.f.j....w..~ .{D.t.........H.b^..y.,...2....f=..Y!.N.&.9)Q.o.k'
.?.w....aN*6.P.......D@2}.RG..W7...vD..,...)....-8..J..k....~*.=...x..
.!.J.b..n..?.^....L..I..Tf".4...J.A.f......b............F..z.Z.;2...].
...~|.]v.7...o?F.{..no.....hN...6>~< ..i.5..`...!..1.#/..#o.
<<< skipped >>>


GET /PublicSureServerSV.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=864000
Content-Type: application/x-pkcs7-crl
Date: Mon, 16 Feb 2015 10:19:27 GMT
Etag: "2b0045-4741e-89987140"
Expires: Thu, 26 Feb 2015 10:19:27 GMT
Last-Modified: Mon, 16 Feb 2015 03:54:05 GMT
Server: ECS (ams/49E5)
X-Cache: HIT
Content-Length: 291870
0..t.0..s....0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150216035036Z..150226035036Z0..rQ0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>


GET /sd?is=fm HTTP/1.0
Host: install-cdn.reversepage.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.0 200 OK
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=ReversePageSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP002C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Content-Length: 583208
Cache-Control: private, max-age=86400
Expires: Tue, 17 Feb 2015 10:18:42 GMT
Date: Mon, 16 Feb 2015 10:18:42 GMT
Connection: close
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z....... ...0.......p....@.........
........................{c.......................................s....
..................0...................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
.....p..............@....ndata.......p...........................rsrc.
...............t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G...
..t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>


GET /gpt/pubads_impl_56.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: partner.googleadservices.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Mon, 12 Jan 2015 20:02:58 GMT
Date: Wed, 04 Feb 2015 04:55:47 GMT
Expires: Thu, 04 Feb 2016 04:55:47 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33962
X-XSS-Protection: 1; mode=block
Age: 1056217
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
......n.....i{...(......u...%giC..u.'q......U?.&.ZCR^b...3.. E%.y.}.i,
...c0...b.....v..x.=f_.|0.X......q.H..W.a....}.b.... ....XY....x.lso..
.,........W(.....,......).uD[......yK..B......Hm..Y>.6...C....f..ch
.:..=..4.F....$T.....Qw..riM.. N.E..9...|..k-.Q...qd....|<..M...y..
....T..<.C.......Y.....>.s..[.,NF.K[.m....Gj..U<..m.:]@..R...
.l.R7.r.....{.B^[email protected],.....U?..*v%ti.*.X^.pF{.(.bWu...]..v$.....|.
T.....S..s..Y..%....,[...b.]X.-.}...k...)..1..'O.....~..........5j..||
k.f......;c.g.......;.....z.$Mg.M...P.'.Y.0.....9../..............w.j.
.4...\.-d.n..4..j...Z1cBV.vmBn}u^..q&ww..;.25T..&..7o.PMy>....Y...3
..P...[.....%..Z...5..r.jZ.../^.m....h.....M.~...<_..7......v.....c
/......ISk;....9..8........N... ~.;...JW..v..NXL.....o~.......vh.4..\0
.".g..!.....Y...q.....;w..a......io.h8.....:.;.i.Vt.....b}.9t.]r?.....
q.../...a..(:\...Ps.!...,.a.lH.....`D.-..<....y.R..x..{.U.$.2..}.'.
...#{....xcs..|....".g...h..N?.:h..O.<;........y....gue....|.c*>
k,..O.}fY.........\....S..C.k90j...|.......w`...Z..K....O..gX._W.g..j.
...Y.j..y........u..oZ........W..b_....S...!.f...~s...w..?....b..8...&
gt;..>.~.....[....Xj.[...tn.bto./t......k.B.r.]X.9..L..5.&.../..4UC
.0.y...c|..hxe.w...#..0....?...^[email protected]......"..
.=...7v.Y..D..f..&.P.1.{.rV...0[.8}y............0....p.5.P.O>^.k.n.
.v...[?Y..........x....r.......y8..)...Y0.. ..]....\..Z..H...OTA\.....
......U..Vg12g1,.".o1..>.u..9 ..q..p..p...].r.......S.Z..-.C..=....
c..Sz..cJ.)>.....M.)../.!.?..[?C.9%....ck?.......:...D#5q.b....
<<< skipped >>>


GET /pagead/js/r20150210/r20110914/abg.js HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081966864&bpp=1&bdt=54&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=1261287858.1424081967&ga_sid=1424081967&ga_hid=1984809558&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=109
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 12855107806509661363
Date: Tue, 10 Feb 2015 19:05:46 GMT
Expires: Tue, 24 Feb 2015 19:05:46 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 14398
X-XSS-Protection: 1; mode=block
Age: 486821
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=1209600
...........}i{.H..w.....)...F.Y..._...1..up...!|....>....d...g&....
.....Sjs.....W..;..Zz.....N..f..f..I..A...JQ.t....u......x.)...}n..A0.
.1U..J..5...*.].*v.~ h....i...N3P5..D.x|.u.\.4M.........*.1.'.....L..L
....=.n0..9R|.j......{.#.....#m..<.\..#F..*...k..P.A.`.o.....o#....
G.U...(F...".@9.`.e.......Y......[E.t.P.%..Q....;.}.(.Dm....%.B..J...\
.".I!..Q.q....(..L..]l...0.(..~.x0....O....fg..C.hi....s...3.En.G$!.. 
........O.....)Hj.."....S.........1.6.=-!.......w..O.f|...$.HI....G..-
....-h.?.B..X..Z..8K...{..=...J......B...cR...v...EV.. .`@B.Xo*..I.Q..
..6Kw...O..L&.ZS`.G&.../..B*...........p..Z......N...;7g{...Z.To....'.
.-.G#s..n......V.Qqa.D.&....,..X.}....P..9.O. ..%..m...?...7....r.....
.Vo..U..S.h..Y1nS"e...Z...Pi.a..m#.<.!.VC......:.GL.1%%.wz..8....U.
T33}w.%....}]...H.....w.-]Q.s.C..N......B.....Db0.h`......].'....(....
. t7...L..B.V..{.}..G._#/.....!......].(.R..Z.D..w&:X..y`..~7....n....
.....=....h!...5..76....}..)....] ..d......~..Us|..-..zA.&......"...`.
_.............?.T..h5.ZD....U._....|.C.]...^.kc.^.U ...."..PZc..P.*...
..\..gnk.a.*..J^.k..Z..y..W. .yE.-Tt..^\L..a;...j).n...>.k%.4.Q....
.....?...l:..;..z34c ...>.....-.&........<...O..6.0.............
.l..T...J#..w.d.v...w.Z:...>[..{[email protected]<.
M:i....\..z.".IkN........"\..t..T6....e.M._....#.^.A}t.yGC...m5B..i...
...#.& ..mr.l.o.'....bF...5.R...-3.......)......$...f .L!`.S2...p.....
.h..%!........gJ.]@21,....@.}...7u.....u.(M.................... T[C)..
V..W........pLz.......WTN.....N.f. .%..h.6.....9...*..2...D..m.V..
<<< skipped >>>

GET /pagead/images/x_button_blue2.png HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081966864&bpp=1&bdt=54&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=1261287858.1424081967&ga_sid=1424081967&ga_hid=1984809558&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=109
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive

GET /simgad/16006432992429916137 HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=9705731878&adk=3597687593&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081967332&bpp=31&bdt=77&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=823281782.1424081967&ga_sid=1424081967&ga_hid=
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 02 Jan 2013 20:22:58 GMT
Date: Wed, 04 Feb 2015 05:00:28 GMT
Expires: Thu, 04 Feb 2016 05:00:28 GMT
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 30311
X-XSS-Protection: 1; mode=block
Age: 1055940
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=31536000
......Exif..II*.................Ducky.......5.....)hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM
:InstanceID="xmp.iid:9C611409F0A411E1BD78F69B65296424" xmpMM:DocumentI
D="xmp.did:9C61140AF0A411E1BD78F69B65296424"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:9C611407F0A411E1BD78F69B65296424" stRef:doc
umentID="xmp.did:9C611408F0A411E1BD78F69B65296424"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
..     $$$$$$$$$$................$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$........,.................................................
........................................!1.AQ".aq.2....BR#...b.35.r..C
$.4E......c..D...'..%U&G.......................!1..A..Qa.."q2BR..#3...
..b..$D..C...r.4............?.K-.r.-.A.... ..8#*UTv..I....CJ......$.,.
..)tv.5_...C.Ct>.x.....V.1...u9p.Q4.._..A..n.......*-E.,.p...2.....
...q_......7*..b............]....2^.5yN...........]......d.^......u\..
...K...S ..sw...c?.uN..QJ.9.]c.p....$s.....i.('.]....B<.....?.h
<<< skipped >>>

GET /simgad/791981695816463102 HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=6752265473&adk=742962455&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081968440&bpp=15&bdt=42&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=2102100500.1424081969&ga_sid=1424081969&ga_hid=980917080&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=678&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=1935280145&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=682,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=140
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Fri, 23 May 2014 17:49:31 GMT
Date: Wed, 04 Feb 2015 04:59:05 GMT
Expires: Thu, 04 Feb 2016 04:59:05 GMT
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 42179
X-XSS-Protection: 1; mode=block
Age: 1056024
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
......Exif..II*.................Ducky.......d.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E6C6B374F792E211B
72EAE956FBAE0E0" xmpMM:DocumentID="xmp.did:90E721B3E0F311E3A501BE1F1A7
CF3F2" xmpMM:InstanceID="xmp.iid:90E721B2E0F311E3A501BE1F1A7CF3F2" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:6720675F52E0E311A98A859B75BD26BB" stRef:doc
umentID="xmp.did:E6C6B374F792E211B72EAE956FBAE0E0"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;...&Adobe.d...................h.....................................
......................................................................
............................................,.............9...........
......................................................................
 [email protected]#.`"&!2$%'G...........................!1"..A#.. Q2
[email protected]%5....csTd..&..S..e.f8...................
...!1..A."..3.Qaq......2... @Br.#s40..R$.b...`C.....................!1
AQaq.@....... .0`..P...............i7..............@].....lU.4i.@.
<<< skipped >>>

GET /activeview?id=osdim&avi=Bp-bRLsThVKrjI6H_7QaftYDADgCW7pv0xwEAABABOAHIAQmgBiHCEwMQgAE&ti=1&adk=3718522017&p=136,24,226,752&tos=1133,0,0,0,0&mtos=1133,1133,1133,1133,1133&rs=1&ht=0&tfs=1281&tls=2414&fp=client=ca-pub-7019091094896260&url=http%3A%2F%2FVVV.baixaki.com.br%2Fsite%2Fdwnld109843.htm&correlator=8754882170701&ifk=3993913476&eid=317150304&oid=3&afp=&format=728x90&output=html&slotname=2838063472&flash=0&dt=1424081966441&adx=24&ady=136&ifi=1&tdl=1487&abd=1-0-5&r=u&bs=776,554&bos=800,600&ps=1348,4155&ss=1683,901&tt=1026&pt=1389&deb=1-1-1-3-6-11&tvt=1134&iframe_loc=http://VVV.baixaki.com.br/site/dwnld109843.htm&is=728,90&uc=5 HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Date: Mon, 16 Feb 2015 10:19:31 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policy
ref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA 
PSD IVA IVD OTP OUR OTR IND OTC"..Access-Control-Allow-Origin: *..Cont
ent-Type: image/gif..Date: Mon, 16 Feb 2015 10:19:31 GMT..Pragma: no-c
ache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache,
 must-revalidate..X-Content-Type-Options: nosniff..Server: cafe..Conte
nt-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80
:quic,p=0.08..GIF89a.............!.......,...........D.;..



GET /usr?v=7&acc=13767&upd=1&new=1&wct=1 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: navdmp.com
Connection: Keep-Alive
Cookie: ac3=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:10:48 GMT
Content-Type: application/javascript
Content-Length: 37
Connection: keep-alive
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Set-cookie: ndi=16281561560; Domain=.navdmp.com; expires=Sun, 05 Feb 2017 10:10:48 GMT; Path=/
act: f0
nvg13767.start('16281561560','','');.HTTP/1.1 200 OK..Server: nginx..D
ate: Mon, 16 Feb 2015 10:10:48 GMT..Content-Type: application/javascri
pt..Content-Length: 37..Connection: keep-alive..P3P: CP='CURa ADMa DEV
a PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'..
Set-cookie: ndi=16281561560; Domain=.navdmp.com; expires=Sun, 05 Feb 2
017 10:10:48 GMT; Path=/..act: f0..nvg13767.start('16281561560','','')
;.....


GET /req?v=7&upd=1&new=1&id=16281561560&acc=13767&tit=YAC download - Baixaki&utm=248450708.1424081965.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: navdmp.com
Connection: Keep-Alive
Cookie: ac3=1; ndi=16281561560


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:10:48 GMT
Content-Type: application/x-javascript
Content-Length: 6
Connection: keep-alive
/*OK*/HTTP/1.1 200 OK..Server: nginx..Date: Mon, 16 Feb 2015 10:10:48 
GMT..Content-Type: application/x-javascript..Content-Length: 6..Connec
tion: keep-alive../*OK*/..



GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDM203LqIY3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Feb 2015 16:46:50 GMT
Expires: Wed, 18 Feb 2015 16:46:50 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=345600
Age: 149555
0..........0..... .....0......0...0......J......h.v....b..Z./..2015021
4130039Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.36.r.!......20150214130039Z....20150221130039Z0...*.H.............pD\
.P.....O.....!P.u.k..b.&...f.X...D./F.......fIi_...>!..V.w..HYqh...
-....B.O..e.^.....O.d.....N........q@.......|k$F.q.A...o.Q...m.:.6....
.O.$>H.....Q.....x5.).1.:.p..-......S...........l8..G...)`..|q}0._.
...2.q......$IToV..BG....D....~..zO~...r9d.7]..o.HTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Sat, 14 Feb 2015 16:46:50 G
MT..Expires: Wed, 18 Feb 2015 16:46:50 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Alternate-Protocol: 80:quic,p=0.08..Cache-Control: public, 
max-age=345600..Age: 149555..0..........0..... .....0......0...0......
J......h.v....b..Z./..20150214130039Z0k0i0A0... ..........j.....p.I.#z
...(~d..J......h.v....b..Z./..36.r.!......20150214130039Z....201502211
30039Z0...*.H.............pD\.P.....O.....!P.u.k..b.&...f.X...D./F....
...fIi_...>!..V.w..HYqh...-....B.O..e.^.....O.d.....N........q@....
...|k$F.q.A...o.Q...m.:.6.....O.$>H.....Q.....x5.).1.:.p..-......S.
..........l8..G...)`..|q}0._....2.q......$IToV..BG....D....~..zO~...r9
d.7]..o.....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA69BoQh3hT6 HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Feb 2015 16:48:57 GMT
Expires: Wed, 18 Feb 2015 16:48:57 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 149429
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015021
4130443Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.....!.......20150214130443Z....20150221130443Z0...*.H.............R.4
...b.V..p....e. ..h.x...<...W.S...{.R...JpM.........3L...6...W.@y..
}....(.<y..h..8C...0B............cL..O...o...FxjP&.^...yE%..O....y.
........k.<&..ry..n..S.g&....q..;uG>HD4t....w.Q}."..9&.FOy....&.
..m...ca(.3...W.1.,..P.[(..c 9H..........I.[...<$.(....HTTP/1.1 200
 OK..Content-Type: application/ocsp-response..Date: Sat, 14 Feb 2015 1
6:48:57 GMT..Expires: Wed, 18 Feb 2015 16:48:57 GMT..Server: ocsp_resp
onder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-O
ptions: SAMEORIGIN..Age: 149429..Alternate-Protocol: 80:quic,p=0.08..C
ache-Control: public, max-age=345600..0..........0..... .....0......0.
..0......J......h.v....b..Z./..20150214130443Z0k0i0A0... ..........j..
...p.I.#z...(~d..J......h.v....b..Z./......!.......20150214130443Z....
20150221130443Z0...*.H.............R.4...b.V..p....e. ..h.x...<...W
.S...{.R...JpM.........3L...6...W.@y..}....(.<y..h..8C...0B........
....cL..O...o...FxjP&.^...yE%..O....y.........k.<&..ry..n..S.g&....
q..;uG>HD4t....w.Q}."..9&.FOy....&...m...ca(.3...W.1.,..P.[(..c 9H.
.........I.[...<$.(........
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDsqJhnahKJA HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Feb 2015 16:48:50 GMT
Expires: Wed, 18 Feb 2015 16:48:50 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 149437
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015021
4130338Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.;*[email protected]...*.H.............[..
F.].. ....O.....Y-..R .75A.....J[[email protected].&........A.8...mQ..\.(N
.J.."Y.....N..I.d...Q{|.w^AP...S..}G^..dtL.d......}] FE....g......y...
'...M..5[P!Y......~....1....En/..3!..Z..<.a"..S.2KTnh.!u._~D..(.h..
.:?J.....j....!.bcA..H.....%..2.n.5..^...*..=.HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Sat, 14 Feb 2015 16:48:50 GMT.
.Expires: Wed, 18 Feb 2015 16:48:50 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Age: 149437..Alternate-Protocol: 80:quic,p=0.08..Cache-Control
: public, max-age=345600..0..........0..... .....0......0...0......J..
....h.v....b..Z./..20150214130338Z0k0i0A0... ..........j.....p.I.#z...
(~d..J......h.v....b..Z./..;*[email protected]
38Z0...*.H.............[..F.].. ....O.....Y-..R .75A.....J[D...K.ek?.@
.4.&........A.8...mQ..\.(N.J.."Y.....N..I.d...Q{|.w^AP...S..}G^..dtL.d
......}] FE....g......y...'...M..5[P!Y......~....1....En/..3!..Z..<
.a"..S.2KTnh.!u._~D..(.h...:?J.....j....!.bcA..H.....%..2.n.5..^...*..
=.....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA6iR0vHFpqB HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 13 Feb 2015 19:25:40 GMT
Expires: Tue, 17 Feb 2015 19:25:40 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 226429
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015021
3130030Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...GK........20150213130030Z....20150220130030Z0...*.H..............d&
lt;x..6.|=..|.T.;.X........O....an.J.:..&...O8..8F.........x..M.../".:
...T..,.S...a*A..=..A..M...#]A...YXH....xh.....P....a..T.l.......x].4.
.......z...=.......S... Y.B.....O9.&.........o.M...|.i.. ....dI......N
D.....v.[..b.. .{.j4.xK)....mnD...PoP..?~>....HTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Fri, 13 Feb 2015 19:25:40 G
MT..Expires: Tue, 17 Feb 2015 19:25:40 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Age: 226429..Alternate-Protocol: 80:quic,p=0.08..Cache-Cont
rol: public, max-age=345600..0..........0..... .....0......0...0......
J......h.v....b..Z./..20150213130030Z0k0i0A0... ..........j.....p.I.#z
...(~d..J......h.v....b..Z./....GK........20150213130030Z....201502201
30030Z0...*.H..............d<x..6.|=..|.T.;.X........O....an.J.:..&
...O8..8F.........x..M.../".:...T..,.S...a*A..=..A..M...#]A...YXH....x
h.....P....a..T.l.......x].4........z...=.......S... Y.B.....O9.&.....
....o.M...|.i.. ....dI......ND.....v.[..b.. .{.j4.xK)....mnD...PoP..?~
>......
<<< skipped >>>


GET /images/tv-led-47-smart-tv-lg-cinema-3d-3-hdmi-47lb7050-photo29126535-7-25-35.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: i4.zst.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 4552
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Cache-Control: public
Date: Tue, 10 Feb 2015 10:26:37 GMT
ETag: "5450c0e3-11c8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Wed, 29 Oct 2014 10:26:43 GMT
Server: nginx/1.6.2
Age: 517971
X-Cache: Hit from cloudfront
Via: 1.1 1af3b41af1ae11562aeae8eb3a73224a.cloudfront.net (CloudFront)
X-Amz-Cf-Id: ziRNLNet080x4BnC3G_UQbMUnaBM-hMmGeHoVplbQI0-PPFvSXLCTw==
......JFIF.............C..............................................
......................C...............................................
........................n.n.."........................................
..G...........................!1..A.."Qaq....#R..2rs.....345Bfu.......
..................................2........................!1.A"a...2Q
....Bq..Rb...............?..=....CCCCB..........u$.hB.CL...~...o...m..
...h!#.g..7.....c....j. .n.j....a..RXV.CT.q.Zx.d.._.[.:.Ak....I.......
.t...v..7U.......*...O'?.PG!....c...izJ, .......qGs^..o.].a....y...S.h
. ? F~.F$.'.....K.x..j.....m.~.d...h.V.#wF...'.......H$d.(..Z...g/.^,.
...%.x.....%.....E..9p|..A...k.......{.mm.....J{},[email protected]@........[
5.......W.#.5u|t..{.*..3.......V.bp.....C..8...u...h..C,....Q\.$l..DA.
. s.o...&h....?Ft.7/.'#=........E...U..{P..}..;..l.X'.......S.!......)
..^.u..5.o.i...f.{Em....C.J-6.eUGUu*..2.2. ..j._x.{..b..[.@.{....@%.c"
..h.....'=s...IKQtvy%i.P.y[=.@.'...}......N..V.u..........{.....*.. ..
5............[[email protected]?_....M.{}....4k.........p.........!.
..W......as.$.U...1..n..nvS...p..2.~..ZT.O...8]|......H.....n...`.....
..K...9j..x.T.i&YU...lu.S{V.V..7.Y.e..S...|:...^.v.Ap2. .ge&...>>
;S&NQQ01..t...jx..C...[..okh.......f......3.:...c.r...9....h. u...w.^.
...Y.....4..OQ......I..O. .,..yX...k...o.nw..........vIX..;7.:........
$. '..}..*.{&...*S.6....?~..X.....`[email protected].
..../.8.~[r....k...'.........z..HyX .R...K..XS.".@%.\...k.....S..a&P.F
Nb.......{.[r.z...x........N;[email protected]`.yM..y..d..a...c....|x'|..
<<< skipped >>>

GET /thumbs/1/18/10/34396475.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: i4.zst.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 26832
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Cache-Control: public
Date: Sun, 15 Feb 2015 12:45:54 GMT
ETag: "547bc05a-68d0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Mon, 01 Dec 2014 01:11:54 GMT
Server: nginx/1.6.2
Age: 77614
X-Cache: Hit from cloudfront
Via: 1.1 1af3b41af1ae11562aeae8eb3a73224a.cloudfront.net (CloudFront)
X-Amz-Cf-Id: qk46xfEsEQFoOv_WYjxIkFDvczai84ZQNZvEcrZKYn0MHTwF_Vjqig==
......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), qu
ality = 75....C................................... $.' ",#..(7),01444.
'9=82<.342...C...........2!.!22222222222222222222222222222222222222
222222222222......3...."..............................................
..............}........!1A..Qa."q.2....#B...R..$3br........%&'()*45678
9:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................
......................................................................
....................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'
()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.............................
.......................................................?...(...(...(..
.(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..
.(...(...(...(...(...(...(...(...(...(...(...(...(...(... ...u.....|P.
......m..3.&.....;...5.......|....J.......C....?.|[email protected]...~>xo..
.~I.......=..|-,!2I..N..rOa[.....6".}.........5J..kO.V..#s..........$.
.......?..>.....]|..I$.$..Bp.FN~.....:.e8*F.4.d}.~=h....~I......Z..
.j....u....Z..\.O.I..H........=..z.?..U......?.t^.z....]xL6.m........x
.O.S%.D"....=.......J|......[......F...MW.O....y..Z.....u.GNUd....h...
..w.E5...a.*.(@...._..#*XJ.Wh....I.m.~I.......W..j.....u..V.....n.....
UzV...(K.[......K...mO._.........>.....]x5...=.......>.....]'./}
7..../...^.E.@{../};.}.?....i..a..>.....UxU.X.u?..;[._....T........
./...^.E.{../k/....%......k>.j?.....^.E.{../kO....K...Q......x.
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.wpm HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.54 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:19:12 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.54 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 04 Feb 2015 20:30:01 GMT
ETag: "2015b-6ca-50e490d4402ee"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Mon, 16 Feb 2015 10:21:06 GMT
Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..150204200915Z..15050
5201415Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H.............Xb.F.M4hYy.h~...2.... .. ~.A4...F...gyQ.....:_..g.|
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQCJu4vX6KBCDTazDOA5oCs6Cf2BAQUmeRAX2sUXj4F2d3TY1T8Yrj3AKwCEDMnuhAflYDHQTFEqFhIr/s= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com


HTTP/1.1 200 OK
Date: Mon, 16 Feb 2015 10:19:32 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Sun, 15 Feb 2015 10:58:37 GMT
Expires: Thu, 19 Feb 2015 10:58:37 GMT
ETag: F9404BADEB0A231FA9F19F837C40A6BE2F59D7EE
Cache-Control: max-age=260944,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp5
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0........@_k.^>....cT.b......2015
0215105837Z0s0q0I0... .........&./_...4..3.....'......@_k.^>....cT.
b......3'......A1D.XH......20150215105837Z....20150219105837Z0...*.H..
................p3.p..F..'.WH.|....]..[]..=-N7/vV....<Z...B.#=.....
[email protected]..../7I...}..$.....r..c..N\...4..}...N!..q..E.6.w..h.W..
....S..7..Z..!y..wao..f|.d.Pw.IK.j._..Q.....O...:....g..h....B[...6a.f
...Q. ....&x..a...vE..q..-@.&.i-K.E..Zq....*..u.......{=..x...



GET /v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.RegWrite HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:30 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.42 ms","message":"store 1 action and 0 upd
ate "}..0..



GET /ping2.asp?uid=302894767&tuid=3090520&sref=TTV_18-4N_0_ie_extra&gid=27&bundles=TTV:1|IMI:|V6Y:1|SSC:1|WEX:|CLX:|PMD:1&fmrp=&avdt=||x||&grid=16022015_16022015&tba=1||vm|pm|pm4||ge||vm|pm|pm4|1&yodt=&sawdt=|&imdt=&fmdt2=&wsdt=&pngrp=|0:success|2:OK|4:OK&dct=|wxp|msd|icw|opb|dtm|ws8|&dip=&bld=18IJ&cnt=ua HTTP/1.1
User-Agent: Inetc3A (Mozilla; pm ; FW 4; WinNT 6.1|Windows 7 Professional N; wd 21032013; ge |w|4v|c; sd 121827-175240; fl 0; ie 10; ch 02|39.0.2171.95; ff 1; dbw ie|; hb 0 px 0 co L2 pm 1)
Host: data.infopackinst.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDACDQTBDA=ABKCLFNAGIFODBGCLHDEBAKE


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 16 Feb 2015 10:19:31 GMT
HTTP/1.1 200 OK..Cache-Control: private..Content-Length: 0..Content-Ty
pe: text/html..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date:
 Mon, 16 Feb 2015 10:19:31 GMT..



GET /b3rNON HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: goo.gl
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 16 Feb 2015 10:17:31 GMT
Location: hXXp://s2s.yac.mx/ads/adsavess?sid=yac&ptid=bxk&subid=${SUBID}&lplink=hXXp://VVV.yac.mx/download/config/down.php?pt=bxk
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 252
Server: GSE
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Age: 123
Alternate-Protocol: 80:quic,p=0.08
..........m.Ao. ...........&.........Iw.....)...~.<.K..._..KJ.....y
....i...}..|[email protected]?p.>.gs4.R....r.Hf..
{$..6/"(..<cl.6..&TW......k_m.#...2/fp.p=.`.....*......2.;...1...8.
V.(...N3.........F..,......X.. 8.C..T......&0r.G...HTTP/1.1 301 Moved 
Permanently..Content-Type: text/html; charset=UTF-8..Pragma: no-cache.
.Expires: Mon, 01 Jan 1990 00:00:00 GMT..Date: Mon, 16 Feb 2015 10:17:
31 GMT..Location: hXXp://s2s.yac.mx/ads/adsavess?sid=yac&ptid=bxk&subi
d=${SUBID}&lplink=hXXp://VVV.yac.mx/download/config/down.php
?pt=bxk..Content-Encoding: gzip..X-Content-Type-Options: nosniff..
X-Frame-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Content-
Length: 252..Server: GSE..Cache-Control: no-cache, no-store, max-age=0
, must-revalidate..Age: 123..Alternate-Protocol: 80:quic,p=0.08.......
.....m.Ao. ...........&.........Iw.....)...~.<.K..._..KJ.....y....i
...}..|[email protected]?p.>.gs4.R....r.Hf..{$..6
/"(..<cl.6..&TW......k_m.#...2/fp.p=.`.....*......2.;...1...8.V.(..
.N3.........F..,......X.. 8.C..T......&0r.G.....
<<< skipped >>>


GET /inc/v12/geral-201309170947.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: obj.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: application/x-javascript
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 14096
Cache-Control: max-age=25270450
Expires: Sat, 05 Dec 2015 21:53:33 GMT
Date: Mon, 16 Feb 2015 10:19:23 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........}yw.F...;..w...Q@.^..{..ZK.c....;.(....$!....:L..oU......L.
..[.D.........LViT&Yj..I..w.|...../YnE...>>..v .X`......i`Ge.!/.
x..{^N?DYZ...}..;K...K....8.V.(....<..b9OJ..s.I.;....x...<..3...
u.i..\...UX..3..-Ic~.z..~...."[..#.O......E......{...m0.lh:.8i...9/Wyj
.R^Dl....lD.mo....;S.z...X9.O.. N.9K.l.._...'...<.......2..y.......
.F.....|.\...3...Yq...e..]..s.....A....WyS...X!./.|..\.tn.E.Y...9.9v..
-K .y..YB.._..3v.d.d.y......4..|........\qt..M....q......Cw.Y.O..}.\.4
>.%..9w7|^........K...[..._.3...`VL..#..h..v..;.....l._.B..../x....
j.N...:..Iot*....h......f..zVE.<\.`..,.!......I.D......6..l.....K.[
X....E<N.~..q.s?......z ].n^[email protected].|L\..^.....jVG]
..R2..H..;"....H..t5.o........H....vQ.....[..$..2.B...V...^.......z.s.
q.....c$.H..Z.6....&s.vi.....m.m._/...(..e......F..6z.gW.....Ge.N... 4
A......~..o.Y..d}J.Y.^......_....F..x..........][email protected]..........<O
5}..(.xg.S. .....hB..e..RZ........&H.G[.....w.F.....zN..(.-3.Pf...Z..-
.".q...E.....aB.y.T...*q'3.[."L..?.g..>.....J..`.O...d-..Sv.LY..}P.
%........$.....k..d{@... ..=...<X.Xd..W.s .,X..k...d..L`.......JA..
......./........a~>.'i.gI..NB...\&.v!.F...tum.........._..}.. }LA5.
@..5.....s.W"3d.5;O.l......DCj..U..K.3..4j........8..YY......U...I.5.'
[email protected].^..&S..].VA........sz..V...H.7...<..(........
.$Q:[email protected]*.....h.D....Z*.qo.-.D%.p..x...E.....,K.
...W........J.,..1L. 4...Gqri%`.R..1.GsV....Y.m K.y.....3..}...>.b.
.....(.n...S.........f,.4...... ......h.<.-^[email protected].
<<< skipped >>>


GET /dc.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: stats.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
Date: Mon, 16 Feb 2015 09:08:29 GMT
Expires: Mon, 16 Feb 2015 11:08:29 GMT
Last-Modified: Thu, 05 Feb 2015 17:35:24 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15844
Cache-Control: public, max-age=7200
Age: 4255
Alternate-Protocol: 80:quic,p=0.08
...........}i[[email protected]'...{.ww..K
....&..q..n?...7r.(e........{..A?.I*"..&.n.M....H... ...".aw.V....D..B
.0.........K....:...EYN.......=...........k....'. ...p'.D..W2U...@p...
.....L.~O_A}...^....q.].G.........I....7....N!.(..N....Hl.'~.^.......r
...@..~.W..'. .b..P...`....B....v..j..'...b..%.,cO$....1..C.......4.~.
PB(.px<q.Yt.A...>..@..{..B.?wc..cE..q.Y...v.....7.Ff.~I,...=.Q..
....t.%..q.V.......go......S.CHA..J....J.N...,V.2.5.YZ2..,..._rb..$.l.
*....P/......r.I.x......P./.T.}YV...<V..........E..e.*.K.$......uBa
K..1..yI.v...4q...z.?....o.{.}.=..j...-....@.......?$....J..Q..T...}.g
.....q..k.......6... ... ?p..y&...k......].=.(..W&...b..P..DM.p....gY.
.H...p^.&.....y(.|..s...P.._]:..].X.DI......`.{.......f.,.e..9..P".F.e
.....9..R..ac..c.....W.i*..E//.^}..f....z>..2.H..*<j^.....v.).Z.
q=#..KW...ib B.....U 8....M...Q.....2 8..F......pE^r.......B.[..2.....
....q..`.I>;o....... .!.......m..P60I.bK.lG..V.......s....Qy.8....#
.^. ..G......7.Ze8c.sfrr..SJI...1.:.\YW..j3..H%...........e.c.7...[.n.
..-{[email protected].=..jR....]....xz.`.<.....}..*`.\..8.u.B
vc.ue.S[].EV...4...)......JUZ.vb..\.....7....%f..26#.H].r.u...~....../
.-.x[{5 ....,.<.[....6.T.[..r..l.ZX...[E.m.o>?U..c.[.v.....$e../
~8^..xJ....R..... H..iq......H..4.5h.j<..l..ucc.....Jj....-3.W(...U
8u..kF..a%`]3..C.`..a7.X.......-.$:[email protected]".u...TjC.J~.Ym5..%
[email protected] ...!NY...Qy...*..5..MN....x~1T..Qz.T.e.J...M[.....Y?e]S
[email protected][0..G..y..
<<< skipped >>>

GET /__utm.gif?utmwv=5.6.3dc&utms=1&utmn=1410390823&utmhn=VVV.baixaki.com.br&utmcs=iso-8859-1&utmsr=1683x901&utmvp=792x554&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=YAC download - Baixaki&utmhid=112016769&utmr=-&utmp=/site/dwnld109843.htm&utmht=1424081964576&utmac=UA-144680-1&utmcc=__utma=248450708.1811958267.1424081965.1424081965.1424081965.1;+__utmz=248450708.1424081965.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~ HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: stats.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Wed, 11 Feb 2015 19:08:42 GMT
Server: Golfe2
Content-Length: 35
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Age: 400242
Alternate-Protocol: 80:quic,p=0.08
GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..
Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 200
4 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/g
if..Date: Wed, 11 Feb 2015 19:08:42 GMT..Server: Golfe2..Content-Lengt
h: 35..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-re
validate..Age: 400242..Alternate-Protocol: 80:quic,p=0.08..GIF89a.....
........,...........D..;..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=515973
Content-Type: application/ocsp-response
Date: Mon, 16 Feb 2015 10:19:25 GMT
Etag: "54e19dfc-1d7"
Expires: Sun, 22 Feb 2015 22:19:25 GMT
Last-Modified: Mon, 16 Feb 2015 07:36:28 GMT
Server: ECS (frf/87A7)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0215200000Z0s0q0I0... ............([email protected]....>.i...G...&...
.cd ...._.M.[........?;....20150215200000Z....20150222200000Z0...*.H..
...........^.H.j......pt6f.B..*E@.?W.M......U.....O...Ky..k...... ....
.(..h.L-....V...2_`x......%........DQ..*....Mq.0]....e.K....b...p.....
....W2.,..=8.........7..Z(."......F...E...g....4%,8r.-p..v..V.^...Ng..
.|.#...X.G.....`.T..<..#.R......tVH.l........2.R.|C...V.....
.


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=517729
Content-Type: application/ocsp-response
Date: Mon, 16 Feb 2015 10:19:25 GMT
Etag: "54e19688-1d7"
Expires: Sun, 22 Feb 2015 22:19:25 GMT
Last-Modified: Mon, 16 Feb 2015 07:04:40 GMT
Server: ECS (frf/87AC)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......P.s..)...... ..y.H....2015021
6065000Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H...
..p.x.f..7.L.%o. ....20150216065000Z....20150223070500Z0...*.H........
........s......?#......c...`..{..w2dX.".A.Av..hr.h_8E.......Y... )....
..{.......u.[....P.d.$.H..... ..E.....z...RW.i...J.d.k....?........M7.
?...7.........Y.T..w.&C....J7.t.,}.M.FV..@$..)...9}......&8~z...p.ej.R
...J,..~m..z>j..._..I....R........z...w.'.gr...UR..HTTP/1.1 200 OK.
.Accept-Ranges: bytes..Cache-Control: max-age=517729..Content-Type: ap
plication/ocsp-response..Date: Mon, 16 Feb 2015 10:19:25 GMT..Etag: "5
4e19688-1d7"..Expires: Sun, 22 Feb 2015 22:19:25 GMT..Last-Modified: M
on, 16 Feb 2015 07:04:40 GMT..Server: ECS (frf/87AC)..X-Cache: HIT..Co
ntent-Length: 471..0..........0..... .....0......0...0......P.s..)....
.. ..y.H....20150216065000Z0s0q0I0... .........H...{....*.....04....P.
s..)...... ..y.H.....p.x.f..7.L.%o. ....20150216065000Z....20150223070
500Z0...*.H................s......?#......c...`..{..w2dX.".A.Av..hr.h_
8E.......Y... )......{.......u.[....P.d.$.H..... ..E.....z...RW.i...J.
d.k....?........M7.?...7.........Y.T..w.&C....J7.t.,}.M.FV..@$..)...9}
......&8~z...p.ej.R...J,..~m..z>j..._..I....R........z...w.'.gr...U
R......
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAUrS5AHQf/JoVwhLSfIhlY= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=513613
Content-Type: application/ocsp-response
Date: Mon, 16 Feb 2015 10:19:29 GMT
Etag: "54e1993e-1d7"
Expires: Sun, 22 Feb 2015 22:19:29 GMT
Last-Modified: Mon, 16 Feb 2015 07:16:14 GMT
Server: ECS (frf/87BC)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......P.s..)...... ..y.H....2015021
6070100Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H...
.. K..A...\!-'..V....20150216070100Z....20150223071600Z0...*.H........
........s..Z.....G..R.M..jR.....P}.}G..Y.qy..".F.-.7.&./E.h...2M...E..
.9P....G.NHtVI...#u.......#....T.L0..P.&...].3.R#Z....r!.....{..D6y...
.....LL6.t...H.a...i....\.<.4b.............G..Fs.....(3.JE7)i..I...
R..*.".k.........7'...-.....:.(...$........<ep.&......HTTP/1.1 200 
OK..Accept-Ranges: bytes..Cache-Control: max-age=513613..Content-Type:
 application/ocsp-response..Date: Mon, 16 Feb 2015 10:19:29 GMT..Etag:
 "54e1993e-1d7"..Expires: Sun, 22 Feb 2015 22:19:29 GMT..Last-Modified
: Mon, 16 Feb 2015 07:16:14 GMT..Server: ECS (frf/87BC)..X-Cache: HIT.
.Content-Length: 471..0..........0..... .....0......0...0......P.s..).
..... ..y.H....20150216070100Z0s0q0I0... .........H...{....*.....04...
.P.s..)...... ..y.H..... K..A...\!-'..V....20150216070100Z....20150223
071600Z0...*.H................s..Z.....G..R.M..jR.....P}.}G..Y.qy..".F
.-.7.&./E.h...2M...E...9P....G.NHtVI...#u.......#....T.L0..P.&...].3.R
#Z....r!.....{..D6y........LL6.t...H.a...i....\.<.4b.............G.
.Fs.....(3.JE7)i..I...R..*.".k.........7'...-.....:.(...$........<e
p.&........
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.ds HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:00 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.51 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:19:00 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.51 ms","message":"store 1 ac
tion and 0 update "}..0......


GET /v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.finish HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.78 ms","message":"store 1 action and 0 upd
ate "}..0..



GET /dl/c/cf4e57c3bac15f9fb2508102d4482b60/uolbig.png?1423655848?width=194&height=97 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img2.clickjogos.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.6.0
Content-Type: image/png
Content-Length: 41360
Last-Modified: Wed, 11 Feb 2015 11:57:28 GMT
ETag: "54db43a8-a190"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Accept-Ranges: bytes
Cache-Control: max-age=2272404
Expires: Sat, 14 Mar 2015 17:32:49 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
.PNG........IHDR...3...........R?....gAMA......a.....sRGB.........PLTE
Liq.6>./7.<E.>E.-4.*0.06.,2.6=.'-.?G.BK'kz.9B."'.HR.Q].LX.DN.
."!Xc.2;#ds....4;"!....7YX.lt....AC<XQ...... q~......9d^8ge$FG3jl".
.*...;?&V]2..Gm` KP...HB*B9$.)."^k...>..w..L..75")MM.\_.$./ST=..&).
?_Y<vx9"./bf"..4...y.D.. *"...9|.{..@..~..q..c..3..D%.J..G..=@-:..,
0$|wB?on;RJs..oqJv..H..[5.4..fP,X..>...26Zsb^..FJ6RVBU..]bH...P*.F6
.E........R:.Mtkb..R.tPL-3LFSL9bmU.'....n.....Q..fC.QdUjuW....##u.....
E~v...`[=...*A<YF!FYJ.0,...h..}(.f#.#75......0:-{..5E<....d<x
X0mi?k..m6...q..S`.tW...^..n>.xS.!.X..`[email protected].=...u..
...P.>..3.....T.....Q ..F...gc,...oM?........k.k'...|...}:...n..Z{r
...s.}.V..k....m.zf61mqn.......eR.......o.d^Z....W..i............Q....
.........oh....B:....y;.......A...~..W.TR....Z2........O..d..........k
N....{_........t.....%.zz.................tRNS.........D........IDATx.
...h.g~.-iN{..Z....h..v..cwC..8.(XLre3.GFgJM..>.0.um.D...z.n.F.2...
.\}..F.s.q........,...}..$...M..........JN{....I.....}.........g`.?...
......z#....c.|.p0.....J$.Q:...~...........*...I..3:..r&.\.3....\....z
.j..*....x....,.;.r..:.|....a.~/.....?....W..G..x.....).?... ..qB.....
....O...X....o....z.....y..6.....y..,b .,...... 2s`.'.o.l..L.........A
^.y.*.[..i\.r.....r.....1....*A...x..F..[.`......,df...).......d.Z....
f&...?` ..,NG.cd.nd....M02>9d...:...S...e....P...h....~...#........
...&8.......y|.)..b.2.L#.f.>..uBC....H'4...y'b.....\........,kd.|..
.HMsS.VE5EMA.0.....H...i.h..B...~....x=d...y.k=...R1.0....`..!Z<
<<< skipped >>>


GET /pixel?google_nid=openx&google_cm&google_sc HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/xbbe/pixel?d=COmvGBCUmxsYu8XYAw&v=APEucNWv3qQwKXGn9CemT46FcVnBYbOhla7GGDsFVVqUhj-RfQqYaVKMGQGcmrkasDqinvyfcbtISl6-zilKufG5jlb4G65nB2RI1rUS0rDyNoI4XpPsDpQ
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: cm.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFX62yVRjgt0VB5JGzFZd_4&google_cver=1
Date: Mon, 16 Feb 2015 10:19:29 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 294
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://us-u.openx.net/w/1.0/sd?id=537072991&val=CAE
SEFX62yVRjgt0VB5JGzFZd_4&google_cver=1">here</A>...</B
ODY></HTML>..HTTP/1.1 302 Found..P3P: policyref="hXXp://googl
eads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo P
SAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Loc
ation: hXXp://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFX62yVRjgt
0VB5JGzFZd_4&google_cver=1..Date: Mon, 16 Feb 2015 10:19:29 GMT..Pragm
a: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no
-cache, must-revalidate..Content-Type: text/html; charset=UTF-8..Serve
r: HTTP server (unknown)..Content-Length: 294..X-XSS-Protection: 1; mo
de=block..Alternate-Protocol: 80:quic,p=0.08..<HTML><HEAD>
<meta http-equiv="content-type" content="text/html;charset=utf-8"&g
t;.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H
1>302 Moved</H1>.The document has moved.<A HREF="hXXp://us
-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFX62yVRjgt0VB5JGzFZd_4
&google_cver=1">here</A>...</BODY></HTML>....
<<< skipped >>>


GET /delivery/rta/rta.js?netId=2028&cookieName=cto_rta&rnd=44384999123&varName=crtg_content HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: rtax.criteo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Date: Mon, 16 Feb 2015 10:19:24 GMT
Content-Length: 163
crtg_content = ''; (function(){document.cookie = 'cto_rta='   escape(c
rtg_content)   '; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; domai
n=baixaki.com.br';})();HTTP/1.1 200 OK..Cache-Control: no-cache..Pragm
a: no-cache..Content-Type: text/javascript; charset=utf-8..Expires: Mo
n, 26 Jul 1997 05:00:00 GMT..Server: Microsoft-IIS/7.5..P3P: CP="NON D
SP COR CURa PSA PSD OUR BUS NAV STA"..Date: Mon, 16 Feb 2015 10:19:24 
GMT..Content-Length: 163..crtg_content = ''; (function(){document.cook
ie = 'cto_rta='   escape(crtg_content)   '; path=/; expires=Thu, 01 Ja
n 1970 00:00:00 GMT; domain=baixaki.com.br';})();..



GET /jquery-1.10.2.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/usuarios/din/GooglePlusSignIn.aspx
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: code.jquery.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Mon, 16 Feb 2015 10:21:38 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 24 Oct 2014 00:16:07 GMT
Vary: Accept-Encoding
ETag: W/"54499a47-16bb3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Encoding: gzip
9501..............k.#E...|_..a..].50gGF.i....6t..c.>j.l..*#...X....
."2..$.a..?8.K......Gd.......~...l.:.;<.{.....{[O..>.........f6.
UE9..>........r.._.O.q>[..........|..9...f..................?...
G..f6V..<.zw.F..Y6..A..:/......{.r....1).7W.....Q...ineS*.t........
..zpr...:..'.......F.K..o......M"....M.....7..^U>..L${........o..u&
gt;..d/..{...n......f>.....n..g4XT.c6..g...';.g....:y|....Nv.q..rf/
......:f/....w./.g...ON..7.~.....O..v. ....WTS.....ON_.~w.s.;......O].
v...z..g.P.......UO...|.......R.?..........1%...T.q._f=......=e....tNO
O._........t2.=........=..<.....:.............t./g7..r..d..%..>f
T.W.............h..>....;..k...h.wY._.z...ho4.|.....XT.,./..i9.t..`
H.H......U....<.M.<.FU.{...S...zY.G.?5........<.*_..^......Y9
c...t.O:....a/.7W.1z.^.6'y5._Z..N9.1.4...hv....Z...a.G........J.zp.x.?
.....5..y.6.0..x.e.w..<*...y/..uY,T..kP.......(....}....i.=`9;..".?
.]T.....?....O.2Y...Y....6.w.^.],.......G.0...r9...........q..5DQ.8...
~...!..l0.*.5..E.n............yW...z4_.......2.1..Y9._....^....8.0...e
...^..^./*......b..tT..~.s>..R...w...5.....n.....7....~..FU.G...%;r
..J.."........:.r...G.J..(..q....b.=.X...<...-....0.a......C.o..V..
..[.S.U..PD.....J.r...F.z...Y..Z..7..Tds.y.....U.m............W._.....
..8.......N.s..dUi......E.....S...Y... .*...8...,...?8.....w.......g.7
...h.K.Q...tn......^...|..am.^.*..~..Yu......q.0..=.s<`...Q..rR.^..
\.".0.Y..U....q.a...@=...."...w9._.\`.s^...........g..[.@o....(.(_.d..
.`'........e.&V..tg...G.......dvv.?9.y..V.).4...^.$k.[e.zR...W6...
<<< skipped >>>


GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "51dff7c69a24b508bd5d601f6799f5c2:1424080522"
Last-Modified: Mon, 16 Feb 2015 09:55:22 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Content-Length: 856
Connection: keep-alive
Content-Type: application/pkix-crl
0..T0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150216094300Z..150226094300Z0..<
0....X...140427081922Z0....v...140618150003Z0........140429180917Z0...
.....140709194633Z0........140416233935Z0........140521155053Z0.....).
.140617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..140
606204021Z0........100729164439Z0........140606222139Z0....%...0205141
81157Z0........140725020038Z0........100729164732Z0....M\..14043000044
2Z0.....-..140617185011Z0....uU..150118022133Z0....V...140624123102Z0.
.......120627171025Z0........100301134531Z0........140618143256Z0.....
...120627171017Z0.....>..140711125531Z0....[...100730213120Z0....j.
..140226123519Z0...*.H............zU....=.Z....4......IE<..k...IA.K
.. .]5....Co.7.T......:...d...".n.4.?L#*......j..0.fV...xum.-4..*.....
G.U>8...i|......l...'[...HTTP/1.1 200 OK..Server: Apache..ETag: "51
dff7c69a24b508bd5d601f6799f5c2:1424080522"..Last-Modified: Mon, 16 Feb
 2015 09:55:22 GMT..Date: Mon, 16 Feb 2015 10:19:25 GMT..Content-Lengt
h: 856..Connection: keep-alive..Content-Type: application/pkix-crl..0.
.T0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equif
ax Secure Certificate Authority..150216094300Z..150226094300Z0..<0.
...X...140427081922Z0....v...140618150003Z0........140429180917Z0.....
...140709194633Z0........140416233935Z0........140521155053Z0.....)..1
40617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..14060
6204021Z0........100729164439Z0........140606222139Z0....%...02051
<<< skipped >>>


GET /?product=firefox-34.0.5-complete&os=win&lang=en-US HTTP/1.1
Host: download.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=900000-1199999
Cookie: optimizelySegments={"245617832":"none","245875585":"direct","245677587":"ff","246048108":"false","869421433":"true"}; optimizelyEndUserId=oeu1401956287616r0.2603029596469415; optimizelyBuckets={}; __utma=150903082.1617578787.1401956289.1401956289.1401956289.1
Connection: keep-alive


HTTP/1.1 302 Found
Server: Apache
X-Backend-Server: bouncer3.webapp.phx1.mozilla.com
Cache-Control: max-age=60
Content-Type: text/html; charset=UTF-8
Date: Mon, 16 Feb 2015 10:19:01 GMT
Location: hXXp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar
Keep-Alive: timeout=3, max=500
Content-Length: 0
Connection: Keep-Alive
X-Cache-Info: cached
HTTP/1.1 302 Found..Server: Apache..X-Backend-Server: bouncer3.webapp.
phx1.mozilla.com..Cache-Control: max-age=60..Content-Type: text/html; 
charset=UTF-8..Date: Mon, 16 Feb 2015 10:19:01 GMT..Location: hXXp://d
ownload.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US
/firefox-34.0.5.complete.mar..Keep-Alive: timeout=3, max=500..Content-
Length: 0..Connection: Keep-Alive..X-Cache-Info: cached..



GET /req?v=7&upd=1&new=1&id=16281561560&acc=13767&tit=YAC download - Baixaki&utm=248450708.1424081965.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&id=16281561560&acc=13767&tit=YAC download - Baixaki&utm=248450708.1424081965.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: navdmp.com
Connection: Keep-Alive
Cookie: ac3=1; ndi=16281561560


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:10:48 GMT
Content-Type: application/x-javascript
Content-Length: 6
Connection: keep-alive
/*OK*/HTTP/1.1 200 OK..Server: nginx..Date: Mon, 16 Feb 2015 10:10:48 
GMT..Content-Type: application/x-javascript..Content-Length: 6..Connec
tion: keep-alive../*OK*/..



GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0c3c4bdcec0f4f0d HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
....


GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?66899ad98b7babe8 HTTP/1.1


Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..C
ache-Control: max-age=86400..Date: Mon, 16 Feb 2015 10:19:25 GMT..Conn
ection: keep-alive..



GET /s2/oz/images/stars/po/bubblev1/border_3.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ssl.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 02 Apr 2012 00:13:23 GMT
Date: Tue, 10 Feb 2015 18:11:11 GMT
Expires: Wed, 10 Feb 2016 18:11:11 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 43
X-XSS-Protection: 1; mode=block
Age: 490098
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
GIF89a.............!.......,...........D..;....


GET /s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ssl.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Apr 2012 00:13:23 GMT
Date: Tue, 10 Feb 2015 18:12:04 GMT
Expires: Wed, 10 Feb 2016 18:12:04 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 318
X-XSS-Protection: 1; mode=block
Age: 490045
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
.PNG........IHDR...'...!.....m$B.....PLTE.............................
.........tRNS.."3DUf..X-....IDATx......0.DQ.I1..........o,G..;>e.6I
.<[email protected]@jOs8 [email protected].}.................}F........BY. ..Pv..P.
.B.1 .1.G.....Z.6{.4..L.x.tM.]Z.'Yw/.xa=.V.zf.N[.........x7..a.....2.E
..f8`"....~_..K...T..^......."=[....IEND.B`.....


GET /s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ssl.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Apr 2012 00:13:23 GMT
Date: Tue, 10 Feb 2015 18:11:06 GMT
Expires: Wed, 10 Feb 2016 18:11:06 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 116
X-XSS-Protection: 1; mode=block
Age: 490103
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
.PNG........IHDR...............y.....PLTE...................@t.....tRN
S.."DU........IDAT..c.1....t....{\....IEND.B`.....


GET /s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ssl.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Apr 2012 00:13:23 GMT
Date: Tue, 10 Feb 2015 18:10:45 GMT
Expires: Wed, 10 Feb 2016 18:10:45 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 117
X-XSS-Protection: 1; mode=block
Age: 490124
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
.PNG........IHDR.............v.......PLTE...................@t.....tRN
S.."DU........IDAT..c.`.....R.%l..G....IEND.B`.HTTP/1.1 200 OK..Conten
t-Type: image/png..Last-Modified: Mon, 02 Apr 2012 00:13:23 GMT..Date:
 Tue, 10 Feb 2015 18:10:45 GMT..Expires: Wed, 10 Feb 2016 18:10:45 GMT
..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 117..
X-XSS-Protection: 1; mode=block..Age: 490124..Alternate-Protocol: 80:q
uic,p=0.02..Cache-Control: public, max-age=31536000...PNG........IHDR.
[email protected].."DU........IDA
T..c.`.....R.%l..G....IEND.B`...



GET /rs.php?p=torntv HTTP/1.0
Host: bringsomedata.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Content-Type: text/html
Date: Mon, 16 Feb 2015 10:28:15 GMT
Server: Apache/2.2.20 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.6-13ubuntu3.9
Content-Length: 30
Connection: Close
extra,,DownloadSetup.exe,ua,ie..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=515973
Content-Type: application/ocsp-response
Date: Mon, 16 Feb 2015 10:19:25 GMT
Etag: "54e19dfc-1d7"
Expires: Sun, 22 Feb 2015 22:19:25 GMT
Last-Modified: Mon, 16 Feb 2015 07:36:28 GMT
Server: ECS (frf/87A7)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0215200000Z0s0q0I0... ............([email protected]....>.i...G...&...
.cd ...._.M.[........?;....20150215200000Z....20150222200000Z0...*.H..
...........^.H.j......pt6f.B..*E@.?W.M......U.....O...Ky..k...... ....
.(..h.L-....V...2_`x......%........DQ..*....Mq.0]....e.K....b...p.....
....W2.,..=8.........7..Z(."......F...E...g....4%,8r.-p..v..V.^...Ng..
.|.#...X.G.....`.T..<..#.R......tVH.l........2.R.|C...V.....
.


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=517729
Content-Type: application/ocsp-response
Date: Mon, 16 Feb 2015 10:19:25 GMT
Etag: "54e19688-1d7"
Expires: Sun, 22 Feb 2015 22:19:25 GMT
Last-Modified: Mon, 16 Feb 2015 07:04:40 GMT
Server: ECS (frf/87AC)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......P.s..)...... ..y.H....2015021
6065000Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H...
..p.x.f..7.L.%o. ....20150216065000Z....20150223070500Z0...*.H........
........s......?#......c...`..{..w2dX.".A.Av..hr.h_8E.......Y... )....
..{.......u.[....P.d.$.H..... ..E.....z...RW.i...J.d.k....?........M7.
?...7.........Y.T..w.&C....J7.t.,}.M.FV..@$..)...9}......&8~z...p.ej.R
...J,..~m..z>j..._..I....R........z...w.'.gr...UR..HTTP/1.1 200 OK.
.Accept-Ranges: bytes..Cache-Control: max-age=517729..Content-Type: ap
plication/ocsp-response..Date: Mon, 16 Feb 2015 10:19:25 GMT..Etag: "5
4e19688-1d7"..Expires: Sun, 22 Feb 2015 22:19:25 GMT..Last-Modified: M
on, 16 Feb 2015 07:04:40 GMT..Server: ECS (frf/87AC)..X-Cache: HIT..Co
ntent-Length: 471..0..........0..... .....0......0...0......P.s..)....
.. ..y.H....20150216065000Z0s0q0I0... .........H...{....*.....04....P.
s..)...... ..y.H.....p.x.f..7.L.%o. ....20150216065000Z....20150223070
500Z0...*.H................s......?#......c...`..{..w2dX.".A.Av..hr.h_
8E.......Y... )......{.......u.[....P.d.$.H..... ..E.....z...RW.i...J.
d.k....?........M7.?...7.........Y.T..w.&C....J7.t.,}.M.FV..@$..)...9}
......&8~z...p.ej.R...J,..~m..z>j..._..I....R........z...w.'.gr...U
R....
<<< skipped >>>


GET /windowspm/up?ptid=wpmvt&sid=WindowsMangerProtect&ln=en_us&ver=20.0.0.1714&uid=&upv= HTTP/1.1
Host: VVV.theviilage.com
User-Agent: Mozilla/4.0  
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:20:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14p1
1..1..0..



GET /v4/sof-windowspm/?action0=xa.geoip&action1=visit&action2=install&update0=ref,wpmvt&update1=nation,us&update2=language,en HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:21 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
3d..{"stats":"error","time":"0.13 ms","message":"uid is not set"}..0..



GET /v4/searchprotect/267123711_198339_B48A115F?action0=xa.geoip&action1=visit&action2=install HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:22 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.02 ms","message":"store 4 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:19:22 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.02 ms","message":"store 4 ac
tion and 0 update "}..0..



GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBQL/mvtX4G40i11eM+z5k7NQa9tkwQUC1Dsd+8qm//sA6EK/63G5CoYxz4CAwCDew== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: gu.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1427
content-transfer-encoding: binary
Cache-Control: max-age=541936, public, no-transform, must-revalidate
Last-Modified: Sun, 15 Feb 2015 16:47:54 GMT
Expires: Sun, 22 Feb 2015 16:47:54 GMT
Date: Mon, 16 Feb 2015 10:19:30 GMT
Connection: keep-alive
0..........0..... .....0.....u0..q0......ee....L.J...N.cS......2015021
5164754Z0f0d0<0... ..........k._...-ux...N.A.m....P.w.*..........*.
.>....{....20150215164754Z....20150222164754Z0...*.H.............r?
....[...~......P..V..^.TH.r..U...;[email protected]..?{.....!.j0.~S...y.~.}/
z1...2.4ET.. l........~.H'0...^^.j:..9..%......7.._...(i.P.t.W... .R..
?........T.3.YP..:..f.q....by....!B..a..h....u..bn\R.........)e......2
..]...__f...y..y.9I...0....V..^#....C...........0...0...0...........0.
..*.H........0f1.0...U....US1.0...U....GeoTrust Inc.1.0...U....Domain 
Validated SSL1 0...U....GeoTrust DV SSL CA - G40...140829234248Z..1505
22234248Z011/0-..U...&GeoTrust DV SSL CA - G4 OCSP Responder0.."0...*.
[email protected].[.yTC...r..95.3.t.......?.[.=.... 
T.#O.p!.l.]D.D...w.7.V...k...kWg.B.z<$.m.l...i.U}.......B"..s@.....
.....s._...R.....*...._....)v..c\.`<.z...f...,..h.V3..Pk.I.C}T.U4VJ
Jb........u....y..'.x..gSH....=.}.e.......b....{....x.\..N.I\....K?...
....=........0..0...U.#..0....P.w.*..........*..>0... .....0......0
...U......ee....L.J...N.cS....0...U.%..0... .......0...U.......0.0...U
...........0!..U....0...0.1.0...U....TGV-B-2130...*.H..............3.i
P55..9.y......y....;qD...mQ..........c~2.0......"....[.:nS...vQ.e.....
[email protected])..I.....0#^Wu..z..,..1....c.}...2P.!p....0.
e.'..%:.W...a_...E.....|.y....b..........0..S5.'~..X..N.g....K^..t.c..
s.oS......S.V;.....C.....IhvK.)...,.-_*.E...
<<< skipped >>>


GET /w/1.0/sd?cc=1&id=537072991&val=CAESEFX62yVRjgt0VB5JGzFZd_4&google_cver=1 HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/xbbe/pixel?d=COmvGBCUmxsYu8XYAw&v=APEucNWv3qQwKXGn9CemT46FcVnBYbOhla7GGDsFVVqUhj-RfQqYaVKMGQGcmrkasDqinvyfcbtISl6-zilKufG5jlb4G65nB2RI1rUS0rDyNoI4XpPsDpQ
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: us-u.openx.net
Connection: Keep-Alive
Cookie: i=b29b88f0-adee-4d70-5603-ceaacd3ce446|1424081969


HTTP/1.1 200 OK
Server: OXGW/10.91.1
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Content-Type: image/gif
Content-Length: 43
Cache-Control: private, max-age=0, no-cache
Connection: close
GIF89a.............!.......,...........D..;..



GET /Fan/rebirth?uid=267123711_198339_B48A115F&ptid=ild&ver=4.0.1.1716&dname=istartsurf HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: up.soft365.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:19:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14p1
Content-Encoding: gzip
14........................0..HTTP/1.1 200 OK..Server: nginx..Date: Mon
, 16 Feb 2015 10:19:22 GMT..Content-Type: text/html; charset=UTF-8..Tr
ansfer-Encoding: chunked..Connection: keep-alive..Vary: Accept-Encodin
g..X-Powered-By: PHP/5.2.14p1..Content-Encoding: gzip..14.............
...........0..



GET /ads/adsavess?sid=yac&ptid=bxk&subid=${SUBID}&lplink=hXXp://VVV.yac.mx/download/config/down.php?pt=bxk HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: s2s.yac.mx
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: ngx_openresty
Date: Mon, 16 Feb 2015 10:19:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.22
Set-Cookie: think_language=en-US; expires=Mon, 16-Feb-2015 11:19:34 GMT; path=/
Set-Cookie: PHPSESSID=mcd1em4j2jvhpdnvov5dpebb33; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
302 Found HTTP/1.1: 
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Location: hXXp://VVV.yac.mx/download/config/down.php?pt=bxk
1ac..<div style='background-color: #ccc; height: 100%; left: 0px; p
osition: absolute; top: 0px; width: 100%;'>.<div style='backgrou
nd-color: #fff; border: 2px solid #f00; left: 0px; margin: 5px; paddin
g: 3px; position: absolute; text-align: center; top: 0px; width: 95%; 
z-index: 99;'>.<p>Please See: <a href='hXXp://VVV.yac.mx/d
ownload/config/down.php?pt=bxk'>hXXp://VVV.yac.mx/download/config/d
own.php?pt=bxk</a></p>.</div>.</div>...0..HTTP
/1.1 302 Moved Temporarily..Server: ngx_openresty..Date: Mon, 16 Feb 2
015 10:19:34 GMT..Content-Type: text/html..Transfer-Encoding: chunked.
.Connection: keep-alive..X-Powered-By: PHP/5.4.22..Set-Cookie: think_l
anguage=en-US; expires=Mon, 16-Feb-2015 11:19:34 GMT; path=/..Set-Cook
ie: PHPSESSID=mcd1em4j2jvhpdnvov5dpebb33; path=/..Expires: Thu, 19 Nov
 1981 08:52:00 GMT..Pragma: no-cache..302 Found HTTP/1.1: ..Cache-Cont
rol: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..L
ocation: hXXp://VVV.yac.mx/download/config/down.php?pt=bxk..1ac..<d
iv style='background-color: #ccc; height: 100%; left: 0px; position: a
bsolute; top: 0px; width: 100%;'>.<div style='background-color: 
#fff; border: 2px solid #f00; left: 0px; margin: 5px; padding: 3px; po
sition: absolute; text-align: center; top: 0px; width: 95%; z-index: 9
9;'>.<p>Please See: <a href='hXXp://VVV.yac.mx/download/co
nfig/down.php?pt=bxk'>hXXp://VVV.yac.mx/download/config/down.php?pt
=bxk</a></p>.</div>.</div>...0..
<<< skipped >>>


GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 04 Feb 2015 20:30:01 GMT
ETag: "2015b-6ca-50e490d4402ee"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Mon, 16 Feb 2015 10:21:06 GMT
Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..150204200915Z..15050
5201415Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H.............Xb.F.M4hYy.h~...2.... .. ~.A4...F...gyQ.....:_..g.|
<<< skipped >>>


GET /install.gif?bundle=istartsurf&ptid=ild&uid=267123711_198339_B48A115F HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: log.very911.com


HTTP/1.1 404 Not Found
Server: Tengine/1.2.2
Date: Mon, 16 Feb 2015 10:19:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 668
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>404 Not Found</title></head>..&
lt;body bgcolor="white">..<h1>404 Not Found</h1>..<p
>The requested URL was not found on this server. Sorry for the inco
nvenience.<br/>..Please report this message and include the foll
owing information to us.<br/>..Thank you very much!</p>..&
lt;table>..<tr>..<td>URL:</td>..<td>hXXp://
log.very911.com:8080/install.gif?bundle=istartsurf&ptid=ild&ui
d=267123711_198339_B48A115F</td>..</tr>..<tr>..<t
d>Server:</td>..<td>us-pub00.v9.com</td>..</tr
>..<tr>..<td>Date:</td>..<td>2015/02/16 04:
19:00</td>..</tr>..</table>..<hr/>Powered by T
engine/1.2.2..</body>..</html>..HTTP/1.1 404 Not Found..Se
rver: Tengine/1.2.2..Date: Mon, 16 Feb 2015 10:19:00 GMT..Content-Type
: text/html; charset=utf-8..Content-Length: 668..Connection: keep-aliv
e..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html&
gt;..<head><title>404 Not Found</title></head>
..<body bgcolor="white">..<h1>404 Not Found</h1>..&l
t;p>The requested URL was not found on this server. Sorry for the i
nconvenience.<br/>..Please report this message and include the f
ollowing information to us.<br/>..Thank you very much!</p>
..<table>..<tr>..<td>URL:</td>..<td>
<<< skipped >>>


GET /bxk_v12/logo-nzn.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: hXXp://img.ibxk.com.br/bxk_v12/logo-nzn.png
Server: Microsoft-IIS/7.5
Date: Mon, 16 Feb 2015 10:19:25 GMT
Content-Length: 166
<head><title>Document Moved</title></head>.<
;body><h1>Object Moved</h1>This document may be found &
lt;a HREF="hXXp://img.ibxk.com.br/bxk_v12/logo-nzn.png">here</a&
gt;</body>HTTP/1.1 301 Moved Permanently..Content-Type: text/htm
l; charset=UTF-8..Location: hXXp://img.ibxk.com.br/bxk_v12/logo-nzn.pn
g..Server: Microsoft-IIS/7.5..Date: Mon, 16 Feb 2015 10:19:25 GMT..Con
tent-Length: 166..<head><title>Document Moved</title>
;</head>.<body><h1>Object Moved</h1>This docum
ent may be found <a HREF="hXXp://img.ibxk.com.br/bxk_v12/logo-nzn.p
ng">here</a></body>..



GET /b.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/gif
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 43
Cache-Control: max-age=27682845
Expires: Sat, 02 Jan 2016 20:00:09 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
GIF89a.............!.......,...........D..;....


GET /2014/05/14/14181700895757-t100x100.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 5089
Cache-Control: max-age=29168536
Expires: Wed, 20 Jan 2016 00:41:40 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................d.d.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?........
.p.g.> ...>.j.....o.......H...1..X..8..eAP......I.CP.y.....Y.;..
./r...Q.Q....O.K.gi&....;....f...q...6...B..Wv....?...,F#.).N.vW.#....
.....E#.......v..i.._.R> ...I{...k.......U.#....g....4....)........
....L|J.........K..;\M.}^..........;o.i.._.R> ...I{...h........E#..
.....v......../._r......gk...1. ..G...)/...........|A.........><
6.F[.......?......RTh......U.......c.W....?.R^.........B.5...%....H.U.
....V..R....H.f.=2.Xv ..0.qIJx:..,...EG.Z....~.....a..OG..?gm7.p....._
O...\.;....I...GS.k... .G...^..|(.a.........nT..5...?* ..w..8..R.o....
~....j.ucy[W....b..i_...5...[5q>CW.~...i.h..m..x.T?.......,......W.
..... R~.^...-..>.>..]k. ......p#...c.(&.B?.....<..5.q...'...
R......P...1.u`......S_`|F......^$..W..n.....I.hZ......d..... ....{...
..xJ4\..y..&......S..u.(A.....~I.5...z|k................b...R.W.?.?..o
.x.....^)..3a..Y.d.^[email protected]...'....v.*../.O.5...:...-.. .e........
<<< skipped >>>

GET /2015/02/13/13164117027081.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 89767
Cache-Control: max-age=31383692
Expires: Sun, 14 Feb 2016 16:00:56 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...T....
...|y.?..SY.%.n.f.....J.............g[... ..I.q.F:.........CV..E..y...
...&....z..{r0&.%........M..o..\M....J...........j...?..)?...~....c?gA
.K...Y......i............g.#.F~.....&?..sO.....U|d..............&.o..k
.|8............../eG.6W........._.M...M.....W....{..'.#....S../cE.f...
..|M....*...K.......x....R...-..w.Q.*..4..c..o.x....U.....?..5.....~.G
.b?..MN............&..........o..k%|).{.OO.[..z........A..?........:?.
.7..5........P.9|%i..?B...../3C.....D..........o..k<xF..~.........O
..../2...'.../..h......f....R...J....).....].G=a{.^e.....?3..f.....x..
.........S....?...|.....,...........|x..._7..5W..  q....v..[....w.....
.=........O...{M....F.......8xR.......O....x..If.......Q.Y..........."
.OM.........R....a\[email protected]..:}.E.!^.....
...w.....5zO..L1..!...8.sK....T......p$...4...C8.&....j...5...i..7....
...V.`.t....o..]....4...O?.f....l...!~...J.......j..0{8.)..=.{I7..
<<< skipped >>>

GET /2015/02/14/14164751962337-t474x237.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 46521
Cache-Control: max-age=31394517
Expires: Sun, 14 Feb 2016 19:01:21 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....Q.%]
......h............!....^wa.5...-.r........t..!.......O...Y.|$.r..!..Y
-.y<...>.s3\}........I.[..=....g......W.....p8.r?..\u...>.p..
......^.J.....g........k.4.b=..gmp.7.2.....u. L;Wl.n.......J.....to.~.
:/.......n.....f.L.....m....z......U1/.B.[.......z..}o..a..j....;.u...
.<.GYn.8X........n.....<..[.U.F:.......Y. ..U\.?.~...D....v..A..
.....=....#.....Xy....@'.).?SZv....m4.C.'.d...........,...........<
=..'... .`..z`W...M..&...=...'....7..`n|.......X......3.O,q.hYikv.HF.Q
.a=..b;.<.-D...#.w.7H.u.9ZE..#. ...V....9V_.....5n.V...|..H.*F(...]
.4.Q..Y^O1s......&tH..<.$x!W.....r1Y"..j.e.;.}.J.,b.].cj......O.i..
..u:6..&O-...\....&.M.Qk_.....h...^..>..<-n.4./$ ...x..7]......F
Cm...jU.C.u..Ys..g0.....Y....\B....0~...k...k60.|....p.A...N.....yV...
c.....Y7sH..6....,..b. ........5xo.....G...W1u.'_!.5..S.Y.j..<qN.G.
..=1.4. .G..;.f..f...T.S......4...H...3g. }k...i|..,;.;wn-... -.e 
<<< skipped >>>

GET /2015/02/14/14161108993313-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 15786
Cache-Control: max-age=31392672
Expires: Sun, 14 Feb 2016 18:30:36 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....../.
o.....Wz..}6.e.y...\.....r:..8.=g]....a.{X.Oq...4....$q.y........!...9
.<zo..~.%........2xf..(.|.W.2*..eA.~j.p....`....A..J..^0..|7.j.Z...
....5....W.........\..F3..y8:.i.83.4MN..^....h5...m....9M......D..n.e[
.....RK..T...4z....0.n... .?....\g.%..KM../...i{5....s.o..?-R8........
..5.....x.=7.'...~(O...XCi|t....y..p.pBm.7A.9.3.&...R=ih.......RK..k..
....G...H..|...rs....7N.e...n.TmO....{.`........`B.c.^.<wZ.....I..e
..0...v...il...v..[....3/.w.......kn]ud.m.x...]7I.lo.....Z}.w.w...d..N
..$..r.A.5...o..V.....C.......kY.!..-...8??=7.x.. ..?.k.o.z...xuh....9
.%&..Tu..1....W>.[......//.>...2....0..).9.....F.....FN.WzjN.QU.
.Z..{..6......LZ....s..3.....}...U.Mn_...>.....\..{,....T)a.n..F3..
.KJ....e ...%p....Y..c.w.-..oY..G.r>.5..kMW..O[.....ikf{....V....2c
(.|....o.'....R..Z...L...........63...t2.%T....w...e.e..7,Jt..$..B.2.O
..b...%v~v....'.n...O...t_.i.p.o.[...=..A,....}1\..<Y..K.n/4.e.
<<< skipped >>>

GET /2015/02/14/14133415261218-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 18131
Cache-Control: max-age=31382138
Expires: Sun, 14 Feb 2016 15:35:02 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?../H..n.
.R, 6.....r._..$u.q..?`o......./..nHm5..i.j.......Md.....>........u
j.F)]....08Y._-(.u.7..n....e.%...N.t......u.l..{.......-,.}..&.[......
........x..q-....?...4.eQ..N...s....C....._....A.....j...M....h.7 G.Q.
.I.....lH....i...c.yl.U..Z...v.....k.......}.gt./zW.v.j...._E........&
gt;<.........V...ts)..~G.....9..T.W.?.....q.G.....:.n..U.%....e.A.d
.h..m..J...........hz......^[email protected].;.w..Pv9..^.........6...$
.$...5y]......3C...@..'p$.k.s.&.b...T.#..N.j./...p.$}.....v.a..!...4..
[q..]w..I./..7.T...w....<f....a..b........#....T,2...V....~!...?...
P.?.4....][O[3......X.s.ylv.6Km.g=...?...!|.k..MW..7.........c..9$t.&l
t;-. .,.G..?6...=3......]..j^.........M.Z.3.o&...rJ.Go7*....u..r.j.&..
...N.IK].......LFb....z ;]9o.v.mW.:k..3....}.-.;q...Z...My........U.`.
7.<.bM.T...?...o...^3...}|.h.E..-...KK..l........-.5.w.......3.....
.......u...g..~..9..~.....;o..]]...:"v.`[email protected]..?A..W...Q.Mi..K
<<< skipped >>>

GET /2015/02/13/13154010751871-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 10206
Cache-Control: max-age=31333272
Expires: Sun, 14 Feb 2016 02:00:36 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..~.....
.ho.^L....|'m7&MgV.:.x..[. W...~.....-x......j^.......>T...........
.W.][email protected]|?.3K.I..v..W.s$......._...Z.......Q..yq.p..Yk....m.....
...;.2Z.l, Pm....j...o..J.s....fq.y#&.S^.f..m......P.....m.{..........
E}K.G.....?.n.U}...Z........{[email protected].~.^...Z......]....g\M.e3....
.U[.d...{7.o..4wh.'w..7....._.g.....{v......:....;k..es.,s,NI.......4-
C.Z....X^iz..!.........Ut`.O.UB........H......2.>g.....*...In.7O..7
..}.dM.f.....k37..:_H..Y.Z.......p_=v......._.t....%..M...Z....l.<.
!*. ....H$....s... ..f......sx..^.....b}f...K......V..*.......i.F.\...
......ly....9DpUd....F..*....._V.s.......>..~$.6.k...As..}......B. 
|..`........V..!|2...mb..y..\i./......U.....#.t<..V..Ax... J.....| 
t...).....1.2.....8..}3......|......|/....B....h.z.......$... ...`k...
...|.EMEIT~...i..R....R}^.....fY...e.e...>... z$.....].j...m..&..?b
_..^(.V....~&.6V.h...-.4..Yv.UH..r:..|.................>....R..
<<< skipped >>>

GET /2015/02/13/13192241950335-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 11289
Cache-Control: max-age=31316626
Expires: Sat, 13 Feb 2016 21:23:10 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.."Y....
....PF...(V._...Q...H<.....-.U.x..:.N....8....VO.k.e.....T..m..Pi..
(...)........EY..eFS....^.'..~..7/.Z..#a.1..*Y.j....i.MM}..=W.W.....I[
].........k_.XYM%..p....`.p.r.=x..:W.v.7......U.9.xO..>.<..M....
...W^.......W.j0]...[.e[x..f.%w..<.....Tpu.{t..[.Cg...5??.. .7.J1..
M.nn.4~.j...o....XVK.e.......:.F....q......s..k6CG.G]_TE.[.<.eh.\ol
[email protected]|Tm.c.T....sf....&.q<....e....@`N:.......]..'..5..,.4..
.F......g.>l..s..K..yo..N...KF.....K..z...xg.K....i....K~.....x....
.s..>6./.....!..}J...ZF.ei{eot.sn...ba.$wU d._.z6..).yd[...9...C...
....#.. 8...9...i..>5....~(.....'..>.8..... o.....](..7...OJ..f.
*...m....[...f.}|u..*.J...}:Z.....&....."..I..;X..sz.m.....;.........~
D.._.m.h..Z...4....Y.K*.k.V%. .....OE..sZV../...f.uo.|m......McF.{h.F.
S.......O..e...?e..Y.`...E.A0..|.....ev........#.2..Pu...M....[..)...J
..T.7k F._}......6....6.B.q...I#Gs....Y..a ...^.....l..... ..j..&M
<<< skipped >>>

GET /2015/02/13/13182738923272-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 13783
Cache-Control: max-age=31313298
Expires: Sat, 13 Feb 2016 20:27:42 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.."o.jN.
..u.....?.W.....%......X.n.W,r.:.~...-*Mm|<..........b...9.0...Bk..
..mEt:(..j)7.........%Ww..k.-<.z.......O...>...._.A....5..I....m
....uW..Q...wO.....)..m..G...E|.e..V..(...}...N.jr[.C.......o..[.$R.@.
P.9._.x.X......B..wd...C..y...........S-..P}>T.....?..q..........n.
....'$n9?.{.L R..Uw..#.. Q..6~.........>0x.o..i.X..:.......C...|I.j
..?k........4_..w.}f8.eY..!.G.Pg.8<|..,...|t...m.....&..X-...a..n.Y
 .....o....c..............F...zIY..W...U.._.=..7....>..b..j..E`....
k.x5..UR.= ..k.=...J....Oj_.x........y....N...y....$x .....x...z.X./.k
q...M...w0?....a.l.E~p...p...u..'.m...m6/..E#e.tX.%O....Px9...W..E.U..
e..G .....~..........p..a..ge............a.(...;FZ.?'.k.../........{..
.:yS,........;Pg....W....k].Y.S'.m.;o.hv..{..p.L.....9b. t.... _.&.<
;!.{&Y,/..fe......#........../.ZN.m.x......|...b`[email protected].
...T...z..._k.V.6....2d....}.....at{T.'yJ....-.......q..M...;.w.q]
<<< skipped >>>

GET /2015/02/13/13182151587263-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 6649
Cache-Control: max-age=31312959
Expires: Sat, 13 Feb 2016 20:22:03 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....N*..
X.X.m.e.S......1v?A...4.Kk.k..5.%_....n...zv.=?\..{..n.S......K}....7.
XX.a..m?..[}....[x....~.o.Y.Y.8....x.;k.....r.3...YV\.J.={...b`.~.....
..m...y....9..r.....o...e..g..OAX.o....j...~..\j..$....m....{..o.b....
.^^F..!....h..7 ..c......~i.y._......b........X@|.;TzW.|2..o.ym./.....
[email protected]_Y.........4...y6.m.m...8...>..6.........*}.t...(.....
.kT.Z........4....... i3<~J,.A^5....z..Mf..3. .u.f9Y...9.Ms..].....
..W,.'.G.FU)..................|.>..y.....kh.U.4.Ev..iF.Y=........_.
Hu.5..V3.1..^Q...Tz...s..7......5...........~.|4.K.kuq:.Kx.B.:._(~...P
n$..&.N.c.x.?.....l|._.~..*......".$p...#.o.6.-n.......j..........y..x
.... .......*`.y...*UYW....Q.pj.R...j..m.b.Bd...V.=....2U9W4...~.Z.f4.
A.<.9j..Q..i..EFs_5...;...[..M.......W...._..g..M..Q.D.X|h...1.P...
..j.d.....j~6.....l.1{..x....q\..4...*.h..]..q.rvHv..5.|&.......Q..#..
...|...E.M2.........>Z.vH$x...8.u5...O.L..f...6...P.=....<'.
<<< skipped >>>

GET /2015/02/13/13175143861206-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 9625
Cache-Control: max-age=31311110
Expires: Sat, 13 Feb 2016 19:51:14 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..G.....
..Ul...K8h....@..[~j.hx.ZV.e..Ik.*..f.m.GJ.o..,0W..Xx.._..e...(..._x..
....c.'.........,a.W.e...........U.o.'...iZV.k...:.....>.....Gp[...
.....4.ZB...._...:'....[l.....:..t.$.....VC......2... ..2.9.I.}^W.9.c.
x.- ....W~I......M..*....[.Y.._.......5..<=...o.E.$lT`..D.g.Q.p ..8
9....#..K....../.!......d.7VZ..... .I.H.I.Y...(...F...F...........31I.
-.0S...?.......Z.9g4.}..(.S2.{|..TyR..b...yYE(...}.}~..T..|..../o.y.[.
.m.;x[O.F..W...T.w..A.-_XxG..O..5g.h:...h..b[K.>.;.[.?.....=.5.....
T.R.......c.....V.8.........cCWL\S.....T2..*........-....x..Z...;b3q..
...Z..d....3..W.>*....~.>..ky>9x.P.N..4.....(....NIniN.J.....
W>.6.GU.X.}k.w..a..........#...;........Z..&..oac..09*.6......._wxs
....$..eK...V...y.j0/.Z.............W..~.|[email protected]/.
Q|..H....H.p..q..jir..j......W.R...%Ru"..(..&.M'.I....s.'..._x3E..-a..
.4.yu hI1.]4Jf.s.......%..k.cL.....-x.^..?.....KY.a{...9......./..
<<< skipped >>>

GET /2015/02/13/13174113586180-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 8265
Cache-Control: max-age=31310496
Expires: Sat, 13 Feb 2016 19:41:00 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...A.<
;sMA.R%[email protected].>*8R.A...!...A..G.6....iiVqKr.`o)H.......
..'d.V......-.r.:.8..5....4}CO.;X.6..9.O^...i..J....A7F`..z.}..k......
 ..y.~^h..<..dy....<...~..g..m.o.f@_\..zu......Vi.9....4.......x
c..u.....{5m.=..y.%Yq....W.9..k...%x..MJr..f..8.......r..C.g.3...T...a
.....C.{9...:......v.i.&..#l...O....~5:...Y.l.h.<...1.....:..^j..A.
1t.Q..L.../..x.Oj.7.g......H~;..9..Z.G...E.R....T.F*y......*......Eq..
.B....~\..s.............w......f.h.G$.1.C.q.....Z..-t.$jVh...xo.q.....
..7R....;e.3...;......T..]...~....>..wf....*..m.8.w y.....n...}c..p
.{p...J.....h.......J.....wz...P..;..4.c....E_.,[email protected]..\UYF..@."
...`.n9.....b..H.&....XE..G.J..........[...Z.p=.B..#......Kfdo.c......
..... ..u....e....{..V.......U......R....9r.H.<!...r....M........X.
f....k.-.#h. {g.8..,..... [email protected]{..s.u...m.h...De'..?...d......c0*...
_.>...\.....O....]2...`d....3.....z..I......r(.#n....../5....].
<<< skipped >>>

GET /2015/02/13/13174210386182-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 5891
Cache-Control: max-age=31310649
Expires: Sat, 13 Feb 2016 19:43:33 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.....(..
.(.....m.."...O&..7....N..<U......~ .R.L.G.{$....dC.s.29..WZ....WH]
CZ....d.KU..."..........f..y..-. ...A.....u.%..........f.o.i..m....(.r
.w...Xr:..u..>.....|?.i....=...B....Mql....@%c'[email protected].
.P..UV...-.H.-.gk......EW...j}..:...P.E..|d......S...x..lt...=....Uz".
..U.wf..>B.............!~....y...-.1..4.8.&..U..$?........xr.......
.5.z.g..\....\...f~..N"$p.=o.).Ej....3......zi..?e....N.N .P..T.dul..M
ox..Z..E...e..a.C........h. ... .....!@ .k....U..._...v9........mr.CP.
._ N....# ...S-..-..|..U.E..|....j.;M&..v.....e...q.....u......q.;..{{
{-=.kx..o6.K@.."~\...[.Ic.....g.Ky....}[email protected]...... .7#[email protected]
9l.=Q.,.0[./.I|`.....}.5..l.Ej..Mr..I.\.e<(..ym.R.h.k%...a/.6....3.
...Z.........7.......p.e......>I..y^..].. [\M.).(.pk...{..O.B~....~
...............1.d....2.Fk...|?....8a.&..^Y.q..m.. ..........p...<.
.O.._.=..Y.b......2h...ZY^jP..V......X.A. a.. ...|.;-..~.....S....
<<< skipped >>>

GET /2015/02/13/13174354391195-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 21122
Cache-Control: max-age=31310632
Expires: Sat, 13 Feb 2016 19:43:16 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?......C.
|D.}....,.....w.s[.[)...$......9bF[5..!._.x.O...... .Ee....U.V". |..T.
...dr...?........-Al....7z}.....a..6.9...;W.|3.......Z.V........E....l
..B.3......n.v.F5#.E.....~..-|~*... Ek.%d...f..{_e.e.....}.xB......N.|
.c.W*V.5q.F..o-.._...5..........xV..T..D...-4y.c9....G.c.........G....
v.._}...?.Y:.{.rRef.u..O....{........KG..e....R.430.%........Sx......k
.X[.J7.d.....Yy-Y..8.........^.....c.us|M.. JM...1......h......-....'.
)..An.B.w..f .....$..H......b.._...d...ma.. ......5H.X.I...*..P....O_N
.......C.x........._.h>!.0.N`...e6......x.....9............. ......
.....Kk&..W.d,.....2.....r......./.c../...6..wO.._....q......o(....6..
.....z.6.Ogu}5....z^...S...?...?.t=D_..".n...7..2..i...60.f).1...R.s^.
...6...>4j...,.M,....4V.....U.b..8.r.C...~...<S..%...C.-..g.#y/.
~........].O... ...|d.?l...-....k6.....S[H.Z....q....j......$W.......t
..4....!myZ.4u...Mt.w.7/..mZ8...A]I.M..m...~w........x..r?..k.....
<<< skipped >>>

GET /b1.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/gif
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 43
Cache-Control: max-age=27682638
Expires: Sat, 02 Jan 2016 19:56:42 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
GIF89a.............!.......,...........D..;....


GET /bxk_v12/bxklogowhite.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 5288
Cache-Control: max-age=27682746
Expires: Sat, 02 Jan 2016 19:58:30 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Connection: keep-alive
.PNG........IHDR...............%....oIDATx..[.tUU..*.X..A...aPG.A..c..
*...... 2*. .EZ..$t."UDj.PCo.C............f./y..p_.^"....Zge.....{.w..
...M..r......6.6wo>.....yeS/.....r...T.. S.G.S.c.M...4.o1...."K....
..=..G.m....[..o.....o.Z.H.yu.%.%....../i>4....3..0.~?......=sqG...
..s.kz..ju..z.O..f^.w.#-o..P...5.d7|..`......._d....=.....".._..&X....
........_...x...~n..}[email protected]..)..l....q.......=K5.7..[.,S..()....
.5V.....,,Fw..G.>]T....1lM.|.K.....;........0g..3wY1yk....`.."t.aA 
/3ni...<s....g.C.....j.......l..b.. ;....{...6...[1o..?..cm...C...@
..]wJ~;U.......7.6...p`K..Y..}6.<*...0}QUm....o.d.._...9t6u..v.u...
)?..L.~GX....q...nwD.......a1Yg.F$O....].r*.ud|vLj.........b.pw.y...gR
.r.do.m<..p..k.U.......0y.....GK.Hp.>i...v.|...5..'V.N.........S
pS.Jl8.....d\.*-.5....y..6...C.._..WEd.Z.,W............I3...J...TI..'.
.....Y{K...........,.I{%...z.9....h..a*,.x<..UZ.J....d...O..x=.]U..
.<...n..........MY..Cxl.y...7....^.5z-.n~e5...h...[.3...."..s..../,
.g....E..V.._d-(...........Ke%4&3......B]V\..VU....-.._.....w...4C?WHt
f............../.K .k.o...a......{.;....D..E.#..-$..,@M.tY.CZm...n....
A.9..n/.5.u.}:i.p.yb.^.......M..U..R....).w.....Q...}..m.......b.A8.lu
......-.....&.rb...L..(....q...g%..vW...a ...p.^[email protected].
..R.[].%O.|...;.'.#.*.*....d...c.y..g.u...X...L...8...t9%/3*5/.BRn....
.G..m..(o...q.!...-?..._8....9....))o......=....O..*......K.,..QO..J..
.|G"y.... ..b.,..b\.....O..C..o..]......E.>0. .Z. ..N..ouK.bV...6..
...?/.0......L...`\..z_uH..I.......[...:9.K4.;...i.....M.[.4....a}
<<< skipped >>>

GET /ns/rexposta/layout/rex-default.png?w=220&h=165&mode=crop HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 26857
Cache-Control: max-age=28274738
Expires: Sat, 09 Jan 2016 16:25:03 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
.PNG........IHDR.............7w......sRGB.........gAMA......a.....pHYs
..........o.d..h~IDATx^..gt.W...........x........%...!..P..$.9..D...s.
98.gl.6..&...".....*.T:.]...Z.Z..-....{.s..B.................YV7B.. ..
.."{M0...!..X.......x.4....pi../m...Z9..t...........N..WF.......9.e...
B..81}..-].CK..d....g...Y...t..q.4.....26`\.....&f...Vk1..F.....S?F.).
...O`..........X{...........w7,...e...d~..........cX.m.Z.......D.. .).
.r .[.%....-.2.a.r.1....wF.^..9.-.....scF...y8.l.\6......Q.....}? ._..
...k1...........a..S..@..$Y...K....!.L....$..b.......G?......X.L.M.M..
..p.K.l$dr.X. ..YH:.6{...\..S-.....0..K., .qgQ.\.E"9!......7b(..l.'M..
....& .....V..8p..t].Q.........0.d..c.......?.d.H...;..m....".<h._G
:N.~.jC....d..}..p.$]..:.&.....O...tM..:...!...).v.i.*.....[....;(....
f.b&...........B....H.../......p?P).I.9"....\.)..:....q#vS.X.j....J.$K
.1.Rn..t.K..REI5...)..!..t4..A"......N8(1s<.p..^.A...#.........j.$.
gD .J...u.~..T0=.2.........ocF.....i.r...l.......%.w..*'.t\.Q.=.nZ.8..
k.o;.O..R.c...V$.......F.....RN...`.B?.......s.1,....6..Y.X*.{..t.$.Q:
3.q.iC.....1...7.;...f..J%E-!..4.J.E.l,.\,[.p?.Z.o.9/...;{..h...\>N
I_..]. d.^T......(....T.....J_..H...J.Y...e...S....[H..T......*. ^..o.
....(.=.X..<.T[..T3..s#{....~../...(!I....9UB..z.......H.~%....J..?
....?(..q....n....B-.......'kM......lz..|Rz)'Rm',.?%......r../J-g....s
....g..{y.....p.P...T....&...=.=.r.~../.d.p80..%..L..;..E.)..,K....E.n
0...p?Q.....#.,%.|.H....64...R>.."2...>..nc.i.2..8p....q..=.j_9-
.... .*}.L(3h.j%&..;../...J.xE.b....2m._...Y..[..H..X.........r0.L
<<< skipped >>>

GET /icon-reply.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 1067
Cache-Control: max-age=27683733
Expires: Sat, 02 Jan 2016 20:14:58 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
.PNG........IHDR...............w&....tEXtSoftware.Adobe ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:2E6C67E36B5B11E4A50C
F8E4C75619A7" xmpMM:DocumentID="xmp.did:2E6C67E46B5B11E4A50CF8E4C75619
A7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2E6C67E16B5B11
E4A50CF8E4C75619A7" stRef:documentID="xmp.did:2E6C67E26B5B11E4A50CF8E4
C75619A7"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>...e....IDATx.b.{.8.....v .....X.....@.
...0.Px..C.)[email protected][email protected]...../(....0g.4....
@|....X.....*.{. ...`....@[email protected].. ... ..... .........p.2ni'.....IEND
.B`.HTTP/1.1 200 OK..Accept-Ranges: bytes..Access-Control-Allow-Origin
: *..Content-Type: image/png..Last-Modified: Sat, 19 Jan 2013 00:00:00
 GMT..Server: nginx/1.6.0..Content-Length: 1067..Cache-Control: max-ag
e=27683733..Expires: Sat, 02 Jan 2016 20:14:58 GMT..Date: Mon, 16 Feb 
2015 10:19:25 GMT..Connection: keep-alive...PNG........IHDR...........
....w&....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adob
<<< skipped >>>


GET /aep/tag/br/br_nzn_baixaki_redir_970x200_5adsx4.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: akfs.nspmotion.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "44403928a69829d0ec7554505d1265a8:1423841968"
Last-Modified: Fri, 13 Feb 2015 15:39:28 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Encoding: gzip
Content-Length: 603
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
Vary: Accept-Encoding
..........}S]o.0.}&....A.NRh.R.a.Zi..*.m..!..!......U..][email protected]....
...%., & \.\,....-...nL...r. f.........&.|&.......*..7.k.....J.\i.....
=UX...)..Z..l'17.)[>..P<..H.Z3.........7.y......}.m..n.g.7..@...
.v%c $.JH?...G.R&6l%..&..<...,3.q?.zK......Yd.H...R.X.6!H.[%./.....
. .........u..l..*M])7..`..<B$.].a....Q......R..f....o...G.=...Q.hl
....V.*;PTl..Zm...!......T.w.V$$g....eXQ..{[...]...r..G........{b.f.mN
o.0.iD/(..>..<......Ve...a...0..9..NpW......G.....MNC...j2$.....
.....h<..x6.\........Y......y2JrV.)kG.q.....3[P.d.*.p....`...R1..Gj
~.M.u.G..GG(w...N..WGh}*.n...>R..1..7[..*..`..y..vs|r.._..t-....ont>....


GET /dhtml/aep/aep-full-11.2.1.min.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: akfs.nspmotion.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "edef5c51ae9a44b99d06b7320266bfe9:1423669762"
Last-Modified: Wed, 11 Feb 2015 15:49:22 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Encoding: gzip
Content-Length: 16195
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........}}........4......l.;...I..m...w....9..%.%Q!%.Y[.....$@QNz..
...x...7...d..Vi.p.O>....{..jYS..g<dya.../..V.u.......r^..A.0...
..|....w.......yZ.........JLr.X.....s K.h.....Uf..Wk...*d....t1...AW-(
..B3E...X..pl.....A{V.E.9_....J../,g5..}!k..u.s6k....T.u....ze..X.)A..
.E4[.8..=K.........4..`.8N..gq.._N.Z..YZL= N..p.....#..Z0.^.[...Z.B...
.V..28.%.t%AT`..4..3I.V....%.:q. ......S.x..f..N-..q.3*.V...X..r..X.E.
...!..,.U.Y...fV.%...t..$5.../V..).Y.,.....B..N.........X.......O.....
....=....wg?]ZP........[......O?......t~rqa...N?|z.z.i.._.......Z.....
K.....Kh.....eS.'................_..........s...t|~y..........?.][email protected].
......C/'.N>^v.WH.N~.........U..'..9..z}.............s...N`d......`
R....~..7....zB..........~yw.I..1......G..........,./....^.x..........
......g....x"ZAP[[email protected],.....=.z.k...zWb..D3...0=...d.c
h.U....>[email protected]....]
?>..l.....H.0/t..,wpl... t...i.....n.)..(..v#8*N.E......u..?n.j.u..
I<H...3..r......~..l........ @gP...|9c.wR...\......T#sH......_LV..^
....{}.|.<l<X.o.<.../.....{...G.s.?......uF..0.O...........$.
4......g.}..x.k_....W|..........`.E..pC.g....... ...P.....}.W.{.....L.
..2..........b.0..PE..%...<g_!..>>n.I=...^Ge.T...Vi..E.....@.
...../..!..b...............:[email protected];...e..6.t[f..f..
.......<.rm5.0A..h..41<.../....0..r....f..qr}.p.w..@...`......0[
J.......&0......tI....J|ds.?...c. d.L^............)X.;.&.0O.m3.i3.%b..
O.....N*.@JZ..)k.........q..x......[.....bb{..K....~>!....v..n.
<<< skipped >>>

GET /aep/css/baixaki-970x200-v3.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: akfs.nspmotion.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "2bd8c6a06faa6cafc93d70064221c7d6:1413382911"
Last-Modified: Wed, 15 Oct 2014 14:21:51 GMT
Accept-Ranges: bytes
Content-Type: text/css
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 16 Feb 2015 10:19:25 GMT
Content-Length: 26315
Connection: keep-alive
..........|.G..\..7v..O..2>"..-K..sfb.E......<o.ey..P......}.T..
.N.....?.[.....?.....E...........y.(....z...].8.C .......`..1._...o...
.......K....._.t....OS..6C._.......{9... .............5....._.....5...
..>]......u..._.....tK.=..........o..8.........Og.#K....._....f....
.4...........#:.c....l...<a.S............w...p...3..wj...m...c.T.k.
......;i..Rv....u..=._.....g[[email protected]..;..w.........>.
..........s.k./.6...Dx....?....f...3dR.{...x._...'..W....7....G...r1.0
......P..'._{h....0.Y...3.....;d......u..._.....s...,.k.P.........'..D
'.=...==#.9./K....n......C.I..w|...F.\R..x............G.Py..T%..f}~(..
. .<Z.....g.S.O........1.gT..T.m4.....T..F.~.x.w=n..{...K.h....^.:.
.....&a,3...... .!..6.\.L...M.6t..1T....UV.../.w.lw.....i....4....m.=P
........:a|.\.........P.."=.zw..dv.c.)....Q....G!y[p.....e.5l....!..._
..P...t#..b.cT....7.^.\....}Ik....$.1....~j..!...... ...V..k.O=.~...;j
[email protected];.....*...}...G..p.\j....KX>i..
.)... 2._..q.\...H4.....b?n=<-..L..t^uR....L...O.3.y.......l..i.3.~
..~......3....c}......t)..."."....,...O..$_V&.3.I.b........<xg.....
G...?....I...(....z....r....F......V...Z........l{.i.y.a....U....w..{.
..p...S..Cl.n.F.~>$.P`.4q.7......*.....K..Q......FEL.u..6 $...;u.4?
...2.....L.Y.._..5.......|....0.i~..![...b.B&...6.d.'.mH..%c}..b..K...
.5........".S Y....K.#i...``u...2]r9..yH......_;............t.ay..u.}.
#-....0/..,t!...Y.|b...H...g..wy#.L....L..0Cr...YcBI.8Q..}...r...E._..
..... !....s=53.N...g1..].....S.i..|%u..A..P..5.....{(............
<<< skipped >>>


GET /plugins/login_button.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f2dc39e66d61a04&domain=VVV.baixaki.com.br&origin=http%3A%2F%2FVVV.baixaki.com.br%2Ff345a9391477eea&relation=parent.parent&container_width=0&locale=pt_BR&login_text=Entrar usando Facebook&scope=email,user_birthday,user_about_me,user_activities,user_hometown,user_location,user_interests,publish_stream&sdk=joey&size=medium HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.facebook.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Location: hXXps://VVV.facebook.com/plugins/login_button.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f2dc39e66d61a04&domain=VVV.baixaki.com.br&origin=http%3A%2F%2FVVV.baixaki.com.br%2Ff345a9391477eea&relation=parent.parent&container_width=0&locale=pt_BR&login_text=Entrar usando Facebook&scope=email,user_birthday,user_about_me,user_activities,user_hometown,user_location,user_interests,publish_stream&sdk=joey&size=medium
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge
Content-Type: text/html; charset=utf-8
X-FB-Debug: hwKY2NL4UH9oywdSmLVETmYFMDwiAljbVxeZhFf60/g7a0ozN5iPdbJEnYE613OVrLv3RfD5RxYjZlzuCXAbmA==
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
Content-Length: 0
....


GET /plugins/like_box.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f8e0d2ecac1abc&domain=VVV.baixaki.com.br&origin=http%3A%2F%2FVVV.baixaki.com.br%2Ff345a9391477eea&relation=parent.parent&container_width=306&header=false&height=190&href=http://VVV.facebook.com/baixaki&locale=pt_BR&sdk=joey&show_border=true&show_faces=true&stream=false&width=300 HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.facebook.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Location: hXXps://VVV.facebook.com/plugins/like_box.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f8e0d2ecac1abc&domain=VVV.baixaki.com.br&origin=http%3A%2F%2FVVV.baixaki.com.br%2Ff345a9391477eea&relation=parent.parent&container_width=306&header=false&height=190&href=http://VVV.facebook.com/baixaki&locale=pt_BR&sdk=joey&show_border=true&show_faces=true&stream=false&width=300
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge
Content-Type: text/html; charset=utf-8
X-FB-Debug: y5eAvFfyOxvcImraPOVhly0sAdtgx8j/3vzL19KNCcRfS19VQ3idRJSUlcI1m/Hk8hvTDWIepQidyL 2MARXdA==
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
Content-Length: 0



GET /inc/v12/v12-20140904.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: obj.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/css
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 10815
Cache-Control: max-age=25270455
Expires: Sat, 05 Dec 2015 21:53:38 GMT
Date: Mon, 16 Feb 2015 10:19:23 GMT
Connection: keep-alive
Vary: Accept-Encoding
................. .... ..om.,.......f....[`.w{8...,.5.-.$'....?.?.*~.r
wf......["..d.X,V..).%U.5..?....b1]...V.f_.....`[V..6... 4(....9...1?.
..c..............4.S.TY2X...<.....n.}^|....cv.~J......<).?f.....
dP...:...%.$...:o.....7YZVI....Cy.ViY....p.^..].9.:.}\..........MV1..d
]d..! ]$.:.W_V.E}LR..49..A..4.......E.mV..hJ!.5.q.[.%..w.#..'....: ...
.T..e..q.fU..l............7....l..}....5.X..&....1f.E.j6_..w.e...9-...
_............\F..j....%....d]....V....5....o..'n%i.&...:I?=V..........
}Y..gQ.};>!. '. ..!....R=.8.......* .g|f..2.O$^.....e....\..d9....l
..r...\..G......5*.']........W{.F........0lic......{6,r..0B.x.`...kS..
...*H...{.u..R.P.........8.......,G1..G.A.I.-.."4 "6 .Y8Jg.....l......
O.......a......|:o..X$_..E.~Z.d...v.K~."...1c]...1....*......T.l...`.f
..X...`.[Y.K&z.....n..q0..yh....I....*........<Ve.....*.U...Q.?.|..
^h..1...`.n....5.....:.t..p.?U..W..9.......|..i.......}}.<..{....q.
..xt<<......./8..*;fIsy..l....`t...$.E5.P.....hS6...0..):f....8D
.R. #.R..r..]DWx.p..'....%...0..M.............0"..\....c......u>E(.
2.V.Yh.Dt.u9w..|....\.@....../u^.l......_.w.f..VtJ;d..D4..S<.j.! 9.
N.j....q..^......J..L& [email protected]..&..V.P.)...
......// ..>.uVb...o..0....RK?  -|.7.P........3..7>.u..u.c.@....
..A..plr...^.l.gs.^.X.a.....s Y..r.48..`cM..W.#.......<(*...w.....E
.4......H...k0...s...u.m.wh..{t9.>...>r..o.(.L~_>.......=|..-
'.........X..N}u<..........%.h.t....I.t.7G...l....{.W>..i...._$X
 .....0..?.u.H...&P.3.....w..-...|O.....l.s..b;.c.V..............S
<<< skipped >>>


GET /PublicSureServerSV.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=864000
Content-Type: application/x-pkcs7-crl
Date: Mon, 16 Feb 2015 10:19:27 GMT
Etag: "2b0045-4741e-89987140"
Expires: Thu, 26 Feb 2015 10:19:27 GMT
Last-Modified: Mon, 16 Feb 2015 03:54:05 GMT
Server: ECS (ams/49E5)
X-Cache: HIT
Content-Length: 291870
0..t.0..s....0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150216035036Z..150226035036Z0..rQ0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSBA0TLeT5Hrk8v73bcU3oAZux9AQUEUrQcznVW2kIXLo9v2SaqIscVbwCEFRZo2V/HDmSXmUpYR/trsw= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: gtssl2-ocsp.geotrust.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1456
content-transfer-encoding: binary
Cache-Control: max-age=568899, public, no-transform, must-revalidate
Last-Modified: Mon, 16 Feb 2015 00:18:19 GMT
Expires: Mon, 23 Feb 2015 00:18:19 GMT
Date: Mon, 16 Feb 2015 10:19:31 GMT
Connection: keep-alive
0..........0..... .....0......0...0.........b../..J.G...~.2.L..2015021
6001819Z0s0q0I0... ............-....<...qM........J.s9.[i.\.=.d....
U...TY.e..9.^e)a........20150216001819Z....20150223001819Z0...*.H.....
...........1~...Gmil"Wa...j.v.g..".(......D..5. ..<.K`H............
.JW...f.....g.&.........N.x.w[.`.?..b..5...cmN..h...kv2.9..`..7...T.b.
........0..2.j......,8;...fQ.?.FrX...0....X.Q;.\..jJ...z.......Z..0..E
....%W.W.pd........"........Td...a....U..........rfv...#.....0...0...0
..........w..X.G.&..kRiD.S0...*.H........0D1.0...U....US1.0...U....Geo
Trust Inc.1.0...U....GeoTrust SSL CA - G20...150106000000Z..1504062359
59Z0S1.0...U....US1.0...U....GeoTrust Inc.1,0*..U...#GeoTrust SSL CA -
 G2 OCSP Responder0.."0...*.H.............0.........%p.O..U{b._...>
.f...M....y#..~iN.c......uF.!H.S.^.=...39..w.!.SPD........1%...6'.e...
..3k.)..m.......d.w2....\PMh....q>.f....v.........L...Y..~8...~WL..
%/.q.....V.......l*.Qr......w.X:9....b...p.0....cu..........M.....=RE.
..Nq...yqMtje..mj....W.z.D/..5g.k........0..0...U.......0.0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-B-27550...U.#..0....J.s9.[i.\.=.d....U.0...U.........b../..J.G...~.2
.L0...*.H.............E.L.W..;..C@..?....JF;[email protected].^.a..)
OB...|..f.../9.Q...:_-7....yG...FF...[.^[email protected]......$x.....N.4....
RjP....r [email protected].$.2..Lb ...RZ..6.....2T|..L......z....:q!.G..O.1.
...OCC:...Z1,%.H..ri...'E.(.j.....6..i.o...9...KWQ..G..0..f..>.*&-8
-..
<<< skipped >>>


GET /v4/sof-windowspm/?action=visit.heartbeat.wpmvt&update3=version,20.0.0.1714 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
3d..{"stats":"error","time":"0.07 ms","message":"uid is not set"}..0..
....


GET /v4/sof-windowspm/?action=visit.heartbeat.wpmvt HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
3d..{"stats":"error","time":"0.07 ms","message":"uid is not set"}..0..
HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 2015 10:19:16
 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunk
ed..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-version: v
4..3d..{"stats":"error","time":"0.07 ms","message":"uid is not set"}..
0..



GET /infv3/index/2507/3rd/6.3.76.1518/67b56c90fe9de8486cb88bd9cca81bcc HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.inipegcc.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 16 Feb 2015 10:18:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.14p1
Location: hXXp://VVV.inipegcc.com/files/zip_r3/2507_8264f25961fbc8f29354e4754a828cac/2.zip
0......


GET /files/zip_r3/2507_8264f25961fbc8f29354e4754a828cac/2.zip HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.inipegcc.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:18:50 GMT
Content-Type: application/zip
Content-Length: 770774
Last-Modified: Sun, 15 Feb 2015 02:24:09 GMT
Connection: keep-alive
Accept-Ranges: bytes
PK..........NF.)fNe...`.......376.db.`...>...6.4....<..A#.<y.
...\Y...7a.....V0YKW.zx....(....N.J8...t.J.-Q..C$....G.!;Q`.. .2I...w#
BX6c............q....kD2..^..^.Y.m......y.......pS...6.....Z........b.
9....'..."......b..R....g...R.gcsw(.xa..x.v.C.]O $.".........3..*.....
....d...}..TS}2%5........w.c.&.."..!...p.'.h.u...C.wh...b.i...N..s^B..
.ru-!\.\.-.....oB...D2..^..^..Z.).v.....N...Ay7ZKN10PK..........CF.1..
T....n......wpm_v20.0.0.1714_0204.exe..Sp,..?~...m........b..m..m.v...
.|.v.z~..9. ...g....~.........k9.y....^,..v..f'F....]..... /.y7*....5Q
...Zh?j...5Nd...P,.'.q.N.......V..A.A........bQ.G.e.....?......../.]R.
.Mf%.q......g.0...... .yIH.r.......y...>I_..........T...VY..%QRE._.
...(......-j..K.Dv........4....N...z...".K.I.;..$i..........$!3.. .i.!
..-.......jy?....g.&...F.LZ9.W.4......y...E...Et.<00.<.d..V..o..
5...-?..(.......B..4.wn...1^.w...V.*.w..s....?c....#5....!J..[85T.u%..
.........dW5;!*.....zQY....8X....c...J.P/........oUh.n.t..'.*d..?.].p/
.......O-..y..[Q |...Xv~.....,...........u..^.Ve.V.l../.2..ef....G(HR.
....a....... ..T{}x.....w.-T...........2...a.I.rE...a....z........i...
]..>N./....a.......9.......i..}t.w.s^.....w..=.gP.......I.?...HM...
..}n..a.........Y-.'/|.zq{.B..s.l.....:...........E......2.F..]_.!^.i^
.......u....k_.../.qj.. 7.K.[.^?..p|.rx)...^p.C................t*....:
H....m..0,..9P.,x"^D..>....(..j.......y......-....".1e@....!.b..h.t
V.X...D..... ...MB.....wf..O......r.....NBE..3....&.3.#...]....%.`.&5{
Q..R z.z..\{.h....G.\e^_......z....r.HO~K..'9|....z.s..S..d. ...2.
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEAdvEkaBRZwo1UjWl8QOABs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com


HTTP/1.1 200 OK
Date: Mon, 16 Feb 2015 10:19:32 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Sun, 15 Feb 2015 12:46:20 GMT
Expires: Thu, 19 Feb 2015 12:46:20 GMT
ETag: 7944B36490ED5D8A4053BE417393363ED957F75C
Cache-Control: max-age=267407,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp5
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........z4.&...&T....$.T...2015021
5124620Z0s0q0I0... ........|.fT...D.b&...e{.z.......z4.&...&T....$.T..
..o.F.E.(.H..........20150215124620Z....20150219124620Z0...*.H........
.....B@.(E..E.....Pq....FC.E......*.N.6<1.........s.%..3Y=.4....- .
D...p....U...t/..Wp 5..5H.. ......*=...9$..D.h. P."...>.,....=.(C..
..^LZt.nZ...!T:...[M..m........r.......4.8..f.....@l{<...A_X.qW.:..
.,.}........D"Btf..'..%/..6.m..0.d|.Tt..[.R.vL...R...5j...-A..



GET /c2/8756095/ct.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: b.scorecardresearch.com
Connection: Keep-Alive
Cookie: UID=120c9bfd-194.221.64.106-1384780341; UIDR=1384780341


HTTP/1.1 200 OK
ETag: "660bd936b3dc78cdaf12e7ba08e44f7e:1360783927"
Last-Modified: Wed, 13 Feb 2013 19:32:07 GMT
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Thu, 19 Feb 2015 10:19:24 GMT
Date: Mon, 16 Feb 2015 10:19:24 GMT
Content-Length: 1050
Connection: keep-alive
Cache-Control: private, no-transform, max-age=259200
..........uUmo.6.. .W(d.PvP`.U.X.}.Pl@.~....)...BRQ.G.}G.v...`.|xo.{..
..t..&....%.=.3.....*k.8..oj...r.q.d]o..9G..9..F=..".qd..uFW..)G..2.#.
./.....>q.T..Q.. .PKkZ..w`...#...d.Q.....eSW...EY)......:...3.Kk.k&
gt;..;f.B;.bDh..2M..c..aHv...dT.q..A.s........K.L.&!....?...q...R.....
............. >.6*.m.n...A..(.W ...N...s.....}.<......*c.!..%Dr.
....\..).my...... ..a...y8.K....1...f.p..&d.Lz0o..E..O.....y.g...5d..y
.7....^.V....v......~..8.e6.B.....Mr........... Q...D......2..=......k
...)O....;.*.....@9it...?a....qlU........H.B..V..\Ex.}.%!... ....0....
F...%.r6x...Y...g...L.7`~.....?...#fi.. 8..e..Y(...|.Y...[2.}$........
...";..>.......\......Va...$.1..[..;.h.(. .>....~.;....r..&..e..
.~M.H....O0...3~1....G..!....).T8.D..Q....g.......".|..#..............
...{_u$...~7C'N......9.GP..r.m..*..(......W.e.....-A.YJ{..!C{\0...`aY)
..a.-g.....L`..*.s}.r...r?v.............(.k4G.]Cg.M.h.@.&.....HI./....
...a.C....z...A.....y.....!.k9..x..,.x......]...7.x...b.;.[.....t.`..G
..n{.I..........h.OZ.K..[.ge.....xK...9.=Z..z.....7.9o6....R..M.Q....&
.....`.P./<.C.^...HTTP/1.1 200 OK..ETag: "660bd936b3dc78cdaf12e7ba0
8e44f7e:1360783927"..Last-Modified: Wed, 13 Feb 2013 19:32:07 GMT..Con
tent-Type: application/x-javascript..Vary: Accept-Encoding..Content-En
coding: gzip..Expires: Thu, 19 Feb 2015 10:19:24 GMT..Date: Mon, 16 Fe
b 2015 10:19:24 GMT..Content-Length: 1050..Connection: keep-alive..Cac
he-Control: private, no-transform, max-age=259200............uUmo.6.. 
.W(d.PvP`.U.X.}.Pl@.~....)...BRQ.G.}G.v...`.|xo.{....t..&....%.=.3
<<< skipped >>>


GET /v4/searchprotect/267123711_198339_B48A115F?action=visit.heartbeat.ild&update0=ref,ild&update1=nation,us&update2=language,en&update3=version,4.0.1.1716 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:22 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"5.79 ms","message":"store 2 action and 4 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:19:22 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"5.79 ms","message":"store 2 ac
tion and 4 update "}..0..



GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "51dff7c69a24b508bd5d601f6799f5c2:1424080522"
Last-Modified: Mon, 16 Feb 2015 09:55:22 GMT
Date: Mon, 16 Feb 2015 10:19:26 GMT
Content-Length: 856
Connection: keep-alive
Content-Type: application/pkix-crl
0..T0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150216094300Z..150226094300Z0..<
0....X...140427081922Z0....v...140618150003Z0........140429180917Z0...
.....140709194633Z0........140416233935Z0........140521155053Z0.....).
.140617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..140
606204021Z0........100729164439Z0........140606222139Z0....%...0205141
81157Z0........140725020038Z0........100729164732Z0....M\..14043000044
2Z0.....-..140617185011Z0....uU..150118022133Z0....V...140624123102Z0.
.......120627171025Z0........100301134531Z0........140618143256Z0.....
...120627171017Z0.....>..140711125531Z0....[...100730213120Z0....j.
..140226123519Z0...*.H............zU....=.Z....4......IE<..k...IA.K
.. .]5....Co.7.T......:...d...".n.4.?L#*......j..0.fV...xum.-4..*.....
G.U>8...i|......l...'[...HTTP/1.1 200 OK..Server: Apache..ETag: "51
dff7c69a24b508bd5d601f6799f5c2:1424080522"..Last-Modified: Mon, 16 Feb
 2015 09:55:22 GMT..Date: Mon, 16 Feb 2015 10:19:26 GMT..Content-Lengt
h: 856..Connection: keep-alive..Content-Type: application/pkix-crl..0.
.T0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equif
ax Secure Certificate Authority..150216094300Z..150226094300Z0..<0.
...X...140427081922Z0....v...140618150003Z0........140429180917Z0.....
...140709194633Z0........140416233935Z0........140521155053Z0.....)..1
40617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..14060
6204021Z0........100729164439Z0........140606222139Z0....%...02051
<<< skipped >>>


GET /v4/sof-ient/267123711_198339_B48A115F?action0=xa.geoip&action2=visit&update0=ref,ild&update1=nation,us&update2=language,en&update3=version,2.8.8.28&update4=chptid,ild HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:21 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
49..{"stats":"ok","time":"47.61 ms","message":"store 3 action and 5 up
date "}..0......


GET /v4/sof-ient/267123711_198339_B48A115F?action1=install.ild HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:21 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.71 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:19:21 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.71 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCALebVD3Ci3F HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Feb 2015 16:48:07 GMT
Expires: Wed, 18 Feb 2015 16:48:07 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 149478
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015021
4130049Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...mP..-.....20150214130049Z....20150221130049Z0...*.H................
_.9.....FI..6H..........6....V.. ..@.$....lo.qF%........4'DU.&.6.z....
...%......SD.....8.@|f.9.8.X.....L...&..T.2. BD..U...k....$..m.....{..
.........%a..AX.....2......y:.....w(K..26..hd.NZ....t;..~d.# ...s.Ul..
h4R....`.....ilhU.&."a=.9....#...g...._Y..JHTTP/1.1 200 OK..Content-Ty
pe: application/ocsp-response..Date: Sat, 14 Feb 2015 16:48:07 GMT..Ex
pires: Wed, 18 Feb 2015 16:48:07 GMT..Server: ocsp_responder..Content-
Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORI
GIN..Age: 149478..Alternate-Protocol: 80:quic,p=0.08..Cache-Control: p
ublic, max-age=345600..0..........0..... .....0......0...0......J.....
.h.v....b..Z./..20150214130049Z0k0i0A0... ..........j.....p.I.#z...(~d
..J......h.v....b..Z./....mP..-.....20150214130049Z....20150221130049Z
0...*.H................_.9.....FI..6H..........6....V.. ..@.$....lo.qF
%........4'DU.&.6.z.......%......SD.....8.@|f.9.8.X.....L...&..T.2. BD
..U...k....$..m.....{...........%a..AX.....2......y:.....w(K..26..hd.N
Z....t;..~d.# ...s.Ul..h4R....`.....ilhU.&."a=.9....#...g...._Y..Jnt>....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDsqJhnahKJA HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Feb 2015 16:48:50 GMT
Expires: Wed, 18 Feb 2015 16:48:50 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 149437
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015021
4130338Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.;*[email protected]...*.H.............[..
F.].. ....O.....Y-..R .75A.....J[[email protected].&........A.8...mQ..\.(N
.J.."Y.....N..I.d...Q{|.w^AP...S..}G^..dtL.d......}] FE....g......y...
'...M..5[P!Y......~....1....En/..3!..Z..<.a"..S.2KTnh.!u._~D..(.h..
.:?J.....j....!.bcA..H.....%..2.n.5..^...*..=.HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Sat, 14 Feb 2015 16:48:50 GMT.
.Expires: Wed, 18 Feb 2015 16:48:50 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Age: 149437..Alternate-Protocol: 80:quic,p=0.08..Cache-Control
: public, max-age=345600..0..........0..... .....0......0...0......J..
....h.v....b..Z./..20150214130338Z0k0i0A0... ..........j.....p.I.#z...
(~d..J......h.v....b..Z./..;*[email protected]
38Z0...*.H.............[..F.].. ....O.....Y-..R .75A.....J[D...K.ek?.@
.4.&........A.8...mQ..\.(N.J.."Y.....N..I.d...Q{|.w^AP...S..}G^..dtL.d
......}] FE....g......y...'...M..5[P!Y......~....1....En/..3!..Z..<
.a"..S.2KTnh.!u._~D..(.h...:?J.....j....!.bcA..H.....%..2.n.5..^...*..
=.....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA6iR0vHFpqB HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 13 Feb 2015 19:25:40 GMT
Expires: Tue, 17 Feb 2015 19:25:40 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 226429
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015021
3130030Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...GK........20150213130030Z....20150220130030Z0...*.H..............d&
lt;x..6.|=..|.T.;.X........O....an.J.:..&...O8..8F.........x..M.../".:
...T..,.S...a*A..=..A..M...#]A...YXH....xh.....P....a..T.l.......x].4.
.......z...=.......S... Y.B.....O9.&.........o.M...|.i.. ....dI......N
D.....v.[..b.. .{.j4.xK)....mnD...PoP..?~>....HTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Fri, 13 Feb 2015 19:25:40 G
MT..Expires: Tue, 17 Feb 2015 19:25:40 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Age: 226429..Alternate-Protocol: 80:quic,p=0.08..Cache-Cont
rol: public, max-age=345600..0..........0..... .....0......0...0......
J......h.v....b..Z./..20150213130030Z0k0i0A0... ..........j.....p.I.#z
...(~d..J......h.v....b..Z./....GK........20150213130030Z....201502201
30030Z0...*.H..............d<x..6.|=..|.T.;.X........O....an.J.:..&
...O8..8F.........x..M.../".:...T..,.S...a*A..=..A..M...#]A...YXH....x
h.....P....a..T.l.......x].4........z...=.......S... Y.B.....O9.&.....
....o.M...|.i.. ....dI......ND.....v.[..b.. .{.j4.xK)....mnD...PoP..?~
>......
<<< skipped >>>


GET /site/dwnld109843.htm HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.baixaki.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-IISpeed: IISpeed-1
X-Page-Speed: 1.7
Content-Length: 12101
Cache-Control: no-cache
Date: Mon, 16 Feb 2015 10:19:23 GMT
Connection: keep-alive
Vary: Accept-Encoding
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"~........7....t.....WO.....m...
.{'w.>}.4.........x'}Sg..h.j..w....(.h...Gw.^]].........Ww....^._.[
.....}tD].....\6.E..>|.P^..y6;z..m...>.'...Z.U6K..'Y..{[<. .R
.E.f4.v....uq..G'........U.Q:..>.....w..a:.gu......r..........TY,..
.:?..c.$....f|QU.e...f<..w.M.{.g......U...5...........i...}...e....
.8m...>........l0.....|v.......{.....j...bR...=........H..T,.....r6
^...j..v,..H>.{.].o|H...4..n..6.on.<....t..Ve1%...... ...fZ. |..
.65.4}..N....%...&...;....1..iaj-...yUM...f......{.........~..........
....._.:9......|.....7.}DB....[.....o^.=............|r......7.....J..&
gt;UNm:/.|...yu....x..T..........a...7.2[^.i......IM..D^W.............
.x..qBMyB.i.&?=.&...9(.....{...........1..G....iz...ok.)=.......~....u
e...-.Is....:.......w.............p....d.....3.......].uVbh.v..>.y.
.......%........e~q.......mv1.......m....|....o...eV...E..>.??.3...
!~....|.{........j.l?.}L.bw..........'lH*y..%q.e._.....r.)......E.....
..W.i.gm~Z..k.c...;......U.....d..r.Y[.s..Zl..m.}...]V.1...j.iU.......
......'.?3....Z.....y;^.....(..!Pn....Ut.'.o...$1....|........Q..qA..n
...U.o]d..../..u.....yO....WUM".d...(..>.....Z....{.......q.4/..i..
..'./..rV..-.....k..JI ..:-..{[[email protected]..(..F
..k....NJDU......c2.C..@...~Q,...%9...s......{@..s...........w...O...z
'O$..1...F.n[m...w*"....<~.3.....{.C}..HY..q..w...~...gn..."')\)..X
n......v.....M..... ...m|".I.=..zlZ.....}....`....X...3...../.%...
<<< skipped >>>

GET /usuarios/din/prog.asp?cod=109843&versao=6.0.51  HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.baixaki.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Content-Length: 60
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 16 Feb 2015 10:19:23 GMT
Connection: keep-alive
..function contdown() { ..document.write('<!--//-->'); ..}..HTTP
/1.1 200 OK..Server: Microsoft-IIS/7.5..Content-Length: 60..Cache-Cont
rol: no-cache, no-store, must-revalidate..Date: Mon, 16 Feb 2015 10:19
:23 GMT..Connection: keep-alive....function contdown() { ..document.wr
ite('<!--//-->'); ..}......


GET /usuarios/din/GooglePlusSignIn.aspx HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.baixaki.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=iso-8859-1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-IISpeed: IISpeed-1
X-Page-Speed: 1.7
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Mon, 16 Feb 2015 10:19:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 16 Feb 2015 10:19:24 GMT
Content-Length: 989
Connection: keep-alive
...........Umo.6.....A..PBl:.^..Q.$-.lm.5...(..:.t(.#);.....$;N.a.!...
=w.<$_..88}......7.../..N...r|G.;..K8{.u!.0...._..A;..8n....<...
..`.u.t.W...\....?..#zLK....g...5..:.....]d.T$.,v.,.E..Vq..h.%s...~k.G
9.....S......x.,.(.......G''...ON(3.....r`.V..B.[?....-..Ch....v~..(v.
..d...............J..jZt...h....B8.....}V.Ug..p....|`d.......i.H.....d
...[.d....Y<..C.....g1..........e...H.!.s.".j..V ]..W.d..D........Z
W..4tG..Q..LP...{x....hg...P.^..dR.Y..%S......D6.dV...I.^2.....WeC....
..0JH...c.i.E.a.....y[A....m....Q.p.VU...V......fy6g*.p.,...2.......]f
...c.5 .1..G....fq.:l...K...21....&M.....9 ....i.!u......$>........
..)n|.g..G......_...../.K^..#.....=..y}.WI...lo..0..........Y..$D..c.#
K|...o......]IJ..x...t.([email protected].*'#R..|7.g.uK.-
.h..^[email protected]...! f.v.\.....j.......7.,>......[&io.t...As..du.J.
....!=...AGz.*){.......W9.,#%[email protected].'..J......d.P.nz{5{m.N
...D}.a...2.NH.Y......=......(.....H..3.........4..g^B...........d....
..7.'.Nw.....{..8.......HTTP/1.1 200 OK..Content-Type: text/html; char
set=iso-8859-1..Server: Microsoft-IIS/7.5..X-AspNet-Version: 2.0.50727
..X-IISpeed: IISpeed-1..X-Page-Speed: 1.7..Vary: Accept-Encoding..Cont
ent-Encoding: gzip..Expires: Mon, 16 Feb 2015 10:19:24 GMT..Cache-Cont
rol: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Mon, 16 Fe
b 2015 10:19:24 GMT..Content-Length: 989..Connection: keep-alive......
.......Umo.6.....A..PBl:.^..Q.$-.lm.5...(..:.t(.#);.....$;N.a.!...=w.&
lt;$_..88}......7.../..N...r|G.;..K8{.u!.0...._..A;..8n....<...
<<< skipped >>>


GET /rexposta/2015/02/15/15220157894001.jpg?w=220&h=165&mode=crop HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ns.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "85548d54cfbd9faad3f01296cc2f3a97:1424044931"
Last-Modified: Mon, 16 Feb 2015 00:02:11 GMT
Accept-Ranges: bytes
Content-Length: 12773
Content-Type: image/jpeg
Cache-Control: max-age=31498968
Expires: Tue, 16 Feb 2016 00:02:13 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
Expires: Mon, 19 Jan 2099 00:00:00 GMT
Cache-Control: max-age=31556926
......JFIF.....`.`.....C..............................................
......................C...............................................
..........................,.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....Z...
b.....*............p....A......G.=..,&...c1....;..?._..p..2.K.S....9..
...../b....~.%X._...._.........O...6u/.j..&cu$y...sU....o..M..}T......
.i...A............O...4...o..M..}Q.....Bo...`.G.w.4..D......l..A?.....
....!7..G.....A....9.......,.....Z.....k...|...5~`..nj.........x.V.;..
..[p84...T~...M...1............O...4...o..M..}Q.....Bo...0r...~...F...
..Ni..HN9.L}9&.4.u.Y."_...q.^..'.. ..p.R...e.......9O.....u.5.~.%O.~..
...~..>........L...>u9.....>...q.].y...Ko.;..U..d{..4..D.....
....A.... T.....x...#....o..6?.."...p.]|...G(.}....7..Q...............
u.8..<|.RKwr.PNs.......9..c5...... .Y..N...'[email protected]......=.
.........:.F^....G...4.......t..M...A?.......0b\[email protected]
...4..D......p..A......~../..F}.....7./'.....B..#......._....i...A....
..bm_S.......u.*..5s....sI..G.w.4........T...c..)..}...kZ.{.....?..o..
M..}T..*?K..6;j)..}.?.....W.......[.....T.m.........9O...i...A?..?
<<< skipped >>>


GET /stoat/435/s1.adform.net/load/v/0.0.18/e/zgADY/i/wAA/r:adqa/FCTest:engagement/EngagementTracker HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: s1.adform.net
Connection: Keep-Alive
Cookie: uid=3675720694775207364; SCM=1


HTTP/1.1 200 OK
Server: nginx/1.0.15
Date: Mon, 16 Feb 2015 10:19:29 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 10 Feb 2015 14:13:57 GMT
Cache-Control: public, max-age=31536000
Expires: Tue, 16 Feb 2016 09:47:32 GMT
X-Cache-Status: HIT
Content-Encoding: gzip
2256.............\Yw.F.~...p2..6iR.s..jkdYN4.m.d....4..eH...J.E.o.U..A
QN...."..R]....b<..s.....3....#c...,koB.U..yY.,.g..o....}U0d....~.V
.^U.!....U.E..........fu.N.qpo.........J.Z...D./kQ.l..j.....Cv...Q....
..L...z..er....,jQ..N..{.F}[email protected]&;..i..H......x.,..^..N.
(.t|\*.j....t.a.d......t...........^.>...{....../..q..\|.xy^..e.}. 
 ...)....x..../8e..b..nZ..e.3......|.d.X.......$*.....x..~w..)......=.
......F...hh'.4........r...U?f.._g...`.6.u.`...`.....o_.Q.......UY....
eV.R.Oj?".....L..Bx$_...N'..sS(...<...k....cv.U"..z.we........^....
.y....._.L.iV.g..z..(...4..(...0|..D..S.....b4 3....(.9Nj..hY.V....K..
Qo...5......%...r"O>.sQ.?_.s..x...q.c..f3.uB.$zQ.5.j.....</ 9g3.
.0h.F...zuJ.0.S.j....'[....&...v.qvT..7...SQ..`.a.,./.G...))^......K..
1..U..s.$.......f....>X.:.Y.......,.pI....a.%]z.D..j..c1N&..t....Kv
.,..o8....................V.x......"....$dt...a`.Fv.'B..C.P..Y..9=..n7
...N ..Z..J..A.:...`W....O..\..q..V.).M........pf....(D.. T..P..\...2.
.Z..{f../.r........lj..B..:dm.....].Ud....\[$...B.X..;....."8.G..L..I.
....u.r.A.].5...wO.R.|WK...r.H[.....L..^.H...N..#...8..PW...;r...w...m
.B.-c.lg.......i.Y.o..~.~...I............<....H..sN.`\..BC&I.)...#w
4.tR........5g......o`.........v.....r.....%....;....F....=....g.U>
.-.C.>._.....$.e...qU.f...(....%l...$M.....).'i...1EP..0...i.sM.0..
8..D.*.O..h>.'..S...._...}1Gx..|.....F3....'_.....5..=9...[.....z.\
~.|.U#.$.l...N..F#[email protected]..^...G.(.*.T..-B."...|..l.
.}.> [email protected] ..G..Kb...... =~> g.....X..fs4.lp
<<< skipped >>>


GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=529956, public, no-transform, must-revalidate
Last-Modified: Sun, 15 Feb 2015 13:27:54 GMT
Expires: Sun, 22 Feb 2015 13:27:54 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015021
5132754Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150215132754Z....20150222132754Z0...*.H............
....TS.,..?.<:`m...uY..Xv...O..R.2.Wc{o.#."..Z..!.0'.....~p^.S.....
."..S.v...D.......(..g....W... .u...J..~7 >...x.h..........(?...e..
...[.1w...n.x!.YU...3...pMG..6..l.?.\.h.7.-.m.#..z.t......(....Y.S....
.K.n.<..&..W.....\?...<*Xm.....*.....p(...2.[.1>..8{2....0...
0..}0..e........:}0...*.H........0B1.0...U....US1.0...U....GeoTrust In
c.1.0...U....GeoTrust Global CA0...141201130534Z..151216130534Z02100..
.U...'GeoTrust Global CA TGV OCSP Responder 30.."0...*.H.............0
............\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T
..Y. syd.....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X..
.B>x..............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....
>.|'....o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S...
..........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%
..0... .......0...U...........0...U.......0.0!..U....0...0.1.0...U....
TGV-B-2830...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..
dS.L...Dk$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].
....j*.r(7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i
.H..f...v.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. .
.....i..%....
<<< skipped >>>


GET /v4/sof-installer/267123711_198339_B48A115F?action1=xa.geoip&action2=visit&action3=ild.visit.omiga-plus&update1=ref,ild&update2=identifier,installer&update3=version,6.3.76.1518&update4=nation,us&update5=language,en HTTP/1.1
Accept: */*
Accept-Encoding: */*
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:18:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.92 ms","message":"store 4 action and 5 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:18:52 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.92 ms","message":"store 4 ac
tion and 5 update "}..0......


GET /v4/sof-installer/267123711_198339_B48A115F?action=ild.dlzip1.omiga-plus.finish,6 HTTP/1.1


Accept: */*
Accept-Encoding: */*
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:18:57 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.60 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:18:57 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.60 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /safeframe/1-0-1/html/container.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: tpc.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Last-Modified: Fri, 14 Nov 2014 14:57:36 GMT
Date: Thu, 12 Feb 2015 20:22:30 GMT
Expires: Fri, 12 Feb 2016 20:22:30 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1786
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 309414
Alternate-Protocol: 80:quic,p=0.08
......n....W{S.....Oa<\...;..i.qD...RJ...8IzG.......<h..~W....{.
9sfxH...O..o..........1...x....Fc.h(.0....q.....cf..D.(a...%.....~.>
;.;..G..'.....$.Q. .kF...1.2;$ 9..>.......E.d..........t._#[email protected]
N.1gb........\)#...{..#Z.Lx*R...iG.(.:..c...t5..K.....HX.......(...L.c
.q..Grb......i...\dh..W.I...........<k.a...........L..nV`.../.>.
V^.?.I.Z.*_..Y.1..&S....Hb]iA.l. ..w..|.\....O...<.77...A...y..E.&1
..r.w{YoA...r5:p..i...n.....7..a.N..f.^..F.......I.,.R.r.Nc....;....!K
..'...$....7x...ij[.rX.'#.b.-..........]......].[.........6..vw.e.}jb.
:.....C:g.E3..Zk...HH.}..]b[.>...=%;.C.B.4...{ _.IW..4d.Y..F5.gOw..
....XV..x.%.H.J....`....!.L."\.^....g.:.~.a._.....v..r...f].s.g.[7.O..
e!P....H.\..T..=H.D.....[...0....u.....j..a.?.P...8..............Wn/.r
.<.>..wi.._>.z..#...TX.a..K ..w..^.. ..%.#gL...Th.,...`....7&
gt;{.R. ....}`'..J>..o......2Q..........m.....c..Se..|.7.."....O...
.Z.uK.o...w.....<^...G.'C.X .......D ).kUl......../,..jz.j..{C$.m).
.|....;..~4Rm.?_q......O.hY.M......N..J..*......L....L......Q.s.c...g.
..X?..)}C.0.Z.......7..r.Z.d...N...A.^.......p...c&g..........d..X...Z
MK[d.f.n..l...`.....^...C...L~..=I.%.:.x:........VGk.'.].3J..9.1.,....
......v...n...e..-.....3..../........h.n..m._.....g4.&..v.JH..0 ......
.3.:sX"Kyx..by.....4T.....$as..^h........N..L_A6.C{........G..8(..*D..
7........%...~.S..6U.....!8.s]..%.w .I.......*:.......|G...4W.(..c..T.
6.B.a1...hs.<[email protected]#..."5.Bp..`.m.*...9Ye.;I.........o .
....'.`6.3.Q.>.....S-|Q.>..u.. .n.L.&]....\.d`..3..`....q*;.
<<< skipped >>>


GET /connect/xd_arbiter/DU1Ia251o0y.js?version=41 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: static.ak.facebook.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Content-Encoding: gzip
X-FB-Debug: zGxUGTr28XP7LnfwC2GGF OIn6bjOuos9aNngxqem9Pi37XxlKarvu0z350i8DLG2VlRRxBUVhfLuq5OHNeTcA==
Vary: Accept-Encoding
Content-Length: 9955
Cache-Control: public, max-age=29823939
Expires: Wed, 27 Jan 2016 14:45:04 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
...........}y..F....) nB.C.....TK..r..|...d.d.k.M.$.P.(.".>....h...
..{./...Y]U]W....W.^~....V.........y..y./_3...df.L.,k.J.,..w<..$.'V
...O/...E[..%..."..p._Z~.-.<.[..M-{..my...Y..9{..l.......t...<Lb
....b...("y.&.V.../...N.$u...).r .,lc%...}>.c...w.RkDY:..d......O..
O. .\N.@0.;.9.......(.(......e.0.)...k.....v'......t9......v..;..:....
.~uV\...n.(..Q..!..w...w..9.Z1_..!.......[w,Zr.{Bft..X.9.;sC....!.y...
...".O.......4......S..p.0{..;1.n....i..8.1... -<(`........-h.?...f
.J*O..R.$.[.4.....'....ZN.....H~...m.)...us...?nn....vz.r....5....y...
._.u..p...8xe!P..`.c..CK.{g&....H..z,..|....[.*...*v.B..@........(.j.4
.\.{.F....D....d.N\N.B.DS..4,.ud..d...N.<..$...._A...bX!;p2.Z...y~.
.X..C`..q..'d.C0z....&E.....Q.3<... ..w`.s........No...[..S...9ow..
m.{.../;.m......Ak.%..q.F..][email protected]%.N....R..D..d..
.hL..'.h...!. p. .....L)*.zB..Q.J.k...D......^.tj.0..@... ...1Q5...J..
...H..V..hL..Gd.Z,....3d....;.......... .(.....$......B).B\.X.Y.....7t
'.P.3......T...e...c...k;.4...2./-D..aLN..-P.lpYo.E......q.N......H`..
..u.l.....L.p...e....v..;...,s:n.)9.!K.#].u.U..W..Rj...ie/...v%..-..Do
.t d........)..s.%..-Vma...$.B.....\.1MR.....i.*.N...V...5...D....1.r.
....5..W.....;djY\.V......a..;..-...8.4W..}..Z....L*..X~........R...e.
...i.^H.zAl.D.2>.H....@B.]....rGJ:..H.^.t=j$|.8..!.E...............
E.0..B.L....p...............l..G.i.!i^.=...{.o.a...8 V;.5...p.w....\1.
i....A..m...F......w....#....?=...7.^.Z..R..........r........`Q.~y....
.......h. .iw...O.......MH..;...(d....,.=.t...^.][email protected].
<<< skipped >>>


GET /PublicSureServerSV.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=864000
Content-Type: application/x-pkcs7-crl
Date: Mon, 16 Feb 2015 10:19:27 GMT
Etag: "2b0045-4741e-89987140"
Expires: Thu, 26 Feb 2015 10:19:27 GMT
Last-Modified: Mon, 16 Feb 2015 03:54:05 GMT
Server: ECS (ams/D1C3)
X-Cache: HIT
X-Cnection: close
X-Cntnt-Length: 291870
Content-Length: 291870
0..t.0..s....0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150216035036Z..150226035036Z0..rQ0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>


GET /country.asp?st=ssc&uid=302894767&tuid=3090520&sref=TTV_18-4N_0_ie_extra&bld=18IJ&cnt=ua HTTP/1.0
Host: data.infopackinst.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDACDQTBDA=HKKCLFNAPIALKFNLBGMHLCFC; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 Feb 2015 10:18:49 GMT
Connection: close
150216..



GET /cgi-bin/CRL/2018/cdp.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: VVV.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 04 Feb 2015 20:30:01 GMT
ETag: "200c0-420-50e490d42fd35"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Mon, 16 Feb 2015 10:21:05 GMT
Content-Length: 1056
0...0......0...*.H........0u1.0...U....US1.0...U....GTE Corporation1'0
%..U....GTE CyberTrust Solutions, Inc.1#0!..U....GTE CyberTrust Global
 Root..150204203344Z..150510203844Z0...0....'.x..110110211653Z0....'..
..141119195306Z0....'B...141119195752Z0....'....141119200006Z0....'1-.
.150204203232Z0....'.:..071121154528Z0....'.v..080219183346Z0....'....
080514142515Z0....'....080515170349Z0....'....080924143337Z0....'#...0
81203144336Z0....''j..090209174351Z0....'b...100414181148Z0....'....08
0917150432Z0....'#...081203144209Z0....'#...081203144241Z0....'#...081
203144304Z0....'%u..081203144409Z0....'/9..090318130930Z0....'8...0907
15181853Z0....'TU..100113191852Z0....'k...101130163724Z0....'.B..11110
7193907Z0....'@...141119200409Z0....'....080917150312Z0....'....140709
175318Z0....'....141210173900Z0....'-E..141119195854Z0....'....1411192
00037Z0....'F...141217193909Z0....'F...141217193956Z..0.0...U........0
...*.H............&O......@<[email protected]%~Uy.A.u.F...........?..a.wqf?...
..U......m^....%..4.>....}.). ..%...GD....S...Y.L.D~....t{..@....^N
..q..&EXR.p,HTTP/1.1 200 OK..Server: Apache/2.2.15 (CentOS)..Last-Modi
fied: Wed, 04 Feb 2015 20:30:01 GMT..ETag: "200c0-420-50e490d42fd35"..
Accept-Ranges: bytes..Content-Type: application/x-pkcs7-crl..Connectio
n: Keep-Alive..Date: Mon, 16 Feb 2015 10:21:05 GMT..Content-Length: 10
56..0...0......0...*.H........0u1.0...U....US1.0...U....GTE Corporatio
n1'0%..U....GTE CyberTrust Solutions, Inc.1#0!..U....GTE CyberTrust Gl
obal Root..150204203344Z..150510203844Z0...0....'.x..110110211653Z
<<< skipped >>>


GET /s/opensans/v10/cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE.eot HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Origin: hXXp://VVV.baixaki.com.br
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: fonts.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: font/eot
Last-Modified: Thu, 21 Aug 2014 18:06:58 GMT
Date: Tue, 10 Feb 2015 18:10:36 GMT
Expires: Wed, 10 Feb 2016 18:10:36 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 1; mode=block
Content-Length: 17877
Age: 490128
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
............eT\_..][email protected]........[{....
../g.F9..^.........pp0.`....$.........`... ...k...... ........j.w.....
%-.._.....4.fv.......oB....x..:......`.....g...Zr...}0.?0... ..`.a...L
Xm.!.st.u.'c.s.1e`m.l-_.v..u....( P..,.........W.U......cQ.....m?..*..
...1...=..uZ4..w.e#W.y...ji.....Z.B........f>ks...(I...Pq#..g...~1'
0.&...^..zVsq.......U.: v^..S~M7...X.....aG.He7.L....s.0,....."*G....&
...e..........M......x7.%..L...._7$..s........y..lO........n.....9..R=
b....Wr.9..}...}. :0Vx.xX.. B2G....'..Y2........2.hzS...........X4...T
v...o..SV.U(r.gqB.Y....B.F...AwX.T.|....[...&_W.5..S.8........J$...P].
P..2y.F...{|. ..:x. N.lN.3...x(Q....g[,.g.L..yW.k..............>L^.
.{.b.f..W.I.~.N..T..a.....n...'k..C...... [w.J...Wr$..J..0T.......r
[email protected][email protected]`m...>.XlR..).3J<?.2 .....,..1.?..D.9.;.....
.....x..8r.Lf....A .........T..T..P\..\.o.....{.~..*.Y"/.L.U.X...v.8e.
`......z......Pl...S.{~J.N..e.s... .....".T$Y...)[email protected]...
.....p]1.......@A..\i$:U.S98..;!8C#_..C.h.`...........aYR...{7.wif.G.!
.....r.........{....Q..7.~.....&;../_..C...[[email protected]..<5...70..`.P 
.h........4......|.`:..................._}..t...F.z....tz[..J.....a.[.
3.{B..`4.[8..E.w...U.l....".. ..noW|.}.. .R.."=.d............h....h..u
.....^.'..x.........U....[;....$.V`..\%n'mN....!...R`[email protected].
...5.n=9.`uOg).M^.q.}y.......R&.U.G.o.VGps....f..{R.^..%Vy......C9..O.
.At..s....HW..5. ...rY.....t.....'ph.\;...ja.T..6!.F....A....bB..1x.RJ
..7%r..[.n....K.0[;>.K.5...%CM.LDT>]...R..z[......@@x..R.tw.
<<< skipped >>>


GET /mg?alpha=GywvMnlKPjccAAVAABh2JGVtIXxFPysOOWAgeDYwXz4mNBwfB3pSVE5jMjErNThcEgYGWTQwSBouCB8eA3EiRAZoWGQrCjxxTD5eFCpZSigAZCRjJQ0pek55bV8tcGUdYHMkfE5NL0QXGXMzNChHOipnBRtaQTAtXmlzODJWOBd3XmNzPCN/Sno8NyZiKlNeCVMyKWkhCD8nCHRuVHguNhB8NQMJKHQnMg== HTTP/1.1
Connection: Keep-Alive
User-Agent: WinHttpClient
Host: install.reversepage.com


HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP003C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 16 Feb 2015 10:18:43 GMT
Content-Length: 184392
Yfx0Tf17oxwOhyGBSTGidqQwRfI06ytatgXLIh3rbrE6H7F01WYxgRvFCyy IfgxScU5mB
BdxCy5ZUSpJ/JBMdpd7CpDvWH8Jx3WTKFXMfV9pS5AvWWsaXGoRNYjW4c28W0O6j7eMWfP
f6w FO5uvw9JxTjMTzznKKl A Ey FQO3hPsbxKvd/8gHLoXqlN/vHb8YEnpJqplI/dT0D
NarHvmOgKsJop8M49x iEL S/gY2D6HfcIU609q2FJ W67ayToa4tLPZdD5SAK/UO4cXyh
Z6ItQMIivU1dvkLQMFayMu5EN4xh1TRN0SmsdFnqbLY0Tf8w109dtSO/eU33dvxADd5cum
MFnWH8Jx26F6JHf6M/8iRD4ySsX2C5TtQjfLky/nNJ8mLRKHjGf6wxCPh6tTNMk2vcSxP8
KOY3RKM1 kxfgUu8cwS2LOtwEfwP9gsj4zGkO1z0ZfMzSYZ09WQT8yf8bAPqPpIXctA64C
we7mO7LVvtDepYEOwouWYBljv3UQnUTewqQ71h/Ccd1kyhVzH1faUuQL1lrGlxqETWI1uH
NvFtDuo 3jFnz3 sPhTubr8PScU4zE885yipfgPhMvhUDt4T7G8Sr3f/IBy6F6pTf7x2/G
BJ6SaqZSP3U9AzWqx75joCrCaKfTqPcfohC/kv4GNg gLtCFOtPathSfluu2sEyFagcgS5
bvE C8Rxn0Zhpn23MQ69Zb9wbbhC7CdStHWndh6kaJxmbtsj6zsP WmMIETENJgQEfohpj
kDvTvrWxj1XrpvF65D Dcb8w/2VHKjYLVuDvg0rWZuv0OAfFmwO 59R phyCVo13G0LAnp
aKdtU5M43ghFtn/mN1WiJPwaR5l3hVU26SyyIhnsRe4IMZxqoytC5SK7f2ChVP4afqQj8k
oepneSaCnVMuItHtJstyQKiz/PRhOjb69tUb437V0Z7V6icwTpOv4nFPQB7lR8vXC1DE3l
Lr90QqVCwS0d6zH8dBitKJIteMck4Sofvje8IETCNJYIGvcsqWED4SDrTRjGE7UkCK8iqm
tLtA 4S2OqMepgZNoUnjMt71fDMlfzbb9LErtt3jBu0T3vNAjAUYozR9IVz0cPrWHoY0C3
Ifx2HNZa7DwPvmz8flr9VbxXcLt2tBRN/TKsMzujUs4qE/Mx8moIrUrRMGLVNs0wHv9m H
tO0D3JT1OtJLlxVrQm/RpH3V6idQTnIvUqGftZ7ghnvWa1PwDqZaB1I/celmodpS7tfUny
JvgPWPRxonoL/XmyYxKTHNNJDeA pXNVhwjOURPfULl1PZdD5SAK/UO4ZHa9YLktQs0bnH
9oo1TWJ1O9C8FZBbxt/CtsxDb8ele e7stXdQf20carXekYE23eLtdBctarXIEr1bxPg39
D/ZcZqN//GBK/jWqdE sU8swWpI/ HsA6j7WJWfQNqJ6Eu9prS5a1XOATB7jPq85A74s F
sJmQW6dBSufbwpWvFJ7ggq9z/yNlXhIusrI4Vs8REd/XXteR gJopmeNog i8e/WaG
<<< skipped >>>

POST /mg?alpha=ISU/MA86P14ydWMdEBoAHmx9Iwp/JVN8dGt6AA== HTTP/1.1


Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: WinHttpClient
Content-Length: 258
Host: install.reversepage.com

alpha=ISU/MA94NjklH0NsEBoAHmx9Iwp/NjsMT1opaDRGZTc2NmolDmpQInRqIjNdDzFMEHA8UCQyPiAnGB1oOXgyRnBSUXQpfAZ4XDwoLiNJSF46bTRhUzcgakwPV1Y9chMnaWMmCnREP0ZhI3ojNl59MzplcyFTUTJbZGBjOkRsMQd1KFl6LCEJcHMsNVBYI0Ncf2k7OWtXMjY3CgJUXWgsQCp1dXdMeVA/WmAjZT83X38vMm13WzNpOB0UYg==
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
SVR: SP003C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Mon, 16 Feb 2015 10:18:45 GMT
Content-Length: 0



GET /pagead/show_ads.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 7659709763423061687
Date: Mon, 16 Feb 2015 10:08:40 GMT
Expires: Mon, 16 Feb 2015 11:08:40 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 7551
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=3600
Age: 643
...........\ys.F.._...KQ.....5...v..I|.g.......".P...".....N..f_.....\
===}.....,.#....I d.,HM.Y..U.........._.b.B....c..}.o ...G.u{.$..HD.J"
...fo.y''.;....q..v.I...f7.?fI.M...C.%.. .Z_....'..-V.qkt...^......H.R
l...h...mm.y..".i.Uk...W...D.".n_...X$....p.....4c.6%..r....]......MU!
T....a*Z94Z..} A.k..,[email protected].>...7.Sg2.1]..oT#.|[email protected]..#.
.!7.Y._.N.$Nt.&..r\~......Qc..N%..b.94.|........v.U...?.....\..0..f...
N..A6.b. .VpQmy.d..ppx_cy.t..Wq..G..,..-7......[./.^...{.Q.w9az$.[?.L.
...>...s..UC.p..I*^.1.......[...........>.[|c^7v[...w.....n&R.et
..z....[..,...Y.o}|v.p.9...........5.?|6....z..[k)F..Y....;...ww.....%
....t...<..s....x../.-h.].oC<.9..5..f....C..;.p`..-....A.oc..MjD
..[.X......#..Vi..X.;<..6..!......4K.o.....w..c.F...$..[......n..lJ
y...8M4m..{...N.>>y..Y7.....0.K......S!..q.. ..O...A.k.?.nr..bb.
.r....D.tl...d...'...Hz...Z.6.X..0..r......W.(....S..v.m...B....-.....
..t.f..N.A..HS>.3$oh.*.R1w...9...1.m.&..|....y8s;.Y.....v%.m~..m..M
.(....B...,....:.u...z.....5y`.y.}du.g...8..L........E....I....8..T.#.
..y. E.....5.6c..x...D.|..).^.~... .t........n.R..:..2....&..3..\i....
N..=.o............. .....x|..4z.,....a;.|t.....&7I..=&.1..L>f.x..!_
..<.....3...g..... .;..G...o[w.82..Y..;V..........k6.N.Q/J.......Z.
..;....D.V(l.X#.J.o..}2V....n....L..V......q..9.tV.a........... ..=H3.
.d...5(%O.R.<....n.d.v....8..b......q<....r...L%".z...........T.
.c.c`.[......^.#VQp....g.....<.V.c~./.r..`.d....oW..........=...mq.
...1...d......''C.B....%L....k.....gO..>{R...1T.U..v\..o.Q.9gw.
<<< skipped >>>

GET /pagead/js/r20150210/r20141212/show_ads_impl.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 10898143889096839363
Date: Mon, 16 Feb 2015 10:19:24 GMT
Expires: Mon, 16 Feb 2015 10:19:24 GMT
Cache-Control: private, max-age=1209600
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 55287
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
............g[...(.._!f.b....p.a. @6,.Lp.Y.$..d.d.H.........9.......M.
.\]]].....io4,....Ia.L.......\.q.Ng.a.....*.......`...G.q........a....
.....4{..|....>./.Io<...P.....f6..hR.p`..~8.L.kk...w{.i.4ms5Nq..
g.....x.T....(.q.`..V.q..d..r'.....;.C=...[..5.c..g...\..&.`.=g.0.G..k
..Ec......8..A....=Q.d.O&....1\..v:.)..........-.'....,OG..Io.).n..uQ.
.y.._z.`t.....6.6{E.G..l..1...p...'5..l....0...8......BK..d.p.5.p8q.&g
t;.].O(...af.G5...|...jq4.........7.a?.."v8.<6.`SU&X..V8...'EN...s.
.....].\.v.B.4;U..aR.r...l..l.WsDkL..`.<T...`.'.Kr.h.p0W..........G
.T...;....n..e..I..p8.`.~fK.4....;......`..:.;........=.m.....u....C_H
.W....v:.lH.Ot.g....q..."[k&..6".. 3"......q(.........*.e..........;,.
...r..Z?.D.~...$'..69G..ac.e..9>/.........C...P.I.. .]g......n>.
.m.O.L_.If4=W|-. .......`.T.e.......v...N..n*".......?.Se2......B..F.^
...P.8|;|...}..i...iw3;...Jf..r4..v.m*t....o.].:0.t..r'~.N..}..Nc.V.E'
.I.7.......;..g?....C0....U . ..8].....C.>.(O..[P[.X.?...x=.j.b..:.
?..7w...M.|.?.7..,.X......Y{..&..8.J..ny.N.n.W.o.(.J...,....F.\.4X.dS.
..,..[. U...0O...}>...d.....).....\..}.....U.5.<.S.....d.O9.S.Q.
 .1..#.....0N.. ...g.3.......1..d..d.B5}..4..n.J4&.....f.b,..o:..>.
.31_21_31.21..UC.je....Q ]/............ *w..h.......<...`*..#...1v;
Pj...G.....t....a..O.2....2.<G...-;..jy......r.'.......q}.....fi...
mt..}.{....xw..C..k.`l...kc\..Gu0....b...(.....l...~R\...X....It"..k..
.....a.MhI[.t..L......2....3?7..3.=..~...c.".%.....f.D<b.$r...=gc.f
...;....w..._.~{...~../...[......w......-.....`...f.uvP.x...._h. .
<<< skipped >>>

GET /pagead/osd.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 5172368612601503256
Date: Mon, 16 Feb 2015 09:55:47 GMT
Expires: Mon, 16 Feb 2015 10:55:47 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 18390
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
Age: 1417
Cache-Control: public, max-age=3600
...........}gw.J.....D..#..c'.#e... @..P.?..4.M.......w.=E#Y....K...u.
..g.A2...~..R.W.....0!...,Vq........^..X........V..|-..k..'..h:.._....
.L.D.p.....ZO....../yR.t.....(0........9.q3...l5.'...{.....ns....P[c..
Y.Q/TUQ......[..i..bzD.7..c9.......w.()V.J....0[......_2.z.b,....jw0..
A....cq.."=..^TNsD....H...........M...qw..%.........._..tx...$.6..B2j.
.ZI.so0..r._.Ov... .Yw So-..QN.].....Oo.&.P.....i..#|O.....c[.R.>u.
.[Y-...Q....Af....D<\".Z4.T...@.........,.Zd......T.C./8....[.A.L].
...N.I.`...K....*..yj...?....P..~..3w$., .$..J.x..h...E-.......8.N....
.0Qk".v.........m..].O..jq.i.8[o.KU.;..m..Z-A.._...r... ..Z.R[..a...b.
..d..,..;  4"...-.~.......]....A.>.......v/.j2La373...D.^...$...[.p
...7..........k...S1...%...(...*!...O...PL.........{>o....?..z(T...
...F.........C.......ob..c.?.1....9.]...pX.X...L.3yo.6...}....3.V....f
".1.\#..........a..?X...c9........M..E..1.o.....`[email protected]..&.u.
..@. 27.......(..\N.....S..U...%.......y...?....ae..-........U......./
(C....Y....u..[x..s..O.....<.../x..'.....z....O..Z[l.Uy...(.u .....
.&........2~(..Z_\....L............w......f...v....z\....$...#........
...x.kC=.?DF.....#.<....S(........^!..>4..(SK...M...c).../.J.01.
......>..F=`..2..N.....M:..~.$..04X\u.@..(...'...<.f.....F(...FX
_....,../......o..M.Tl...X8.....?..Lz.&.S........Wt{.t.....t...N.Z....
..{g.....v....j...^...v]...px...^&^.....j....x.~..`[email protected]
 .~n.....|S...q..z-........q..m1.t|....`.....}j.a"..v.2..!%~..U-......
zD.r....I..........*<5....{W^1............x.......Plh...MO9....
<<< skipped >>>

GET /pagead/000000_new_ico.gif HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=728x15_0ads_al&output=html&h=15&adk=3318342544&w=728&lmt=1424081964&channel=0894689340&alt_color=ffffff&color_bg=FFFFFF&color_border=FFFFFF&color_link=003399&color_text=000000&color_url=006600&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081964302&bdt=490&shv=r20150210&cbv=r20141212&saldr=sb&correlator=4023535356706&frm=20&ga_vid=1811958267.1424081965&ga_sid=1424081965&ga_hid=112016769&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=thread-000008b4-id-00000000&dfs=16&adx=32&ady=226&biw=792&bih=554&eid=317150304&oid=3&rx=0&eae=0&fc=24&brdim=4,42,0,0,1683,,800,600,792,554&vis=1&rsz=0|0||d&abl=XS&ppjl=u&fu=1024&bc=1&ifi=2&xpc=n4sAAB5Bsq&p=http://VVV.baixaki.com.br&dtd=487
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/gif
ETag: 13269602005625199902
Date: Sun, 15 Feb 2015 18:48:13 GMT
Expires: Mon, 16 Feb 2015 18:48:13 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 74
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
Age: 55872
Cache-Control: public, max-age=86400
GIF89a.............!.......,..........!.......kkF.hz;..x....v@..,.uJ\.
1..;....


GET /pagead/js/r20150210/r20141212/expansion_embed.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 990613380483875169
Date: Tue, 10 Feb 2015 23:45:09 GMT
Expires: Tue, 24 Feb 2015 23:45:09 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 53407
X-XSS-Protection: 1; mode=block
Age: 470056
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=1209600
...........}iW....w~.hr.)n....D...=$l.d!.pZ..`l.6[...[U..[.3......V.Ku
u..f..x...]......Y/.t.cv.........Q..n.M...a...s...y}<.u'.Sw. ..\l/.
{,.b..t....^7s....B....^D...7N.e/......EFG..)...E/..a:..y..;..k.O.0..3
(...w.....Xlm4..........2......`?q(R...`2.>....d....1.../.......n?.
._.Hb....U..C......M...CM..K..Igq...'i............\..0.M.w.[.p:.Q...Tg
..h...k3g.v[...pe.......M.#R[.L..q.d..D8T][email protected]...)9.. ._....C..%U.Hy
A.B....%.h.&O....1..Q|..U. 5;e..r.....Us....^'..8..ff...ux......|zr.oX
......N...oG..m7.rjns...}>..G......y....6...k.."....n..p.{ty=.c....
0.........&...tF..................IH..8.c<)...*lEm.|....T....n..7..
b....L..L..^K...........`...J...-5.f.j..zu.L.......{.....pI.......o.x.
|.=.....Y6....p.E....>..w*....t.E.Jw.&...........~z?..S.X9t.BdI....
.e.?.<=-$..!.O.Qw8yz2.\.k;5,...i..{.MqV.:..t!..q#.....a.'!../..~...
.....c.Z.|..(.....W ...q.b3..........(..3....,.~..:b....[Z..u..\..cp].
y......P..__j........X........z...w.s..83..a...M.2'.Gu.z.>..K.-4.1.
.....<..M.e..../4...,..[z...y..  .K....^.$\.......XF8..Dr....p2....
1U..{.......\4...x.r..9...Q.K........6,~.).x.1..c1..0....l=.....=}...[
8.Ch!=....t.........../x.~.g..X,...J.O...\....1o...R....ww.......t..&.
....dpC..Ma(.aTu.-.s~1.x........t<..u.e.&.8.....G..U. 3G......T{...
[email protected]^.p5.E...Q9.1....B!..z...Y.7..h.b....wX.7.*..T.........^,....
..*.....#..m.UU...F.T.;UhPy}..-...aI...k.;w.?........G..;.....].9....{
......e.QD....@.$...90.wDjdEvV&....p.y.Y.N#........b.u.t.C.).......q.(
L....8mo=.]...H.{...s.aN..y.If......{...k....Z.._...A...t.[0......
<<< skipped >>>

GET /pagead/js/adsbygoogle.js HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 9573744702492638785
Date: Mon, 16 Feb 2015 09:55:43 GMT
Expires: Mon, 16 Feb 2015 10:55:43 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 10944
X-XSS-Protection: 1; mode=block
Age: 1423
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=3600
...........}iw.6..w....W&#X....iX'q..Y..............K...`..4}...>..
....@.`..Y..u...%.5..aJ..y..%.....*.0;.tm.|..L..1.....N....]..(I.....&
.5...]...w" u...q.....U..1...}...l..(....&b...a....0.W.&.V....km.Z.Y:~
..jI...g....6...a.{Z.(M.Q.....D.~.].HO.c?aN.u....&:......}*.^..uX....)
aW........~G....c..,.k^.P.2.Z.b.(..;....8.5nd.h9`.ut.... &,....,5v.m..
)u.....e.4IV...dt...0...Q..%$K.*..T.22.|k......]....y.dri.........v.Q.
.J..#.....*,*..;........gM7..._..P.,./.....m.{..\...M....<%~./.....
',.....>.K....P..q.#.....a..u.L.q.2@=-...,......g.[..sm...&..a.4...
....?L..7..;[email protected][g..|....jq...B['..-.<,E.x.V}...&....HT.U.......8..
F|j...g...! .......S......w0..V97..AW.....;...,}{..!......>u&....&g
t;[email protected].#..,M...L...|.#....sy.....f.(..'Z../..e.......q..#....k.
.....O4.k...!.!O.B...I...O...y2.d...&3..0ye>....4.mG.F..6...p..i.k.
............08..58......Zz..`. g..q.^..`.D.....1...F.,Z...#.M.M.......
.%'p|.e..q........8.S.V.Y....f.3..'..gh9..ni.w.B1|`..|.8Yq.g.J.]..I...
..S5,....Z..|...,=.b....S...i.p.9....!....W.=....j....>...x..H>.
7........./iE..9.....>|.....{......P.-S....0.t.u.).A....y...[>..
..k!.!gth..z=.J]..h.2........ ?.|.V ......v..T....z...]..E....E;...Jd.
......k........n(.Z..i.GN1q.";.........../..8p..u.B...7......tl.z.sz..
.....$. ....2..g.....{GI..4...c;.......'.....fH..;..C...`p...`HO.}...|
....a...;.`[......m6...GV.<&.."..q.."..9P...)..4...V*....`S...aT&..
.........b.n..M..|..Y.z..QF...L..<....:;.................ck.=..;...
.h...k.....;x.a0...C.]..|.kF.............0T..Ej...2Re.R.#.lG|.Ih..
<<< skipped >>>

GET /simgad/700241160990608663 HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081966864&bpp=1&bdt=54&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=1261287858.1424081967&ga_sid=1424081967&ga_hid=1984809558&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=109
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 15 Jul 2014 22:09:45 GMT
Date: Wed, 04 Feb 2015 05:06:08 GMT
Expires: Thu, 04 Feb 2016 05:06:08 GMT
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 40397
X-XSS-Protection: 1; mode=block
Age: 1055599
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=31536000
......Exif..II*.................Ducky.......d.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:25E339ED6C07E4119
0CADC896AF9D349" xmpMM:DocumentID="xmp.did:672A80AA077011E49CE5C0FE7F5
FC571" xmpMM:InstanceID="xmp.iid:672A80A9077011E49CE5C0FE7F5FC571" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:2BE339ED6C07E41190CADC896AF9D349" stRef:doc
umentID="xmp.did:25E339ED6C07E41190CADC896AF9D349"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
....................,.................................................
.......................................u........!.."..1.A2#..QB.a$3.Rq
..b.%C...&4r....5'.S6....DTsEF7Gc(UVW......d.t..e.....)8f.u*9:HIJXYZgh
ijvwxyz...............................................................
........m.....!..1..".AQ.2a.q.B.#..R.b.3..$..Cr....4%.S.cD...&5.T6Ed'.
s..Ft....UeuV7........)...............(GWf8v........gw........HXhx
<<< skipped >>>

GET /pagead/images/google-logo.png HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081966864&bpp=1&bdt=54&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=1261287858.1424081967&ga_sid=1424081967&ga_hid=1984809558&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=109
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 13513653691308934734
Date: Sun, 15 Feb 2015 18:48:02 GMT
Expires: Mon, 16 Feb 2015 18:48:02 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 4114
X-XSS-Protection: 1; mode=block
Age: 55885
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=86400
.PNG........IHDR...j...$......t......IDATh..[.\SG.......Q ...*`D.r..E.
C.'...D..x"...Q.z..(...R.bD.r..T....e..6.Z/ /.w....~;.......Zw..g>$
/.f.w}.........cI.'.....58...X..}Yq....t..Z.....<(5....u..F......./
..g...........O.oHqL.a.E.6c..,......Z..M.U..>........".SE.I..H..n..
.)...w..O`...r...5..".H..u.$.:.P........\.8.L.Q..._....._..."fk..`?...
........~|J [email protected],.?.0. RX.Q;SS%.....s....n. ..{.'p.....< 
.z"..g`xr..Qw..5s.~s[...........4.... .Z{....(b_u..._..9o.b..M.li!bya.
.-.p.L..m 7..j1..o.y..g6.J.......B7\Fs..zM..}B.H(...j.4-.<i......Bc
n/....z..........x5C...@$......A..Xt...f`Z[.....g.......{`t.e...5_....
=.D....J..{X*7.PG;.m.`..K..KW......$.x...- .?\[.....}.....#.{..p......
\.E..g(!.I.wD........%.... x.~.-.Zj..\...r.%V.~.5......?q.. f...0[..o.
[email protected].......%o.0...2kyc.Z.u..#.H[..j.t...c.....<C...N..........
..G....xh*.%|~....... [email protected].>.....W.......`GG.*X.1..d.#..
...'[email protected];..q.NY.r.5....r..=.=f..@...')6H..&..
..##.o:..@{A3-.;.#.......F..e......u.|.k.F.2........H.*.2.....r.L..Q..
 GX.ED....c.[\.x..7.......ej..L7.....8...._....&.....s...... .%.UE.y..
.......:.n....6k/.B.....u..e[....w[..Q.}.[k!Ib"d....B....Q...{....)B".
..-...vR,9..]....IEND.B`.....
<<< skipped >>>

GET /bg/kZt1ORfyc-V3C9VmeWM_Laj0UcuN02K-WUcryq-hFWs.js HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081966864&bpp=1&bdt=54&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=1261287858.1424081967&ga_sid=1424081967&ga_hid=1984809558&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=109
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Mon, 09 Feb 2015 22:22:30 GMT
Date: Tue, 10 Feb 2015 23:44:14 GMT
Expires: Wed, 10 Feb 2016 23:44:14 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 5957
X-XSS-Protection: 1; mode=block
Age: 470114
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
.............v...W....*..@..#8y....I..G...q.1&i...;#..&d..w.n.,....g.&
lt;|P...I}>..V....J:....J(.h:..N...i...\t..rv........o...."x|.58>
;...^.=........9Z.~:..&...<2.s.......z.'.......LLG.N...U....G`..q^.
....>..'..N.......b8.0..E4P..q..Nk.L.).g..wi2.........P.^.4.....X..
N./\*...H.......H.%;...x.......1.."0v...Y4..}...L$....cXX$...vg..i...r
..9.'....[.EJ.K(.Rk.2.. ..EE....qd......KX.2..<.....,.'sz.!e4....LQ
=5.. 4`...6.I\..........O&.t.,...J.QC`......9sM.|k.NF.I.C....z:.*..G..
,..w.?].a. ...S.(!Kn.ix......{...XQ.......k.wo.7... ...1O.........3.[.
.H.."N.&.P.|.x.....Z..0V.}.....B.:&..L}.o...../............g../.==^&.d
.......9q..1..t.CI\3%...>.|h.].y.Y.MB.....x2.'......(U5G.tohX..~..m
:.!.hL...&.......!w..E&z.A}...sb%b.q_..........x..-......a...........i
h].of&:4..BG..4.2.z...j.6.Y........5c.V....L.H|~.< .y......>W...
.S.....7!Y.........R.Q.....V.......H.s<.0%.....]...qjb7.....[A...{.
.......J....IV7..l....4.Y..z.6....H.r...J.ri.........GG....m..A...#J.]
...~g.7...b.<..#.Y......O.............[..J(......yr~.....6......AD.
^.l..dD.4?..!......v.Q_..._..Lt.f.]...;K{..5..vs.l.i...i-a...e...{...}
.."e.Zh8M.......u/...5......1....6..........G.Ic............x....o..{.
.........y......2....y......G.n....?....2C....x..qQ.q.._X...U\...1...x
.......=f(I@!..x..."..Z$..;J`.=.....jS..K.Sp1 ...H.0..y.<V...).8._D
..D\..........|G..........[p'..D-....&(.u.....Fk....../."M..j..D....r.
7.&..Y.E.LG# .Y....T.^..?...z...o<Z..4..E.E...sR8.:........\...~^..
6.h.h.p.X.!.J..HH......B.0..A.?..G..R.t...M....x:..d ...cn...Vq.D.
<<< skipped >>>


GET /download/config/down.php?pt=bxk HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.yac.mx
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: ngx_openresty
Date: Mon, 16 Feb 2015 10:21:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.17
Location: hXXp://dl2.yac.mx/download/dl/yet_another_cleaner_bxk.exe
0..HTTP/1.1 302 Moved Temporarily..Server: ngx_openresty..Date: Mon, 1
6 Feb 2015 10:21:15 GMT..Content-Type: text/html..Transfer-Encoding: c
hunked..Connection: keep-alive..X-Powered-By: PHP/5.4.17..Location: ht
tp://dl2.yac.mx/download/dl/yet_another_cleaner_bxk.exe..0..



GET /v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.regok HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.52 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:19:03 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.52 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /dl/e/e3219d0df1ba54cad5dc95a74904ace4/uolbig.png?1423707463?width=194&height=97 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img3.clickjogos.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.6.0
Content-Type: image/png
Content-Length: 66429
Last-Modified: Thu, 12 Feb 2015 02:17:43 GMT
ETag: "54dc0d47-1037d"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Accept-Ranges: bytes
Cache-Control: max-age=2272400
Expires: Sat, 14 Mar 2015 17:32:45 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
.PNG........IHDR...3...........R?....gAMA......a.....sRGB.........PLTE
FC3vy4......$".|}0py1>8,vy-pv**("42)2-!js-:7.{~9u.2,..C<0%..nr%-
%...7gp&</#rr1...`R@6 .YK9GB9RF4L?.....y]A7&...qeN &...a(/..s]...&l
t;?7@%..pTcZF.nHn[DvjY.wHS/....*/ UPD.fC/:...fj^M7%.NI?.vE..mdi#...I%.
..U..Zs>.L5'{.9mP8yQ6zhMy^AF1..wO.|g"....>ecY.g;1...|UZE*ZXM}J$.
uV..s..r.V5g7....eE2~d3..rsE,.'$.lC..H..^mh)K(...[..TX: u[ ..g.|?8C.CP
..]D`Q0Y/".yR.c5.....V..g..`fH!`,.[<..lPM?.~r3..b..m=E..q5[d...|/74
[email protected]'.......jE...IQMf[9.x6HO'.W'..CUX(xvi92...Od[#..YM^.j
8).....}.....hZd-.V;.wA.:...Hqd8..j.P'..s.....hU ...w.y_.I....l.!yn&..
.dl7.Y6....E1.........UX\UL.mje._)..M..7...2>D.....R..8../.....O..w
[email protected]..,......[u.r.".uH...s .._>....R....BK]....A.Wjb..dnxZW`x..C.
q)..\..9;df..P.....\..T..E..3..w.b*mq...2..^%IY..iw{.....:Eb.t..H..?u.
...Q.-F.\U..d.....!....h....5....tRNS.......~E.......IDATx^4z.XSw.....
qN..&...!!.......$|$..z2.DrC ..I..th...N.'8jk...4.S...N!S.D2.....ZjK..
vh.d.....l...O.w...........c.$o.............L/./...fo4. ... J`..AL.._.
..D.....b..o..k...G ...=...F.Je...%....w.....{G.._.. .?...7.t.;Y..KInn
.v.Z..m........\&.....v..xq.@. hg)wk I...${/.Uo.....}...VOM.>EP..5m
..%{...z.KI.|H)...vy1\...tb.iN.$)..;I.$.!....&'....T.b.\[\,Bju.Mu.....
MH......*su.A\.Ehqz<T..qtd".3....X.Ju...T?......s.......Vo4:...GQ..
..MD$..1....Rq...j../C.....W.h......Uj..(.#}.;v..].;..C..|.._.u.x.....
,..J..p..m.,....N...._`........"......K...e[?yzW5..`...w...1a....m...`
.S..o.X.KIQ<.<H..tK........3.J..O.H.3F.I6.......\.y..E..Z...
<<< skipped >>>


GET /MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: vassg141.ocsp.omniroot.com


HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 1765
Last-Modified: Mon, 16 Feb 2015 10:08:49 GMT
ETag: "b462b8ebbdae6f3f7150e486ae1e15c43def9c31"
Cache-Control: public, no-transform, must-revalidate, max-age=339539
Expires: Fri, 20 Feb 2015 08:38:25 GMT
Date: Mon, 16 Feb 2015 10:19:26 GMT
Connection: keep-alive
0..........0..... .....0......0...0..........[us..Ni......f....2015021
6100849Z0w0u0M0... ...........]d...N....P5....0...l.|[email protected]./...
.j3."d..Ii...............20150216100849Z....20150220100849Z0...*.H....
........./:..f7{8..F..g....U1....\O.2....B.!./../...,Fs...fd(.QA......
.)...g..t....vm....G..0...h....Y................[...].....}...U..z..pN
....CB2.....$....F^........s.~.?O......."...".#._T....w..},29G........
......'..4X...X).D.f].."...J..p...R.........-.&............0...0...0..
.........=......Ri..\..(.{..0...*.H........0..1.0...U....NL1.0...U....
Amsterdam1%0#..U....Verizon Enterprise Solutions1.0...U....Cybertrust1
.0,..U...%Verizon Akamai SureServer CA G14-SHA10...140410115548Z..1504
10115548Z0..1.0...U....NL1.0...U....Amsterdam1%0#..U....Verizon Enterp
rise Solutions1.0...U....Cybertrust1806..U.../Verizon Akamai SureServe
r CA G14-SHA1 Responder0.."0...*.H.............0.........f..).1.......
......Z.45..l. IB..r`...f....h.....h..._i'...J....|.c....E.D0bg.b.v...
.......:Q....W._U.w..3....i...k........t.....m.CO$..j@.....>..Q.m..
....1/Z.r......L..a.n..;..KoIY.......fk{..c..d...IU.......zy.X...zp...
F.1..F......b...Z...=9.o...N.fL.%Z.........H0..D0... .....0......0L..U
. .E0C0A.. .....>..0402.. ........&hXXps://secure.omniroot.com/repo
sitory0~.. ........r0p06.. .....0..*hXXps://cacert.a.omniroot.com/vass
g141.crt06.. .....0..*hXXps://cacert.a.omniroot.com/vassg141.der0...U.
..........0...U.%..0... .......0...U.#..0....l.|[email protected]./..0...U.
.........[us..Ni......f..0...*.H.............Fk:..%..H.:.|P.;..-3.
<<< skipped >>>


GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=529956, public, no-transform, must-revalidate
Last-Modified: Sun, 15 Feb 2015 13:27:54 GMT
Expires: Sun, 22 Feb 2015 13:27:54 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015021
5132754Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150215132754Z....20150222132754Z0...*.H............
....TS.,..?.<:`m...uY..Xv...O..R.2.Wc{o.#."..Z..!.0'.....~p^.S.....
."..S.v...D.......(..g....W... .u...J..~7 >...x.h..........(?...e..
...[.1w...n.x!.YU...3...pMG..6..l.?.\.h.7.-.m.#..z.t......(....Y.S....
.K.n.<..&..W.....\?...<*Xm.....*.....p(...2.[.1>..8{2....0...
0..}0..e........:}0...*.H........0B1.0...U....US1.0...U....GeoTrust In
c.1.0...U....GeoTrust Global CA0...141201130534Z..151216130534Z02100..
.U...'GeoTrust Global CA TGV OCSP Responder 30.."0...*.H.............0
............\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T
..Y. syd.....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X..
.B>x..............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....
>.|'....o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S...
..........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%
..0... .......0...U...........0...U.......0.0!..U....0...0.1.0...U....
TGV-B-2830...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..
dS.L...Dk$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].
....j*.r(7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i
.H..f...v.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. .
.....i..%......
<<< skipped >>>

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6eA== HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=485219, public, no-transform, must-revalidate
Last-Modified: Sun, 15 Feb 2015 01:02:53 GMT
Expires: Sun, 22 Feb 2015 01:02:53 GMT
Date: Mon, 16 Feb 2015 10:19:29 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015021
5010253Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:x....20150215010253Z....20150222010253Z0...*.H............
.~[[email protected].....#$.......u0....a..s.....I(C3.dT.H^.....Yx.c...46...7.
...r.>.5.!N(n.=.{.c..........!.7sV2R...........!S.j..........k.'...
-, .......<t..U.....j.|[email protected]..
...:.O.......)[email protected].|u.{pn..yoy=...(...V.....0...0..}0..e.
.......:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U
....GeoTrust Global CA0...141201130534Z..151216130534Z02100...U...'Geo
Trust Global CA TGV OCSP Responder 30.."0...*.H.............0.........
...\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.
....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x..
............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'..
..o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S............
.0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... ..
.....0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-283
0...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk
$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(
7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v
.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%
....
<<< skipped >>>


GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 04 Feb 2015 20:30:01 GMT
ETag: "2015b-6ca-50e490d4402ee"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Mon, 16 Feb 2015 10:21:06 GMT
Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..150204200915Z..15050
5201415Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H.............Xb.F.M4hYy.h~...2.... .. ~.A4...F...gyQ.....:_..g.|
<<< skipped >>>


GET /pixel?google_nid=lotameddp&google_cm HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/xbbe/pixel?d=COmvGBCUmxsYu8XYAw&v=APEucNWv3qQwKXGn9CemT46FcVnBYbOhla7GGDsFVVqUhj-RfQqYaVKMGQGcmrkasDqinvyfcbtISl6-zilKufG5jlb4G65nB2RI1rUS0rDyNoI4XpPsDpQ
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: cm.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://bcp.crwdcntrl.net/gmap/?google_gid=CAESEJQ7Crt3Zloia91zfQ1vCFo&google_cver=1
Date: Mon, 16 Feb 2015 10:19:29 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 284
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://bcp.crwdcntrl.net/gmap/?google_gid=CAESEJQ7Crt3Z
loia91zfQ1vCFo&google_cver=1">here</A>...</BODY><
;/HTML>..HTTP/1.1 302 Found..P3P: policyref="hXXp://googleads.g.dou
bleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo O
UR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Location: htt
p://bcp.crwdcntrl.net/gmap/?google_gid=CAESEJQ7Crt3Zloia91zfQ1vCFo&goo
gle_cver=1..Date: Mon, 16 Feb 2015 10:19:29 GMT..Pragma: no-cache..Exp
ires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-rev
alidate..Content-Type: text/html; charset=UTF-8..Server: HTTP server (
unknown)..Content-Length: 284..X-XSS-Protection: 1; mode=block..Altern
ate-Protocol: 80:quic,p=0.08..<HTML><HEAD><meta http-eq
uiv="content-type" content="text/html;charset=utf-8">.<TITLE>
302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved&l
t;/H1>.The document has moved.<A HREF="hXXp://bcp.crwdcntrl.net/
gmap/?google_gid=CAESEJQ7Crt3Zloia91zfQ1vCFo&google_cver=1">her
e</A>...</BODY></HTML>....
<<< skipped >>>


GET /cdi.asp?st=bf&uid=302894767&tuid=3090520&sref=TTV_18-4N_0_ie_extra&bundles=TTV:1|IMI:|V6Y:1|SSC:1|WEX:|CLX:|PMD:1&bld=18IJ&cnt=ua HTTP/1.0
Host: data.infopackinst.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDACDQTBDA=LHKCLFNAJOPGJIKCPJJBCANA; path=/
X-Powered-By: ASP.NET
Date: Mon, 16 Feb 2015 10:18:40 GMT
Connection: close
150216:193.138.244.231..



GET /v4/sof-installer/267123711_198339_B48A115F?action=ild.installer.istartsurf.ient HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 Feb 2015 10:19:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.76 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 16 Feb 20
15 10:19:12 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.76 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /thumbs/1/18/10/34396475.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: i4.zst.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 26832
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Cache-Control: public
Date: Sat, 14 Feb 2015 12:47:42 GMT
ETag: "547bc05a-68d0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Mon, 01 Dec 2014 01:11:54 GMT
Server: nginx/1.6.2
Age: 163906
X-Cache: Hit from cloudfront
Via: 1.1 88c3300633007ac43ff4c388c0de8609.cloudfront.net (CloudFront)
X-Amz-Cf-Id: nSqmNnouELF2q9cJVf5oEiAuPvyJEqmd9wyEun1OyFrU0TmHUDf4lQ==
......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), qu
ality = 75....C................................... $.' ",#..(7),01444.
'9=82<.342...C...........2!.!22222222222222222222222222222222222222
222222222222......3...."..............................................
..............}........!1A..Qa."q.2....#B...R..$3br........%&'()*45678
9:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................
......................................................................
....................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'
()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.............................
.......................................................?...(...(...(..
.(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..
.(...(...(...(...(...(...(...(...(...(...(...(...(...(... ...u.....|P.
......m..3.&.....;...5.......|....J.......C....?.|[email protected]...~>xo..
.~I.......=..|-,!2I..N..rOa[.....6".}.........5J..kO.V..#s..........$.
.......?..>.....]|..I$.$..Bp.FN~.....:.e8*F.4.d}.~=h....~I......Z..
.j....u....Z..\.O.I..H........=..z.?..U......?.t^.z....]xL6.m........x
.O.S%.D"....=.......J|......[......F...MW.O....y..Z.....u.GNUd....h...
..w.E5...a.*.(@...._..#*XJ.Wh....I.m.~I.......W..j.....u..V.....n.....
UzV...(K.[......K...mO._.........>.....]x5...=.......>.....]'./}
7..../...^.E.@{../};.}.?....i..a..>.....UxU.X.u?..;[._....T........
./...^.E.{../k/....%......k>.j?.....^.E.{../kO....K...Q......x.
<<< skipped >>>

GET /images/tv-led-47-smart-tv-lg-cinema-3d-3-hdmi-47lb7050-photo29126535-7-25-35.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: i4.zst.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 4552
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Cache-Control: public
Date: Tue, 10 Feb 2015 10:26:37 GMT
ETag: "5450c0e3-11c8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Wed, 29 Oct 2014 10:26:43 GMT
Server: nginx/1.6.2
Age: 517971
X-Cache: Hit from cloudfront
Via: 1.1 88c3300633007ac43ff4c388c0de8609.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 1y2ZHMeH59GpBTBpD_5UUsSZJHbv9FzsgXphLhf1LC3_S6Pf1FmEOA==
......JFIF.............C..............................................
......................C...............................................
........................n.n.."........................................
..G...........................!1..A.."Qaq....#R..2rs.....345Bfu.......
..................................2........................!1.A"a...2Q
....Bq..Rb...............?..=....CCCCB..........u$.hB.CL...~...o...m..
...h!#.g..7.....c....j. .n.j....a..RXV.CT.q.Zx.d.._.[.:.Ak....I.......
.t...v..7U.......*...O'?.PG!....c...izJ, .......qGs^..o.].a....y...S.h
. ? F~.F$.'.....K.x..j.....m.~.d...h.V.#wF...'.......H$d.(..Z...g/.^,.
...%.x.....%.....E..9p|..A...k.......{.mm.....J{},[email protected]@........[
5.......W.#.5u|t..{.*..3.......V.bp.....C..8...u...h..C,....Q\.$l..DA.
. s.o...&h....?Ft.7/.'#=........E...U..{P..}..;..l.X'.......S.!......)
..^.u..5.o.i...f.{Em....C.J-6.eUGUu*..2.2. ..j._x.{..b..[.@.{....@%.c"
..h.....'=s...IKQtvy%i.P.y[=.@.'...}......N..V.u..........{.....*.. ..
5............[[email protected]?_....M.{}....4k.........p.........!.
..W......as.$.U...1..n..nvS...p..2.~..ZT.O...8]|......H.....n...`.....
..K...9j..x.T.i&YU...lu.S{V.V..7.Y.e..S...|:...^.v.Ap2. .ge&...>>
;S&NQQ01..t...jx..C...[..okh.......f......3.:...c.r...9....h. u...w.^.
...Y.....4..OQ......I..O. .,..yX...k...o.nw..........vIX..;7.:........
$. '..}..*.{&...*S.6....?~..X.....`[email protected].
..../.8.~[r....k...'.........z..HyX .R...K..XS.".@%.\...k.....S..a&P.F
Nb.......{.[r.z...x........N;[email protected]`.yM..y..d..a...c....|x'|..
<<< skipped >>>


GET /css?family=Open Sans:400,700 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css
Timing-Allow-Origin: *
Expires: Mon, 16 Feb 2015 10:19:23 GMT
Date: Mon, 16 Feb 2015 10:19:23 GMT
Cache-Control: private, max-age=86400
Content-Length: 186
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.08
@font-face {.  font-family: 'Open Sans';.  font-style: normal;.  font-
weight: 400;.  src: url(hXXp://fonts.gstatic.com/s/opensans/v10/cJZKeO
uBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE.eot);.}.HTTP/1.1 200 OK..Content
-Type: text/css..Timing-Allow-Origin: *..Expires: Mon, 16 Feb 2015 10:
19:23 GMT..Date: Mon, 16 Feb 2015 10:19:23 GMT..Cache-Control: private
, max-age=86400..Content-Length: 186..X-Content-Type-Options: nosniff.
.X-Frame-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Server:
 GSE..Alternate-Protocol: 80:quic,p=0.08..@font-face {.  font-family: 
'Open Sans';.  font-style: normal;.  font-weight: 400;.  src: url(http
://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJM
gTvxaG2iE.eot);.}.....


GET /css?family=Open Sans:400,600 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css
Timing-Allow-Origin: *
Expires: Mon, 16 Feb 2015 10:19:28 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Cache-Control: private, max-age=86400
Content-Length: 186
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.08
@font-face {.  font-family: 'Open Sans';.  font-style: normal;.  font-
weight: 400;.  src: url(hXXp://fonts.gstatic.com/s/opensans/v10/cJZKeO
uBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE.eot);.}.HTTP/1.1 200 OK..Content
-Type: text/css..Timing-Allow-Origin: *..Expires: Mon, 16 Feb 2015 10:
19:28 GMT..Date: Mon, 16 Feb 2015 10:19:28 GMT..Cache-Control: private
, max-age=86400..Content-Length: 186..X-Content-Type-Options: nosniff.
.X-Frame-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Server:
 GSE..Alternate-Protocol: 80:quic,p=0.08..@font-face {.  font-family: 
'Open Sans';.  font-style: normal;.  font-weight: 400;.  src: url(http
://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJM
gTvxaG2iE.eot);.}...



GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?3c306ce4ed367e41 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 12 Sep 2014 18:47:05 GMT
If-None-Match: "805a83f2b9cecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 23 Jan 2015 02:29:11 GMT
Accept-Ranges: bytes
ETag: "803565fb436d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 57591
Date: Mon, 16 Feb 2015 10:19:56 GMT
Connection: keep-alive
MSCF............,...................I.................6Fm. .authroot.s
tl......8..CK...<T...g.v!M.d..f.%d..}K..5......dM*K..J.,%K"...!..=.
k..........{=/....{g.~...............'....6..N....w......(.$.>.7...
........'.....`.bx....^..$.'.^.K.C......<[email protected]
.....usXq.d.i.jF$.4.........KI.Q........A2m:..E.P|...(.^p..=G|.....m..
....  .6...H.e.....X'...%$r.Y.(..)........|...;...V^r.VM.._*X.I. ..4..
...*.....Y..`.0w.u...c.i.[..-...x..<.8.<.p..,..y.[v.Yn`......!.s
...4e......B...$.,..........w.Pd.)....,..#.%..h...8...`.A...8.i(.!.$/.
=.....i.\X.H......"...a...k...y6....F.._?\*.&..3.AJo.!..`....9....=.p.
u..u....f.f....w...?..S..I.;.....5._...F.f..G?$......."..kq.y'.6tJ.e%.
.G.n.....z<.pX"....1..g."........V:.H.-...!}LM..t..-.y.j&...n{..-.]
H. .....A.O.Xg..B...#[email protected]..*.....T...}o._./S..h@$
[email protected]..#.:?."....1..v.....&G...?O1x6"5.@..$.U...n.J...w
.Y.{..........E.N.&...&.rC..W.....M.........,.e.....&eI(/eSO.B..K...R.
 [email protected].....(..Y./;-..M5.0.H2.y....:...........a.U....%.S.).^.
...1.B..a..=...q...X .B....F.../..../.Z...'..t....C....,.^...N=..t%N|I
C.#.)6...q.E.J.i.E.>....".L........>...Vy.7.jxx......G........._
q.1^..H&.4Z......^.E.K 9.Xg...qO.6%>..T....;n..s.'u.-...=.........p
..p.Rn.........=.......F........d. d.AR.0U..........9b...=N..#....c.Ic
z......u.0............Y.q..b.wYE.......R...s..W....r].....hT....k.g..[
...s.....X..`=zb.>..../..=........J.N.h...(}.5.7. .;..=F..F...'.?..
2...3...=...B..`....{...f.`Kb..@..`Z.0!^8.t..<l.j..lI.P.q.>k
<<< skipped >>>


GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6Yw== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.geotrust.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=382325, public, no-transform, must-revalidate
Last-Modified: Fri, 13 Feb 2015 20:27:49 GMT
Expires: Fri, 20 Feb 2015 20:27:49 GMT
Date: Mon, 16 Feb 2015 10:19:28 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015021
3202749Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:c....20150213202749Z....20150220202749Z0...*.H............
.~ `@....4.h..3...b{TL..l........aY....k.....).#.j.F.......}.h...X0eBx
p.B..X...n.a.?.,~... 3..ib....W./..Lt...d`.i..u.=l..:D..rJ."RT.}..."..
..H...Q..S..k.....t...<ov*.......rW....E.. .Y".BJ....e.88.W8U[..o].
.ZV_9P...,W.,..C........9pS.#..t.k.....#.Q,$.$........0...0..}0..e....
....:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U...
.GeoTrust Global CA0...141201130534Z..151216130534Z02100...U...'GeoTru
st Global CA TGV OCSP Responder 30.."0...*.H.............0............
\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd....
.x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x.....
.........6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'....o
...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.............0.
.0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .....
..0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-2830..
.*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk$a.
..nR9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(7..
.=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v...
..\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%...
.
<<< skipped >>>


GET /pagead/ads?client=ca-pub-7019091094896260&format=728x15_0ads_al&output=html&h=15&adk=3318342544&w=728&lmt=1424081964&channel=0894689340&alt_color=ffffff&color_bg=FFFFFF&color_border=FFFFFF&color_link=003399&color_text=000000&color_url=006600&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081964302&bdt=490&shv=r20150210&cbv=r20141212&saldr=sb&correlator=4023535356706&frm=20&ga_vid=1811958267.1424081965&ga_sid=1424081965&ga_hid=112016769&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=thread-000008b4-id-00000000&dfs=16&adx=32&ady=226&biw=792&bih=554&eid=317150304&oid=3&rx=0&eae=0&fc=24&brdim=4,42,0,0,1683,,800,600,792,554&vis=1&rsz=0|0||d&abl=XS&ppjl=u&fu=1024&bc=1&ifi=2&xpc=n4sAAB5Bsq&p=http://VVV.baixaki.com.br&dtd=487 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 16 Feb 2015 10:19:24 GMT
Server: cafe
Cache-Control: private
Content-Length: 1535
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
...........Y.r.6....3.CSI..jA.I.].u....E........D...F?....~I..TlG....}
.%.....=.=.H.H.l.......kF..`..G)Ky..]...4....)[. ..} `"j.p:3JA.H.q....
....%).!;.d%k...CI...H0..&.h$W.fjh.0..$5.AD..9....=.^.......>.!{..i
.a.........m..,Z......?B.y..?.....2..t.......~..Q_ N39@.>T2...P.KB.
......0...xm.a.........r}.}..F>...\y....c...&a.......8M .XF..v,e...
.b.....O.p#....`.{{:.......!.a.d...I.(...8...H.L...<..a....Q.7 .$..
[email protected]........^]U.A.@&...$.
..Z..jm...]5..t[n.>.........5aDr.R-u.....)|..kAh*...(.a....o.0.z.*u
{..O....E..d0L..=A..u\[email protected]}6.P-.W..,...[A..Pe.[.-.......z.m
...&$....!..YEV..X..&5Ff..e../../M.M..Ib.Fl{...&..ZX.K..TjL..bP.... .D
vh.O.Q.d.Q9X..8]...<A.zBd..R~.B..8;.|.%[email protected].......
...M./D.....b....v.....E0I..v...:]./.. #`.Ui.{.}.H}?-.%.%.n..D....z.[.
.%...........].HP`$..:f...s ..N9'.J. ..zM.i....;..k..p.T..M...;......D
;...)._.Ab...K..D.kW..8..Wv`.:.v.y.B..~.N2.. ..ILcR..l...&.kE.u..F..:.
1jZ&.......RU#M....<[email protected]#....../.v9..c...........g.n...u.U\.?u.<
;-7.q.....X...MJ...\..,.g`a</T.U. ......*C ..p8j.....*..Qt.h.......
i.4.r...b)t)....V....P...\g.(.U/.......v....6.7..,n.[....<...b33..7
.J0.F.>:S....g<x.v.........yG....M.......^..<...~\.Z0q.b..2..
C......X../.....et:I...w...|ru.....m.|4.......a......V..U.`.>.2?...
Ww.......{....K.z..X...7o.....b4...=.].%Z.........w{.v~.p.N....!.9.e..
l........i........S..N.gg/Q.[Pk....UD.......u....n....Wo..x5t....U.W.Y
..O......}.....Q..wl.c......?e.....5..S=.\.D.b.z.a..t.j.......!.J;
<<< skipped >>>

GET /pagead/ads?client=ca-pub-7019091094896260&format=728x90&output=html&h=90&slotname=2838063472&adk=3718522017&w=728&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081966441&bpp=17&bdt=156&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=397520784.1424081967&ga_sid=1424081967&ga_hid=938764724&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=24&ady=136&biw=776&bih=554&isw=728&ish=90&ifk=3993913476&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=28,178,0,0,1683,,800,600,728,90&vis=1&rsz=0|0|om|&abl=NS&ppjl=u&fu=4&bc=1&ifi=1&dtd=111 HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 16 Feb 2015 10:19:26 GMT
Server: cafe
Cache-Control: private
Content-Length: 11532
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
...........}.s.H.._...ni.1.[j......l..(...H..06....u...{..F|....FRU...
..*...d.V8.9.V......:...[..;._.o.?...t==S0z..]....o ..........w{._Jc.Y
..{[email protected]_. .......C.3.....(X..'c......%.!k.a..
...1...]f..^..}.g>...>L&o.N....<..d~.....a$....-...A..$......
.1.|...a.........9vv)..z..r...@{N?...=h......K. .,k,...F.v..^.wn......
hS....g.N'p2......%t...( 1.rr..5.k=.:sH.MW7..h...Q...h..Z.gT...6E..T&.
A|:S.C....F.}.[...'C.FQ.........QV....<...sn"..Xij..:.F.....z...Bx.
....E.n.(.y?.E..U.|QH9.c.e..n...L......p'.....,!.....5.5.lR...?...3m..
...n..~z/.f^p......L.Ay..`sX^...B. ....k..6\.... m.n{..Gz..._... .{l.4
3Z.ofe.....JQ/0.....D..5Hy.o..=b.*.v4[..5..ai.\...).u.,hZk....a.. .#..
..N4.\0.o...r*lN/....d..Z..y.........!:.......`..*..Y....4,..~....~...
).y|f.....e.thD.#....)h..~.l..G9k. ... .A...l..s~.q.s...Ff.......m;l.f
....Ig./e..2YU....f...F...Rh......L...F.?6....N.R.T.....-.0..}.>v..
....K......../.U.S.:o.....,2V)x(.U9...d(.<..:[email protected]=?....
%.U..tH.$ &L d....].......i.3n......L..7./.q.v...$.#}.....o.z......~|.
T...j-k........0...j...\.k..l.n{~.....A..b;8$(p..-m....\F.$*I..jPp....
 .TEb.1.:..n.....m..]...luj... p.U.gH.k..N.f...v.?....Y.pH........1..:
..../......}..^..prU..7..o.8V...u..e'O7......)j.5r...R.%._.R..x..h[;,.
.Q.....)M2y.|......q..V.};..L.p.|....}E..-...........T....8.._1. ....&
lt;..I5.s...N.uE..5O.R..D'....g.g..`.....<r.....*........3...c);*..
X|...................OP..0...Y'S..N...,c.._.6.?....&l.hW{.o...b{......
..i.OH..w..b..d....P..........,[email protected]..'.O..S.O..W.
<<< skipped >>>

GET /pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081966864&bpp=1&bdt=54&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=1261287858.1424081967&ga_sid=1424081967&ga_hid=1984809558&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=109 HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 16 Feb 2015 10:19:27 GMT
Server: cafe
Cache-Control: private
Content-Length: 39379
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
.............z.8.6.._...v.2%K..N.0....Cl'.c....(Y.%K..X..s...wcg......
Nu.~.....X$f.........w..._jE..........G.C...~.\./V...N......a..[..W...
m{..|.0......1....~AT.T..x.(..... .m....r.C.x.e..gG...l.q8......7K.j7u
..\.n...c. ....v8.X.b....=.C?..C...fe..R!"Q..............J.?...0......
.......v.....%..M.-...C.&.-...../.K....Qk~^....l....%..A....b.....=..6
.`...... ..5^.f..&n...{...jq0..&aQI.....~w..Dh8.4..`S.D0.R...-.~......
.....j.^%d...E.!.E.......G.p5....;.c`w,g..N..N.[.xY].\..........x.=e.1
.d...5....O.m.*)......9.......k..|.fCx.......l..F...w:......X.a..:.)..
.c..b:8`0G..~t&...E@...........`.Qg.........~..K..Z0.Kcb....c...Q..N..
.E.t.Kv3?.C.3..........c..`..........z`@......=...) ..U...T.#.....}...
..^.j:..l8...}.A.......}...A.ch?N.;....(M...9..^....YX...].8...V.?....
....Af..\8..pw42...L-.i.k.V..#^A.......M...Y.].......~...f.<h...y..
a....i..M...{. [cg...............x....... ..Vw.S.F2;[email protected] V...4.[
../h.p......8......U..50....uo....N.......t3....'.O7.OLaL.4..:...Dh6Z.
...x..Rw....?S3......`|T.Pz05'.L.V.....7............q....d......l.D.y.
.-<|j."?..0^[email protected]*-..H.c....i..........n.Q{.~x
!^.04N..GQ?.i.TF.v3..?......a....IX...t.a7.]^"....BC...Z.yBn.. x...M.#
tY.....$..GUnp2r.%..'/78i.!.b.......Y.....Z.W...$....|..;....U,......%
.W.......N.<`.s53.?.[<..GHR......r...}b.CF..L'=I..$e..t.....^]..
rE.Fs2..s...|..6.&.w.F6..G.....c...5..j...ZK.Ho{F..].K.d.H.....(=.....
 .Q.4..........%....!8...Y*....8....xU...>.=$yQq........WJ..o92v...
2.k......O`.......@[email protected].....&...&..$..m.C...7..h.?...
<<< skipped >>>

GET /pagead/adview?ai=CugQsLsThVKrjI6H_7QaftYDADo61y94Flu6b9McBwI23ARABIABgpZ6khpgjggEXY2EtcHViLTcwMTkwOTEwOTQ4OTYyNjDIAQmpAs2AMRWJvoE-qAMBmAQAqgSNAU_Q9pP-bBP84TdpTkHgmDwH8MxOob5yhVhzm-tg2csGnmh9PR7NVfcg6LZmz3SMhJPdLR1XbveetueYDl36Qu09a013y2N8BqQ_Tdf20UJMPvlqUQ6V4cSQoDZAenF2GE-KRFKZVOCPIJuV2VZgCWL-H4ISsSuoQU5MO0MAdz0KJG4EZYP8ULu8KX9FuYAGzoHh86ujoLggoAYh2AcA&sigh=2caWVStwP6U&vis=1 HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 16 Feb 2015 10:19:27 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
....


GET /pagead/drt/s?v=r20120211 HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081966864&bpp=1&bdt=54&shv=r20150210&cbv=r20141212&saldr=aa&correlator=8754882170701&frm=23&ga_vid=1261287858.1424081967&ga_sid=1424081967&ga_hid=1984809558&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1683&u_ah=857&u_aw=1683&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1683,,800,600,300,250&vis=1&rsz=0|1|om|&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=109
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4

GET /pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=9705731878&adk=3597687593&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1424081967332&bpp=31&bdt=77&shv=r20150210&cbv=r20141212&saldr=aa&
HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 16 Feb 2015 10:19:28 GMT
Server: cafe
Cache-Control: private
Content-Length: 36414
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.08
.............v......?...r.2%Kr.J.0.n.;n.8...^.`...(Y............9'..ld
;U.....Z.b...............A...{.........Gw.....r........}....#..[..W.1.
.3.D._...\.....E... .T*...].u..Qg..6..I....n._.Q.w.vgl6.8........%fw..
6p/./...5.....R'.G,.0..h...Q.MF...E..i.......X.....p4..Xg%..E.N..x....
.......N..n..%..M.-...C..S-...`./.K.^......6......_[Hb..^....BC..(...o
B....=H.P..k.0...M..-1......`.MM...../....8(..p.il.....`..Z..[..&.[..c
......v.J..;-..F8.m>..N.2....V.F..5.[N.vG.......h./...k.N...!.=.&.@
O.fL...O.5......:>TR.a.h{.r..9..^w.........`wp....8..$.M.v;.&[...J.
..u>R..]....tq.`.....L.3......1.1......t.b...:...3K?...a./...1..e .
.3WoX.....8.J..dW..:$<.....lY?;Z2...&...............vni........~.h)
L.02.n..7...z..KU.}7d.q......o48..].......#.~f......i.F.,8....7.....?N
...O.Zi..f/....m.2.......{....tfja_3=S......r.{...(hR-..........\.]`x.
[.AK...3.K/.~*.f....[....5q.|(....-.A}..\..7..o....Ql0...l...4k .i..k6
......B..EK....wy..9...M_i.g..w~.szK...K.l.t*.O.0].....o,..~z.~b.c&..v
....'B....4..kA!..O ..35...=0I..G....Ss[.....1g\....p....?\..>.|Z5.
f......vL4..o^..ng..a0.....k...F.7.f..2r..\.. .t..QiIEE....NiN.<..u
............S.R..q .$..!L#.2nw........:....P.K.j.D...zq.J.h.g.....oj}.
..!...%.46a..eUnp.x....U...............|.. ..\...I.^Zrh.^....H..7.A<
;.t.P.V.(b^....H^.S...$68.............d.C.....np..m...&0d...t....LR.yn
......[.$. .5..i..P.t.#...4...5..H>*<.7....e..Z..."k-.#...%^w.).
.e .L....t.wQ...,D....6..rk..J.......`6.g...>..$Kj.....a..o!......?
1u.....9..#..`}*.....H.........r..H.m...d....v.~.DB..@6)...C... Ig
<<< skipped >>>


GET /?gfe_rd=cr&ei=FsThVISHE42u8web64DoCQ HTTP/1.1
Host: VVV.google.com.ua
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 302 Found
Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=FsThVISHE42u8web64DoCQ&gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=94181119bf921a5a:FF=0:TM=1424081942:LM=1424081942:S=EUxKAyL5c4F1Pp0c; expires=Wed, 15-Feb-2017 10:19:02 GMT; path=/; domain=.google.com.ua
Set-Cookie: NID=67=jxRq5FOvTRFUg1bRXwxsMtXPmpQU7yjnBH69fBD2MFCrV31pcZdfGm5szNCYYg9vA7lWlOPOsVoiLk8TKXMNSzyj1uzw7Uh5F4zqKVs7axox8bqd5cBMlQ4P69lhUjnr; expires=Tue, 18-Aug-2015 10:19:02 GMT; path=/; domain=.google.com.ua; HttpOnly
P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Mon, 16 Feb 2015 10:19:02 GMT
Server: gws
Content-Length: 278
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.08
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=FsThVISHE42
u8web64DoCQ&gws_rd=ssl">here</A>...</BODY></HTML
>..HTTP/1.1 302 Found..Location: hXXps://VVV.google.com.ua/?gfe_rd=
cr&ei=FsThVISHE42u8web64DoCQ&gws_rd=ssl..Cache-Control: private..Conte
nt-Type: text/html; charset=UTF-8..Set-Cookie: PREF=ID=94181119bf921a5
a:FF=0:TM=1424081942:LM=1424081942:S=EUxKAyL5c4F1Pp0c; expires=Wed, 15
-Feb-2017 10:19:02 GMT; path=/; domain=.google.com.ua..Set-Cookie: NID
=67=jxRq5FOvTRFUg1bRXwxsMtXPmpQU7yjnBH69fBD2MFCrV31pcZdfGm5szNCYYg9vA7
lWlOPOsVoiLk8TKXMNSzyj1uzw7Uh5F4zqKVs7axox8bqd5cBMlQ4P69lhUjnr; expire
s=Tue, 18-Aug-2015 10:19:02 GMT; path=/; domain=.google.com.ua; HttpOn
ly..P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/suppo
rt/accounts/bin/answer.py?hl=en&answer=151657 for more info."..Date: M
on, 16 Feb 2015 10:19:02 GMT..Server: gws..Content-Length: 278..X-XSS-
Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Prot
ocol: 80:quic,p=0.08..<HTML><HEAD><meta http-equiv="con
tent-type" content="text/html;charset=utf-8">.<TITLE>302 Move
d</TITLE></HEAD><BODY>.<H1>302 Moved</H1>
;.The document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd
=cr&ei=FsThVISHE42u8web64DoCQ&gws_rd=ssl">here</A>
<<< skipped >>>


GET /infv3/index/2507/bnd/6.3.76.1518/ed8e7a2c3c3d57fa0799857417cd7bdb HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.inisxriy.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 16 Feb 2015 10:18:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.14p1
Location: hXXp://VVV.inisxriy.com/files/zip_r3/2507_d98918ad4ee11960d244725a02510abc/1.zip
0......


GET /files/zip_r3/2507_d98918ad4ee11960d244725a02510abc/1.zip HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.inisxriy.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 16 Feb 2015 10:18:37 GMT
Content-Type: application/zip
Content-Length: 2167526
Last-Modified: Sun, 15 Feb 2015 02:24:09 GMT
Connection: keep-alive
Accept-Ranges: bytes
PK..........NF_Z..............376.json3.T>VsU.f..[.:?..y....xL..@a.
.....w..sN.....^.9......~R..5.".k.w]..hdhl.d|...bI..{.?.]..A..k.S.....
.....%..!...<.M..M........vH.W..m.|7\.S.......X&.......5j..K,O....X
..s.?. .2.........C.J.W...g...z6o.a.....2c.....m..0.k...];.lq.....k\..
.....f.} .....4...%.P.g...... .<a.....c.d^).2.n..../...{r.'d..9Q...
!..u....>.X.t...@.......>.y=.3]k...W....o..u.\...4Wt.D..A.{.mc$.
...)..Y..!l.....O.S..Y!.'.OOl.....5-H7...s...W.?..?V^U....}..Z.K......
..[...?......F!...Z..>W~0M...m....;...?[m-.....F...J.(o?C..PK......
[email protected]~...``[email protected].
I.I...h......b......l.v5k..mw...2c..4..c..-j..4lQ..I....s.0 ........._
..s>....<...|....3*.a.`D.a.1./.....0.S_.f...y.!E......W.*l....7.
..........6..P\fH\.a.X^PxWPP@...}.W;.>?..lb...[Fbo. ..k...E...UJ..[
...RN|[email protected]}. .}.\[email protected]
..H<..-NA..i..).[.` k..W....^...g...(.cc......#.J.X.7...[X...a.D...
.n.N.Yw.. ..g...Ie...tx<.7....1.......p.bd...l...`'e.23...T...VXZ..
..P.0..Zo......{...{.M......7D.....a...c?......U3...A|...3...#E.sT3J..
..qf...f.h.B\>Em\...y...4{..'.pn....7... .m.r.{.42.z.i.B.:,~.E..m.A
,.p.j..9......v..3u.%.. .-.....L.}...}"}%.Z.A......d.s..Y....].|;..(..
qh....&....H..(..%..3........0....".'...}...o/_}...|.e..|......Ek.>
..!hl..pD...8u.6.>.#........!l.G..o.,{m... .#h...7..;...|...5^d...!
..z...u ....6.u...;|.^u..Z5...........(.A......?.........h...M.|R...r.
X.u.%...o..<B.....F...Q....m..o.q.(.".,.$v.8....0..%XB-".d6..{\
<<< skipped >>>


GET /pub-config/ca-pub-7019091094896260.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/javascript
Last-Modified: Sun, 15 Feb 2015 15:27:27 GMT
Date: Sun, 15 Feb 2015 22:34:24 GMT
Expires: Mon, 16 Feb 2015 10:34:24 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
Content-Length: 109
X-XSS-Protection: 1; mode=block
Age: 42302
Alternate-Protocol: 80:quic,p=0.08
Cache-Control: public, max-age=43200
...........H..O.I.O,..K.O..K.LW.U(..K./..&YS.P]......[P..kn`hi`ih`ibai
fdf....^.T\..........d...S.Zk.....Xl...HTTP/1.1 200 OK..Vary: Accept-E
ncoding..Content-Type: text/javascript..Last-Modified: Sun, 15 Feb 201
5 15:27:27 GMT..Date: Sun, 15 Feb 2015 22:34:24 GMT..Expires: Mon, 16 
Feb 2015 10:34:24 GMT..X-Content-Type-Options: nosniff..Content-Encodi
ng: gzip..Server: sffe..Content-Length: 109..X-XSS-Protection: 1; mode
=block..Age: 42302..Alternate-Protocol: 80:quic,p=0.08..Cache-Control:
 public, max-age=43200.............H..O.I.O,..K.O..K.LW.U(..K./..&YS.P
]......[P..kn`hi`ih`ibaifdf....^.T\..........d...S.Zk.....Xl.....



GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 23 Oct 2014 05:05:32 GMT
If-None-Match: "a2f3ff97eeecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Wed, 07 Jan 2015 06:02:43 GMT
Accept-Ranges: bytes
ETag: "88c4768d3f2ad01:0"
Server: Microsoft-IIS/8.0
VTag: 791450244700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 813
Cache-Control: max-age=900
Date: Mon, 16 Feb 2015 10:19:56 GMT
Connection: keep-alive
0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....mic
rosoft1-0 ..U...$Microsoft Root Certificate Authority..150106214825Z..
150407100825Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..
%..*..S.Y..0... .....7.......0...U......(0... .....7......150406215825
Z0...*.H..............vQ..r..L.Q.N..=#.......V;..r../\.m..<.."...F/
U....(:.....xm.....P.e.F..BE8......=...G....6t:...?...L..B.v..p.M.....
...z..Q.%J.6..I.......8...U. .g..=T=K....L..$w...^....y~..-a.'...*s#N.
o..Qs.$h..:duV'~....8.6..w..b3.... .~)...|.I.y".>R.nJq.ws...3.....f
}.E)\......EB.d\.2.....h...lMjT.7..lj.'lj.b....".L.Os6{[email protected].|7z
.. ......>..Q...([email protected]\]#..Y.*.......T. .C.....A'..
5FW.ETDvX..tE.....g5.....&..&.....x.^H;...../7..'9.t.I&<[.HX.j....Q
w......}...qy3..q`<.....LB.9w|....;..Qw..a ..=.C.:.........


GET /pki/crl/products/WinPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 06 Oct 2014 05:06:02 GMT
If-None-Match: "3e1c83923e1cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT
Accept-Ranges: bytes
ETag: "d2e35dc7e31cd01:0"
Server: Microsoft-IIS/8.0
VTag: 27948442200000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 561
Cache-Control: max-age=900
Date: Mon, 16 Feb 2015 10:19:56 GMT
Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Window
s Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p
............<.J0... .....7.......0...U......30... .....7......15032
0224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c
.{[email protected].^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo....
_...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..
A..fi.}& .x.v{TFP[.G......A......L.o...)R.......V.u..V.../.Q..(L.]....
.uki~......


GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 04 Oct 2014 05:06:12 GMT
If-None-Match: "58cddbea90dfcf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT
Accept-Ranges: bytes
ETag: "9a9a44d511bd01:0"
Server: Microsoft-IIS/8.0
VTag: 279252244600000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 550
Cache-Control: max-age=900
Date: Mon, 16 Feb 2015 10:19:56 GMT
Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-St
amp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#[email protected].. .
.5..0... .....7.......0...U......10... .....7......150318222600Z0...*.
H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-
....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q&
gt;[email protected].('..e...Y..Bo..q..........I....'....i>
..y:.eH@h`..\...UA.m#.~.. ;.3..d..;..<..........p..s..J..N `Az.....
[email protected]/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modifie
d: Fri, 19 Dec 2014 06:02:00 GMT..Accept-Ranges: bytes..ETag: "9a9a44d
511bd01:0"..Server: Microsoft-IIS/8.0..VTag: 279252244600000000..P3P: 
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR S
AMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Conte
nt-Length: 550..Cache-Control: max-age=900..Date: Mon, 16 Feb 2015 10:
19:56 GMT..Connection: keep-alive..0.."0......0...*.H........0w1.0...U
....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corp
oration1!0...U....Microsoft Time-Stamp PCA..141218221600Z..15031910360
0Z._0]0...U.#..0...#[email protected].. ..5..0... .....7.......0...U......10
... .....7......150318222600Z0...*.H............./..0Q~.r.}.E....&\...
.F.Z.C..#..F.s........<&\..9G..-....j..N... .C.Fk....;l.....2.K5D..
.......-.>...(...g.0.S.[?...T4q>[email protected].('..e.
..Y..Bo..q..........I....'....i>..y:.eH@h`..\...UA.m#.~.. ;.3..
<<< skipped >>>


GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Fri, 08 Feb 2013 15:35:10 GMT
Date: Wed, 11 Feb 2015 17:39:51 GMT
Expires: Thu, 11 Feb 2016 17:39:51 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 32819
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 405572
Alternate-Protocol: 80:quic,p=0.08
............{{...7...."........o...v..q.[cg'-E..HPBL....RD....[kf0.Pq.
~.sNZ.....f......._..M...wg.?...vG.<8z2.........E...q...:z..GT.._.f
.....t.de.....uT..b.|.o6iv..._E..:.F.x...O..6..*?QUp....2U.4..6I.<.
T.%.E>....R1....4^..tIm...ZE.{5..3..<.....|4.3.D-.r.-o..]......4
[$....:Z...UUP_...........|....z.mF.r...f......Q..?..-3.0..F..^.F....l
.O........\..f.|1..t..NG2U.}tz.jxz.^G.o......./^\.>......#*........
../.../........|zp2{...N.3*....~.\../O'...g...g.;.~.M.Tx..,g.....).y..
w*@...i.^...]........2 ..n;.\.'..'/f....*.4:..oP...f..]Ul..2^.....V...
.....V.P.N....z......o3z.........aC..,.....K.\p...x......WiY%YR.v.*..^
.......<_oVI..a>*.xq....$8>....u%......n ..V?.Q.:..4....o.~.g
..Q...S_..Y.....G)..T.".......<......&...*..Z.t%[email protected].
h...X.*/. .H.....){4U.y...I`..&-.. y.....L.O....Lf..X<..1M.w.xD;;..
...3zgn...'S.....g.~3Jn.9-..... .....3..A..e#.....".-i.S..].9..3..=GE.
.,..R*.gs..j.M..0.._'.u......E.|.....K.Q'FY.H^..'.(.OK.\.-.T...8...Q..
..v||5J..Vq.}{.K2..K..z.R....o_..G..t.L....NF.W.}....."{.NLP|.T_......
..j..,P..q.Q..o..<.x...Q..t=..$nJ.%:S...,..N...*.......d.`....M...)
....T.7....|$...[......E..h.......`b.......iQ.w...-n>.=OIw..*......
..H...r.....h..V.Aj..&t..9M..is.j.t]~../...ik......l.p.....mT.=[E..7v.
...n./$...y=T.X.s...J......j.w.W.|.x..F..*..:....>K...d....f.......
...&...7./.2-..P......j.?X.p.....9u.Ae.0...D.....~f.......&...l6..3...
...i}.(.. m.Je.x...p5.:..d...gWz...G..@.*\.2/*..............>...g..
`...w....f.....\.D...#D...E.%.......G..s`K.*.WI...NI.......LeO...&
<<< skipped >>>


GET /rexposta/2015/02/15/15195944615002.jpg?w=220&h=165&mode=crop HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ns.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "390b580b9f020f9a711b8914561a4814:1424037597"
Last-Modified: Sun, 15 Feb 2015 21:59:57 GMT
Accept-Ranges: bytes
Content-Length: 32733
Content-Type: image/jpeg
Cache-Control: max-age=31493190
Expires: Mon, 15 Feb 2016 22:25:55 GMT
Date: Mon, 16 Feb 2015 10:19:25 GMT
Connection: keep-alive
Expires: Mon, 19 Jan 2099 00:00:00 GMT
Cache-Control: max-age=31556926
......JFIF............................................................
......................................................................
....................h....".........................................V..
......................!..1Aa.."Q.2q...#BR....3br...CS....$5cst......4T
..6u....%D...................................F.......................!
1..AQaq...."2......#[email protected].
[email protected]@[email protected]@[email protected]
[email protected]@[email protected]@.QE.QE..E.P.
[email protected]@[email protected]@[email protected].
.E.P...N..../Q..P.......(..{...(...=...2.......).z.....G..@2.~^..../Q.
.P.......(..{...(...=...2.......).z.....G..@2.~^....'Q..P.......){....
.1.O..{..d.=.....VN....){.....1QY;.......=........G..Jc.=.........=...
.]G._.......=...Q.Q..P......./. ....(.tVN....)2u......).:.....G..@2.~N
....'Q..P.......(..{...(...=...2.......).z.....G..@2.~^..../Q..P......
.(..{...(...=...2.......).z.....G..@2.~^..../Q..P.......(..{...(...=..
.U....(......b#....H...PX.6....w..td.."vY...9#.GSplH....q.. s._....e?.
.~8.lX...|.#....g.........*..t......F./.j)..s6....Y...C^u.g..|....._H.
.%....1`..:.i'v........Z..0.#.j..:..6b.G.H._.w..v.X..8.e...a.Y.[.:{ cd
n..6. .@.|.o...W.W.UA...u..h.J...WW*Q.t.e..|.(c....y(...k.............
..XNQq)Y.ViB.B.s......s.or.#.&.,L,.D...(.....(.[5.Q.....#....F7g\K..f.
Fc..i;....b..v/.Z....>.3..(5.q..d......v......z.....b.....x.Q~..J.@
..$...[.\=..oI.........,.y....F...|.... ......c...6l..-.t.;.......
<<< skipped >>>






The Malware connects to the servers at the folowing location(s):







ProtectWindowsManager.exe_2660:




.text
`.rdata
@.data
.rsrc
@.reloc
j.Yf;
_tcPVj@
.PjRW
SHELL32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
MaxPolicyElementKey
pExecutionResource
SHLWAPI.dll
USERENV.dll
%dYeArdMoNthdDaY
file_url
GET %s%s%s HTTP/1.1
Host: %s
%sUser-Agent: Mozilla/4.0 %s
POST %s HTTP/1.1
%sContent-Type: %s
User-Agent: Mozilla/4.0
Content-Length: %u
%*s %d %*s
%*[ ]%[^
?456789:;<=
!"#$%&'()* ,-./0123
ShellExecuteExW
SHDeleteKeyW
GetWindowsDirectoryA
GetProcessHeap
GetSystemWindowsDirectoryW
KERNEL32.dll
USER32.dll
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyW
ReportEventW
RegOpenKeyW
ADVAPI32.dll
PSAPI.DLL
InternetCrackUrlW
WININET.dll
WS2_32.dll
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpAddRequestHeaders
WINHTTP.dll
SensApi.dll
VERSION.dll
GetCPInfo
.?AVunsupported_os@Concurrency@@
.?AVinvalid_scheduler_policy_key@Concurrency@@
.?AVinvalid_operation@Concurrency@@
.?AVinvalid_oversubscribe_operation@Concurrency@@
.?AUITopologyExecutionResource@Concurrency@@
.?AVExecutionResource@details@Concurrency@@
.?AUIExecutionResource@Concurrency@@
.?AUIExecutionContext@Concurrency@@
zcÁ
.?AVCHttpClient@@
.?AVCTcpipSocket@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
? ?$?(?,?0?4?~?
5#505:5`5
=#='= =/=3=
;!;0;7;^;
<!<%<)<-<1<5<$=0=
9-92989?9
5 5$5(5,505
5 5$5(5,5054585
7$<(<,<0<4<8<<<@<
< <(<4<<<
3 3$3(3,30383<3
combase.dll
kernel32.dll
mscoree.dll
- CRT not initialized
- Attempt to initialize the CRT more than once.
- floating point support not loaded
USER32.DLL
portuguese-brazilian
advapi32.dll
\\.\PhysicalDrive%d
WindowsMangerProtect
SOFTWARE\supWindowsMangerProtect
xa.geoip
visit.heartbeat
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action0=%s&action1=visit&action2=%s&update0=ref,%s&update1=nation,%s&update2=language,%s
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action=%s
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action=visit.heartbeat.%s
hXXp://xa.xingcloud.com/v4/sof-windowspm/%s?action=visit.heartbeat.%s&update3=version,%s
Report Start.
C:\DoStartTEST.DAT
Report Heart beat.
ProtectWindowsManager.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
TypesSupported
%s is already installed
%s installed
%s failed to install. Error %d
%s is not installed
Could not remove %s. Error %d
WindowsProtectManger
Advapi32.dll
/c ping 127.0.0.1 -n 2 > nul && del
"%s" %s
psapi.dll
Explorer.exe
update.exe
%s_%s
\\.\Phys
hXXp://
Software\Microsoft\Windows\CurrentVersion\Internet Settings
http=
..\Src\json\src\json_value.cpp
..\Src\json\src\json_reader.cpp
xxxx
WinHttpClient
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
hXXp://xa.xingcloud.com
..\Src\json\src\json_writer.cpp
Assertion failed: %s, file %s, line %d
WindowsMangerProtect Service
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
WindowsMangerProtect service
SysTool PasSame LIMITED
Windows SysTool Service
20.0.0.1714
Windows SysTool.exe

ProtectService.exe_3268:




.text
`.rdata
@.data
.rsrc
@.reloc
b*sY5%s
$s?A%sk2%s
$sR@%sf?%s
GET %s%s%s HTTP/1.1
Host: %s
%sUser-Agent: Mozilla/4.0
POST %s HTTP/1.1
%sContent-Type: %s
User-Agent: Mozilla/4.0
Content-Length: %u
%*s %d %*s
%*[ ]%[^
?456789:;<=
!"#$%&'()* ,-./0123
file_url
E:\supsoft\SupSearchProtectV4\SearchProtect\Bin\Release\ProtectService.pdb
GetProcessHeap
GetSystemWindowsDirectoryW
KERNEL32.dll
USER32.dll
RegOpenKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
SHELL32.dll
MSVCP110.dll
InternetCrackUrlW
WININET.dll
WS2_32.dll
SHLWAPI.dll
MSVCR110.dll
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_calloc_crt
__crtGetShowWindowMode
_amsg_exit
_wcmdln
__crtSetUnhandledExceptionFilter
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WINHTTP.dll
SensApi.dll
VERSION.dll
PSAPI.DLL
USERENV.dll
.?AVCHttpClient@@
.?AVCTcpipSocket@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
2-2v2
hXXp://
Software\Microsoft\Windows\CurrentVersion\Internet Settings
http=
WinHttpClient
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
hXXp://xa.xingcloud.com
xxxx
%u_%u
%s_%s
%s_X
\\.\PhysicalDrive%d
UpDateProcess.exe
hXXp://VVV.theviilage.com/searchprotect/up?ptid=%s&sid=%s&ln=%s_%s&ver=%s&uid=%s&dp=%s
g{2EFFE99D-743D-44D0-BBF2-F9DDDEA2F92D}
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
Report HeartBeat
cmdshell.exe
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=visit.heartbeat.%s&update0=ref,%s&update1=nation,%s&update2=language,%s&update3=version,%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action0=xa.geoip&action1=visit&action2=install
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=uninstall
explorer.exe
Advapi32.dll
"%s" %s
psapi.dll
Explorer.exe
json_value.cpp
ljson_reader.cpp
ProtectSvc.exe
4.0.1.1716

HPNotify.exe_1112:




.text
`.rdata
@.data
.rsrc
@.reloc
<9%uo
wszUrl
strUrlTemp
hKEY
strSelUrl
strUrl
strConfUrlTemp
strDsUrl
strHpUrl
strCmdLine
tCPW
%UUUU
e_GetBrowserCurrentHpUrl
e_GetBrowserCurrentDsUrl
URLDownloadToFileW
URLDownloadToFileW ret:0XX
Error : %d
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.1.3
monochrome
unsupported bit depth
`'\%D,3
Run-Time Check Failure #%d - %s
%s%s%p%s%ld%s%d%s
%s%s%s%s
RegOpenKeyExW
RegCloseKey
del /s/q %1\*.*
%suninstall.bat
E:\supsoft\SupSearchProtectV4\SearchProtect\bin\Release\HPNotify.pdb
KERNEL32.dll
GetKeyState
USER32.dll
GDI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteA
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHDeleteKeyW
SHLWAPI.dll
MSVCP110.dll
MSVCR110.dll
_calloc_crt
_CRT_RTC_INITW
__crtGetShowWindowMode
_amsg_exit
_wcmdln
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtSetUnhandledExceptionFilter
GdiplusShutdown
gdiplus.dll
IMM32.dll
DeleteUrlCacheEntryW
WININET.dll
COMCTL32.dll
GetProcessHeap
#*1892 $
%,3:;4-&
.?AVCActiveXEnum@DuiLib@@
.?AVCWebBrowserUI@DuiLib@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />
3?3
1-2}2
77t7
9":,:6:@:
12u2
: :$:(:,:0:
4 4$4(4,404
>$?(?,?0?
2 2$2(2,20242
0 1@1\1|1
hXXp://VVV.bing.com/
hXXp://VVV.yahoo.com/
hXXp://VVV.google.com/
%sconf
web/?type=dspp&
web/?type=dspp
hXXp://VVV.v9.com/
Itemd
BrowserAction.dll
%u_%u
%s_%s
%s_X
\\.\PhysicalDrive%d
\\.\Scsi%d:
UrlEdit
conf.xml
hXXp://v9.com/license_agreement.html
hXXp://v9.com/privacy_policy.html
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.show.%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.other.%s
%stmp%d.tmp
urlmon.dll
main.xml
explorer.exe
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
IeWatchDog.dll
BrowerWatchFF.dll
BrowerWatchCH.dll
Global\GUID(6D05BFEC-4307-4649-8963-962A24345DF4)
msimg32.dll
User32.dll
WM_KEYDOWN
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYUP
0xX
keyboard
msftedit.dll
password
%s%s%s
Correct password required
%s\%s
WebBrowser
transshadow
transshadow1
dest='%d,%d,%d,%d'
dest='%d,%d,%d,%d' source='%d,%d,%d,%d'
source='%d,%d,%d,%d' dest='%d,%d,%d,%d'
M-d-d
WebBrowserUI
errorUrl
{D27CDB6E-AE6D-11CF-96B8-444553540000}
user32.dll
MSPDB110.DLL
ADVAPI32.DLL
/c ping 127.0.0.1 -n 2 > nul && del /s/q
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
%Program Files% (x86)\XTab\skin\
SupHPNot.exe
4,0,1,1716
SupHPNty.exe






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    cmdshell.exe:3244
    BaofengUpdate.exe:3540
    BaofengUpdate.exe:3968
    ttv.exe:2108
    ild_omiga-plus.exe:1688
    wpm_v20.0.0.1714_0204.exe:3280
    %original file name%.exe:2868
    XTab_v4.0.exe:3704
    ReversePageSetup.exe:2832
    ProtectWindowsManager.exe:2492
    ProtectWindowsManager.exe:2660
    ProtectService.exe:3268
    ProtectService.exe:676
    powershell.exe:3580
    powershell.exe:676
    powershell.exe:3288
    HPNotify.exe:1112
    STab_Down_6.0.6.8.exe:3412
    CrashReport_v6.2.7601.963.exe:3392
    

    2. 

  2. Delete the original Malware file.
    3. 

  3. Delete or disinfect the following files created/modified by the Malware:
    

    %Program Files% (x86)\XTab\HPNotify.exe (675 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\module\search.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\js.js (660 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\vi\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\style.css (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\quick_start.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\index.html (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\en\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\BFVUpdateM.dll (110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\fr-LU\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\googlelogo.png (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\google_trends.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\pt-BR\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\defaults\preferences\fvd.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\quick_start.xul (1 bytes)
    C:\Users\Public\Desktop\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\settings.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\fr-CH\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\ru\locale.properties (2 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\include\speed_dial.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\fr-CA\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\pl\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\ru-MO\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\simple.css (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\lib\jquery-2.1.0.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\addonmanager.js (531 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\newtab.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\module\hotSearch.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\fr-BE\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\logo.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\module\mostgrid.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\default_logo.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\it-CH\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\tr\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome.manifest (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\defaults\preferences\preferences.js (379 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\fr\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\last_tab.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\include\tools\popup_image_helper.js (693 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (480 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\zh-CN\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\include\tools\about_blank_hook.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\lib\jquery.autocomplete.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\pack\common.js (10 bytes)
    %Program Files% (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml (553 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (1 bytes)
    C:\Users\Public\Desktop\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\es-419\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\install.rdf (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\74C3.tmp (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\restoreprefs.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\include\tools\urlrequestor.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\pack\ga.js (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\74B2.tmp (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\en-US\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\aes.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\zh-TW\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\module\stat.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\properties.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\es\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\loading.gif (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\skin\icon.png (628 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\pack\xagainit.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\locale\it\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\74E3.tmp (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\include\tools\misc.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\misc.js (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\74E4.tmp (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\modules\remoterequest.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1424081940_xpi\chrome\content\js\lib\doT.min.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\wpm_v20.0.0.1714_0204.exe (974 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\WebDataJs (40 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\STab_Down_6.0.6.8.exe (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\RegWrite.exe (86 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\376.db (338 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\CrashReport_v6.2.7601.963.exe (430 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept0.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\TornTVApp[1].exe (50000 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\Torntv Downloader.lnk (982 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\decline.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\complist.txt (493 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\back_dis.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\Torntv Downloader.lnk (974 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept2.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\cdi[1].htm (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\back.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\NSISdl.dll (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\close.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\ild_omiga-plus.exe (24067 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\TornTV.com\uninst.exe (2071 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\load_2.bmp (626 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\trninj.txt (30 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\inetc3.dll (812 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\skip.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\nsProcess.dll (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept3.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\getGFGCountry8 (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\gCD (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\box.bmp (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\1clogo.bmp (4992 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\pingcln[1].htm (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\ReversePageSetup.exe (41313 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\bmidt.txt (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\x.bmp (776 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\gc1 (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\brcdt.txt (432 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\Uninstall.lnk (883 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\nsDialogs.dll (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept1.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF21.tmp (53703 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\TornTV.com\TornTV.exe (52816 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\accept_disabled.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nseCF22.tmp\dAg (161 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\unchecked.png (135 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code1.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\loading_light.png (139 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code2.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code4.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\lpd#4.3.0.xpi (6360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\checkbox.png (545 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\checkbox_select.png (783 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\min.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\1.zip (47039 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\bg.png (5064 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\conf (83 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\376.json (512 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\Thumbs.db (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\checked.png (222 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\scrollbar.bmp (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\close.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\BaofengUpdate.exe (2461 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\Thumbs.db (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\2.zip (24656 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\bk_shadow.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\button1.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\1[1].zip (208299 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\UninstallManager.exe (60186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code6.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\loading_bg.png (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code3.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\code\code5.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\DataBase (26688 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\button.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\2[1].zip (88603 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\images\bg1.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\MessageBox.xml (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\ffsearch_toolbar!1.0.0.1027.xpi (14 bytes)
    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (3560 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Runner4.exe (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ttv.sdb (682 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\StdUtils.dll (38 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ttv.exe (19600 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Runner2.exe (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspCD3E.tmp\nsProcess.dll (12 bytes)
    %Program Files% (x86)\XTab\web\img\googlelogo.png (7 bytes)
    %Program Files% (x86)\XTab\web\js\ie8.js (156 bytes)
    %Program Files% (x86)\XTab\skin\btn.png (2 bytes)
    %Program Files% (x86)\XTab\install.data (68 bytes)
    %Program Files% (x86)\XTab\web\_locales\zh-CN\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\_locales\en-US\messages.json (3 bytes)
    %Program Files% (x86)\XTab\conf (1594 bytes)
    %Program Files% (x86)\XTab\web\img\loading.gif (5 bytes)
    %Program Files% (x86)\XTab\BrowerWatchFF.dll (23 bytes)
    %Program Files% (x86)\XTab\web\_locales\es-419\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\indexIE8.html (1816 bytes)
    %Program Files% (x86)\XTab\web\js\library.js (4216 bytes)
    %Program Files% (x86)\XTab\web\_locales\pt\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\img\arrow.png (259 bytes)
    %Program Files% (x86)\XTab\web\ver.txt (5 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-BE\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\input_bk.png (2 bytes)
    %Program Files% (x86)\XTab\web\_locales\pl\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\_locales\it-IT\messages.json (4 bytes)
    %Program Files% (x86)\XTab\skin\conf_back.png (1623 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-CA\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\img\weather\0.png (1 bytes)
    %Program Files% (x86)\XTab\skin\btn_apply.png (6 bytes)
    %Program Files% (x86)\XTab\skin\conf.xml (8 bytes)
    %Program Files% (x86)\XTab\CmdShell.exe (1681 bytes)
    %Program Files% (x86)\XTab\web\indexIE.html (1 bytes)
    %Program Files% (x86)\XTab\web\_locales\ru-MO\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\js\xagainit-ie8.js (3 bytes)
    %Program Files% (x86)\XTab\skin\about_bk.png (1436 bytes)
    %Program Files% (x86)\XTab\web\_locales\es-ES\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\main.xml (4 bytes)
    %Program Files% (x86)\XTab\web\img\default_add_logo_hover.png (1 bytes)
    %Program Files% (x86)\XTab\BrowserAction.dll (33992 bytes)
    %Program Files% (x86)\XTab\skin\radio_2.png (3 bytes)
    %Program Files% (x86)\XTab\msvcr110.dll (22156 bytes)
    %Program Files% (x86)\XTab\searchProvider.xml (8 bytes)
    %Program Files% (x86)\XTab\web\_locales\it-CH\messages.json (3 bytes)
    %Program Files% (x86)\XTab\ProtectService.exe (5471 bytes)
    %Program Files% (x86)\XTab\web\js\js.js (18 bytes)
    %Program Files% (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi (14 bytes)
    %Program Files% (x86)\XTab\web\img\default_add_logo.png (1 bytes)
    %Program Files% (x86)\XTab\skin\logo.png (5 bytes)
    %Program Files% (x86)\XTab\web\js\xagainit2.0.js (3 bytes)
    %Program Files% (x86)\XTab\web\js\xagainit.js (3 bytes)
    %Program Files% (x86)\XTab\web\img\googlelogo2.png (1526 bytes)
    %Program Files% (x86)\XTab\web\main.css (19 bytes)
    %Program Files% (x86)\XTab\web\_locales\vi-VI\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\_locales\ru\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\img\icon48.png (3 bytes)
    %Program Files% (x86)\XTab\skin\close.png (3 bytes)
    %Program Files% (x86)\XTab\web\data.html (20 bytes)
    %Program Files% (x86)\XTab\web\js\jquery-1.11.0.min.js (4726 bytes)
    %Program Files% (x86)\XTab\web\img\logo32.ico (4 bytes)
    %Program Files% (x86)\XTab\web\img\icon128.png (9 bytes)
    %Program Files% (x86)\XTab\web\js\jquery.autocomplete.js (12 bytes)
    %Program Files% (x86)\XTab\uninstall.exe (1343 bytes)
    %Program Files% (x86)\XTab\skin\about.png (4 bytes)
    %Program Files% (x86)\XTab\BrowerWatchCH.dll (23 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-FR\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\img\icon16.png (628 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-CH\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\settings.png (5 bytes)
    %Program Files% (x86)\XTab\web\img\default_logo.png (5 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-LU\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\js\ga.js (1568 bytes)
    %Program Files% (x86)\XTab\web\js\common.js (2 bytes)
    %Program Files% (x86)\XTab\web\_locales\tr-TR\messages.json (4 bytes)
    %Program Files% (x86)\XTab\SupTab.dll (6812 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfC68A.tmp\System.dll (23 bytes)
    %Program Files% (x86)\XTab\IeWatchDog.dll (20 bytes)
    %Program Files% (x86)\XTab\web\_locales\pt-BR\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\img\google_trends.png (7 bytes)
    %Program Files% (x86)\XTab\web\_locales\zh-TW\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\rigth_arrow.png (2 bytes)
    %Program Files% (x86)\XTab\msvcp110.dll (17526 bytes)
    %Program Files% (x86)\XTab\skin\radio_1.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\WmiInspector.dll (3137 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ilg (303164 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\nsExec.dll (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\nsJSON.dll (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Reverse Page\tlg (41 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Reverse Page\lm (128 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\UserInfo.dll (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Reverse Page\ReversePage.mg.exe (7715 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\NSISEncrypt.dll (3412 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Reverse Page\mj (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\ExecDos.dll (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\IpConfig.dll (4254 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz32A4.tmp\System.dll (23 bytes)
    C:\ProgramData\WindowsMangerProtect\update\conf (5 bytes)
    C:\ProgramData\IHProtectUpDate\update\conf (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8NW3XEZL87PL4N08F018.temp (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IVXIV1O9GE5U4WPR4EMY.temp (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\78249WZGJQ9WG23L79D2.temp (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp808287\tmp\XTab_v4.0.exe (22248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\XTab_4.0.2.1716[1].exe (175964 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\ca-pub-7019091094896260[1].js (108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E5F99F8CA677C9C5793DF9906EE2DCB6_EA678D98129239B94A42ABA094C5C065 (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\13174141385181-t222x111[1].jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\14162546390325-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\plusone[1].js (23183 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\13182151587263-t222x111[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D1F03728133589A90656A87E482B21F (1164 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_E0C5D917E8D475E602CA318326AD4367 (1432 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WNIYYHNK.txt (209 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\teE39sffXW8[1].png (348 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\ads[1].htm (130 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\logo-nzn[1].htm (166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\geral-201309170947[1].js (30100 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\beacon[1].gif (42 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\cb=gapi[3].js (50797 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\tp=GDDP[1].gif (49 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\temp_tage_file_snap.txt (239 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\13174010733176-t222x111[1].jpg (973 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\34396475[1].jpg (1300 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\34396475[1].jpg (1237 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\f[5].txt (27929 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\sd[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\br_nzn_baixaki_redir_970x200_5adsx4[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\samsung-serie-8-un85hu8500g-led-plana-85-polegadas_200x200-PU93f0b_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\smartphone-samsung-galaxy-young-2-sm-g130-desbloqueado_200x200-PU92206_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\ad[1].gif (42 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\59Y0XIZ7.txt (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\colli-dupla-suspensao-18-aro-26_200x200-PU56929_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\samsung-serie-8-un85hu8500g-led-plana-85-polegadas_200x200-PU93f0b_1[2].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\border_3[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\sony-playstation-3-super-slim-250-gb_200x200-PU6d2de_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\batman-arkham-city-game-of-the-year-xbox-360-dvd_200x200-PU60d1c_1[1].jpg (1539 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\EngagementTracker[1].js (15833 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\colli-dupla-suspensao-18-aro-26_200x200-PU56929_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\1081796830-postmessagerelay[1].js (3519 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\api[1].js (6337 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\core_rpc_shindig.random_shindig.sha1[1].js (43685 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\postmessageRelay[1].htm (616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\14113141914084-t222x111[1].jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\13154010751871-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\v12-20140904[1].css (34159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\multilaser-one-p3213_200x200-PU7a9a2_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\49514950C94E8026A2B06312597DFF49_F4692EBD578D04048E176E82BB8369BB (1360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_7E2EB9BE5DF1000A0259A54212823269 (1432 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\15220157894001[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\dc[1].js (25818 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\smartphone-sony-xperia-m2-aqua-d2403-desbloqueado_200x200-PU938d5_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\baixaki-970x200-v3[1].css (25257 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\ads[3].htm (12032 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\batman-arkham-origins-xbox-360-dvd_200x200-PU7cac8_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\s[1].htm (143 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\skullcandy-lowrider_200x200-PU32da5_1[1].jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\lg-42lb5800-led-plana-42-polegadas_200x200-PU8ec48_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\bubbleDropB_3[1].png (117 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\P2VKJK85.txt (581 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0D6ED27B76F0582A8D2120DF24D1E180_6D67D1E0E4036DF8A4093F1E3164563C (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\badge[1].htm (7407 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 (3372 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\adfscript[1].js (117 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9NFM038F.txt (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\uolbig[2].png (3667 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\req[1].js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D (2568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\bubbleSprite_3[1].png (318 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\cb=gapi[1].js (144453 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\dUp7KUSc4BP[1].js (239457 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\lg-42lb5800-led-plana-42-polegadas_200x200-PU8ec48_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\cb=gapi[1].js (33362 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\container[1].htm (381 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\13175143861206-t222x111[1].jpg (276 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\f[1].txt (100080 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\ct[1].js (879 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\www-subscribe-embed-vfl_1m0to[1].css (17350 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\tectoy-p-4200_200x200-PU92573_1[2].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\14181700895757-t100x100[1].jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\bxklogowhite[1].png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\usr[1].js (37 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\10428031_1488501004743557_4035099531574139235_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\req[1].js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\tv-led-47-smart-tv-lg-cinema-3d-3-hdmi-47lb7050-photo29126535-7-25-35[1].jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_536F38716B4262025EAB04ABEE364EBB (2590 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_E0C5D917E8D475E602CA318326AD4367 (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\13174113586180-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\tectoy-p-4200_200x200-PU92573_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\DU1Ia251o0y[1].htm (3181 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\Adform.RMB[1].js (52774 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_536F38716B4262025EAB04ABEE364EBB (926 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406 (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\EHPCOOZN.txt (88 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\b[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7244230F57E689B1486DC70978E234BE_D6A1274B2254D1D71A7CEBC37E718FAD (1416 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2PP3FQC4.txt (71 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot (4286 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\Adform.Bootstrap[1].js (8849 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\2568[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\DRT4YCWO\googleads.g.doubleclick[1].xml (26 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_7DCDC9B86C5DA37FEB2732F7D1A586E5 (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\zrt_lookup[1].htm (1406 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\10941422_1603748019858908_5153882750002538320_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\jquery-1.10.2.min[1].js (62266 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\adfserve[1].js (5041 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\pixel[1].htm (199 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\13164117027081[1].jpg (9680 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\rs=AGLTcCNa6HF5McJpnLoKfF8V_HFNxB-E_Q[1].js (88174 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\uolbig[1].png (4698 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\rta[1].js (163 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\subscribe_embed[1].htm (719 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\ads[2].htm (5002 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\subscribe_embed[1].htm (387 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\rs=AGLTcCN_ffnhJwljR7QYNFadR9tsMfeiSw[2].js (3145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\14155921387307-t222x111[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\skullcandy-lowrider_200x200-PU32da5_1[1].jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\X8O6J1UL.txt (227 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\243876176599B58BACB1BDDE5842175A (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\login_button[1].htm (3307 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\4BOC62A8.txt (593 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_CD73118ADBF2FB54465E799E511D8DF4 (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\cb=gapi[1].js (21982 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7B3D1XDI.txt (367 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\smartphone-samsung-galaxy-young-2-sm-g130-desbloqueado_200x200-PU92206_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\aoc-e2060vwt-led-19-5-polegadas_200x200-PU922c4_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35C21096DDABA77AE4D988E68D76D867_1F44ADB9468521D38A9AE7D9F08FD55B (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\1499539_767960309952502_26315973551761358_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\16006432992429916137[1].jpg (3484 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\13175556396214-t222x111[1].jpg (1578 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\f[1].txt (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\f[1].txt (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FCD2CC3451EF5F3DB8D4B7DD511B2F77_64FBBF7EBC3C3336620E795DDC157490 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6C4UEYVQ.txt (313 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\13174210386182-t222x111[1].jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\13182326342264-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\dantes-inferno-xbox-360-dvd_200x200-PU39013_1[1].jpg (1565 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\f[1].txt (9087 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\13192241950335-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_F1D51C5B2AE8FF7A6BB176A8AD14CC25 (1312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\65KAW4KJ.txt (79 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\icon-reply[1].png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\batman-arkham-origins-xbox-360-dvd_200x200-PU7cac8_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FCD2CC3451EF5F3DB8D4B7DD511B2F77_64FBBF7EBC3C3336620E795DDC157490 (1560 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\f[2].txt (297 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_7DCDC9B86C5DA37FEB2732F7D1A586E5 (1480 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DYKUEN09.txt (91 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D (2808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\cb=gapi[1].js (71 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\boot[1].js (3043 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\13192629930341-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\rs=AGLTcCN_ffnhJwljR7QYNFadR9tsMfeiSw[1].js (147470 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\15195944615002[1].jpg (2108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\samsung-lt24d310-led-24-0-polegadas_200x200-PU92088_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\sony-playstation-3-super-slim-250-gb_200x200-PU6d2de_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\D1HNAB2E.txt (260 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\b1[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\DU1Ia251o0y[2].htm (3421 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\multilaser-p3214_200x200-PU7d9ea_1[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\multilaser-p3214_200x200-PU7d9ea_1[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\10351399_732629260133160_7838800426852444414_n[1].png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\q48e3OS1ir7[1].js (150772 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\photo[1].png (2186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\dc634773cd47817b[1].js (16817 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\logo-rex-white[1].png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\postmessageRelay[1].htm (616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\14133415261218-t222x111[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\loading[1].gif (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\tv-led-47-smart-tv-lg-cinema-3d-3-hdmi-47lb7050-photo29126535-7-25-35[1].jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0IXB13VG.txt (296 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FS46GHPS.txt (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\791981695816463102[1].jpg (7263 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (2870 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\batman-arkham-city-game-of-the-year-xbox-360-dvd_200x200-PU60d1c_1[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 (984 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\10922842_483900255084599_4257958379412702112_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\O2MDXVFX.txt (86 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\yet_another_cleaner_bxk[1].exe (869 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\13174354391195-t222x111[1].jpg (1198 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\rex[1].htm (1035 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BSUZ3IIJ.txt (96 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\52K00BH5.txt (733 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\doodle-rex[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\rex-default[1].png (1160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\kZt1ORfyc-V3C9VmeWM_Laj0UcuN02K-WUcryq-hFWs[1].js (3967 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82414F9D7AB8999991FFEB2BC378A4EB_024E96258E41C9E7E84DEC1F63616DFD (2926 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\58TNLT5V.txt (593 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\ads[1].htm (12266 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\18A0FVK4.txt (86 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\GooglePlusSignIn[1].htm (62 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\ads[1].htm (10890 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35C21096DDABA77AE4D988E68D76D867_1F44ADB9468521D38A9AE7D9F08FD55B (1640 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\13191426569319-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\www-subscribe-embed-card-vfl5g8Fkv[1].css (2127 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\cb=gapi[3].js (5520 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\rs=AGLTcCN_ffnhJwljR7QYNFadR9tsMfeiSw[1].js (26811 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_7E2EB9BE5DF1000A0259A54212823269 (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\uolbig[2].png (4666 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D1F03728133589A90656A87E482B21F (3242 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\kingston-ssdnow-v300-sv300s37a-120-gb-interno_200x200-PU733c4_1[2].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FK0IMU3U.txt (400 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\6909852[1].gif (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (2380 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E5F99F8CA677C9C5793DF9906EE2DCB6_EA678D98129239B94A42ABA094C5C065 (1488 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\www-hitchhiker-vflDkjvEN[1].png (20967 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\14164751962337-t474x237[1].jpg (2888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\H96Y8U7D.txt (226 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\edifier-r2700-128w-rms_200x200-PU77db1_1[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\logo-nzn[1].png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\700241160990608663[1].jpg (4084 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_F663F250E172D75637EE387588AB955D (1488 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\YJHF04D2.txt (91 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\samsung-galaxy-tab-3-lite-7-0-sm-t110-wi-fi-8-gb_200x200-PU8d50b_1[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\49514950C94E8026A2B06312597DFF49_F4692EBD578D04048E176E82BB8369BB (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6YVWRXQA.txt (106 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\dantes-inferno-xbox-360-dvd_200x200-PU39013_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\kingston-ssdnow-v300-sv300s37a-120-gb-interno_200x200-PU733c4_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82414F9D7AB8999991FFEB2BC378A4EB_024E96258E41C9E7E84DEC1F63616DFD (942 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\photo[1].jpg (2391 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\f[2].txt (27063 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\gplus-dd4b38-20[1].png (627 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\10292469_1530369137250615_3206636263686630584_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\x_button_blue2[1].png (145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\cb=gapi[2].js (17102 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\13152816858826[1].jpg (5587 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\samsung-galaxy-tab-3-lite-7-0-sm-t110-wi-fi-8-gb_200x200-PU8d50b_1[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\like_box[1].htm (4932 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\aep-full-11.2.1.min[1].js (28163 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TOL7RIQC.txt (91 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_F1D51C5B2AE8FF7A6BB176A8AD14CC25 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\signin[1].htm (6379 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\LVx-xkvaJ0b[1].png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\000000_new_ico[1].gif (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\border_3[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (942 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\__utm[1].gif (35 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_CD73118ADBF2FB54465E799E511D8DF4 (1432 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BYWF7VTC.txt (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\unload[1].gif (35 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\br_nzn_baixaki_redir_970x200_5adsx4-1.0.5.min[1].js (145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\iqVGY7gYXlg[1].gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0UMS6Y44.txt (362 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\14161108993313-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\bxklogo[1].png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FFGDY4J1.txt (79 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\f[3].txt (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\AGL2Q5BI.txt (396 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0D6ED27B76F0582A8D2120DF24D1E180_6D67D1E0E4036DF8A4093F1E3164563C (1448 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_9E706C5FABDFA9B4009CD1C9BCAA0D86 (2590 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\rs=AGLTcCN7-UH8ZkbWEEO0yrEIHoLl8NTQOg[1].css (90488 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7244230F57E689B1486DC70978E234BE_D6A1274B2254D1D71A7CEBC37E718FAD (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\887FDFEF9DC62EF73EB288690D5944B1_69D8D47AB1AD575C0CF624C7D137AD1B (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\1GAFGNCT.txt (871 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\uolbig[1].png (4286 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\55HK7XUM.txt (125 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\dwnld109843[1].htm (3242 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\2OV5E1OA\www.facebook[1].xml (26 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\activeview[1].gif (42 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\f[4].txt (12967 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\13174246578188-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\pubads_impl_56[1].js (65761 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\13170147267117[1].jpg (7632 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\4[1].json (299 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\243876176599B58BACB1BDDE5842175A (412 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\f[3].txt (86443 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\13182738923272-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3H89MO3\multilaser-one-p3213_200x200-PU7a9a2_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_F663F250E172D75637EE387588AB955D (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\css[1].css (186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0NVSE8XA.txt (278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\client_plusone[1].js (27185 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\spacer[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\google-logo[1].png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\_sprites20130903[1].png (3920 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\www-subscribe-embed[1].js (27348 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\yet_another_cleaner_bxk[2].exe (996260 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7BZV8TY5.txt (87 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\samsung-lt24d310-led-24-0-polegadas_200x200-PU92088_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\smartphone-sony-xperia-m2-aqua-d2403-desbloqueado_200x200-PU938d5_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\f[2].txt (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\css[2].css (186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WVIN7FN4.txt (108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\www-subscribe-embed-card[1].js (6649 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\887FDFEF9DC62EF73EB288690D5944B1_69D8D47AB1AD575C0CF624C7D137AD1B (1952 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\jquery.min[1].js (51506 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\edifier-r2700-128w-rms_200x200-PU77db1_1[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\tm13767[1].js (6072 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWB2JFZB\f[2].txt (26633 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\aoc-e2060vwt-led-19-5-polegadas_200x200-PU922c4_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJVEP9S8\all[1].js (89904 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\cb=gapi[2].js (83733 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VNJNF0DD.txt (296 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_9E706C5FABDFA9B4009CD1C9BCAA0D86 (926 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NDDF6QZ\bubbleDropR_3[1].png (116 bytes)
    

    4. 

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now