SearchProtectToolbar_pcap_dcb8da917b

by malwarelabrobot on February 3rd, 2015 in Malware Descriptions.

SearchProtectToolbar_pcap.YR, mzpefinder_pcap_file.YR, SearchProtectToolbar.YR (Lavasoft MAS)
Behaviour: Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: dcb8da917b4f7d577951d997dede1f78
SHA1: 7b047bd027cec1580131ba5fb040c2dea40024c6
SHA256: 9855a84951fbfe3a31e48ff5632078a8a7eaa39904372491228cead98c02c827
SSDeep: 12288:Q6 kTUo5hzv/nYdz3oyvTCVZrY4VT7evPeBvioyuVX1z5O704is:OkIuhjvszArY4VT7evPeB3zVFLZs
Size: 620888 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-01-29 18:53:47
Analyzed on: Windows7Ada SP1 64-bit


Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Malware creates the following process(es):

GoogleUpdate.exe:1756
GoogleUpdate.exe:148
GoogleUpdate.exe:796
pcspeedup.exe:1492
install.exe:3148
PCSUService.exe:2516
PCSUService.exe:2980
PCSUService.exe:3384
nsq61E2.tmp:1884
BaofengUpdate.exe:2144
BaofengUpdate.exe:2408
PCSUSD.exe:3224
XTab_v4.0.exe:1416
ProtectService.exe:2128
ProtectService.exe:3604
40.0.2214.94_chrome_installer.exe:3992
pcspeedup.tmp:2320
VOPackage.exe:888
cvs_webssearches.exe:2360
setup.exe:1872
HPNotify.exe:2968
coregen.exe:2712
coregen.exe:2616
coregen.exe:3584
coregen.exe:4048
coregen.exe:1480
coregen.exe:3728
coregen.exe:3700
coregen.exe:1664
coregen.exe:348
coregen.exe:2516
cmdshell.exe:2016
opera.exe:3464
STab_Down_6.0.6.6.exe:688
Skyhook.exe:2660
regsvr32.exe:604
regsvr32.exe:2152
nsq61E1.tmp:1580
Silverlight.exe:1524
installer.exe:2828
MsiExec.exe:3064
PCSUSpeedTest.exe:1844
CrashReport_v6.2.7601.963.exe:2368
taskeng.exe:2044
MSI91D.tmp:3216
PCSUNotifier.exe:1280

The Malware injects its code into the following process(es):

%original file name%.exe:3524

Mutexes

The following mutexes were created/opened:

DlgCpp
ZonesCacheCounterMutex
ZonesLockedCacheCounterMutex
!IECompat!Mutex
_!SHMSFTHISTORY!_
MidiMapper_modLongMessage_RefCnt

File activity

The process GoogleUpdate.exe:796 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.94\40.0.2214.94_chrome_installer.exe (312970 bytes)
%Program Files% (x86)\Google\Update\Install\{23252D3F-79B7-49C3-B5DC-E661D2F46FFD}\40.0.2214.94_chrome_installer.exe (331841 bytes)

The process pcspeedup.exe:1492 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-HG8AO.tmp\pcspeedup.tmp (50 bytes)

The process install.exe:3148 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\8512126cc7c623e1b0299c23645c\install.res.dll (356 bytes)
C:\8512126cc7c623e1b0299c23645c\Silverlight.msp (2721 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Silverlight0.log (6424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SilverlightMSI.log (89073 bytes)

The process PCSUService.exe:2516 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\PC Speed Up\PCSUService.log (520 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db-journal (27960 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db (7797 bytes)

The process PCSUService.exe:2980 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db-journal (13980 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService.log (1864 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService-Timer.log (99 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db (3898 bytes)

The process PCSUService.exe:3384 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\PC Speed Up\PCSUService.log (4971 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db-journal (20970 bytes)
%Program Files% (x86)\PC Speed Up\PCSUSpeedTest.exe (12 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db (5847 bytes)

The process nsq61E2.tmp:1884 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DT06R4CE.txt (106 bytes)

The process BaofengUpdate.exe:2144 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\es-419\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\quick_start.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\include\tools\misc.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code6.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\tr\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\module\mostgrid.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\module\search.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\restoreprefs.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\include\tools\popup_image_helper.js (693 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\quick_start.xul (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\lib\jquery-2.1.0.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\defaults\preferences\preferences.js (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code2.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\scrollbar.bmp (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\google_trends.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\install.rdf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\module\stat.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\loading_light.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\last_tab.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\UninstallManager.exe (13122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\defaults\preferences\fvd.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\logo.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\it-CH\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\ru-MO\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\en-US\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\BFVUpdateM.dll (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\fr\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\js.js (660 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\fr-CH\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\icon.png (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\pack\common.js (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\D52A.tmp (110 bytes)
C:\Users\Public\Desktop\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\Thumbs.db (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\fr-BE\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\misc.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\D50A.tmp (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\vi\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Web Data (1518 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\en\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\it\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\zh-CN\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\settings.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\pl\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\fr-LU\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\uninstallDlg2.xml (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\include\tools\urlrequestor.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (480 bytes)
%Program Files% (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml (567 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\zh-TW\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\bg.png (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\remoterequest.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome.manifest (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal (6322 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\googlelogo.png (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\aes.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\include\speed_dial.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\addonmanager.js (531 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\fr-CA\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\style.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code5.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\es\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\lib\jquery.autocomplete.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\properties.js (1 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\lib\doT.min.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\module\hotSearch.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\loading.gif (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\pt-BR\locale.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\newtab.ico (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\simple.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\pack\xagainit.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\ru\locale.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\Thumbs.db (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\pack\ga.js (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\index.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\default_logo.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\460.json (520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code4.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\include\tools\about_blank_hook.js (2 bytes)

The process BaofengUpdate.exe:2408 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\STab_Down_6.0.6.6.exe (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\CrashReport_v6.2.7601.963.exe (430 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\460.db (298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\wpm_v20.0.0.1714.exe (930 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\WebDataJs (45 bytes)

The process PCSUSD.exe:3224 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Windows\Tasks\PC SpeedUp Service Deactivator.job (336 bytes)
%Program Files% (x86)\PC Speed Up\Sqlite3.dll (585 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db-journal (6990 bytes)
%Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db (8195 bytes)

The process XTab_v4.0.exe:1416 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspFE8.tmp\System.dll (23 bytes)
%Program Files% (x86)\XTab\web\img\googlelogo.png (7 bytes)
%Program Files% (x86)\XTab\web\js\jquery-1.11.0.min.js (4726 bytes)
%Program Files% (x86)\XTab\skin\btn.png (2 bytes)
%Program Files% (x86)\XTab\install.data (68 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-CN\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\en-US\messages.json (3 bytes)
%Program Files% (x86)\XTab\HPNotify.exe (18027 bytes)
%Program Files% (x86)\XTab\conf (1614 bytes)
%Program Files% (x86)\XTab\web\img\loading.gif (5 bytes)
%Program Files% (x86)\XTab\BrowerWatchFF.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\es-419\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\indexIE8.html (1816 bytes)
%Program Files% (x86)\XTab\web\js\library.js (4216 bytes)
%Program Files% (x86)\XTab\web\_locales\pt\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\img\arrow.png (259 bytes)
%Program Files% (x86)\XTab\web\ver.txt (5 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-BE\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\input_bk.png (2 bytes)
%Program Files% (x86)\XTab\web\_locales\pl\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\_locales\it-IT\messages.json (4 bytes)
%Program Files% (x86)\XTab\skin\conf_back.png (1623 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CA\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\img\weather\0.png (1 bytes)
%Program Files% (x86)\XTab\skin\btn_apply.png (6 bytes)
%Program Files% (x86)\XTab\skin\conf.xml (8 bytes)
%Program Files% (x86)\XTab\CmdShell.exe (1681 bytes)
%Program Files% (x86)\XTab\web\indexIE.html (1 bytes)
%Program Files% (x86)\XTab\web\_locales\ru-MO\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\js\xagainit-ie8.js (3 bytes)
%Program Files% (x86)\XTab\skin\about_bk.png (1436 bytes)
%Program Files% (x86)\XTab\web\_locales\es-ES\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\main.xml (4 bytes)
%Program Files% (x86)\XTab\web\img\default_add_logo_hover.png (1 bytes)
%Program Files% (x86)\XTab\BrowserAction.dll (33992 bytes)
%Program Files% (x86)\XTab\skin\radio_2.png (3 bytes)
%Program Files% (x86)\XTab\msvcr110.dll (22156 bytes)
%Program Files% (x86)\XTab\searchProvider.xml (8 bytes)
%Program Files% (x86)\XTab\web\_locales\it-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\ProtectService.exe (5312 bytes)
%Program Files% (x86)\XTab\web\js\js.js (18 bytes)
%Program Files% (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi (14 bytes)
%Program Files% (x86)\XTab\web\img\default_add_logo.png (1 bytes)
%Program Files% (x86)\XTab\skin\logo.png (5 bytes)
%Program Files% (x86)\XTab\web\js\xagainit2.0.js (3 bytes)
%Program Files% (x86)\XTab\web\js\xagainit.js (3 bytes)
%Program Files% (x86)\XTab\web\img\googlelogo2.png (1526 bytes)
%Program Files% (x86)\XTab\web\main.css (19 bytes)
%Program Files% (x86)\XTab\web\_locales\vi-VI\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\_locales\ru\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\img\icon48.png (3 bytes)
%Program Files% (x86)\XTab\skin\close.png (3 bytes)
%Program Files% (x86)\XTab\web\data.html (20 bytes)
%Program Files% (x86)\XTab\web\img\logo32.ico (4 bytes)
%Program Files% (x86)\XTab\web\img\icon128.png (9 bytes)
%Program Files% (x86)\XTab\web\js\jquery.autocomplete.js (12 bytes)
%Program Files% (x86)\XTab\uninstall.exe (1343 bytes)
%Program Files% (x86)\XTab\skin\about.png (4 bytes)
%Program Files% (x86)\XTab\BrowerWatchCH.dll (23 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-FR\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\img\icon16.png (628 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-CH\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\settings.png (5 bytes)
%Program Files% (x86)\XTab\web\img\default_logo.png (5 bytes)
%Program Files% (x86)\XTab\web\_locales\fr-LU\messages.json (3 bytes)
%Program Files% (x86)\XTab\web\js\ga.js (1568 bytes)
%Program Files% (x86)\XTab\web\js\common.js (2 bytes)
%Program Files% (x86)\XTab\web\_locales\tr-TR\messages.json (4 bytes)
%Program Files% (x86)\XTab\SupTab.dll (6812 bytes)
%Program Files% (x86)\XTab\web\js\ie8.js (156 bytes)
%Program Files% (x86)\XTab\IeWatchDog.dll (20 bytes)
%Program Files% (x86)\XTab\web\_locales\pt-BR\messages.json (4 bytes)
%Program Files% (x86)\XTab\web\img\google_trends.png (7 bytes)
%Program Files% (x86)\XTab\web\_locales\zh-TW\messages.json (3 bytes)
%Program Files% (x86)\XTab\skin\rigth_arrow.png (2 bytes)
%Program Files% (x86)\XTab\msvcp110.dll (17526 bytes)
%Program Files% (x86)\XTab\skin\radio_1.png (3 bytes)

The process 40.0.2214.94_chrome_installer.exe:3992 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Windows\Temp\CR_2B960.tmp\setup.exe (17361 bytes)
C:\Windows\Temp\CR_2B960.tmp\CHROME.PACKED.7Z (44833 bytes)
C:\Windows\Temp\CR_2B960.tmp\SETUP.EX_ (375 bytes)

The process pcspeedup.tmp:2320 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\PC Speed Up\unins000.exe (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\delete_me_reportInstall.txt (2 bytes)
%Program Files% (x86)\PC Speed Up\is-9JMA2.tmp (601 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up\PC Speed Up.lnk (1 bytes)
%Program Files% (x86)\PC Speed Up\is-3OAP5.tmp (48 bytes)
%Program Files% (x86)\PC Speed Up\is-BLNV6.tmp (21 bytes)
%Program Files% (x86)\PC Speed Up\is-56GOF.tmp (34 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\Sqlite3.dll (3361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp (4 bytes)
%Program Files% (x86)\PC Speed Up\is-RDIKE.tmp (4545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\itdownload.dll (1489 bytes)
%Program Files% (x86)\PC Speed Up\is-BKFT4.tmp (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-FJAGD.tmp (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-C7VFJ.tmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\_isetup\_shfoldr.dll (47 bytes)
%Program Files% (x86)\PC Speed Up\is-9GGR5.tmp (31891 bytes)
%Program Files% (x86)\PC Speed Up\is-D9O99.tmp (12 bytes)
%Program Files% (x86)\PC Speed Up\PCSULauncher.exe (81 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up\Uninstall PC Speed Up.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\_isetup\_setup64.tmp (6 bytes)
%Program Files% (x86)\PC Speed Up\is-OGSG9.tmp (265 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\WebBrowser.dll (2763 bytes)
%Program Files% (x86)\PC Speed Up\is-RNB5C.tmp (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-MNS9G.tmp (601 bytes)
%Program Files% (x86)\PC Speed Up\is-F4T10.tmp (2321 bytes)
%Program Files% (x86)\PC Speed Up\is-9AA0G.tmp (7726 bytes)
%Program Files% (x86)\PC Speed Up\is-5C99K.tmp (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-94RHR.tmp (1 bytes)
%Program Files% (x86)\PC Speed Up\is-E3KGE.tmp (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\Silverlight.exe (1526871 bytes)
%Program Files% (x86)\PC Speed Up\unins000.msg (864 bytes)
C:\Users\"%CurrentUserName%"\Desktop\PC Speed Up.lnk (1 bytes)
%Program Files% (x86)\PC Speed Up\App.config (2634 bytes)
%Program Files% (x86)\PC Speed Up\is-0M58F.tmp (844 bytes)
%Program Files% (x86)\PC Speed Up\is-CTOSQ.tmp (2321 bytes)
%Program Files% (x86)\PC Speed Up\is-42TCG.tmp (1425 bytes)
%Program Files% (x86)\PC Speed Up\is-R3UPI.tmp (2105 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService.conf (605 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\PopupNotification.dll (2321 bytes)
%Program Files% (x86)\PC Speed Up\is-QVEKN.tmp (1425 bytes)
%Program Files% (x86)\PC Speed Up\is-1NB70.tmp (601 bytes)
%Program Files% (x86)\PC Speed Up\unins000.dat (50292 bytes)
%Program Files% (x86)\PC Speed Up\is-7BGE0.tmp (601 bytes)
%Program Files% (x86)\PC Speed Up\is-MCBK5.tmp (6841 bytes)
%Program Files% (x86)\PC Speed Up\is-83R98.tmp (3361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-JD68F.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\PCSUNotifier.exe (2449 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup Log 2015-02-02 #001.txt (536723 bytes)
%Program Files% (x86)\PC Speed Up\PCSUSD.exe (405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-PCOHD.tmp (4 bytes)
%Program Files% (x86)\PC Speed Up\PCSUService.exe (438 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-2CA6P.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-4N5PI.tmp (53362 bytes)
%Program Files% (x86)\PC Speed Up\uninstaller.dat (673 bytes)

The process VOPackage.exe:888 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgD3F1.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nslAF27.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqEA68.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqA92B.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsaEDB4.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqC7AA.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgCA79.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsf5EE3.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nslB060.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq5E85.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqCE13.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgD79A.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq61E2.tmp (7288 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfF093.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsaF333.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq5E85.tmp\IpConfig.dll (3440 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsvDC7E.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsvA6D9.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfE5E4.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsvDEA1.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqCCDA.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq5E85.tmp\WmiInspector.dll (2840 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsaAB8C.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgCF5C.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq5E85.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgADCF.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\heu39T.nss (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsvD279.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\stats[1].htm (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\VOPackage.exe (2436 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsaE354.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgD0E3.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\Uninstall.exe (3453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfE1EC.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqB16A.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsvEF1C.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\count_vn[1].htm (2888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqEBEF.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq61E1.tmp (3656 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsbC662.tmp (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\count_vc[1].htm (5984 bytes)

The process cvs_webssearches.exe:2360 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\STab_Down_6.0.6.6.exe (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\lpd#4.3.0.xpi (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\460.db (312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code1.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\bg1.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\2.zip (25406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\2[1].zip (69113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\Thumbs.db (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code2.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\close.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code4.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\conf (83 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\DataBase (26688 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\min.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\button.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\uninstallDlg2.xml (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\bg.png (5064 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\BFVUpdateM.dll (3616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\loading_light.png (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\BaofengUpdate.exe (2461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\checkbox_select.png (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\1.zip (42934 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\loading_bg.png (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\ffsearch_toolbar!1.0.0.1025.xpi (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\unchecked.png (135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\UninstallManager.exe (59286 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\Thumbs.db (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\scrollbar.bmp (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\checkbox.png (545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\button1.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\wpm_v20.0.0.1714.exe (16288 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\CrashReport_v6.2.7601.963.exe (15168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code5.jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\checked.png (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code3.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code6.jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\1[1].zip (174531 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\bk_shadow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\MessageBox.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\460.json (520 bytes)

The process setup.exe:1872 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ko.pak (580 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\PepperFlash\manifest.json (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\nb.pak (521 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\libegl.dll (423 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\drive.crx (53 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\resources.pak (64 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\search.crx (54 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ta.pak (1375 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\VisualElements\smalllogo.png (21 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\libglesv2.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\pdf.dll (58 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\kn.pak (1309 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\default_apps (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ms.pak (432 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\fa.pak (817 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\zh-CN.pak (465 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\lv.pak (577 bytes)
%Program Files% (x86)\Google\Chrome\Temp (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\docs.crx (12 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114 (8 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ar.pak (766 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\ffmpegsumo.dll (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\en-GB.pak (479 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\icudtl.dat (59 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\widevinecdmadapter.dll (285 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\de.pak (496 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\chrome.exe (1686 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\VisualElements (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\et.pak (504 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\fr.pak (611 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\el.pak (1040 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\nl.pak (555 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\nacl64.exe (50 bytes)
%Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\Locales (8 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\es-419.pak (572 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\chrome_elf.dll (268 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\external_extensions.json (5 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\en-US.pak (479 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\hi.pak (1175 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\sw.pak (481 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\sk.pak (596 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\da.pak (521 bytes)
%Program Files% (x86)\Google\Chrome\Application\chrome.exe (17554 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\chrome_100_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\nacl_irt_x86_32.nexe (51 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\delegate_execute.exe (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\pt-PT.pak (568 bytes)
C:\Windows\Temp\chrome_installer.log (7903 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\fil.pak (585 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\sl.pak (530 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\xinput1_3.dll (162 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\uk.pak (897 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\40.0.2214.94.manifest (226 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\sr.pak (868 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\VisualElementsManifest.xml (400 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin (4 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\VisualElements\splash-620x300.png (22 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\gu.pak (1137 bytes)
%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\setup.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\libexif.dll (621 bytes)
%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe (22234 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ml.pak (1503 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\id.pak (520 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\chrome_200_percent.pak (50 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ro.pak (585 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\bg.pak (949 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\chrome.7z (270363 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\mr.pak (1159 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\he.pak (660 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Extensions\external_extensions.json (103 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\youtube.crx (47 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\hr.pak (538 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\secondarytile.png (641 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\d3dcompiler_46.dll (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\pt-BR.pak (555 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\th.pak (1153 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\PepperFlash\pepflashplayer.dll (63 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\gmail.crx (48 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\chrome_child.dll (32722 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\lt.pak (564 bytes)
C:\Users\Public\Desktop\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\vi.pak (653 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (6 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\libpeerconnection.dll (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\hu.pak (604 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\es.pak (586 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\bn.pak (1211 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ja.pak (693 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\metro_driver.dll (1013 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\cs.pak (572 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\nacl_irt_x86_64.nexe (52 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\wow_helper.exe (146 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ru.pak (892 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\am.pak (792 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\it.pak (561 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\fi.pak (540 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\te.pak (1276 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\zh-TW.pak (471 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\tr.pak (570 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\sv.pak (529 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ca.pak (577 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\VisualElements\logo.png (7 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\pl.pak (569 bytes)
%Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\chrome.dll (30950 bytes)

The process HPNotify.exe:2968 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\XTab\conf (1510 bytes)

The process coregen.exe:2712 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.Web.ni.dll (460 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.Browser.ni.dll (44168 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.Browser.dll (143 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.ni.dll (488 bytes)

The process coregen.exe:2616 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\mscorlib.ni.dll (608905 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\mscorlib.dll (49 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\mscorrc.dll (4 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\coreclr.dll (291 bytes)

The process coregen.exe:3584 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Net.ni.dll (71763 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Net.dll (225 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Core.ni.dll (376 bytes)

The process coregen.exe:4048 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Xml.ni.dll (95615 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Xml.dll (319 bytes)

The process coregen.exe:1480 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.ni.dll (130634 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.dll (520 bytes)

The process coregen.exe:3728 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.Web.dll (73 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.Web.ni.dll (16223 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.ni.dll (514 bytes)

The process coregen.exe:3700 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.dll (413 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.ni.dll (104552 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Xml.ni.dll (1124 bytes)

The process coregen.exe:1664 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\mscorlib.ni.dll (1403 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ni.dll (73547 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\system.dll (233 bytes)

The process coregen.exe:348 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Net.ni.dll (1092 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.ni.dll (389955 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.dll (49 bytes)

The process coregen.exe:2516 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Core.dll (536 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ni.dll (996 bytes)
%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Core.ni.dll (228426 bytes)

The process cmdshell.exe:2016 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Windows\SysWOW64\916552.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\rebirth[1].htm (1 bytes)

The process opera.exe:3464 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\zh-CN.pak (95 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\pl.pak (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_200_percent.pak (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\hr.pak (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\zh-TW.pak (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\nn.pak (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\af.pak (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\zu.pak (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\pa.pak (208 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\lt.pak (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ta.pak (1109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\uz.pak (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (34 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\me.pak (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\be.pak (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\th.pak (215 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ro.pak (117 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ja.pak (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\bn.pak (233 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\kk.pak (161 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\es.pak (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\launcher_lib.dll (10788 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\mk.pak (169 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\tl.pak (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\te.pak (236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\tr.pak (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\lv.pak (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\dictionaries.xml (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\installer.exe (26622 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\sv.pak (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera.dll (1410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\osmesa.dll (24179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\nl.pak (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\wow_helper.exe (1250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\license.txt (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\el.pak (189 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\sr.pak (162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\nb.pak (105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\de.pak (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ko.pak (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\msvcr100.dll (6366 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\fr-CA.pak (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\hi.pak (218 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\win8_importing.dll (653 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\da.pak (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\hu.pak (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ru.pak (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_crashreporter.exe (10795 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\files_list (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\it.pak (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\sk.pak (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\sw.pak (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\gd.pak (124 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_100_percent.pak (1932 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ca.pak (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\msvcp100.dll (3298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera.pak (1639 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\libEGL.dll (2145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\fr.pak (117 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\en-US.pak (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\cs.pak (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\pt-PT.pak (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_150_percent.pak (743 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\es-419.pak (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_autoupdate.version (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\fi.pak (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera.exe (389939 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\icudtl.dat (1781 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\id.pak (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\ffmpegsumo.dll (10007 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\fy.pak (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\launcher.exe (4969 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\en-GB.pak (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\az.pak (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_autoupdate.exe (32207 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\uk.pak (179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_125_percent.pak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ms.pak (1274 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\default_partner_content.json (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_autoupdate.licenses (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\vi.pak (127 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ar.pak (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\d3dcompiler_46.dll (27481 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\pt-BR.pak (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\libGLESv2.dll (7389 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\bg.pak (165 bytes)

The process STab_Down_6.0.6.6.exe:688 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\XTab_4.0.2.1716[1].exe (182185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\XTab_v4.0.exe (31741 bytes)

The process Skyhook.exe:2660 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\PC Speed Up\wpsapi.dll (49 bytes)

The process %original file name%.exe:3524 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG2432.tmp (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\cfg.txt (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\speedchecker-pcspeedup-1.0-default\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\index.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\speedchecker-pcspeedup-1.0-default\index.html (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\last[1].zip (4324 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\index.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\151.gif (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\progress-bar.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\elex-websearches-1.0-default\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-bg.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\opera[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\img\progress-bar.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\icon.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\clickmein-ltd-vuupc-winsoftware-1.0-default\uifile.zip (6532 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\base[1].zip (3460 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\VOPackage[1].exe (39044 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\index.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\winsoftware\opera.exe (3620574 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\progress.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-bg.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\progress[1].zip (10164 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\index.html (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-lb.png (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\progress.zip (11948 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\noconnection.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\cvs_webssearches[1].exe (35380 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\elex-websearches-1.0-default\uifile.zip (5572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\pcspeedup[1].exe (770903 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\img\progress.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\yuupc-single-text-en-us[1].zip (5284 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\clickmein-ltd-vuupc-winsoftware-1.0-default\VOPackage.exe (42663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\last.zip (5572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\progress.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\clickmein-ltd-vuupc-winsoftware-1.0-default\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\loadingImage\loadingImage.bmp (55014 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\websearches-single-text-en-us[1].zip (4324 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\css\style.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\elex-websearches-1.0-default\index.html (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\css\style.css (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-b.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\speedchecker-pcspeedup-1.0-default\uifile.zip (6532 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\winsoftware-flow-5-text-en-us[1].zip (5492 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\clickmein-ltd-vuupc-winsoftware-1.0-default\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\elex-websearches-1.0-default\cvs_webssearches.exe (38756 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\clickmein-ltd-vuupc-winsoftware-1.0-default\index.html (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-rb.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\css\style.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\speedchecker-pcspeedup-1.0-default\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-rb.png (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\uifile.zip (6740 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\e0ed048e90a6cd1636f19b7a343cf5600.5259303163664001 (388 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\elex-websearches-1.0-default\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\speedchecker-pcspeedup-1.0-default\pcspeedup.exe (821539 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\elex-websearches-1.0-default\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\base.zip (4708 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\speedchecker-pcspeedup-1.0-default\img\img1.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-lb.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\pcspeedup-single-text-en-us[1].zip (5284 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\css\style.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\clickmein-ltd-vuupc-winsoftware-1.0-default\js\jquery-1.10.2.min.js (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\Opera_23.0.1522.75_Setup[1].exe (3406683 bytes)

The process regsvr32.exe:604 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\PC Speed Up\PCSUHelper.dll (286 bytes)

The process nsq61E1.tmp:1580 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\0[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfDCB8.tmp (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfDCB9.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0E2IZ44B.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgB2DD.tmp (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\0[1].gif (43 bytes)

The process Silverlight.exe:1524 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\8512126cc7c623e1b0299c23645c\install.res.dll (5848 bytes)
C:\8512126cc7c623e1b0299c23645c\silverlight.7z (92550 bytes)
C:\8512126cc7c623e1b0299c23645c\silverlight.msi (973 bytes)
C:\8512126cc7c623e1b0299c23645c (4 bytes)
C:\8512126cc7c623e1b0299c23645c\install.exe (3165 bytes)
C:\8512126cc7c623e1b0299c23645c\$shtdwn$.req (788 bytes)

The process installer.exe:2828 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\opera_installer_20150202153252.log (50587 bytes)

The process MsiExec.exe:3064 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\SLMSPRBootstrap.dll (430 bytes)
%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll (20 bytes)

The process PCSUSpeedTest.exe:1844 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Windows\System32\config\SOFTWARE (138140 bytes)
%Program Files% (x86)\PC Speed Up\Skyhook.exe (184 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F (471 bytes)
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new (848 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_54B2C1101DB5E1123A4C3B7F395E6A7A (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F (1544 bytes)
%Program Files% (x86)\PC Speed Up\Speedchecker.log (77623 bytes)
C:\Windows (576 bytes)
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new (848 bytes)
C:\Windows\System32\config (3744 bytes)
C:\$Directory (3840 bytes)
C:\Windows\System32\config\SOFTWARE.LOG1 (171366 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_54B2C1101DB5E1123A4C3B7F395E6A7A (471 bytes)
%Program Files% (x86)\PC Speed Up\SpeedChecker.dll (90 bytes)

The process CrashReport_v6.2.7601.963.exe:2368 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\02112705985226-t222x111[1].jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\31161003767245-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\cb=gapi[3].js (47729 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\lg-32lb580b-led-plana-32-polegadas_200x200-PU8f8d9_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\jquery-1.10.2.min[1].js (62266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\lego-the-hobbit-playstation-3-blu-ray_200x200-PU7ab0e_1[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\GooglePlusSignIn[1].htm (62 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D1F03728133589A90656A87E482B21F (1160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\8K4G8DVP.txt (317 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\s[1].htm (143 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\ad_choices_i[1].png (365 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\ads[1].htm (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\gplus-dd4b38-20[1].png (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\badge[1].htm (7124 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\sony-playstation-3-super-slim-500-gb_200x200-PU72efd_1[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\lg-22mp55hq-led-21-5-polegadas_200x200-PU92528_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\02112042690211-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\subscribe_embed[1].htm (1973 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\f[3].txt (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\temp_tage_file_snap.txt (239 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\dwnld109843[1].htm (3619 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\doodle-rex[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\renovautil-chopp-10-latas_200x200-PU64f6d_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\rs=AGLTcCP_ebDLYb4SwR55tZuEKc4iwejfmg[1].js (87321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2ET7IW0O.txt (238 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\f[1].txt (26389 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\ad_choices_en[1].png (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\subscribe_embed[1].htm (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\31151459476187-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\v12-20140904[1].css (34159 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_C1CC7B8D01491F9AD3D20EAE05D4E6F4 (1448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\core_rpc_shindig.random_shindig.sha1[1].js (43685 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\210120155725873-t194x97[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\loading[1].gif (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\31103035138032-t222x111[1].jpg (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\46RF3I26.txt (875 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\teE39sffXW8[1].png (348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\lg-55la9650-led-plana-55-polegadas_200x200-PU8a7d0_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\f[2].txt (77412 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\req[1].js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\000000_new_ico[1].gif (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\91YXEPTR.txt (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\f[1].txt (9089 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\usr[1].js (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\__utm[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\google-logo[1].png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\seagate-expansion-stbx1000100-1024-gb-externo_200x200-PU6e6ee_1[1].jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\yet_another_cleaner_bxk[1].exe (869 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\photo[1].png (2186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\10314694_546860472124387_1498031706939073205_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\container[1].htm (381 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\P5BS5OTM.txt (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\icon-reply[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\8007231901646850404[1].gif (1160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\ca-pub-7019091094896260[1].js (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\Vmz08BPx_fY[1].js (206494 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\02095317012015-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D (2700 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\lg-22mp55hq-led-21-5-polegadas_200x200-PU92528_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\31114811600076-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\cb=gapi[2].js (32868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\LVx-xkvaJ0b[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82414F9D7AB8999991FFEB2BC378A4EB_010D63BD4C538A33A000779ECDAA5F8F (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\10351399_732629260133160_7838800426852444414_n[1].png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\lg-32lb580b-led-plana-32-polegadas_200x200-PU8f8d9_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\aep-full-10.7.2.min[1].js (24773 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\081120130629104-t194x97[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\b1[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\31153129756217-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\31095233060003-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\tm13767[1].js (6072 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\02111132989193-t222x111[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\like_box[1].htm (3724 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_A363FA4664764D069037AD000B6F9001 (1432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\apple-ipad-mini-4g-16-gb_200x200-PU6dd55_1[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\f[3].txt (27929 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A3V5CDSJ.txt (308 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\newlink-sa101_200x200-PU8aff8_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_F663F250E172D75637EE387588AB955D (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\ct[1].js (879 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\02104345431099-t474x237[1].jpg (2888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\31130314775122-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\4QP0YRRR.txt (92 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\www-subscribe-embed[1].js (29923 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_C1CC7B8D01491F9AD3D20EAE05D4E6F4 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\b[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot (5891 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\f[2].txt (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\lavadora-brastemp-ative-11kg-bwl11a-photo2202269-7-d-34[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\samsung-galaxy-tab-3-7-0-sm-t210-wi-fi-8-gb_200x200-PU8261e_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\7347923224040542989[1].jpg (1138 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\cb=gapi[2].js (21632 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\api[1].js (6645 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\10801920_331776217005906_7780408014686174217_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\aerocool-arma-gamer_200x200-PU7a105_1[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\f[2].txt (77412 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\14181700895757-t100x100[1].jpg (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_8F03B38040A5D04E02E1755856D36D26 (1448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\rta[1].js (163 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\02104524460102-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\css[1].css (186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\border_3[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\photo[1].jpg (2391 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\rs=AGLTcCMDnmkaC_FLL6HkuK20QD8kjy0bcA[1].js (159774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\cb=gapi[1].js (89863 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\02112915295231-t222x111[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\211120145427485-t194x97[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\bubbleDropB_3[1].png (117 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\cb=gapi[5].js (71 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 (984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\yet_another_cleaner_bxk[2].exe (1943830 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\DU1Ia251o0y[1].htm (3181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\push[1].htm (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\31103021160031-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_8F03B38040A5D04E02E1755856D36D26 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\smartphone-sony-xperia-t2-ultra-dual-d5322-desbloqueado_200x200-PU8f189_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\pixel[1].png (170 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D (2808 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_7502D4377E88FF0A4E3FF8510B7A3BF5 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\10418869_350895541749548_8026090204925231826_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\cb=gapi[1].js (21194 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\31114408441072[1].jpg (7223 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\grand-theft-auto-v-playstation-4-blu-ray_200x200-PU91c99_1[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\rs=AGLTcCMDnmkaC_FLL6HkuK20QD8kjy0bcA[1].js (26524 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\plusone[1].js (31724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\5386886896510532077[1].gif (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BG26ER38.txt (297 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\smartphone-lg-g2-d805-desbloqueado_200x200-PU8422a_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 (3372 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DC5M7Y4B.txt (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_7502D4377E88FF0A4E3FF8510B7A3BF5 (1432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\br_nzn_baixaki_redir_970x200_5adsx4-1.0.4.min[1].js (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_A363FA4664764D069037AD000B6F9001 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\IXKCB7V9.txt (402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\bubbleSprite_3[1].png (318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\activeview[1].gif (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (3296 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C7W67AD7.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\geral-201309170947[1].js (30100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\LG897J1A.txt (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\cb=gapi[1].js (5476 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\image[1].png (1244 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\www-subscribe-embed-vflMmNA9U[1].css (18511 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\10410855_1391107331164278_3392151453808676195_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\iqVGY7gYXlg[1].gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\zrt_lookup[1].htm (1406 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\ads[2].htm (14122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\rex-default[1].png (1160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\apple-ipad-mini-4g-16-gb_200x200-PU6dd55_1[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\31112647804063-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\f[3].txt (690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\bubbleDropR_3[1].png (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\sony-playstation-3-super-slim-500-gb_200x200-PU72efd_1[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\aerocool-arma-gamer_200x200-PU7a105_1[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\f[1].txt (25549 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\31141203282139[1].jpg (6824 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_6974D89D7560C032FD086BB9AE092DD4 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_D21BD790618F258B236C997278341DE0 (1432 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D1F03728133589A90656A87E482B21F (2726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\far-cry-4-signature-edition-playstation-4-blu-ray_200x200-PU93903_1[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\100720143007825-t194x97[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\www-subscribe-embed-card-vflZy1sp8[1].css (2135 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\smartphone-lg-g2-d805-desbloqueado_200x200-PU8422a_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (2380 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\postmessageRelay[1].htm (616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\lavadora-brastemp-ative-11kg-bwl11a-photo2202269-7-d-34[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\02104626362107-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\1081796830-postmessagerelay[1].js (3519 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_F663F250E172D75637EE387588AB955D (1488 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\renovautil-chopp-10-latas_200x200-PU64f6d_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\hwDm6WxKVrZ[1].js (131760 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\bxklogo[1].png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82414F9D7AB8999991FFEB2BC378A4EB_010D63BD4C538A33A000779ECDAA5F8F (3360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\DU1Ia251o0y[1].htm (3421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\jquery.min[1].js (48438 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\dc634773cd47817b[1].js (14397 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\newlink-sa101_200x200-PU8aff8_1[1].jpg (868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\1YBPYAZH.txt (308 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\logo-rex-white[1].png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\x_button_blue2[1].png (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\rex[1].htm (1035 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\smartphone-samsung-galaxy-core-2-duos-sm-g355m-desbloqueado_200x200-PU91c2a_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\lego-the-hobbit-playstation-3-blu-ray_200x200-PU7ab0e_1[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A7HNB4BD.txt (597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\smartphone-sony-xperia-t2-ultra-dual-d5322-desbloqueado_200x200-PU8f189_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\imgad[1].jpg (14128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\kcHy1CkUgqNV4AKTDGxBWDDrzFfeh6glKekObLZJg2E[1].js (8395 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\_sprites20130903[1].png (3920 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_D21BD790618F258B236C997278341DE0 (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\smartphone-samsung-galaxy-core-2-duos-sm-g355m-desbloqueado_200x200-PU91c2a_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\17277594690423083363[1].jpg (4648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\cb=gapi[4].js (124582 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\dc[1].js (27978 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\seagate-expansion-stbx1000100-1024-gb-externo_200x200-PU6e6ee_1[1].jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\client_plusone[1].js (33026 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\02104132034096-t222x111[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\31130302560121-t222x111[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\grand-theft-auto-v-playstation-4-blu-ray_200x200-PU91c99_1[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\baixaki-970x200-v3[1].css (27102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\sony-kdl-32r435a-led-plana-32_200x200-PU87629_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\887FDFEF9DC62EF73EB288690D5944B1_69D8D47AB1AD575C0CF624C7D137AD1B (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\rs=AGLTcCMDnmkaC_FLL6HkuK20QD8kjy0bcA[1].js (2845 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_6974D89D7560C032FD086BB9AE092DD4 (1448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\sony-kdl-32r435a-led-plana-32_200x200-PU87629_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\2OV5E1OA\www.facebook[1].xml (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\f[1].txt (98920 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TOO6Y6BQ.txt (81 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\pubads_impl_56[1].js (65418 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\lg-55la9650-led-plana-55-polegadas_200x200-PU8a7d0_1[1].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\multilaser-p3108_200x200-PU4d3d4_1[1].jpg (880 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\1779953_442612662553784_1456159939853832029_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\login_button[1].htm (3214 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\f[2].txt (45928 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\br_nzn_baixaki_redir_970x200_5adsx4[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\ads[1].htm (12551 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\signin[1].htm (7568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\little-big-planet-3-playstation-3-blu-ray_200x200-PU93f15_1[2].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\31134830489132[1].jpg (5497 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\bxklogowhite[1].png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\spacer[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\DRT4YCWO\googleads.g.doubleclick[1].xml (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\www-hitchhiker-vfl_Nz-Tk[1].png (19593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\02103507839002[1].jpg (7867 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\JE5RPY4Y.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\ads[1].htm (12102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\css[1].css (186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\02111235343196-t222x111[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\samsung-galaxy-tab-3-7-0-sm-t210-wi-fi-8-gb_200x200-PU8261e_1[2].jpg (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\req[1].js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\02104419736100-t222x111[1].jpg (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\multilaser-p3108_200x200-PU4d3d4_1[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\rs=AGLTcCNAsMMQvLy9Kqlcfq8uCmHvnwdmOQ[1].css (85011 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\f[4].txt (13379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\border_3[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\logo-nzn[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\far-cry-4-signature-edition-playstation-4-blu-ray_200x200-PU93903_1[1].jpg (584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9UXXTK4D.txt (597 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\887FDFEF9DC62EF73EB288690D5944B1_69D8D47AB1AD575C0CF624C7D137AD1B (1952 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\f[4].txt (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2VTCHR0P.txt (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\www-subscribe-embed-card[1].js (6657 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\all[1].js (103791 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\little-big-planet-3-playstation-3-blu-ray_200x200-PU93f15_1[1].jpg (584 bytes)

The process MSI91D.tmp:3216 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\coregen.exe (73 bytes)

The process PCSUNotifier.exe:1280 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\PopupNotification.dll (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\Sqlite3.dll (585 bytes)

Registry activity

The process GoogleUpdate.exe:1756 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"IsMSIHelperRegistered" = "1"
"LastStartedAU" = "1422883860"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:148 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"

[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E]
"LanguageList" = "en-US, en"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"

The process GoogleUpdate.exe:796 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ActivePingDayStartSec" = "1422864026"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"DownloadProgressPercent" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"DayOfLastRollCall" = "2954"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastCheckSuccess" = "1422883922"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"RollCallDayStartSec" = "1422864026"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
"StateValue" = "16"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"RollCallDayStartSec" = "1422864026"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastCheckSuccess" = "1422883979"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"RollCallDayStartSec" = "1422864026"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastChecked" = "1422883922"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"pv" = "35.0.1916.153"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"InstallTimeRemainingMs" = "4294967295"

[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}]
"pv" = "35.0.1916.153"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"DownloadTimeRemainingMs" = "4294967295"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"DayOfLastActivity" = "2954"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerResult" = "0"

[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateTime" = "1422883979"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerResult" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"InstallProgressPercent" = "4294967295"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.25.11"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"RollCallDayStartSec" = "1422864026"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"DayOfLastRollCall" = "2954"
"ActivePingDayStartSec" = "1422864026"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerError" = "2"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"LastCheckSuccess" = "1422883922"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState]
"StateValue" = "17"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError" = "2"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableCount" = "1"
"DayOfLastActivity" = "2954"
"DayOfLastRollCall" = "2954"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState]
"StateValue" = "3"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"DayOfLastRollCall" = "2954"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"pv" = "35.0.1916.153"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]
"StateValue" = "5"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableSince" = "Type: REG_QWORD, Length: 8"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState]
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\CurrentState]

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerSuccessLaunchCmdLine"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerSuccessLaunchCmdLine"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerExtraCode1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableCount"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerExtraCode1"
"LastInstallerResult"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"old-uid"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerError"
"LastInstallerResult"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"LastInstallerResultUIString"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"iid"
"LastInstallerResultUIString"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"LastInstallerError"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UpdateAvailableCount"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UpdateAvailableCount"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"tttoken"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"dr"
"tttoken"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"tttoken"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerResult"

The process install.exe:3148 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_IsFileSupportedName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPPutSignedDataMsg"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPGetSignedDataMsg"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPCreateIndirectData"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer]
"GlobalAssocChangedCounter" = "35"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPRemoveSignedDataMsg"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "%Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPVerifyIndirectData"

The process nsq61E2.tmp:1884 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "D0 E2 E6 63 EC 3E D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 47 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "C7 9B F8 76 EC 3E D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "C7 9B F8 76 EC 3E D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process BaofengUpdate.exe:2144 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Mozilla\Extends]
"AppID" = "[email protected]"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKLM\SOFTWARE\Wow6432Node\webssearchesSoftware\webssearcheshp]
"Time" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://istart.webssearches.com/web/?type=ds&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Search_URL" = "http://istart.webssearches.com/web/?type=ds&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
"(Default)" = "%Program Files% (x86)\Mozilla Firefox\firefox.exe http://istart.webssearches.com/?type=sc&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Search Page" = "http://istart.webssearches.com/web/?type=ds&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName" = "webssearches"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://istart.webssearches.com/web/?type=ds&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E\@""%systemroot%\system32\windowspowershell\v1.0]
"powershell.exe"",-111" = "Performs object-based (command-line) functions"

[HKCU\Software\Mozilla\Extends]
"UID" = "535559167_198339_B48A115F"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall]
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\UninstallManager.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page" = "http://istart.webssearches.com/?type=hp&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = "http://istart.webssearches.com/web/?type=ds&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall]
"Publisher" = "webssearches씀瞕Ǿ"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL" = "http://istart.webssearches.com/?type=hp&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F"

[HKLM\SOFTWARE\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command]
"(Default)" = "%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe http://istart.webssearches.com/?type=sc&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\UninstallManager.exe -ptid=cvs焀Ǿ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E\@""%windir%\System32]
"ie4uinit.exe"",-738" = "Start Internet Explorer without ActiveX controls or browser extensions."

[HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = "http://istart.webssearches.com/?type=hp&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F"
"Search Page" = "http://istart.webssearches.com/web/?type=ds&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://istart.webssearches.com/?type=hp&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://istart.webssearches.com/web/?type=ds&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"
"DisplayName" = "webssearches"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://istart.webssearches.com/?type=hp&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F"

[HKCU\Software\Mozilla\Extends]
"ptid" = "cvs"

[HKLM\SOFTWARE\Wow6432Node\webssearchesSoftware\webssearcheshp]
"oem" = "cvs"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://istart.webssearches.com/?type=hp&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall]
"DisplayName" = "webssearches uninstall"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName" = "webssearches"

[HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\[email protected]"

The process BaofengUpdate.exe:2408 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process XTab_v4.0.exe:1416 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\XTab"

[HKLM\SOFTWARE\Wow6432Node\supTab]
"ptid" = "cvs"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"TopResultURL" = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IETR02"
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 44 00 00 00 09 00 00 00 00 00 00 00"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0]
"(Default)" = "SupTabLib"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURL" = "http://www.bing.com/favicon.ico"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\XTab\SupTab.dll"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
"(Default)" = "IETabPage Class"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32]
"(Default)" = "%Program Files% (x86)\XTab\SupTab.dll"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}]
"(Default)" = "IIETabPage"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\Version]
"(Default)" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName" = "Bing"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"FaviconURL" = "http://www.google.com/favicon.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}"

[HKLM\SOFTWARE\Wow6432Node\SupDp]
"dir" = "%Program Files% (x86)\XTab"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"FaviconURL" = "http://do-search.com//favicon.ico"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"(Default)" = "{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"URL" = "http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}"

[HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}]
"(Default)" = "IIETabPage"

[HKCR\Wow6432Node\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"TopResultURL" = "http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"TopResultURL" = "http://istart.webssearches.com/web/?type=ds&ts=1422883716&from=cvs&uid=535559167_198339_B48A115F&q={searchTerms}"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback" = "http://www.bing.com/favicon.ico"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"DisplayName" = "Google"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}]
"DisplayName" = "e"

[HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{E733165D-CBCF-4FDA-883E-ADEF965B476C}.ico"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"

The process ProtectService.exe:2128 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\IHProtect]
"ptid" = "cvs"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"

The process ProtectService.exe:3604 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 04 00 00 00 09 00 00 00 00 00 00 00"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"AutoConfigURL"
"ProxyServer"

The process 40.0.2214.94_chrome_installer.exe:3992 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ap" = "-multi-chrome-full"

The process pcspeedup.tmp:2320 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"Inno Setup: Icon Group" = "PC Speed Up"
"MajorVersion" = "3"

[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"affid" = "2380"

[HKLM\System\CurrentControlSet\services\kbdhid\Parameters]
"CrashOnCtrlScroll" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"UninstallString" = "%Program Files% (x86)\PC Speed Up\unins000.exe"

[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"UniqueID" = "55A7FF1E-3D08-4887-9474-250E52D97F7E"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"QuietUninstallString" = "%Program Files% (x86)\PC Speed Up\unins000.exe /SILENT"

[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"UniqueID" = "55A7FF1E-3D08-4887-9474-250E52D97F7E"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"DisplayIcon" = "%Program Files% (x86)\PC Speed Up\Icon.ico"
"Inno Setup: App Path" = "%Program Files% (x86)\PC Speed Up"

[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"AVList" = "&av=301"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"DisplayName" = "PC Speed Up"
"InstallLocation" = "%Program Files% (x86)\PC Speed Up\"
"Inno Setup: User" = "%CurrentUserName%"

[HKCU\Software\Speedchecker Limited\PC Speed Up]
"UniqueID" = "55A7FF1E-3D08-4887-9474-250E52D97F7E"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"InstallDate" = "20150202"

[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"SpeedTest" = "RUN"

[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"InstallDate" = "20150202"
"CountryCode" = "uk"

"Uninstaller" = "%Program Files% (x86)\PC Speed Up\unins000.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"MinorVersion" = "8"
"Inno Setup: Language" = "uk"
"NoModify" = "1"

[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"CampaignID" = "ppi_2380_installer"

[HKLM\System\CurrentControlSet\Services\i8042prt\Parameters]
"CrashOnCtrlScroll" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"Publisher" = "Speedchecker Limited"
"EstimatedSize" = "14347"

[HKLM\System\CurrentControlSet\services\PCSUService]
"Group" = "UIGroup"

[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"RequestID" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"DisplayVersion" = "3.8.3.0"

[HKLM\System\CurrentControlSet\Control\CrashControl]
"CrashDumpEnabled" = "1"

[HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up]
"keyword" = ""
"ApplicationPath" = "%Program Files% (x86)\PC Speed Up"
"CrashDumpEnabled" = "2"
"Installer" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\speedchecker-pcspeedup-1.0-default\pcspeedup.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1]
"URLInfoAbout" = "http://www.pcspeedup.com"
"Inno Setup: Setup Version" = "5.4.3 (u)"
"NoRepair" = "1"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"PCSpeedUp" = "%Program Files% (x86)\PC Speed Up\PCSUNotifier.exe"

The process VOPackage.exe:888 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\System\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"source" = "CO16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM]
"(Default)" = ""

[HKCU]
"(Default)" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"DisplayVersion" = "1.0.0.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "D0 E2 E6 63 EC 3E D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\uninstall.exe"
"Publisher" = "CMI Limited"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "55 B4 54 59 EC 3E D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 46 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"stats" = "-7227"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
"DisplayName" = "Remote Desktop Access (VuuPC)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "D0 E2 E6 63 EC 3E D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU]
"(Default)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process cvs_webssearches.exe:2360 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "53 11 3A E6 EB 3E D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files% (x86)\Google\Update\1.3.24.15, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\327c54aa\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\327c54aa\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\460.json,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "45 AA 64 08 EC 3E D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "45 AA 64 08 EC 3E D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process setup.exe:1872 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"ap" = "-stage:preconditions-multi-chrome-full"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn" = "ChromeHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe"

[HKCR\.xhtml\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerExtraCode1" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\setup.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe --show-icons"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp" = "ChromeHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationName" = "Google Chrome"

[HKCR\.shtml\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"pv" = "40.0.2214.94"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\Startmenu]
"StartMenuInternet" = "Google Chrome"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --multi-install --chrome"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\setup.exe --query-eula-acceptance --system-level"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"(Default)" = "Google Chrome"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\setup.exe --on-os-upgrade --multi-install --chrome --system-level --verbose-logging"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Publisher" = "Google Inc."

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"IsInstalled" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationDescription" = "Google Chrome is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Google Chrome."

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"WebAccessible" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerResult" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
"(Default)" = "Google Chrome"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"SendsPings" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerResult" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"WebAccessible" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp" = "ChromeHTML"

[HKCR\ChromeHTML]
"(Default)" = "Chrome HTML Document"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"InstallerError" = "2"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe --make-default-browser"

[HKCR\.webp\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto" = "ChromeHTML"
"mms" = "ChromeHTML"

[HKCR\.xht\OpenWithProgids]
"ChromeHTML" = ""

[HKCR\ChromeHTML\DefaultIcon]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UninstallArguments" = " --uninstall --multi-install --system-level"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMajor" = "2214"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"Name" = "Google Chrome App Launcher"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayName" = "Google Chrome"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"RunAsUser" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments" = " --uninstall --multi-install --chrome --system-level"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"pv" = "40.0.2214.94"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"IconsVisible" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news" = "ChromeHTML"
"mailto" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallLocation" = "%Program Files% (x86)\Google\Chrome\Application"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Localized Name" = "Google Chrome"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".webp" = "ChromeHTML"

[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\delegate_execute.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"VersionMinor" = "94"
"NoRepair" = "1"

[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"ServerExecutable" = "%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\delegate_execute.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayIcon" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe,0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"RunAsUser" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"Path" = "%Program Files% (x86)\Google\Chrome\Application"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"https" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayVersion" = "40.0.2214.94"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"CommandLine" = "%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\setup.exe --multi-install --app-launcher --ensure-google-update-present"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"NoModify" = "1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"Name" = "Google Chrome binaries"

[HKCR\.html\OpenWithProgids]
"ChromeHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\setup.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"UninstallString" = "%Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\setup.exe --uninstall --multi-install --chrome --system-level"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerError" = "2"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Version" = "24,0,0,0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"Version" = "40.0.2214.94"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "-multi-chrome-full"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms" = "ChromeHTML"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"pv" = "40.0.2214.94"

[HKLM\SOFTWARE\RegisteredApplications]
"google chrome" = "Software\Clients\StartMenuInternet\Google Chrome\Capabilities"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe --hide-icons"

[HKCR\ChromeHTML\shell\open\command]
"(Default)" = "%Program Files% (x86)\Google\Chrome\Application\chrome.exe -- %1"

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Name" = "Google Chrome"

[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
"(Default)" = "CommandExecuteImpl Class"

[HKCR\.htm\OpenWithProgids]
"ChromeHTML" = ""

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\install-extension]
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
[HKCR\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\Programmable]

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}]
"InstallerExtraCode1"

The process cmdshell.exe:2016 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "69 45 09 77 EC 3E D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4A 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "1C 4B 0C 7C EC 3E D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "1C 4B 0C 7C EC 3E D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process opera.exe:3464 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process STab_Down_6.0.6.6.exe:688 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "45 AA 64 08 EC 3E D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 43 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "F1 5E C8 52 EC 3E D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "F1 5E C8 52 EC 3E D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process %original file name%.exe:3524 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm]
"fdwSupport" = "1"
"aFormatTagCache" = "01 00 00 00 10 00 00 00 02 00 00 00 32 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"cFormatTags" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm]
"cFormatTags" = "2"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"cFilterTags" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm]
"cFilterTags" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"fdwSupport" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "53 11 3A E6 EB 3E D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"cFormatTags" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"fdwSupport" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"aFormatTagCache" = "01 00 00 00 10 00 00 00 31 00 00 00 14 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm]
"aFormatTagCache" = "01 00 00 00 10 00 00 00 11 00 00 00 14 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "53 11 3A E6 EB 3E D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm]
"cFilterTags" = "0"

[HKCU\Software\Microsoft\Windows Script\Settings]
"JITDebug" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
"cFilterTags" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm]
"fdwSupport" = "1"
"cFormatTags" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "53 11 3A E6 EB 3E D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
"aFormatTagCache" = "01 00 00 00 10 00 00 00 06 00 00 00 12 00 00 00"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process regsvr32.exe:2152 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\ProgID]
"(Default)" = "PCSU.SysUtils.1"

[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\Version]
"(Default)" = "1.0"

[HKCR\Wow6432Node\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"

[HKCR\PCSU.Registry]
"(Default)" = "RegistryHelper Class"

[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}]
"(Default)" = "SysUtils Class"

[HKCR\PCSU.SysUtils.1\CLSID]
"(Default)" = "{B89F5C49-51DB-4974-AB5A-E25901AA339C}"

[HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}]
"(Default)" = "IRegistryHelper"

[HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\PC Speed Up"

[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"

[HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\ProgID]
"(Default)" = "PCSU.Registry.1"

[HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\PC Speed Up\PCSUHelper.dll"

[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"

[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}]
"(Default)" = "RegistryHelper Class"

[HKCR\Wow6432Node\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}\1.0]
"(Default)" = "PCSUHelperLib"

[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\InprocServer32]
"(Default)" = "%Program Files% (x86)\PC Speed Up\PCSUHelper.dll"

[HKCR\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}]
"(Default)" = "ISysUtils"

[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\VersionIndependentProgID]
"(Default)" = "PCSU.SysUtils"

[HKCR\PCSU.SysUtils.1]
"(Default)" = "SysUtils Class"

[HKCR\PCSU.SysUtils]
"(Default)" = "SysUtils Class"

[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"

[HKCR\Wow6432Node\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}]
"(Default)" = "IRegistryHelper"

[HKCR\PCSU.Registry\CurVer]
"(Default)" = "PCSU.Registry.1"

[HKCR\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"

[HKCR\PCSU.SysUtils\CurVer]
"(Default)" = "PCSU.SysUtils.1"

[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\PCSU.Registry.1\CLSID]
"(Default)" = "{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}"

[HKCR\Wow6432Node\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}]
"(Default)" = "ISysUtils"

[HKCR\Wow6432Node\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\InprocServer32]
"(Default)" = "%Program Files% (x86)\PC Speed Up\PCSUHelper.dll"

[HKCR\Wow6432Node\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\VersionIndependentProgID]
"(Default)" = "PCSU.Registry"

[HKCR\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}\TypeLib]
"(Default)" = "{3157E247-2784-4028-BF0F-52D6DDC70E1B}"

[HKCR\PCSU.Registry.1]
"(Default)" = "RegistryHelper Class"

The process nsq61E1.tmp:1580 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "D0 E2 E6 63 EC 3E D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "69 45 09 77 EC 3E D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "69 45 09 77 EC 3E D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process MsiExec.exe:3064 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_IsFileSupportedName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPPutSignedDataMsg"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPGetSignedDataMsg"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPCreateIndirectData"

[HKLM\SOFTWARE\Microsoft\PlayReady]
"DataPath" = "C:\ProgramData\Microsoft\PlayReady"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPRemoveSignedDataMsg"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"DLL" = "c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}]
"FuncName" = "XAP_CryptSIPVerifyIndirectData"

The process PCSUSpeedTest.exe:1844 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Progress" = "5"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASAPI32]
"FileTracingMask" = "4294901760"
"EnableFileTracing" = "0"
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"EnableFileTracing" = "0"

[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASAPI32]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"

[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Ping" = "61"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"FileDirectory" = "%windir%\tracing"
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Download" = "159527.137736104"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"MaxFileSize" = "1048576"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"

[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Status" = "Started"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Upload" = "182640.999411542"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSUSpeedTest_RASAPI32]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Server" = "Amsterdam 2"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Speedchecker Limited\PC Speed Up]
"ST_Ping"
"ST_Status"
"ST_Progress"
"SpeedTest"
"ST_Download"
"ST_Upload"
"ST_Server"

The process CrashReport_v6.2.7601.963.exe:2368 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\doubleclick.net]
"(Default)" = "6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Total]
"(Default)" = "91467"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "F1 5E C8 52 EC 3E D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]
"CrashReport.exe" = "9999"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "55 B4 54 59 EC 3E D0 01"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com]
"(Default)" = "21"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 45 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "55 B4 54 59 EC 3E D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]
"CrashReport.exe"

The process taskeng.exe:2044 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{A5AA5BBF-ACE7-4461-AE8A-F42376D0F4AC}]
"data" = "4D 45 4F 57 01 00 00 00 E4 B7 BD 92 8B F2 A0 46"

The process MSI91D.tmp:3216 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

Dropped PE files

MD5 File path
dda7e7403991c4f2a2a2b245ad855319 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\Microsoft.VisualBasic.dll
34211a0228cf5287e9524ec51814fac0 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\SLMSPRBootstrap.dll
910b8184ee0b6ccce4b4c59b8b2fe9d2 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe
5fb428a045f861ad88625fe90971686a c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.ConfigurationUI.dll
a2e98f31109404986e30ec4f80a0b02d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Core.dll
616354eb318d340f7704fa2fbc51eab8 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Core.ni.dll
21a8b51dc4585624794804532ea8b770 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Net.dll
973c5c81d5e4155a32dcfebcadf2c4df c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Net.ni.dll
1dc8528fc3724d22d8fb9341ddf3a148 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.dll
15054621291bdc4d93ba0f3541d26298 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.ni.dll
69cdfcdc4351140c0df9f7431cb02f83 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.Web.dll
e1fcf55ce15e5caf230d59a87e52cbb7 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.Web.ni.dll
338d9e6809841943c7b2f9b0459e3a0f c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.dll
b2b5b10e3dc62cd597425446afbea7be c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.ni.dll
8ddc3792b943fa436080fc3f7ee0a62d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.Browser.dll
31f70cd2628716c46f96f4aa86a6dc0e c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.Browser.ni.dll
bf5aa294b6111536dc2f71f9c27d1277 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.dll
588bbe1fcde2378772280b97012845c4 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.ni.dll
940b248b6e34436e6461654d15c5da26 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Xml.dll
8324aca48274f395ee92ed8d609b6e1c c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Xml.ni.dll
f758831e1249ff575d6049b93288223a c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.ni.dll
86b931199ba434f8e20cc6ad7535a42d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\agcore.dll
8e9c02b623523e273a195868e879d1d9 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\agcp.exe
a98ef87279ab026b7bdfb3ce9df206ae c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ar\Microsoft.VisualBasic.resources.dll
b7d32d5a4468cc2c9c2ae35418a4e3da c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ar\mscorlib.resources.dll
f20da6f9c32dc794cc2d809fa2b7ecc8 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ar\mscorrc.dll
229a568d2d15c52ac3ea8264bc879925 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ar\system.resources.dll
740244ceefa5d4de100a2028435ad1fd c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\bg\Microsoft.VisualBasic.resources.dll
f116025a9b96d01f218554889cf7a08d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\bg\mscorlib.resources.dll
82f9479de23f785d3842d1f37de810e8 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\bg\mscorrc.dll
78ff9f5d13a6dacd6c6f42f2eb58abe5 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\bg\system.resources.dll
64eca3dc309dad3933cd626099ffc614 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ca\Microsoft.VisualBasic.resources.dll
f6e0e42457e70b4085f71e24d71bbd7f c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ca\mscorlib.resources.dll
e4741351290d225ed7f4bf6fca40d782 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ca\mscorrc.dll
146fb5df4aceab2f0b4e1b1f5905f969 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ca\system.resources.dll
0ce088d397fedeb81e737c447c367d90 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\coreclr.dll
28b538decd18bbadadfbc87e50e95f1c c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\coregen.exe
996b98d2a09e2f05157a0d93ec35c490 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\cs\Microsoft.VisualBasic.resources.dll
11899b8883b47e5b7e33c12ee2dad9a3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\cs\mscorlib.resources.dll
a1e2fa516030c59ad5c482e02f7775cf c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\cs\mscorrc.dll
779e3d60d53778b850de2c5d4d9bade6 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\cs\system.resources.dll
1cc709215725f3dc371f04086dc5f0a7 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\da\Microsoft.VisualBasic.resources.dll
d656e02d9827fe0a8b5317e4ce2f25e2 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\da\mscorlib.resources.dll
e0b76be64b49b6e3718fdfa3acf2169a c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\da\mscorrc.dll
a2c3291ce15b9b771490bddbfda724fd c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\da\system.resources.dll
0e5af43c88e68ca9c34b0b4fe8b380ef c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\de\Microsoft.VisualBasic.resources.dll
31d278ee11dc82bbbf5d654fbb7ca9f3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\de\mscorlib.resources.dll
8d47e6cd31e31c5dc1bba4fabc842c1c c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\de\mscorrc.dll
9f39e54a89333e75c60dcc21a4376abd c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\de\system.resources.dll
86c43391198bc5ca923d4d10165a927f c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\el\Microsoft.VisualBasic.resources.dll
db198bc15099b854605e2187f2e72d8d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\el\mscorlib.resources.dll
50a625ad344262558c24cdb43757f6b5 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\el\mscorrc.dll
3dca4e41c6095a325e963513046aaee3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\el\system.resources.dll
29bc165c51ecd9229637ac75f65cbb2d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\es\Microsoft.VisualBasic.resources.dll
0fab65233b1c1295be3e42b312e182a6 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\es\mscorlib.resources.dll
04ee39507f51f0de749d12063771305e c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\es\mscorrc.dll
b2b1be442d59b1581c97968c9e1018e6 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\es\system.resources.dll
48e113bf08a000e879268b35d7a376ad c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\et\Microsoft.VisualBasic.resources.dll
98441ccd86a16b90456f04c3e0a50a7c c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\et\mscorlib.resources.dll
29caa35e3209e7e91c5d71e99f3677cc c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\et\mscorrc.dll
9b16fae36ca5a335448d2f1d51aa1e06 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\et\system.resources.dll
3ba7d079c680fe38673a5ff39ae17015 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\eu\Microsoft.VisualBasic.resources.dll
56da59679011e04333b9258b130eb640 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\eu\mscorlib.resources.dll
935488a2e147215ada811fbf18014a77 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\eu\mscorrc.dll
02040ca2d9ece26e708f9e428fbe4f11 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\eu\system.resources.dll
8f6a34997cec539dbdc3705eb236c265 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\fi\Microsoft.VisualBasic.resources.dll
9fd5eecf4479aef9d0acf6af59302080 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\fi\mscorlib.resources.dll
7455fc891f3942332f4bc3daee50057b c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\fi\mscorrc.dll
d59c5a85fe3b8d6cf6f07a80d8684f1d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\fi\system.resources.dll
70344d2df1d7e719d16a7800cda00a05 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\fr\Microsoft.VisualBasic.resources.dll
1611ce8f69b3aa0fa4a9488e610ffcbf c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\fr\mscorlib.resources.dll
a7ef42c7eeb9c5533f30d40c53763dc3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\fr\mscorrc.dll
6ae68aa30d81fa7dda96f2dff21a6482 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\fr\system.resources.dll
ea1fb893fc7555bdb027e0a4c1a131cb c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\he\Microsoft.VisualBasic.resources.dll
39e60911fa11c4589f375d56f20f266c c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\he\mscorlib.resources.dll
b73b23971c8b85a42b383ec9bf6db954 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\he\mscorrc.dll
bf87bcb45046f505751b38c6defb67d6 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\he\system.resources.dll
e2ec581055cd46102348b693054a10bc c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\hr\Microsoft.VisualBasic.resources.dll
c2d065d89e959fadef82f0dab02b00d1 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\hr\mscorlib.resources.dll
f4a04ac6247cfe0ce515f0d6d1c8309c c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\hr\mscorrc.dll
2259c8431d62b7fb68255422e8f65851 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\hr\system.resources.dll
d7f90ab528f9220efa692462a2b95b61 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\hu\Microsoft.VisualBasic.resources.dll
d48c729e913eb6d7218bdd5229474b9b c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\hu\mscorlib.resources.dll
6880b7b588d9c4ebcf16207b2627d925 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\hu\mscorrc.dll
b49c2621719813f570f9269de647611c c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\hu\system.resources.dll
65b390d6c4023c7c28370d06417bf482 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\id\Microsoft.VisualBasic.resources.dll
d424f7e1bc879fbe6483657125b942d3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\id\mscorlib.resources.dll
ef77dca5141168f21aa63a6753cc5612 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\id\mscorrc.dll
fd4fbfd43dd5f153bc7082be5874e979 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\id\system.resources.dll
845f93271629ac3d4702427e7f77a589 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\it\Microsoft.VisualBasic.resources.dll
ef4987b69195eba07c8268a0adae6824 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\it\mscorlib.resources.dll
8d907050702c0f5a81b83588c0d144dd c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\it\mscorrc.dll
e342eb1bf12a567c8b588a7a326a1fbb c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\it\system.resources.dll
4e72d0ac32048e49ec71dc883c3a903f c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ja\Microsoft.VisualBasic.resources.dll
099eaf234c43d6e8ce4ec231cd98b3fe c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ja\mscorlib.resources.dll
dadadc469095bb2216bc486fa56a6f22 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ja\mscorrc.dll
de46d973259b68906458725b5c26ed35 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ja\system.resources.dll
57fe6c216e7a94aae4bcbe2afc0455b6 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ko\Microsoft.VisualBasic.resources.dll
51ebb84406cd322e9c69472bc08aec7b c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ko\mscorlib.resources.dll
939dfc462f4b11e2f8a1b665189183f8 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ko\mscorrc.dll
d3f1e8db30cc7bb933fef4a53df75827 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ko\system.resources.dll
01903310b53a139e7dc1550f4bcd2e72 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\lt\Microsoft.VisualBasic.resources.dll
5828f61a193f9d8ddfbc09786b6a873c c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\lt\mscorlib.resources.dll
ab81de520e190008f97cf6eb0d316792 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\lt\mscorrc.dll
0a85bc3e2edf898c17c376b894953ea6 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\lt\system.resources.dll
a6663475b1da60b4009347251fcd6541 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\lv\Microsoft.VisualBasic.resources.dll
2b4b6d1918af270fd608da24b6b9a6ba c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\lv\mscorlib.resources.dll
3d01554ade59bdc03e62a384e0aa7334 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\lv\mscorrc.dll
fcea49f81f09920de272e9b0d0b07bfe c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\lv\system.resources.dll
80a4dd24a1f2655750f4b459e98997cc c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ms\Microsoft.VisualBasic.resources.dll
f5122a5b59e919c9d738036be6eefce3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ms\mscorlib.resources.dll
a00b2c33f30e224f11610346188e2b87 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ms\mscorrc.dll
31ff2cb1a7ba9c1290caf486280cd686 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ms\system.resources.dll
81a4cd70d57f64e046bd945a45e2415e c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\mscorlib.dll
54a3d027bbb4eb571c7c48d096ee0d4a c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\mscorlib.ni.dll
96b6b98a6abbdb7278d6a62b1f9655e6 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\mscorrc.dll
fcadce8748f68bde4da4db74962c9ceb c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\nl\Microsoft.VisualBasic.resources.dll
da06f47b6657bb741dae5d0ccc956b3e c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\nl\mscorlib.resources.dll
0be3e9e1372a1d36b5e7e8ec2fa4baa1 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\nl\mscorrc.dll
4ca257510bffc524a7b06f582c04ff1a c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\nl\system.resources.dll
6fc0a8266113a062ca6fdc1b452fc049 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\no\Microsoft.VisualBasic.resources.dll
f3dac902326bf547e5d230b2ae2215b3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\no\mscorlib.resources.dll
55a0100162047835ecac80c3c9f3487a c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\no\mscorrc.dll
98e0dbb05eb4465a61a5547126c5e052 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\no\system.resources.dll
8e151a2a185daf9852322028abe55534 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
8b93ef56bef58f2eb6b6d92b57715131 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
d447a36f6d077f7ba4aee7c1c9a6d29a c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pl\Microsoft.VisualBasic.resources.dll
83e0f5720d1fc910d1cc158d06a014d3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pl\mscorlib.resources.dll
fd6e1c26ec29d85406c8ab878d37e2e0 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pl\mscorrc.dll
ec6e33b7705759ad2ba52e909b09d5b3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pl\system.resources.dll
2204dd6ed09440638362ee33689b9b98 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pt-BR\Microsoft.VisualBasic.resources.dll
6ea844d42e3d447258cef882d5a3d521 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pt-BR\mscorlib.resources.dll
88fc3794b551ec9efaf43d48f0397192 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pt-BR\mscorrc.dll
768263c8fac574cb43e36e0eb9be9d2b c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pt-BR\system.resources.dll
9da3db7d39cf1094d983d5c9075884b9 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pt\Microsoft.VisualBasic.resources.dll
14670acec0249c1c732868af4eede9c3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pt\mscorlib.resources.dll
be56e32c3010f2e8cca0f92449e408a7 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pt\mscorrc.dll
c4db4616be190c3f6ec74789d48abcaf c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\pt\system.resources.dll
7e0d2a1e6c6d65f8d43ed6f6252d5e89 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ro\Microsoft.VisualBasic.resources.dll
dcce963625d82ba51ea2f42de3e60934 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ro\mscorlib.resources.dll
7e48a4ec1d12272e2f1e25a97b57934f c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ro\mscorrc.dll
b3306b56fb7f2df1648350e961993a65 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ro\system.resources.dll
e4a058d380954604aa0b54159af7ab90 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ru\Microsoft.VisualBasic.resources.dll
a9ee3797880974de764d17d973b5c575 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ru\mscorlib.resources.dll
7fe0fbfeb39d5d120f7d91885ca9a23e c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ru\mscorrc.dll
29ee982522e840ddf6eaf3cfe44815df c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\ru\system.resources.dll
958c056d2a335a61ff9b13ce98973ebb c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sk\Microsoft.VisualBasic.resources.dll
cb66600f1268f400c2939ae83a3b2b81 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sk\mscorlib.resources.dll
e062d096cfd16df787b97a2bb564c3b2 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sk\mscorrc.dll
002b68a5e5a135f76be749c9f8c1866d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sk\system.resources.dll
0d0115ecba8c7909817570a492bee664 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sl\Microsoft.VisualBasic.resources.dll
508b76bfe9fbff5755d2d5583bf749ac c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sl\mscorlib.resources.dll
ee7262ab88bd56eb89abf41f61905cbe c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sl\mscorrc.dll
2081988c0c1417fb01e7fbcd211475af c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sl\system.resources.dll
35e0c2177554ebff992743b87a1a476d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sr-Cyrl-CS\Microsoft.VisualBasic.resources.dll
0cb8ac78ae33cfcbb5af4027848ff7a5 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sr-Cyrl-CS\mscorlib.resources.dll
ebe6848f268b5773c3c96ea8485d04d5 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sr-Cyrl-CS\mscorrc.dll
d4d057d4666e28261b0cfbf2c7927bff c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sr-Cyrl-CS\system.resources.dll
3603ac8a2a052e648181cc81c0ac0b8d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sr-Latn-CS\Microsoft.VisualBasic.resources.dll
1a1d3871b5a70867f30e27665f528d8d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sr-Latn-CS\mscorlib.resources.dll
8e50d5dd3583d877af949ea7aa167d80 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sr-Latn-CS\mscorrc.dll
87ccbb06b06a255b17feba7b465629d3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sr-Latn-CS\system.resources.dll
5f91aa1428aeb3aaf291d4d1908e6c86 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sv\Microsoft.VisualBasic.resources.dll
f451b5e8e79733ed1d2d303475d248a6 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sv\mscorlib.resources.dll
a1b03b93d1c388ced687bd72a4d78734 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sv\mscorrc.dll
8c954e9c495b67114194ec414031ce59 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\sv\system.resources.dll
7df6a16f125b59c9a8afd43d5ffe3319 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\system.dll
e3384bbeb3a2dd6a5cb73386567a110a c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\th\Microsoft.VisualBasic.resources.dll
3e90b48e5d65a4e11307daf70081f6ea c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\th\mscorlib.resources.dll
c91de4231db93e6aa43814a8dfd17ece c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\th\mscorrc.dll
84add9052724cfd13732e611e79483a3 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\th\system.resources.dll
4110e3db953513e7136f0bafd7be216d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\tr\Microsoft.VisualBasic.resources.dll
3b03af2e713e16cd710590b26f745b09 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\tr\mscorlib.resources.dll
7cfa6b8bf525c4f3a66bc45300ee8f4b c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\tr\mscorrc.dll
18704df881492c8904555f1d4cfce209 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\tr\system.resources.dll
9eefc1cf2c36e12a22da5f21d78dd3c9 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\uk\Microsoft.VisualBasic.resources.dll
ad26ed8da155ccf4b1675c714832aee5 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\uk\mscorlib.resources.dll
4e2a0315efade90257da0efe7bdddbb1 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\uk\mscorrc.dll
5efe72d85ffb4473bb5ba1fe40ddc931 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\uk\system.resources.dll
f34ce31a44bba8a34193acc34d553269 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\vi\Microsoft.VisualBasic.resources.dll
ad1936069c18085bad4f46596e096e6b c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\vi\mscorlib.resources.dll
754db3c969035be56dfb73d93ca2ab83 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\vi\mscorrc.dll
9de8d1a8d07326122ce0e040356e6280 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\vi\system.resources.dll
ea3d1945b622cdac3de3b29021828cfd c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\zh-Hans\Microsoft.VisualBasic.resources.dll
3955e856c350473773301f319a40ccb1 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\zh-Hans\mscorlib.resources.dll
cadc3a21f9e0f144472da8211bff52cf c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\zh-Hans\mscorrc.dll
f9cdd3fe790b0eb9213a9725992787d6 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\zh-Hans\system.resources.dll
cfd295d6b8309b206ef9b4e1d8f8e95d c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\zh-Hant\Microsoft.VisualBasic.resources.dll
1a9e36ce41c9f44fb08962aab6c8b516 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\zh-Hant\mscorlib.resources.dll
79fdff61c75be995c802217bb7d1b3f5 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\zh-Hant\mscorrc.dll
42888be4920e4d3988a08c3b46d3c191 c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\zh-Hant\system.resources.dll
a8751ee4924c8d5165599ef43adf45d5 c:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
afc858e7152f99575c54d6c6418a44ab c:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll
fcfd22a54a65ed35ee356724ee506006 c:\Program Files (x86)\PC Speed Up\FileUploader.exe
64373b404255a3df6c1b44326bfc2f5d c:\Program Files (x86)\PC Speed Up\ManagedWifi.dll
83e5ce7c720e2563895e4aaad85218a0 c:\Program Files (x86)\PC Speed Up\PCSUHelper.dll
27dfc14c423f6499f7b939c80d02005e c:\Program Files (x86)\PC Speed Up\PCSULauncher.exe
694cf00e5c484d4d8e34dce55caa4770 c:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
689d0433ec0a86660474535539a4c4e3 c:\Program Files (x86)\PC Speed Up\PCSUQuickScan.exe
6612538443e226fa47a9b0be4512008a c:\Program Files (x86)\PC Speed Up\PCSUSD.exe
04418a494137f385a0db0a770a47b06b c:\Program Files (x86)\PC Speed Up\PCSUService.exe
9f55ddc526ec3932729f6915750849c6 c:\Program Files (x86)\PC Speed Up\PCSUSpeedTest.exe
c4234518bc158cb385fd5b4fdc389ebf c:\Program Files (x86)\PC Speed Up\PCSUUCC.exe
d52827b6b8b9b7bf1a419ff74607ac82 c:\Program Files (x86)\PC Speed Up\PCSpeedUp.sys
d703f9d845dc96ea4464727cce7f3610 c:\Program Files (x86)\PC Speed Up\PopupNotification.dll
0ed4e637aabb8df8ca9723d90fe6656d c:\Program Files (x86)\PC Speed Up\Skyhook.exe
3714b140a9f8942a7438d0bd0c946eff c:\Program Files (x86)\PC Speed Up\SpeedChecker.dll
a40a4c13bdf6eb55d852dd3219bab75b c:\Program Files (x86)\PC Speed Up\Sqlite3.dll
a1e59cd38160bcdfc61f383741ba7ade c:\Program Files (x86)\PC Speed Up\qs64.dll
78ffdedf1b8131356b81b1a86600f5c0 c:\Program Files (x86)\PC Speed Up\unins000.exe
79b448126bb80a3186a160b1fb8685db c:\Program Files (x86)\PC Speed Up\wpsapi.dll
a7998c55467d4884cb509e5c4cfdcfa2 c:\Program Files (x86)\XTab\BrowerWatchCH.dll
fbde6af89f9b351243c3f736a48a0543 c:\Program Files (x86)\XTab\BrowerWatchFF.dll
5785680870eff9ba7b4f58c726552013 c:\Program Files (x86)\XTab\BrowserAction.dll
77590ce0cdeb6bbee8dc056fea0b107c c:\Program Files (x86)\XTab\CmdShell.exe
c04d8bc933470b3913e4e3e6c3115793 c:\Program Files (x86)\XTab\HPNotify.exe
a330b7929278b18a33e29bd4bb69abc3 c:\Program Files (x86)\XTab\IeWatchDog.dll
b32a88b91e59bfb553a9bebf78a1e567 c:\Program Files (x86)\XTab\ProtectService.exe
fece5b81614bd16ff043051f338183a0 c:\Program Files (x86)\XTab\SupTab.dll
3e29914113ec4b968ba5eb1f6d194a0a c:\Program Files (x86)\XTab\msvcp110.dll
4ba25d2cbe1587a841dcfb8c8c4a6ea6 c:\Program Files (x86)\XTab\msvcr110.dll
852f4db9b269f52c54f37568d703825e c:\Program Files (x86)\XTab\uninstall.exe
b3113668f356c345dd1efae531e257f8 c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\count_vc[1].htm
e51a4f1446f882cb1d014723a645386a c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\yet_another_cleaner_bxk[1].exe
f99ba617f06b2dfd62cd23ae7c9484fd c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\count_vn[1].htm
13600c54251e5d43df1c21556e09c9b7 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\clickmein-ltd-vuupc-winsoftware-1.0-default\VOPackage.exe
1fcc392d7a1342fb18f6bc289b1de4d3 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\elex-websearches-1.0-default\cvs_webssearches.exe
940b98fe6726fa263d8a56603586fb51 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\speedchecker-pcspeedup-1.0-default\pcspeedup.exe
881390fe5aa2bd7645dd965bb568bef6 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\CrashReport_v6.2.7601.963.exe
4ca158423c13f6f7ef8e1a0a745384f6 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\STab_Down_6.0.6.6.exe
55bae15d523e4fabaa551023703d3fd9 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\XTab_v4.0.exe
c8ac9074c2dfd3814f656d1feca32129 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\wpm_v20.0.0.1714.exe
f02155fa3e59a8fc48a74a236b2bb42e c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfDCB9.tmp\inetc.dll
f99ba617f06b2dfd62cd23ae7c9484fd c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq61E1.tmp
b3113668f356c345dd1efae531e257f8 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq61E2.tmp
160bacb0d66c0a8ab6860e2d9c328fc1 c:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\Uninstall.exe
13600c54251e5d43df1c21556e09c9b7 c:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\VOPackage.exe
1087be1ed3e4cf8bac3dfb8bcf76facf c:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\UninstallManager.exe
814374e4ab90e30c64eefaacf1da140b c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 338116 338432 4.5527 aadb8d11f565b1bdb5e8edc497f04ce1
.rdata 344064 67928 68096 3.73291 22f8ddf3114724cc081eac17afa0dd28
.data 413696 15856 6656 2.15427 70d5eea83084540c384f2a9e3194fdbc
.rsrc 430080 178688 178688 5.33997 2785c91a46f27cb2410ffb828f817954
.reloc 610304 24798 25088 3.76966 1f006854974463a827e587ce89906ebb

Dropped from:

Downloaded by:

Similar by SSDeep:

3ae437be0690b3e15afc83f32d1c83ff
aad77e4a30e2ebecb3a82ff2a0a09fd3
7dc7732f0489db354951b8cf0e4916b5
ce89a44528b5df948d32a1bf88ed537d
c986ce4f735261f91f51e63100e4981b
77c9523b0aa6a2f54e8595fcfd5659b1
0940a6ec53c55482aeefccf4c9de905e
167157797f582a6fb12b47ef3b97cf5a
dd924834e3e0b9cd307fb700484cfa0a
82ac3e457d2b241413d4d5422d2c4218
ccbbdd9a96134110f73536f7a9d334ad
8b4d59f955d9739c143fd703c1de0bd1
0289251aee1615f75d75e668fa16a265
4656d66c060b0746f744e5c84294c5a9
503ecaedfea18a3549df7b1289f72f72
7153abb957169b2268aab8e94520e538
ed22e0951ace8d8621059d1fec1942e0
c3b9ba112219ef03a25d4a1ecb734678
f0ab92dc188ab9efff34daa6b9bb581d
632a1a0e31819b181256d41fa31333f9
de0d76c5cc64b3540991ef6f6b224ab7
ece74e7d6ea3a3aa35da9ca803dab3c9
311dc5cd512f159fbc74684791ad7bdb

Similar by Lavasoft Polymorphic Checker:

Total found: 26
3ae437be0690b3e15afc83f32d1c83ff
311dc5cd512f159fbc74684791ad7bdb
ece74e7d6ea3a3aa35da9ca803dab3c9
de0d76c5cc64b3540991ef6f6b224ab7
632a1a0e31819b181256d41fa31333f9
f0ab92dc188ab9efff34daa6b9bb581d
edb35342b8546d99fdc5df9c798a4913
c3b9ba112219ef03a25d4a1ecb734678
99ad7ce82f4e3da1669f36d91d39d3cd
ed22e0951ace8d8621059d1fec1942e0
7153abb957169b2268aab8e94520e538
503ecaedfea18a3549df7b1289f72f72
4656d66c060b0746f744e5c84294c5a9
0289251aee1615f75d75e668fa16a265
8b4d59f955d9739c143fd703c1de0bd1
ccbbdd9a96134110f73536f7a9d334ad
82ac3e457d2b241413d4d5422d2c4218
dd924834e3e0b9cd307fb700484cfa0a
167157797f582a6fb12b47ef3b97cf5a
0940a6ec53c55482aeefccf4c9de905e
ad9acfe11bf46c4d31f01e3851008da0
77c9523b0aa6a2f54e8595fcfd5659b1
c986ce4f735261f91f51e63100e4981b
ce89a44528b5df948d32a1bf88ed537d
7dc7732f0489db354951b8cf0e4916b5

URLs

URL IP
hxxp://dlg-configs-eus.cloudapp.net/
hxxp://dlg-configs-eus.cloudapp.net/config-from-production
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/winsoftware-flow-5-text-en-us.zip
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/progress.zip
hxxp://dlg-messages-eus.cloudapp.net/1/dg/3
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/websearches-single-text-en-us.zip
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/last.zip
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/yuupc-single-text-en-us.zip
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/base.zip
hxxp://cs1.wpc.v0cdn.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/pcspeedup-single-text-en-us.zip
hxxp://www.winsoftware.de/icons/opera.jpg
hxxp://www.girlwurina.com/home/cvs_webssearches.exe
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action1=xa.geoip&action2=visit&action3=cvs.visit.webssearches&update1=ref,cvs&update2=identifier,installer&update3=version,6.3.76.1516&update4=nation,us&update5=language,en
hxxp://www.inisxriy.com/infv3/index/2626/bnd/6.3.76.1516/a9409109ac27fbf6a1a384586cc86a75
hxxp://www.inisxriy.com/files/zip_r3/2626_399a97e50550d6deb3e2c990ef14e83b/1.zip
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.dlzip1.webssearches.finish,50
hxxp://log.very911.com/install.gif?bundle=webssearches&ptid=cvs&uid=535559167_198339_B48A115F
hxxp://download.dynect.mozilla.net/?product=firefox-34.0.5-complete&os=win&lang=en-US
hxxp://www.google.com/
hxxp://www.google.com.ua/?gfe_rd=cr&ei=bHvPVNrZNaWt8wek2oDIAQ
hxxp://a1284.g.akamai.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.regok
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.ds
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.nt.ff.tab
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.hp
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.finish
hxxp://www.inisxriy.com/infv3/index/2626/3rd/6.3.76.1516/a335d485b670155b839aff0080f4b702
hxxp://www.inisxriy.com/files/zip_r3/2626_b691a08da41eab0f72f80c1bf1e71b9c/2.zip
hxxp://www.kmu79.com/inf/geturl/cvs?name=yac_baixaki
hxxp://www.alchcz.cc/files/third/2015/01/16/172511/350/XTab_4.0.2.1716.exe
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.CrashReport_v6
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.ient
hxxp://xa.xingcloud.com/v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.wpm
hxxp://a38.w3.akamai.net/site/dwnld109843.htm
hxxp://a38.w3.akamai.net/usuarios/din/prog.asp?cod=109843&versao=6.0.51
hxxp://pagead46.l.doubleclick.net/pagead/show_ads.js
hxxp://a1872.g.akamai.net/aep/tag/br/br_nzn_baixaki_redir_970x200_5adsx4.js
hxxp://googleapis.l.google.com/css?family=Open Sans:400,700
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.9.1/jquery.min.js
hxxp://a1294.w20.akamai.net/c2/8756095/ct.js
hxxp://a38.w3.akamai.net/inc/v12/v12-20140904.css
hxxp://a38.w3.akamai.net/bxk_v12/bxklogo.png
hxxp://a38.w3.akamai.net/b.gif
hxxp://a38.w3.akamai.net/inc/v12/geral-201309170947.js
hxxp://a38.w3.akamai.net/2014/05/14/14181700895757-t100x100.jpg
hxxp://a38.w3.akamai.net/2015/01/31/31114408441072.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=474px:237
hxxp://a38.w3.akamai.net/2015/01/31/31134830489132.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111
hxxp://tag.navdmp.com/tm13767.js
hxxp://a38.w3.akamai.net/2015/01/31/31141203282139.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111
hxxp://a38.w3.akamai.net/2015/02/02/02104345431099-t474x237.jpg
hxxp://e3821.dspe1.akamaiedge.net/pt_BR/all.js
hxxp://a38.w3.akamai.net/2015/02/02/02104524460102-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/02/02104626362107-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/02/02112915295231-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/02/02112705985226-t222x111.jpg
hxxp://a1294.w20.akamai.net/b?c1=2&c2=8756095&ns__t=1422883800535&ns_c=iso-8859-1&c8=YAC download - Baixaki&c7=http://www.baixaki.com.br/site/dwnld109843.htm&c9=
hxxp://a38.w3.akamai.net/usuarios/din/GooglePlusSignIn.aspx
hxxp://a38.w3.akamai.net/2015/02/02/02112042690211-t222x111.jpg
hxxp://pagead46.l.doubleclick.net/tag/js/gpt.js
hxxp://www.google.com.ua/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE.eot
hxxp://ibxk.com.br/bxk_v12/logo-nzn.png
hxxp://stats.l.doubleclick.net/dc.js
hxxp://a38.w3.akamai.net/2015/02/02/02111132989193-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/02/02/02111235343196-t222x111.jpg
hxxp://pagead46.l.doubleclick.net/pagead/js/r20150127/r20141212/show_ads_impl.js
hxxp://a38.w3.akamai.net/2015/02/02/02104132034096-t222x111.jpg
hxxp://rtax.criteo.com/delivery/rta/rta.js?netId=2028&cookieName=cto_rta&rnd=87967043742&varName=crtg_content
hxxp://a38.w3.akamai.net/2015/02/02/02104419736100-t222x111.jpg
hxxp://pagead46.l.doubleclick.net/gpt/pubads_impl_56.js
hxxp://a38.w3.akamai.net/2015/02/02/02095317012015-t222x111.jpg
hxxp://pagead46.l.doubleclick.net/pagead/html/r20150127/r20141212/zrt_lookup.html
hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.6.2dc&utms=1&utmn=1872741324&utmhn=www.baixaki.com.br&utmcs=iso-8859-1&utmsr=1716x901&utmvp=792x554&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=YAC download - Baixaki&utmhid=1088351939&utmr=-&utmp=/site/dwnld109843.htm&utmht=1422883800733&utmac=UA-144680-1&utmcc=__utma=248450708.402729839.1422883801.1422883801.1422883801.1;+__utmz=248450708.1422883801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~
hxxp://a38.w3.akamai.net/2015/01/31/31153129756217-t222x111.jpg
hxxp://navdmp.com/usr?v=7&acc=13767&upd=1&new=1&wct=1
hxxp://pagead-googlehosted.l.google.com/safeframe/1-0-1/html/container.html
hxxp://a38.w3.akamai.net/2015/01/31/31151459476187-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/01/31/31161003767245-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/01/31/31130302560121-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/01/31/31130314775122-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/01/31/31114811600076-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/01/31/31112647804063-t222x111.jpg
hxxp://code.jquery.netdna-cdn.com/jquery-1.10.2.min.js
hxxp://a38.w3.akamai.net/2015/01/31/31103021160031-t222x111.jpg
hxxp://a38.w3.akamai.net/2015/01/31/31103035138032-t222x111.jpg
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=728x15_0ads_al&output=html&h=15&adk=3318342544&w=728&lmt=1422883800&channel=0894689340&alt_color=ffffff&color_bg=FFFFFF&color_border=FFFFFF&color_link=003399&color_text=000000&color_url=006600&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1422883800654&bdt=570&shv=r20150127&cbv=r20141212&saldr=sb&correlator=7738023443003&frm=20&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=thread-0000015c-id-00000000&dfs=16&adx=32&ady=226&biw=792&bih=554&eid=317150304&oid=3&rx=0&eae=0&fc=24&brdim=4,42,0,0,1716,,800,600,792,554&vis=1&abl=XS&ppjl=u&fu=1024&bc=1&ifi=2&xpc=5lteOC31vO&p=http://www.baixaki.com.br&dtd=275
hxxp://pagead46.l.doubleclick.net/pagead/osd.js
hxxp://a38.w3.akamai.net/2015/01/31/31095233060003-t222x111.jpg
hxxp://a38.w3.akamai.net/sd/screenshots/2014/11/211120145427485-t194x97.jpg
hxxp://navdmp.com/req?v=7&upd=1&new=1&id=15973615790&acc=13767&tit=YAC download - Baixaki&utm=248450708.1422883801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
hxxp://a38.w3.akamai.net/sd/screenshots/2013/11/081120130629104-t194x97.jpg
hxxp://a38.w3.akamai.net/sd/screenshots/2015/01/210120155725873-t194x97.jpg
hxxp://a1872.g.akamai.net/dhtml/aep/aep-full-10.7.2.min.js
hxxp://a38.w3.akamai.net/sd/screenshots/2014/07/100720143007825-t194x97.jpg
hxxp://a38.w3.akamai.net/b1.gif
hxxp://a1872.g.akamai.net/aep/template/br_nzn_baixaki_redir_970x200_5adsx4-1.0.4.min.js
hxxp://a38.w3.akamai.net/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
hxxp://a38.w3.akamai.net/bxk_v12/_sprites20130903.png
hxxp://a1872.g.akamai.net/aep/css/baixaki-970x200-v3.css
hxxp://a38.w3.akamai.net/bxk_v12/logo-nzn.png
hxxp://pagead46.l.doubleclick.net/gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk-utilidades-e-seguranca_redir-sbn-top&sz=728x90&cust_params=category=limpadores&cookie_enabled=1&lmt=1422883800&dt=1422883800815&cc=100&frm=20&biw=792&bih=554&oid=3&adx=32&ady=136&adk=3673371936&gut=v2&oe=iso-8859-1&ifi=1&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true
hxxp://navdmp.com/req?v=7&upd=1&new=1&id=15973615790&acc=13767&tit=YAC download - Baixaki&utm=248450708.1422883801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&id=15973615790&acc=13767&tit=YAC download - Baixaki&utm=248450708.1422883801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
hxxp://a38.w3.akamai.net/bxk_v12/bxklogowhite.png
hxxp://a38.w3.akamai.net/loading.gif
hxxp://a38.w3.akamai.net/logo-rex-white.png
hxxp://a38.w3.akamai.net/ns/rexposta/layout/rex-default.png?w=220&h=165&mode=crop
hxxp://a749.dsw4.akamai.net/connect/xd_arbiter/DU1Ia251o0y.js?version=41
hxxp://pagead46.l.doubleclick.net/pagead/000000_new_ico.gif
hxxp://star.c10r.facebook.com/plugins/login_button.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f76a68bb1d3f1&domain=www.baixaki.com.br&origin=http%3A%2F%2Fwww.baixaki.com.br%2Ff3d7897cce76774&relation=parent.parent&locale=pt_BR&login_text=Entrar usando Facebook&scope=email,user_birthday,user_about_me,user_activities,user_hometown,user_location,user_interests,publish_stream&sdk=joey&size=medium
hxxp://a38.w3.akamai.net/doodle-rex.jpg
hxxp://a38.w3.akamai.net/icon-reply.png
hxxp://pagead46.l.doubleclick.net/pagead/js/r20150127/r20141212/expansion_embed.js
hxxp://a38.w3.akamai.net/rexposta/2015/02/02/02103507839002.jpg?w=220&h=165&mode=crop
hxxp://pagead46.l.doubleclick.net/pagead/expansion_embed.js?source=safeframe
hxxp://star.c10r.facebook.com/plugins/like_box.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f270f1c58e01b64&domain=www.baixaki.com.br&origin=http%3A%2F%2Fwww.baixaki.com.br%2Ff3d7897cce76774&relation=parent.parent&header=false&height=190&href=http://www.facebook.com/baixaki&locale=pt_BR&sdk=joey&show_border=true&show_faces=true&stream=false&width=300
hxxp://afp.e-planning.net/eb/4/12164/dc634773cd47817b?rnd=0.703704755870842&fv=11.7&ma=20&n=4f0x1c0&crs=UTF-8&cb=AEP.ads&ccb=AEP.syncCookies
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6f29061aee1e4a10
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6c045185724c99c1
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?966c49e8f9a60aa4
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?31a03987113885e6
hxxp://pagead46.l.doubleclick.net/gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk_programas_redir_square&sz=300x250&cust_params=category=limpadores&cookie=ID=ab4f9e22fbc2ca00:T=1422883774:S=ALNI_Mbx47jFb8NJnLLSj4M5SJVMkRQYng&cookie_enabled=1&lmt=1422883801&dt=1422883801414&cc=100&frm=20&biw=776&bih=554&oid=3&adx=0&ady=448&adk=241272540&gut=v2&oe=iso-8859-1&ifi=3&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true
hxxp://afp.e-planning.net/eb/4/12164/dc634773cd47817b?ct=1&rnd=0.703704755870842&fv=11.7&ma=20&n=4f0x1c0&crs=UTF-8&cb=AEP.ads&ccb=AEP.syncCookies
hxxp://pagead46.l.doubleclick.net/simgad/8007231901646850404
hxxp://pagead46.l.doubleclick.net/pagead/js/r20150127/r20110914/abg.js
hxxp://pagead46.l.doubleclick.net/pagead/images/ad_choices_i.png
hxxp://pagead46.l.doubleclick.net/pagead/images/ad_choices_en.png
hxxp://pagead46.l.doubleclick.net/pagead/drt/s?v=r20120211
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs=
hxxp://pagead46.l.doubleclick.net/push?client=ca-pub-1712420989769758
hxxp://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl
hxxp://e6845.ce.akamaiedge.net/crls/secureca.crl
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJH1zOoYiteHgktAQ1oBkA=
hxxp://googleapis.l.google.com/css?family=Open Sans:400,600
hxxp://pagead46.l.doubleclick.net/pagead/js/adsbygoogle.js
hxxp://df6du6ip3rmgn.cloudfront.net/images/lavadora-brastemp-ative-11kg-bwl11a-photo2202269-7-d-34.jpg
hxxp://pagead46.l.doubleclick.net/gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk_programas_redir_square-2&sz=300x250&cust_params=category=limpadores&cookie=ID=ab4f9e22fbc2ca00:T=1422883774:S=ALNI_Mbx47jFb8NJnLLSj4M5SJVMkRQYng&cookie_enabled=1&lmt=1422883801&dt=1422883801848&cc=100&frm=20&biw=776&bih=554&oid=3&adx=339&ady=448&adk=3931923773&gut=v2&oe=iso-8859-1&ifi=4&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true
hxxp://a1359.sa.akamai.net/console-de-videogame/sony-playstation-3-super-slim-500-gb_200x200-PU72efd_1.jpg
hxxp://a1359.sa.akamai.net/celular-e-smartphone/smartphone-samsung-galaxy-core-2-duos-sm-g355m-desbloqueado_200x200-PU91c2a_1.jpg
hxxp://aep.emea.mxptint.net/adex.ashx?google_gid=CAESEHiyFVHopUq83ZfWFx4Ki0Q&google_cver=1&google_push=AHNF13JR99gZ9cyLWwuDb69fxz0ZedTFwWUd9_acUw
hxxp://a1359.sa.akamai.net/teclado-para-pc/aerocool-arma-gamer_200x200-PU7a105_1.jpg
hxxp://a1359.sa.akamai.net/cooler-para-bebidas/renovautil-chopp-10-latas_200x200-PU64f6d_1.jpg
hxxp://pagead46.l.doubleclick.net/pixel?google_nid=dt8fb3he4rk&google_push=AHNF13JR99gZ9cyLWwuDb69fxz0ZedTFwWUd9_acUw&google_hm=UjM2XzY2RkIxQUQxXzNDOTJFODNF
hxxp://www.google.com.ua/pub-config/ca-pub-7019091094896260.js
hxxp://gs1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo=
hxxp://a1359.sa.akamai.net/tv/sony-kdl-32r435a-led-plana-32_200x200-PU87629_1.jpg
hxxp://a1359.sa.akamai.net/som-automotivo/newlink-sa101_200x200-PU8aff8_1.jpg
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg==
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=6752265473&adk=742962455&w=300&ea=0&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1422883801927&bpp=78&bdt=36&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=2042192589.1422883802&ga_sid=1422883802&ga_hid=1444082417&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=u&fu=4&bc=1&ifi=1&dtd=156
hxxp://a1359.sa.akamai.net/jogos/far-cry-4-signature-edition-playstation-4-blu-ray_200x200-PU93903_1.jpg
hxxp://a1359.sa.akamai.net/jogos/little-big-planet-3-playstation-3-blu-ray_200x200-PU93f15_1.jpg
hxxp://a1359.sa.akamai.net/jogos/grand-theft-auto-v-playstation-4-blu-ray_200x200-PU91c99_1.jpg
hxxp://a1359.sa.akamai.net/tablet/apple-ipad-mini-4g-16-gb_200x200-PU6dd55_1.jpg
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAaHMqBTgR3n
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCE96rdqtj60x
hxxp://a1359.sa.akamai.net/jogos/lego-the-hobbit-playstation-3-blu-ray_200x200-PU7ab0e_1.jpg
hxxp://pagead46.l.doubleclick.net/gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk_programas_redir_square-3&sz=300x250&cust_params=category=limpadores&cookie=ID=ab4f9e22fbc2ca00:T=1422883774:S=ALNI_Mbx47jFb8NJnLLSj4M5SJVMkRQYng&cookie_enabled=1&lmt=1422883802&dt=1422883802221&cc=100&frm=20&biw=776&bih=554&oid=3&adx=678&ady=448&adk=3989494659&gut=v2&oe=iso-8859-1&ifi=5&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true
hxxp://a1158.b.akamai.net/MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O
hxxp://a1359.sa.akamai.net/celular-e-smartphone/smartphone-lg-g2-d805-desbloqueado_200x200-PU8422a_1.jpg
hxxp://a1359.sa.akamai.net/tv/lg-32lb580b-led-plana-32-polegadas_200x200-PU8f8d9_1.jpg
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCG+vFYDQCqlf
hxxp://a1359.sa.akamai.net/som-automotivo/multilaser-p3108_200x200-PU4d3d4_1.jpg
hxxp://a1359.sa.akamai.net/monitor/lg-22mp55hq-led-21-5-polegadas_200x200-PU92528_1.jpg
hxxp://www.public-trust.com/CRL/Omniroot2025.crl
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1422883802301&bpp=32&bdt=38&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=28872627.1422883802&ga_sid=1422883802&ga_hid=58362135&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=339&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=1783566912&eid=575144603,317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=343,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=234
hxxp://a1359.sa.akamai.net/tablet/samsung-galaxy-tab-3-7-0-sm-t210-wi-fi-8-gb_200x200-PU8261e_1.jpg
hxxp://a1359.sa.akamai.net/hd/seagate-expansion-stbx1000100-1024-gb-externo_200x200-PU6e6ee_1.jpg
hxxp://a1359.sa.akamai.net/celular-e-smartphone/smartphone-sony-xperia-t2-ultra-dual-d5322-desbloqueado_200x200-PU8f189_1.jpg
hxxp://a1359.sa.akamai.net/tv/lg-55la9650-led-plana-55-polegadas_200x200-PU8a7d0_1.jpg
hxxp://pagead46.l.doubleclick.net/simgad/5386886896510532077
hxxp://pagead46.l.doubleclick.net/pagead/images/google-logo.png
hxxp://pagead46.l.doubleclick.net/gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk_program_background&sz=1x1|1680x1050|1920x1080&cust_params=category=limpadores&cookie=ID=ab4f9e22fbc2ca00:T=1422883774:S=ALNI_Mbx47jFb8NJnLLSj4M5SJVMkRQYng&cookie_enabled=1&lmt=1422883802&dt=1422883802622&cc=100&frm=20&biw=776&bih=554&oid=3&adx=-572&ady=0&adk=3931580189&gut=v2&oe=iso-8859-1&ifi=6&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true
hxxp://gs1.wac.v2cdn.net/PublicSureServerSV.crl
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=9705731878&adk=3597687593&w=300&ea=0&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1422883802769&bpp=16&bdt=47&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=117958930.1422883803&ga_sid=1422883803&ga_hid=1026488716&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=678&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=1935280145&eid=317150304,828064101&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=682,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=f&pfx=0&fu=4&bc=1&ifi=1&dtd=188
hxxp://pagead46.l.doubleclick.net/pagead/images/x_button_blue2.png
hxxp://csi.gstatic.com/csi?v=3&s=pagead&action=loadimgad&it=bdt.38,req.234,bpp.32,fb.742,e2e.1375&e=575144603&rt=1ad.132,ol.633
hxxp://pagead46.l.doubleclick.net/activeview?id=osdim&avi=BHEQfvnvPVMWqM4bt7Qb93YHQDADnn9PB6QEAABABOAHIAQPgAgDIA5kE4AQBoAYDwhMDEIAB&ti=1&adk=3673371936&p=136,24,226,752&tos=1150,0,0,0,0&mtos=1150,1150,1150,1150,1150&rs=3&ht=0&tfs=1517&tls=2667&fp=client=ca-pub-7019091094896260&url=http%3A%2F%2Fwww.baixaki.com.br%2Fsite%2Fdwnld109843.htm&correlator=7738023443003&eid=317150304&oid=3&afp=&output=json_html&impl=fif&dt=1422883800815&adx=32&ady=136&ifi=1&flash=0&tmo=283&tme=1514&tdl=2559&abd=2-0-1&r=u&bs=776,554&bos=800,600&ps=1348,4004&ss=1716,901&tt=2667&pt=-1&deb=1-0-6-1-3--1&tvt=1151&uc=1
hxxp://www.google.com.ua/s2/oz/images/stars/po/bubblev1/border_3.gif
hxxp://www.google.com.ua/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png
hxxp://www.google.com.ua/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png
hxxp://www.google.com.ua/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png
hxxp://clients.l.google.com/b3rNON
hxxp://s2s.yac.mx/ads/adsavess?sid=yac&ptid=bxk&subid=${SUBID}&lplink=hxxp://www.yac.mx/download/config/down.php?pt=bxk
hxxp://www.yac.mx/download/config/down.php?pt=bxk
hxxp://dl2.yac.mx/download/dl/yet_another_cleaner_bxk.exe
hxxp://ibf-cmi-1938953175.us-east-1.elb.amazonaws.com/
hxxp://download-servers.com/SysInfo/count_vn.php?ch=test
hxxp://a1284.g.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1284.g.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1284.g.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b22a5545307b1795
hxxp://download-servers.com/SysInfo/count_vc.php?ch=test
hxxp://sstatic1.histats.com/0.gif?2920545&101
hxxp://sstatic1.histats.com/0.gif?2920516&101
hxxp://bip-events-eu-lb-16415761.eu-west-1.elb.amazonaws.com/r?_=1422891050&pid=10732314-18&evt=VO:Init&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://bip-events-eu-lb-16415761.eu-west-1.elb.amazonaws.com/r?_=1422891051&pid=10732314-18&evt=DL:en&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://bip-events-eu-lb-16415761.eu-west-1.elb.amazonaws.com/r?_=1422891055&pid=10732314-18&evt=DL:mc&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://up.soft365.com/Fan/rebirth?uid=535559167_198339_B48A115F&ptid=cvs&ver=4.0.1.1716&dname=webssearches
hxxp://xa.xingcloud.com/v4/searchprotect/535559167_198339_B48A115F?action=visit.heartbeat.cvs&update0=ref,cvs&update1=nation,us&update2=language,en&update3=version,4.0.1.1716
hxxp://bip-events-eu-lb-16415761.eu-west-1.elb.amazonaws.com/r?_=1422891101&pid=10732314-18&evt=DL:mc_9&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://bip-events-eu-lb-16415761.eu-west-1.elb.amazonaws.com/r?_=1422891102&pid=10732314-18&evt=DL:me&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://bip-events-eu-lb-16415761.eu-west-1.elb.amazonaws.com/r?_=1422891103&pid=10732314-18&evt=DL:st&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://download-servers.com/vuupc/stats.php
hxxp://bip-events-eu-lb-16415761.eu-west-1.elb.amazonaws.com/r?_=1422891110&pid=10732314-18&evt=VO:st&ch=CO16&ver=20150202070241&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://bip-events-eu-lb-16415761.eu-west-1.elb.amazonaws.com/r?_=1422891113&pid=10732314-18&evt=VO:iv&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://bip-events-eu-lb-16415761.eu-west-1.elb.amazonaws.com/r?_=1422891113&pid=10732314-18&evt=VO:std&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://p-rumo00.kxcdn.com/partners/pcspeedup.exe
hxxp://pcspeeduplog.com/log?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer
hxxp://pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer
hxxp://a767.dscms.akamai.net/download/8/C/7/8C74F157-189C-47FD-8A75-AEF21E5D5F06/runtime/Silverlight.exe
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e6845.ce.akamaiedge.net/pca3.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=
hxxp://redirector.gvt1.com/edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe
hxxp://r3.sn-3c27ln7s.gvt1.com/edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=
hxxp://a1284.g.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://gdcrl.godaddy.com.akadns.net/repository/gdig2.crt
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt?e89acc9a6065a45e
hxxp://ocsp.godaddy.com.akadns.net//MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQdI2+OBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc= 72.167.239.239
hxxp://ocsp.godaddy.com.akadns.net//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CCQD+rJ0jfxxchg== 72.167.239.239
hxxp://crl.globalsign.net/root.crl
hxxp://crl.globalsign.net/gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhR5HFQnItXEGJJ9zEpk51tw==
hxxp://e6845.ce.akamaiedge.net/ThawtePremiumServerCA.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k=
hxxp://pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service
hxxp://safedownloadapi.cloudapp.net/featurelimit.aspx?productID=1&uniqueID=55A7FF1E-3D08-4887-9474-250E52D97F7E&requestID=&version=3.8.3.0&language=&campaignID=&QuickScan=0
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEBBwnU/1VAjXMGAB2OqRdbs=
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEFDCHiL8lcx+/7bkTzDOA4Q=
hxxp://safedownloadapi.cloudapp.net/reportInstall.aspx?productID=1&version=3.8.3.0&uniqueID=55A7FF1E-3D08-4887-9474-250E52D97F7E&affID=2380&keyword=installer&campaignID=ppi_2380_installer&requestID=
hxxp://get.geo.opera.com/pub/opera/desktop/23.0.1522.75/win/Opera_23.0.1522.75_Setup.exe
hxxp://broadbandspeedchecker.cloudapp.net/Servers.svc
hxxp://img.ibxk.com.br/sd/screenshots/2013/11/081120130629104-t194x97.jpg
hxxp://www.pcspeeduplog.com/log?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer
hxxp://img.ibxk.com.br/2015/01/31/31130314775122-t222x111.jpg
hxxp://thumbs.buscape.com.br/som-automotivo/newlink-sa101_200x200-PU8aff8_1.jpg
hxxp://thumbs.buscape.com.br/tablet/samsung-galaxy-tab-3-7-0-sm-t210-wi-fi-8-gb_200x200-PU8261e_1.jpg
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
hxxp://img.ibxk.com.br/b1.gif
hxxp://img.ibxk.com.br/2015/02/02/02111235343196-t222x111.jpg
hxxp://crl.geotrust.com/crls/secureca.crl
hxxp://www.pcsuapi.net/reportInstall.aspx?productID=1&version=3.8.3.0&uniqueID=55A7FF1E-3D08-4887-9474-250E52D97F7E&affID=2380&keyword=installer&campaignID=ppi_2380_installer&requestID=
hxxp://i2.zst.com.br/images/lavadora-brastemp-ative-11kg-bwl11a-photo2202269-7-d-34.jpg
hxxp://pubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk_programas_redir_square&sz=300x250&cust_params=category=limpadores&cookie=ID=ab4f9e22fbc2ca00:T=1422883774:S=ALNI_Mbx47jFb8NJnLLSj4M5SJVMkRQYng&cookie_enabled=1&lmt=1422883801&dt=1422883801414&cc=100&frm=20&biw=776&bih=554&oid=3&adx=0&ady=448&adk=241272540&gut=v2&oe=iso-8859-1&ifi=3&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true
hxxp://img.ibxk.com.br/sd/screenshots/2015/01/210120155725873-t194x97.jpg
hxxp://obj.ibxk.com.br/inc/v12/geral-201309170947.js
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=728x15_0ads_al&output=html&h=15&adk=3318342544&w=728&lmt=1422883800&channel=0894689340&alt_color=ffffff&color_bg=FFFFFF&color_border=FFFFFF&color_link=003399&color_text=000000&color_url=006600&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1422883800654&bdt=570&shv=r20150127&cbv=r20141212&saldr=sb&correlator=7738023443003&frm=20&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=thread-0000015c-id-00000000&dfs=16&adx=32&ady=226&biw=792&bih=554&eid=317150304&oid=3&rx=0&eae=0&fc=24&brdim=4,42,0,0,1716,,800,600,792,554&vis=1&abl=XS&ppjl=u&fu=1024&bc=1&ifi=2&xpc=5lteOC31vO&p=http://www.baixaki.com.br&dtd=275
hxxp://data.biphysics.com/r?_=1422891051&pid=10732314-18&evt=DL:en&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://r3---sn-3c27ln7s.gvt1.com/edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1
hxxp://pagead2.googlesyndication.com/pagead/000000_new_ico.gif
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1422883802301&bpp=32&bdt=38&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=28872627.1422883802&ga_sid=1422883802&ga_hid=58362135&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=339&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=1783566912&eid=575144603,317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=343,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=234
hxxp://crl.omniroot.com/PublicSureServerSV.crl
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://fonts.googleapis.com/css?family=Open Sans:400,600
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=6752265473&adk=742962455&w=300&ea=0&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&dt=1422883801927&bpp=78&bdt=36&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=2042192589.1422883802&ga_sid=1422883802&ga_hid=1444082417&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=u&fu=4&bc=1&ifi=1&dtd=156
hxxp://thumbs.buscape.com.br/console-de-videogame/sony-playstation-3-super-slim-500-gb_200x200-PU72efd_1.jpg
hxxp://pcspeedup-7ff.kxcdn.com/partners/pcspeedup.exe
hxxp://www.facebook.com/plugins/like_box.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f270f1c58e01b64&domain=www.baixaki.com.br&origin=http%3A%2F%2Fwww.baixaki.com.br%2Ff3d7897cce76774&relation=parent.parent&header=false&height=190&href=http://www.facebook.com/baixaki&locale=pt_BR&sdk=joey&show_border=true&show_faces=true&stream=false&width=300
hxxp://img.ibxk.com.br/2015/02/02/02112705985226-t222x111.jpg
hxxp://www.baixaki.com.br/usuarios/din/prog.asp?cod=109843&versao=6.0.51
hxxp://img.ibxk.com.br/2015/01/31/31134830489132.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111
hxxp://img.ibxk.com.br/2015/02/02/02111132989193-t222x111.jpg
hxxp://cm.g.doubleclick.net/push?client=ca-pub-1712420989769758
hxxp://stats.g.doubleclick.net/__utm.gif?utmwv=5.6.2dc&utms=1&utmn=1872741324&utmhn=www.baixaki.com.br&utmcs=iso-8859-1&utmsr=1716x901&utmvp=792x554&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=YAC download - Baixaki&utmhid=1088351939&utmr=-&utmp=/site/dwnld109843.htm&utmht=1422883800733&utmac=UA-144680-1&utmcc=__utma=248450708.402729839.1422883801.1422883801.1422883801.1;+__utmz=248450708.1422883801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~
hxxp://pubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk_programas_redir_square-2&sz=300x250&cust_params=category=limpadores&cookie=ID=ab4f9e22fbc2ca00:T=1422883774:S=ALNI_Mbx47jFb8NJnLLSj4M5SJVMkRQYng&cookie_enabled=1&lmt=1422883801&dt=1422883801848&cc=100&frm=20&biw=776&bih=554&oid=3&adx=339&ady=448&adk=3931923773&gut=v2&oe=iso-8859-1&ifi=4&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true
hxxp://img.ibxk.com.br/sd/screenshots/2014/07/100720143007825-t194x97.jpg
hxxp://goo.gl/b3rNON
hxxp://data.biphysics.com/r?_=1422891110&pid=10732314-18&evt=VO:st&ch=CO16&ver=20150202070241&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://img.ibxk.com.br/2014/05/14/14181700895757-t100x100.jpg
hxxp://crl.thawte.com/ThawtePremiumServerCA.crl
hxxp://thumbs.buscape.com.br/cooler-para-bebidas/renovautil-chopp-10-latas_200x200-PU64f6d_1.jpg
hxxp://ns.ibxk.com.br/rexposta/2015/02/02/02103507839002.jpg?w=220&h=165&mode=crop
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/base.zip
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJH1zOoYiteHgktAQ1oBkA=
hxxp://pagead2.googlesyndication.com/pagead/js/r20150127/r20110914/abg.js
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt?e89acc9a6065a45e
hxxp://thumbs.buscape.com.br/tv/sony-kdl-32r435a-led-plana-32_200x200-PU87629_1.jpg
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://akfs.nspmotion.com/aep/css/baixaki-970x200-v3.css
hxxp://img.ibxk.com.br/2015/02/02/02104345431099-t474x237.jpg
hxxp://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?966c49e8f9a60aa4
hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo=
hxxp://img.ibxk.com.br/logo-rex-white.png
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=
hxxp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar
hxxp://thumbs.buscape.com.br/tablet/apple-ipad-mini-4g-16-gb_200x200-PU6dd55_1.jpg
hxxp://data.biphysics.com/r?_=1422891103&pid=10732314-18&evt=DL:st&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png
hxxp://img.ibxk.com.br/2015/01/31/31151459476187-t222x111.jpg
hxxp://b.scorecardresearch.com/b?c1=2&c2=8756095&ns__t=1422883800535&ns_c=iso-8859-1&c8=YAC download - Baixaki&c7=http://www.baixaki.com.br/site/dwnld109843.htm&c9=
hxxp://www.baixaki.com.br/site/dwnld109843.htm
hxxp://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE.eot
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/yuupc-single-text-en-us.zip
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/winsoftware-flow-5-text-en-us.zip
hxxp://img.ibxk.com.br/2015/02/02/02104626362107-t222x111.jpg
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl
hxxp://code.jquery.com/jquery-1.10.2.min.js
hxxp://crl.verisign.com/pca3.crl
hxxp://img.ibxk.com.br/2015/01/31/31112647804063-t222x111.jpg
hxxp://img.ibxk.com.br/2015/02/02/02095317012015-t222x111.jpg
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/last.zip
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://akfs.nspmotion.com/aep/template/br_nzn_baixaki_redir_970x200_5adsx4-1.0.4.min.js
hxxp://pagead2.googlesyndication.com/pagead/osd.js
hxxp://img.ibxk.com.br/b.gif
hxxp://pagead2.googlesyndication.com/activeview?id=osdim&avi=BHEQfvnvPVMWqM4bt7Qb93YHQDADnn9PB6QEAABABOAHIAQPgAgDIA5kE4AQBoAYDwhMDEIAB&ti=1&adk=3673371936&p=136,24,226,752&tos=1150,0,0,0,0&mtos=1150,1150,1150,1150,1150&rs=3&ht=0&tfs=1517&tls=2667&fp=client=ca-pub-7019091094896260&url=http%3A%2F%2Fwww.baixaki.com.br%2Fsite%2Fdwnld109843.htm&correlator=7738023443003&eid=317150304&oid=3&afp=&output=json_html&impl=fif&dt=1422883800815&adx=32&ady=136&ifi=1&flash=0&tmo=283&tme=1514&tdl=2559&abd=2-0-1&r=u&bs=776,554&bos=800,600&ps=1348,4004&ss=1716,901&tt=2667&pt=-1&deb=1-0-6-1-3--1&tvt=1151&uc=1
hxxp://pagead2.googlesyndication.com/pagead/expansion_embed.js?source=safeframe
hxxp://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCG+vFYDQCqlf
hxxp://www.speedcheckerapi.com/Servers.svc
hxxp://img.ibxk.com.br/2015/01/31/31153129756217-t222x111.jpg
hxxp://thumbs.buscape.com.br/celular-e-smartphone/smartphone-sony-xperia-t2-ultra-dual-d5322-desbloqueado_200x200-PU8f189_1.jpg
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs=
hxxp://www.pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service
hxxp://clients1.google.com/ocsp
hxxp://thumbs.buscape.com.br/celular-e-smartphone/smartphone-samsung-galaxy-core-2-duos-sm-g355m-desbloqueado_200x200-PU91c2a_1.jpg
hxxp://partner.googleadservices.com/gpt/pubads_impl_56.js
hxxp://connect.facebook.net/pt_BR/all.js 23.64.223.139
hxxp://akfs.nspmotion.com/dhtml/aep/aep-full-10.7.2.min.js
hxxp://thumbs.buscape.com.br/som-automotivo/multilaser-p3108_200x200-PU4d3d4_1.jpg
hxxp://img.ibxk.com.br/bxk_v12/bxklogowhite.png
hxxp://img.ibxk.com.br/icon-reply.png
hxxp://thumbs.buscape.com.br/jogos/lego-the-hobbit-playstation-3-blu-ray_200x200-PU7ab0e_1.jpg
hxxp://thumbs.buscape.com.br/hd/seagate-expansion-stbx1000100-1024-gb-externo_200x200-PU6e6ee_1.jpg
hxxp://pagead2.googlesyndication.com/pagead/show_ads.js
hxxp://fonts.googleapis.com/css?family=Open Sans:400,700
hxxp://data.biphysics.com/r?_=1422891102&pid=10732314-18&evt=DL:me&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://www.pcsuapi.org/featurelimit.aspx?productID=1&uniqueID=55A7FF1E-3D08-4887-9474-250E52D97F7E&requestID=&version=3.8.3.0&language=&campaignID=&QuickScan=0
hxxp://googleads.g.doubleclick.net/pagead/html/r20150127/r20141212/zrt_lookup.html
hxxp://ocsp.godaddy.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CCQD+rJ0jfxxchg== 72.167.239.239
hxxp://afp.nspmotion.com/eb/4/12164/dc634773cd47817b?ct=1&rnd=0.703704755870842&fv=11.7&ma=20&n=4f0x1c0&crs=UTF-8&cb=AEP.ads&ccb=AEP.syncCookies
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6f29061aee1e4a10
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/websearches-single-text-en-us.zip
hxxp://pagead2.googlesyndication.com/simgad/7347923224040542989
hxxp://www.pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6c045185724c99c1
hxxp://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/border_3.gif
hxxp://img.ibxk.com.br/2015/01/31/31103035138032-t222x111.jpg
hxxp://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
hxxp://data.biphysics.com/r?_=1422891050&pid=10732314-18&evt=VO:Init&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://img.ibxk.com.br/2015/01/31/31114811600076-t222x111.jpg
hxxp://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41
hxxp://www.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
hxxp://thumbs.buscape.com.br/tv/lg-55la9650-led-plana-55-polegadas_200x200-PU8a7d0_1.jpg
hxxp://img.ibxk.com.br/ns/rexposta/layout/rex-default.png?w=220&h=165&mode=crop
hxxp://thumbs.buscape.com.br/jogos/far-cry-4-signature-edition-playstation-4-blu-ray_200x200-PU93903_1.jpg
hxxp://img.ibxk.com.br/2015/02/02/02104419736100-t222x111.jpg
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k=
hxxp://www.baixaki.com.br/usuarios/din/GooglePlusSignIn.aspx
hxxp://img.ibxk.com.br/2015/02/02/02104524460102-t222x111.jpg
hxxp://vassg141.ocsp.omniroot.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?31a03987113885e6
hxxp://img.ibxk.com.br/doodle-rex.jpg
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/pcspeedup-single-text-en-us.zip
hxxp://thumbs.buscape.com.br/teclado-para-pc/aerocool-arma-gamer_200x200-PU7a105_1.jpg
hxxp://data.biphysics.com/r?_=1422891113&pid=10732314-18&evt=VO:iv&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://pubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk_programas_redir_square-3&sz=300x250&cust_params=category=limpadores&cookie=ID=ab4f9e22fbc2ca00:T=1422883774:S=ALNI_Mbx47jFb8NJnLLSj4M5SJVMkRQYng&cookie_enabled=1&lmt=1422883802&dt=1422883802221&cc=100&frm=20&biw=776&bih=554&oid=3&adx=678&ady=448&adk=3989494659&gut=v2&oe=iso-8859-1&ifi=5&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true
hxxp://thumbs.buscape.com.br/jogos/grand-theft-auto-v-playstation-4-blu-ray_200x200-PU91c99_1.jpg
hxxp://dlg-configs.buzzrin.de/
hxxp://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
hxxp://thumbs.buscape.com.br/tv/lg-32lb580b-led-plana-32-polegadas_200x200-PU8f8d9_1.jpg
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAaHMqBTgR3n
hxxp://thumbs.buscape.com.br/celular-e-smartphone/smartphone-lg-g2-d805-desbloqueado_200x200-PU8422a_1.jpg
hxxp://img.ibxk.com.br/2015/02/02/02112042690211-t222x111.jpg
hxxp://stats.g.doubleclick.net/dc.js
hxxp://pubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk-utilidades-e-seguranca_redir-sbn-top&sz=728x90&cust_params=category=limpadores&cookie_enabled=1&lmt=1422883800&dt=1422883800815&cc=100&frm=20&biw=792&bih=554&oid=3&adx=32&ady=136&adk=3673371936&gut=v2&oe=iso-8859-1&ifi=1&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://www.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true
hxxp://pagead2.googlesyndication.com/pagead/images/x_button_blue2.png
hxxp://b.scorecardresearch.com/c2/8756095/ct.js
hxxp://img.ibxk.com.br/loading.gif
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCE96rdqtj60x
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg==
hxxp://img.ibxk.com.br/2015/02/02/02104132034096-t222x111.jpg
hxxp://pagead2.googlesyndication.com/pagead/js/r20150127/r20141212/show_ads_impl.js
hxxp://data.biphysics.com/r?_=1422891113&pid=10732314-18&evt=VO:std&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://data.biphysics.com/r?_=1422891101&pid=10732314-18&evt=DL:mc_9&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCC0gVOkA+hgL
hxxp://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png
hxxp://thumbs.buscape.com.br/monitor/lg-22mp55hq-led-21-5-polegadas_200x200-PU92528_1.jpg
hxxp://img.ibxk.com.br/2015/01/31/31141203282139.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111
hxxp://download.microsoft.com/download/8/C/7/8C74F157-189C-47FD-8A75-AEF21E5D5F06/runtime/Silverlight.exe
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
hxxp://ocsp2.globalsign.com/gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhR5HFQnItXEGJJ9zEpk51tw==
hxxp://img.ibxk.com.br/2015/02/02/02112915295231-t222x111.jpg
hxxp://cm.g.doubleclick.net/pixel?google_nid=dt8fb3he4rk&google_push=AHNF13JR99gZ9cyLWwuDb69fxz0ZedTFwWUd9_acUw&google_hm=UjM2XzY2RkIxQUQxXzNDOTJFODNF
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://tpc.googlesyndication.com/safeframe/1-0-1/html/container.html
hxxp://dlg-configs.buzzrin.de/config-from-production
hxxp://dlg-messages.buzzrin.de/1/dg/3
hxxp://pagead2.googlesyndication.com/pagead/js/r20150127/r20141212/expansion_embed.js
hxxp://thumbs.buscape.com.br/jogos/little-big-planet-3-playstation-3-blu-ray_200x200-PU93f15_1.jpg
hxxp://pagead2.googlesyndication.com/pagead/images/google-logo.png
hxxp://az687722.vo.msecnd.net/public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/progress.zip
hxxp://img.ibxk.com.br/2015/01/31/31161003767245-t222x111.jpg
hxxp://certificates.godaddy.com/repository/gdig2.crt
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=
hxxp://pagead2.googlesyndication.com/simgad/8007231901646850404
hxxp://akfs.nspmotion.com/aep/tag/br/br_nzn_baixaki_redir_970x200_5adsx4.js
hxxp://ocsp.godaddy.com//MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQdI2+OBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc= 72.167.239.239
hxxp://www.facebook.com/plugins/login_button.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f76a68bb1d3f1&domain=www.baixaki.com.br&origin=http%3A%2F%2Fwww.baixaki.com.br%2Ff3d7897cce76774&relation=parent.parent&locale=pt_BR&login_text=Entrar usando Facebook&scope=email,user_birthday,user_about_me,user_activities,user_hometown,user_location,user_interests,publish_stream&sdk=joey&size=medium
hxxp://www.gstatic.com/pub-config/ca-pub-7019091094896260.js
hxxp://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png
hxxp://data.biphysics.com/r?_=1422891055&pid=10732314-18&evt=DL:mc&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2
hxxp://download.mozilla.org/?product=firefox-34.0.5-complete&os=win&lang=en-US
hxxp://img.ibxk.com.br/bxk_v12/_sprites20130903.png
hxxp://img.ibxk.com.br/2015/01/31/31114408441072.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=474px:237
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b22a5545307b1795
hxxp://img.ibxk.com.br/2015/01/31/31130302560121-t222x111.jpg
hxxp://img.ibxk.com.br/bxk_v12/bxklogo.png
hxxp://img.ibxk.com.br/sd/screenshots/2014/11/211120145427485-t194x97.jpg
hxxp://img.ibxk.com.br/bxk_v12/logo-nzn.png
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEFDCHiL8lcx+/7bkTzDOA4Q=
hxxp://img.ibxk.com.br/2015/01/31/31095233060003-t222x111.jpg
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl
hxxp://afp.nspmotion.com/eb/4/12164/dc634773cd47817b?rnd=0.703704755870842&fv=11.7&ma=20&n=4f0x1c0&crs=UTF-8&cb=AEP.ads&ccb=AEP.syncCookies
hxxp://obj.ibxk.com.br/inc/v12/v12-20140904.css
hxxp://www.googletagservices.com/tag/js/gpt.js
hxxp://img.ibxk.com.br/2015/01/31/31103021160031-t222x111.jpg


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
ET MALWARE Possible Windows executable sent when remote host claims to send html content
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
SURICATA HTTP response header invalid
SURICATA STREAM SHUTDOWN RST invalid ack
SURICATA STREAM Packet with invalid ack

Traffic

GET /s/opensans/v10/cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE.eot HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Origin: hXXp://VVV.baixaki.com.br
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: fonts.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: font/eot
Last-Modified: Thu, 21 Aug 2014 18:06:58 GMT
Date: Mon, 26 Jan 2015 16:24:23 GMT
Expires: Tue, 26 Jan 2016 16:24:23 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 1; mode=block
Content-Length: 17877
Age: 594311
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
............eT\_..][email protected]........[{....
../g.F9..^.........pp0.`....$.........`... ...k...... ........j.w.....
%-.._.....4.fv.......oB....x..:......`.....g...Zr...}0.?0... ..`.a...L
Xm.!.st.u.'c.s.1e`m.l-_.v..u....( P..,.........W.U......cQ.....m?..*..
...1...=..uZ4..w.e#W.y...ji.....Z.B........f>ks...(I...Pq#..g...~1'
0.&...^..zVsq.......U.: v^..S~M7...X.....aG.He7.L....s.0,....."*G....&
...e..........M......x7.%..L...._7$..s........y..lO........n.....9..R=
b....Wr.9..}...}. :0Vx.xX.. B2G....'..Y2........2.hzS...........X4...T
v...o..SV.U(r.gqB.Y....B.F...AwX.T.|....[...&_W.5..S.8........J$...P].
P..2y.F...{|. ..:x. N.lN.3...x(Q....g[,.g.L..yW.k..............>L^.
.{.b.f..W.I.~.N..T..a.....n...'k..C...... [w.J...Wr$..J..0T.......r
[email protected][email protected]`m...>.XlR..).3J<?.2 .....,..1.?..D.9.;.....
.....x..8r.Lf....A .........T..T..P\..\.o.....{.~..*.Y"/.L.U.X...v.8e.
`......z......Pl...S.{~J.N..e.s... .....".T$Y...)[email protected]...
.....p]1.......@A..\i$:U.S98..;!8C#_..C.h.`...........aYR...{7.wif.G.!
.....r.........{....Q..7.~.....&;../_..C...[[email protected]..<5...70..`.P 
.h........4......|.`:..................._}..t...F.z....tz[..J.....a.[.
3.{B..`4.[8..E.w...U.l....".. ..noW|.}.. .R.."=.d............h....h..u
.....^.'..x.........U....[;....$.V`..\%n'mN....!...R`[email protected].
...5.n=9.`uOg).M^.q.}y.......R&.U.G.o.VGps....f..{R.^..%Vy......C9..O.
.At..s....HW..5. ...rY.....t.....'ph.\;...ja.T..6!.F....A....bB..1x.RJ
..7%r..[.n....K.0[;>.K.5...%CM.LDT>]...R..z[......@@x..R.tw.
<<< skipped >>>


POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 122
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3530\",\"channel_id\": \"\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:29:51 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:29
:51 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 157
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3531\",\"channel_id\": \"\", \"utm_addition\":\"command_parameters=/start /ch=CO16&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:23 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:23 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 157
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3532\",\"channel_id\": \"\", \"utm_addition\":\"command_parameters=/start /ch=CO16&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:24 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:24 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 157
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3533\",\"channel_id\": \"\", \"utm_addition\":\"command_parameters=/start /ch=CO16&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:24 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:24 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 157
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3220\",\"channel_id\": \"\", \"utm_addition\":\"command_parameters=/start /ch=CO16&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:25 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:25 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 187
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3412\",\"channel_id\": \"CO16\", \"utm_addition\":\"dloc_stage=1&command_parameters=/start /ch=CO16&vostage=main&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:25 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:25 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 187
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3413\",\"channel_id\": \"CO16\", \"utm_addition\":\"dloc_stage=2&command_parameters=/start /ch=CO16&vostage=main&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:27 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:27 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 187
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3414\",\"channel_id\": \"CO16\", \"utm_addition\":\"dloc_stage=3&command_parameters=/start /ch=CO16&vostage=main&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:27 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:27 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 187
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3415\",\"channel_id\": \"CO16\", \"utm_addition\":\"dloc_stage=4&command_parameters=/start /ch=CO16&vostage=main&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:27 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:27 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 187
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3416\",\"channel_id\": \"CO16\", \"utm_addition\":\"dloc_stage=5&command_parameters=/start /ch=CO16&vostage=main&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:28 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:28 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 187
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3650\",\"channel_id\": \"CO16\", \"utm_addition\":\"dloc_stage=9&command_parameters=/start /ch=CO16&vostage=main&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:28 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:28 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3652\",\"channel_id\": \"CO16\", \"utm_addition\":\"dloc_stage=10&command_parameters=/start /ch=CO16&vostage=main&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:30:29 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:30
:29 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 204
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3654\",\"channel_id\": \"CO16\", \"utm_addition\":\"dloc_stage=12&command_parameters=/start /ch=CO16&vostage=main&reason=00:50:56&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:15 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:15 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 188
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3655\",\"channel_id\": \"CO16\", \"utm_addition\":\"dloc_stage=13&command_parameters=/start /ch=CO16&vostage=main&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:15 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:15 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 195
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3675\",\"channel_id\": \"CO16\", \"utm_addition\":\"dloc_stage=21&command_parameters=/start /ch=CO16&vostage=main&dloc=1&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:16 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:16 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 161
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"2066\",\"channel_id\": \"CO16\", \"utm_addition\":\"command_parameters=/start /ch=CO16&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:17 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:17 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 161
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3510\",\"channel_id\": \"CO16\", \"utm_addition\":\"command_parameters=/start /ch=CO16&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:17 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:17 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3534\",\"channel_id\": \"CO16\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:17 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:17 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3638\",\"channel_id\": \"CO16\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:23 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:23 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3637\",\"channel_id\": \"CO16\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:23 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:23 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3502\",\"channel_id\": \"CO16\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:24 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:24 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3503\",\"channel_id\": \"CO16\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:25 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:25 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3504\",\"channel_id\": \"CO16\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:25 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:25 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3505\",\"channel_id\": \"CO16\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:25 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:25 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3506\",\"channel_id\": \"CO16\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:26 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:26 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3507\",\"channel_id\": \"CO16\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:26 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:26 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 126
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3508\",\"channel_id\": \"CO16\", \"utm_addition\":\"pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:26 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}HTTP/1.1 200 OK..Access-Control-Allow-Headers: Origin, 
X-Requested-With, Content-Type, Accept..Access-Control-Allow-Origin: *
..Content-Type: text/html; charset=utf-8..Date: Mon, 02 Feb 2015 13:31
:26 GMT..X-Powered-By: Express..Content-Length: 15..Connection: keep-a
live..{"Status":"OK"}....


POST / HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com
Content-Length: 161
Connection: Keep-Alive
Cache-Control: no-cache

{"table": "event_has_user","data": "{\"event_event_id\": \"3527\",\"channel_id\": \"CO16\", \"utm_addition\":\"command_parameters=/start /ch=CO16&pr=vo&v=15\"}"}
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Feb 2015 13:31:27 GMT
X-Powered-By: Express
Content-Length: 15
Connection: keep-alive
{"Status":"OK"}..



GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 29 Jan 2015 06:15:01 GMT
ETag: "2015b-6ca-50dc46885cd67"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Mon, 02 Feb 2015 13:31:16 GMT
Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..141203203511Z..15042
8204011Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H.............7.im~...|.....3........]..Cm...Y.[.......c.J[.....^
<<< skipped >>>


GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.hp HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 02 Feb 2015 13:28:40 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.54 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 02 Feb 20
15 13:28:40 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.54 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt?e89acc9a6065a45e HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 200 OK
Content-Type: application/x-x509-ca-cert
Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT
Accept-Ranges: bytes
ETag: "80179bc4b3cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 969
Date: Mon, 02 Feb 2015 13:31:47 GMT
Connection: keep-alive
0...0...........0...*.H........0..1.0...U....US1.0...U....Arizona1.0..
.U....Scottsdale1.0...U....GoDaddy.com, Inc.110/..U...(Go Daddy Root C
ertificate Authority - G20...090901000000Z..371231235959Z0..1.0...U...
.US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy.com, Inc.
110/..U...(Go Daddy Root Certificate Authority - G20.."0...*.H........
.....0.........qb...Y4.......IX.".... C.;....I.'....N...p..2...>.N.
..O/Y0"...Vk......u.9Q{..5.tN......?........j..............;F|2...f"..
im6.......`.8......F...>.]|.|.. S..biQ%.a.D..,.C.#..:...)....]....0
.9.....K].2..bC%4.V'...;p*?n.....}....Sm`..,.X.._F.....<..I1\iF..G.
[email protected]......:....g(.....An ...
..0...*.H...............]y...Yg.a.~;.1u-. .Oe......../..Z..t.s.8B..{..
u...........S.~.F..... ....'....Z.7....l....=.$Oy.5._.......-.......s@
.r%......h..W...:...D...7...2..8..d.,~........h..".8-z..T.i._3.z={....
_9..u..v.3.,./L.....O...JT...}......~...^....C..M..k...e.z...D.\....HT
TP/1.1 200 OK..Content-Type: application/x-x509-ca-cert..Last-Modified
: Fri, 12 Sep 2014 18:02:51 GMT..Accept-Ranges: bytes..ETag: "80179bc4
b3cecf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-
Length: 969..Date: Mon, 02 Feb 2015 13:31:47 GMT..Connection: keep-ali
ve..0...0...........0...*.H........0..1.0...U....US1.0...U....Arizona1
.0...U....Scottsdale1.0...U....GoDaddy.com, Inc.110/..U...(Go Daddy Ro
ot Certificate Authority - G20...090901000000Z..371231235959Z0..1.0...
U....US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy.c
<<< skipped >>>


GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Fri, 08 Feb 2013 15:35:10 GMT
Date: Thu, 29 Jan 2015 06:39:59 GMT
Expires: Fri, 29 Jan 2016 06:39:59 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 32819
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 370174
Alternate-Protocol: 80:quic,p=0.02
............{{...7...."........o...v..q.[cg'-E..HPBL....RD....[kf0.Pq.
~.sNZ.....f......._..M...wg.?...vG.<8z2.........E...q...:z..GT.._.f
.....t.de.....uT..b.|.o6iv..._E..:.F.x...O..6..*?QUp....2U.4..6I.<.
T.%.E>....R1....4^..tIm...ZE.{5..3..<.....|4.3.D-.r.-o..]......4
[$....:Z...UUP_...........|....z.mF.r...f......Q..?..-3.0..F..^.F....l
.O........\..f.|1..t..NG2U.}tz.jxz.^G.o......./^\.>......#*........
../.../........|zp2{...N.3*....~.\../O'...g...g.;.~.M.Tx..,g.....).y..
w*@...i.^...]........2 ..n;.\.'..'/f....*.4:..oP...f..]Ul..2^.....V...
.....V.P.N....z......o3z.........aC..,.....K.\p...x......WiY%YR.v.*..^
.......<_oVI..a>*.xq....$8>....u%......n ..V?.Q.:..4....o.~.g
..Q...S_..Y.....G)..T.".......<......&...*..Z.t%[email protected].
h...X.*/. .H.....){4U.y...I`..&-.. y.....L.O....Lf..X<..1M.w.xD;;..
...3zgn...'S.....g.~3Jn.9-..... .....3..A..e#.....".-i.S..].9..3..=GE.
.,..R*.gs..j.M..0.._'.u......E.|.....K.Q'FY.H^..'.(.OK.\.-.T...8...Q..
..v||5J..Vq.}{.K2..K..z.R....o_..G..t.L....NF.W.}....."{.NLP|.T_......
..j..,P..q.Q..o..<.x...Q..t=..$nJ.%:S...,..N...*.......d.`....M...)
....T.7....|$...[......E..h.......`b.......iQ.w...-n>.=OIw..*......
..H...r.....h..V.Aj..&t..9M..is.j.t]~../...ik......l.p.....mT.=[E..7v.
...n./$...y=T.X.s...J......j.w.W.|.x..F..*..:....>K...d....f.......
...&...7./.2-..P......j.?X.p.....9u.Ae.0...D.....~f.......&...l6..3...
...i}.(.. m.Je.x...p5.:..d...gWz...G..@.*\.2/*..............>...g..
`...w....f.....\.D...#D...E.%.......G..s`K.*.WI...NI.......LeO...&
<<< skipped >>>


GET /inc/v12/v12-20140904.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: obj.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/css
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 10815
Cache-Control: max-age=26468645
Expires: Sat, 05 Dec 2015 21:53:38 GMT
Date: Mon, 02 Feb 2015 13:29:33 GMT
Connection: keep-alive
Vary: Accept-Encoding
................. .... ..om.,.......f....[`.w{8...,.5.-.$'....?.?.*~.r
wf......["..d.X,V..).%U.5..?....b1]...V.f_.....`[V..6... 4(....9...1?.
..c..............4.S.TY2X...<.....n.}^|....cv.~J......<).?f.....
dP...:...%.$...:o.....7YZVI....Cy.ViY....p.^..].9.:.}\..........MV1..d
]d..! ]$.:.W_V.E}LR..49..A..4.......E.mV..hJ!.5.q.[.%..w.#..'....: ...
.T..e..q.fU..l............7....l..}....5.X..&....1f.E.j6_..w.e...9-...
_............\F..j....%....d]....V....5....o..'n%i.&...:I?=V..........
}Y..gQ.};>!. '. ..!....R=.8.......* .g|f..2.O$^.....e....\..d9....l
..r...\..G......5*.']........W{.F........0lic......{6,r..0B.x.`...kS..
...*H...{.u..R.P.........8.......,G1..G.A.I.-.."4 "6 .Y8Jg.....l......
O.......a......|:o..X$_..E.~Z.d...v.K~."...1c]...1....*......T.l...`.f
..X...`.[Y.K&z.....n..q0..yh....I....*........<Ve.....*.U...Q.?.|..
^h..1...`.n....5.....:.t..p.?U..W..9.......|..i.......}}.<..{....q.
..xt<<......./8..*;fIsy..l....`t...$.E5.P.....hS6...0..):f....8D
.R. #.R..r..]DWx.p..'....%...0..M.............0"..\....c......u>E(.
2.V.Yh.Dt.u9w..|....\.@....../u^.l......_.w.f..VtJ;d..D4..S<.j.! 9i
..b..../T..>.. .;..;Rf4.{...i......?......}.w...`..m.......U..o....
......6......UY..f..R7I.|.>......d...d..~.D...~..~.z....^.$.?......
...Y........&.'..-[.>....%J<.n..;.i.[.p.G6W..!1......#>Y..O.&
wS...#...v....U..V....(..e....7......_.R..a....u..#$..~.j.a.Fn,...5|Vn
W.l......_F.[.].l .....I...P......6......Vf.& 6.L`..M..d........U.H4..
..9Bn.....qM...G=.e>...3.8.[n......)[email protected].)->k..<..
<<< skipped >>>


GET /infv3/index/2626/3rd/6.3.76.1516/a335d485b670155b839aff0080f4b702 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.inisxriy.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 02 Feb 2015 13:29:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.14p1
Location: hXXp://VVV.inisxriy.com/files/zip_r3/2626_b691a08da41eab0f72f80c1bf1e71b9c/2.zip
0......


GET /files/zip_r3/2626_b691a08da41eab0f72f80c1bf1e71b9c/2.zip HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.inisxriy.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:29:02 GMT
Content-Type: application/zip
Content-Length: 712542
Last-Modified: Mon, 02 Feb 2015 07:37:40 GMT
Connection: keep-alive
Accept-Ranges: bytes
PK..........BF8...=...8.......460.db.8..............<..A#.<y....
\Y...7a...Fh...:.g...R.gcsw(.xa..'.3g..EX.....'S.@..:....].2C.^GuzW).y
.....hY_.:2.zx....(....N.J8....E!..5u...W.X.0:..G..^B...ru-......."i..
.|$&.8.JY.<K.}......<w4.....C.....&.-..7m..`..5m....A....o....#.
K.iC.I.u..U.f ...k=K...........M......GD.*.J....2.pS........)[.~...D..
...&...i53a2S7DPK...........F,PI.J...........wpm_v20.0.0.1714.exe..C..
=.0:..3.m{..m..m..m..m...9w.U.u.w{W....tw....NW.......'?...rY..#......
/.N1..f...t...........e.r.h..s......#......{m..k....b.........o.f.Kb.:
...>V.]..(.Ig.q..{..A.x.G....N9..K...w..=....,...t. :.X.L...p.`.tqO
.|..Z.p....c..L..6.P.?.^.....J.a.j.........f.E.......;.....y....V7~M.t
......~:.x.Q..D...G..&....{...!......8K<......v..Li....f..!..U..).:
$..d....M.Z....W....l.7..B.!t..i.Bw..|[email protected]
...~V..5(............qb..S.N..p.rt_..I...1.A..;.Dzw..=...)`"{.'...u. _
...HeC...?..5....?2.n.3....gBx.x.....*.@*.Q........{...X7o.....g.Z....
.-E.C...... I..3..g..BA.A....amF..?.%...{.....<....[...;5.....9.A.0
04 v..E.\.r...>~...^.s.<..(L:......<VZ.....|...5a..&(..P.r...
..\..c.r...D}R$..'..lG...e.1..b.Q'~.YIN... .Hu8...1.Myi..oPkKY.R.O2.x.
.....r..K.....;.F.N.T.|2..n.#..u......n.g.. ...k.Z.....W..K.a..A.....\
]>..G.r.a...A.d.6.../...;./G$..:n.e....b.Q..m......7.e........`....
5\..<..T-Mh.&H.._..tV.......l...$..V.5.)...(T..,".i.......#.6.Q6.H.
...XJ.F...Cq..jt.P.w.IH.7...gA...S..6Y.h.B.d.wl....n.R...~.e.8.{8.....
_......\./...G. GdJ3.O<4..n.....hceC..t...D....w?.j...`....J...
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 404
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:27:42 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferAccepted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:27:15 GMT
Connection: close
Content-Length: 0



GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/ocsp-response
Date: Mon, 02 Feb 2015 13:29:35 GMT
Last-Modified: Thu, 29 Jan 2015 15:18:40 GMT
Server: ECS (frf/87D3)
X-Cache: HIT
Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..2015012
9064609Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M..
..'.j....20141203203511Z....20150428204011Z0...*.H..............-H.$..
...........^=....G..ai...I...,)vG.D..[R,.G.#(.D.<..Cg,}...;..2J#...
...GX....<b.&UFe'...I... I.o...&'....e..`..6.....`..~#......q.h|...
..C..#:2w..}.......39.EF.....Rj.M.9...^.....c.?Y/Rz...Q.~.2.I...5..,.$
o..U.....cg.H.[.(.....=.(..;.5...[.n....b*.......0...0...0...........'
..0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTr
ust1"0 ..U....Baltimore CyberTrust Root0...150114195242Z..160114195229
Z0G1.0...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Validation-
20110.."0...*.H.............0.........?....(Fb....G... ..=..(L..wK...0
4..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8........
..h8GM..*.4.MP..../[email protected]
.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g..j
.\.>.O....G.A........0..0... .....0......0...U.......0.0...U.......
....0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U......`
;.l.uZ..k.F..^|A.Tb0...*.H.............n.h\Ch*G.c..yr..."._....J.-....
j.t%..e.....([email protected]!m...sZH.N..>.S....K..........7wi3..x.D..l..u
d.....CC......<.&.2. ..d...T.......;.S....\... ......m.6......#(.&.
...q.[z.........r..T....W...7ea.}..B.1........al.]i.F...-.0c...y.=?...
.E...........'>..O.._..
<<< skipped >>>


GET /?product=firefox-34.0.5-complete&os=win&lang=en-US HTTP/1.1
Host: download.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=900000-1199999
Cookie: optimizelySegments={"245617832":"none","245875585":"direct","245677587":"ff","246048108":"false","869421433":"true"}; optimizelyEndUserId=oeu1401956287616r0.2603029596469415; optimizelyBuckets={}; __utma=150903082.1617578787.1401956289.1401956289.1401956289.1
Connection: keep-alive


HTTP/1.1 302 Found
Server: Apache
X-Backend-Server: bouncer5.webapp.scl3.mozilla.com
Cache-Control: max-age=60
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 Feb 2015 13:28:10 GMT
Location: hXXp://download.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar
Keep-Alive: timeout=3, max=499
Content-Length: 0
Connection: Keep-Alive
X-Cache-Info: cached
HTTP/1.1 302 Found..Server: Apache..X-Backend-Server: bouncer5.webapp.
scl3.mozilla.com..Cache-Control: max-age=60..Content-Type: text/html; 
charset=UTF-8..Date: Mon, 02 Feb 2015 13:28:10 GMT..Location: hXXp://d
ownload.cdn.mozilla.net/pub/firefox/releases/34.0.5/update/win32/en-US
/firefox-34.0.5.complete.mar..Keep-Alive: timeout=3, max=499..Content-
Length: 0..Connection: Keep-Alive..X-Cache-Info: cached..



GET /usr?v=7&acc=13767&upd=1&new=1&wct=1 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: navdmp.com
Connection: Keep-Alive
Cookie: ac3=1


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:29:34 GMT
Content-Type: application/javascript
Content-Length: 37
Connection: keep-alive
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Set-cookie: ndi=15973615790; Domain=.navdmp.com; expires=Sun, 22-Jan-2017 13:29:34 GMT; Path=/
act: f1
nvg13767.start('15973615790','','');.....


GET /req?v=7&upd=1&new=1&id=15973615790&acc=13767&tit=YAC download - Baixaki&utm=248450708.1422883801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: navdmp.com
Connection: Keep-Alive
Cookie: ac3=1; ndi=15973615790


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:29:34 GMT
Content-Type: application/x-javascript
Content-Length: 6
Connection: keep-alive
/*OK*/HTTP/1.1 200 OK..Server: nginx..Date: Mon, 02 Feb 2015 13:29:34 
GMT..Content-Type: application/x-javascript..Content-Length: 6..Connec
tion: keep-alive../*OK*/..



GET /public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/pcspeedup-single-text-en-us.zip HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: MRI81vfcQ vh8/lDL LOAg==
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:26:25 GMT
Etag: 0x8D20829CBC05880
Last-Modified: Tue, 27 Jan 2015 09:21:41 GMT
Server: ECAcc (rtm/3523)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 927f7a53-0001-001d-341b-b83b6d000000
x-ms-version: 2009-09-19
Content-Length: 42673
Connection: close
PK...........D.........D......index.html.\...Gv......fa.V..d...if.j...
...$....A..H....]U=.. .....H.$.y..@^!....H.H.B.\..,........S.9....g...
Fb......:..>8^).....^.L......(W^.._... }{.;3.W.?.mJ....;.y...!.g"YI
..?...8.C..d........s=aUv.s~.).R......I.......:b...........;...J......
../....?..p...S.....,."..........[i.Y,....D.u.....S...@...).r..).\*.VY
.[~.3..R.<....N.1a..o.z../.. .{8X..r....}.d:.i..8|p.S...x%....R.J..
.........^..d.Ti./...i.i.p_.t...2x.m..E.~.....fH..j....f^.I.JO|...6/..
tK.ne..0.....D..M...P.."^..}b...V..2....2..., ...>......^w...i...8.
.f...x.w...(..S.#..........Gt8....i..T.....3\...T1.u.......h..../6..N.
...l.N9..fX...;..2....G..6.........o.<~...$")...H..m.h..|...'..W.0.
.Y)..w...o....U...`. ..t.d.....3..."q........;e..\.......C.H...G..!...
....j1.m...%.V..=....G..U.HW..".p..7....nt) 1...-2.....o.\5w..by../...
.89.=.q..G.3.-.Yf.S.....B..P....jt.>.\.$..HTt_$..7."Uo.......k<~
&.8.k.2U,...=z..D..........8.Zj.{.Y.h.g...U........O......g..IkAt-4..K
.Q..P....{W.....|7>...7..K.....D.)>..*...0:..5p...R.......W.".TK
...jec...z.en.D.....n.s.gA[U....g.&< ..F....^P;Q......7Hue......4..
...s0...^'U&.8...r.L.....wzW..l.Cp...EZ.(..J`..=...F...b*..l8..../9>
;F-./N.....x6.6.......f4.C....G...d...v.Vs...cZa.ws[.O4 ......Z. [email protected]]
xd...B.J.a..7.T......*...:..b ..,..5. d.C._.;..!.".m~AV53. VD\.uV... .
,...9...J...B[........=..X..66..&...%.{.....9..z1..@#3C.a* ....1dC.(..
[email protected]..;.Nu...:q*]....v.....IN..H...e.H".C..v. ..${\1.m.>..Zs.%.
..`=8......%.aq.."[email protected]%,........L....Oq
<<< skipped >>>


GET /celular-e-smartphone/smartphone-samsung-galaxy-core-2-duos-sm-g355m-desbloqueado_200x200-PU91c2a_1.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "220b0913fbdfd918c0a09bcd7f30b000"
Last-Modified: Thu, 25 Sep 2014 18:20:13 GMT
Server: nginx
x-amz-id-2: WxDs3XfSDQq  3bFuoyF99lgw/qAH8ONmDquhu1vte4PBNjFHi13 qBPyv0ThD h
x-amz-request-id: 86DBF686836BFCDA
X-Origin-ResponseTime: 1422851705.796
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 10562
Cache-Control: max-age=54330
Expires: Tue, 03 Feb 2015 04:35:05 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.Z..........................!.1A..Qs."25aq........BSr..#%CRUt....(368T
c......Dbd.7Eu........................................?...............
........!..1AQ..q.35Rar..."2....BS...#4..Tb.C.............?..S....@...
j.O_.8..Na.-S4.e4.5j.M%...\K..]!v....[ME..........5:......i..Q..a#..2.
......a...\..".}..'.<..L~. .|.a..k..h.......0.g.,;.i..Rs...>N.6_
......9.X..[8....%4......5...<.k..^....!.|....8}.Y....1t.....Q.HS.)
.....NKKT.q.e....n.lw.......a...S.R.45L.*..KI......I.2.3....(....xV.*.
_$.KA..ZE...Gk.[P......@m.....@... ........{..^v....x...i....h.V..g...
_.(.......$..I...`.....ER...f...-..9.d..X.......dX1KY[...$(...uw77.x_|
..{#.......V-V^..S.p ....sc........:....).............9(.:[....Hl6.eY.
....|.....&......vw.l...}..m....bG.....q..p.P.H.AY*.$...h.6:g. ......B
.'[email protected]....:.':....<..:V....q0.}.87-!C./..d.....@... ...".;.5
./.0................0{36..s~...2..g..f.1..P>..?L..>0....r.I'%.0.
....RI.7.....g..L.s..3.%J..rS....A.. OR..:..2.9R.j.Tu6..Z......n.jS.6.
'. KjiD8..)..}?.Q..<1\...4.....D.......Zs(.D.....eu..8...[..4......
.d..U0.qj..l/d.....W .>e(.2SmL"iJ[f..F..xn7.2...../..D.......A.)...
.....$.... [email protected]..}J...V.X.rJ(....N'....R...A . ..... .Q..rE....
.B.=.h..........YV.?..%.....d7p...~D.....".....|..S..V@{.P....S.U..]Vv
....?.~.{..~d....n......E.gm.(.U...'.?2..r./.&G..........*........
<<< skipped >>>

GET /cooler-para-bebidas/renovautil-chopp-10-latas_200x200-PU64f6d_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "61d0d7c55112d30e90ffb2df1561a1c4"
Last-Modified: Mon, 23 Dec 2013 23:51:35 GMT
Server: nginx
x-amz-id-2: km8H1FqXkTEZLoumAbxS elLpRohGM9kXmkfodDSww/CXa2gPjY09i9RAfat4jhg
x-amz-request-id: 538EB4E9689ADEC2
X-Origin-ResponseTime: 1422875914.731
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 8358
Cache-Control: max-age=78539
Expires: Tue, 03 Feb 2015 11:18:34 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..L...........................!1..A."Qaq2....br.....#$34BR.C...%&(5Sst
......................................1........................!1.2AQ.
"q.a....#r..3B..............?..N....)@)JP.R.'^....M.#.ot......h.#...i.
.8.5..{o.Bi.6..R.N_n.~....P.H:..mE......|.lT].&..6...C=.s..qH.{B...L.u
T.G.. .R.i..k.Z.....B....e){....Z.4..h:.]...j.u#....[.......V..4..n...
.j(.Vr.........^.5...([email protected])..[.. /.ZG.}....B........X.UH
;..(.)J.JR.R....(.)J.T....\D.....J.~Q.....o..W.....R.....(.T.}q>..5
*..>$7..l.G|...>.u b [email protected]....)..z...5.....?.Z.Y"79V...HJ
..u.!G.......32f....'...~.f.K...O ...'..QrlI.v.f.>...$....G._.!....
...9.........6.R]t......ju.A#.9EE.b.......... t\...............T..Ig$.
....~.._uTc.fJIi......H:.kL{.U2.v?....~ .c.u....4...............)..Z.Y
%6yV.A.o. .......R......)@)JP.R.......%.Mf..G.q.}{....p..dSf8.J.$k.h.*
.;4.93...'........Q...Tu.m.....a]HW...j.[....Mu.M).J........5....Yl..9
?5(..&.a.7..8@..$..Wq.5.u.~j5Dw...HC.........}..>I..Z.. .E...h[E)R.
.vzV..Y^[email protected] 8.sl):...-K.&*....>..NF..>.....3...
.....E?.k..i- .?...D.G.7.*S..1..N.<.<..yo2....AM.o.].....5..VU..
..s'.0..}..X....W,.\;!.E.4.O-k. G.C.us].........b9..\.c...J}e...!.=...
...T.S..,.....O..N..KJR......)@)JP.R.......X...)..wys....*.C.i....u.GS
.VA.....}...b..z...r..<..\KK2.....x.....c..K..Q..w..>..j...v
<<< skipped >>>

GET /som-automotivo/newlink-sa101_200x200-PU8aff8_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "7338658593704f7bae04e8bc2adb28f0"
Last-Modified: Fri, 27 Dec 2013 10:35:35 GMT
Server: nginx
x-amz-id-2: LpBBf3kkNbAms3QoTRyOAf4kItvrsdm6mqZeWL alDWUig8jZ6U4z32nceZv2PDLDzdA9L4 zYs=
x-amz-request-id: BC66E6875FC3C9E7
X-Origin-ResponseTime: 1422859776.397
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 6862
Cache-Control: max-age=62401
Expires: Tue, 03 Feb 2015 06:49:36 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....,.,.....C..............................................
......................C...............................................
............................."........................................
.Q...........................!.1..."AQ...2UVaq....#E....$6FRbr.35BSu..
..Ìt...................................,........................!1A.
Qaq.2..BR..C..............?...)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)
J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J
.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.)J.y.........i..PjW.:...a..
...p.....x ......_......1k.uG.5......F<O..I.. u....C^n....;I..y.V.R
...$...>....'.;d>b.>...)..............}K.....8...m.....8..s..
..y..C.-s...".?.f...Z..Q.Mj}[q......=...~.5.6.S....Alu.;.....FF.O...#.
...T..O<v.g......Q.Mj..u...H...yJR....&........~.H...7d>b.>..
.k.<f....}.....F..|ue.......[q.?....R?.....7d~b.>...)...........
...}G.Q.}\S....m.........A..<n....s....i...............Rc.l}}..k...
..r.~.....^.....z..Q.M<..!....T..Z...Y{....e...[.....BCE(J...>.R
......s..WP.^.O\....e.}N.ZIa.Xi........p..#...6M...........y.vG?.-s...
&...`o.......Y..V.!.....t.'.i9NA.....F..{.....n.....#..]....d:....t.^.
...y.vC.=s...&.......\..?..P............mFG.`.f..h6.......\..?...;d>
;b.>... T?.}E......)...............R....K...4.\?.n....Z..Q.E<..!
....T..Z.....|.t.a...er.Q....e8$.]....x.DrU.;F#%!.$........H.....mW...
{....]./.r}...........8C}..XIQ.... g&......<..*J.q*.=AJ.......m..g.
.G_.6....V..9.6.i..Z.i.zV...)H..$.P........V..PL..m-..z....02A.=.T
<<< skipped >>>

GET /jogos/little-big-planet-3-playstation-3-blu-ray_200x200-PU93f15_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
ETag: "b5d8b8c1c519b7b02e7de53f759d0b11"
Last-Modified: Wed, 26 Nov 2014 13:51:27 GMT
Server: nginx
x-amz-id-2: M54bdKEF/BAFy8dXHRCWGbWD ZfJWn aUmXvQ5QujgmvX0t/g5RskdH6ZIRueivfwk3P6eIO87k=
x-amz-request-id: F13C5C94064C9E00
X-Origin-ResponseTime: 1422867240.454
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Length: 17520
Cache-Control: max-age=69898
Expires: Tue, 03 Feb 2015 08:54:33 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
.U..........................!.1.."A.Q.2aq.#BRS....5CTr....$;....4Ds.
.....(8ceu.....................................5......................
..!1A.."Qaq2.........#3..$BRr............?..OF........../...........P.
.%[email protected].&.B{|l...u.T...c.....B.>.O..O.......r...p."{...t.5..
..#....!.9..W?...J...J..Q......]...?.'...).!..l..4y.{...f......?._....
C.4!w....=...5....y3..G.......?...w.....<...<..n.>._...[... .
...............ug.U ...B..J..].../......$/.....C.W..'.._..?.2...q. ...
...8_.'.hB.....&FTp?....dH...9.....VI...'.|*...T....H$.B.H...2.8?.9.B.
.ISr.J.l.#.j9..8.QS.R.r....U....,........}......Gc.....;.y..=......h..
B..F..H...T..k....1cL..Z..Z...!r..}$..........R...V.c..Ir^f<V..y.:.
[email protected]... ...F..m..Q<E...o...F.F.S.....\a.....u..R.S.,7.
..N.&E..M...z..K..Tkv....T....d..)..H<..5.....Z..&._.4*.....O.W..;s
..}..j.....4.45......h/.U>$(.0.iU._Yq.6...N.6.....z.....8.........~
...6=.B.J../%.\........%..`....B......!F.....l....T.r........^.N..u...
.VG.%[email protected];...2H.8.]...m......fY.j...j.-...V$..uY~
S...H.....5k...G./u....6.^.x=Cf...;.VDYKy..R..HIN2y=..-&<w..UyT1.zO
...&..ey.....y...>.w\...a.<..<7R.jy..y.(! .J..I............V.
..A.&....7.ND..w.[S..T...1..jo......a.]...OnS)I...K~..L.G&;.J....K.nP.
*B.<.....?..P&.S............L.&...o.m...U ..3X.,?..q%.A....W...
<<< skipped >>>

GET /tablet/apple-ipad-mini-4g-16-gb_200x200-PU6dd55_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "3371733ff179bd8f95d8b4c4251d2b40"
Last-Modified: Tue, 30 Sep 2014 14:08:06 GMT
Server: nginx
x-amz-id-2: gr8AVMpBHJQM3JhSrPWWiyK/M0LXbYF7XvIpEL4 HpqtfVdofMjmpa9wUeE zFSL3kuXKuVvtsU=
x-amz-request-id: 17D5223973006EBA
X-Origin-ResponseTime: 1422881777.213
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 7745
Cache-Control: max-age=84402
Expires: Tue, 03 Feb 2015 12:56:17 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
._...........................!1...AQ."aq.2.....#$(38BRbrv.........4CVW
u....%&.....67DFGSTfs.................................../.............
.............!1AQq..."24a..#.3..............?...M)@ME)@*j)@)L.i..@)M..
Q..@M*3..@..&....dx..iQ..Q.M..J...dx..J.m1...b....:P.R...R..... .....i
..l....D.$..Z.qIIR..p.%#[email protected]...
}.M[..,..om.!9....$..X...zG.....U./...s.(.S...G.8...gE.U}.............
...(.Z:..G....].'..jtq.....v....;B...XX..(P.=.|..e.d)!X...\...}..3M. ]
`:Y...He...B.....h.|....9W..........G........Zh .z..k.P.r...ml....,..J
..oo.o ...Yw.V;2........E.....5O.........?.W......lh..}-...h...A......
G..|..x?.W.....li...n;J.MfB.s..P.....9C...l...|.H.........4.;.....@# .
.i% A..AI>.T....U..v.{g7.d.....<>.......CF......u$.Rj*h..H..5
.5......#.$..EKh._.#..$....T7.T}....h...(.|.X...n.9..^...G...q..k.!*.J
P..8q.< o...i.N**-LG'.m.....w.63..^.V....[[email protected].].
..u &q...,qO.J...Z.......H......W.}..L.?.W........G.-<k.n....c.....
.E.u....*o... ,..E..jO.T...yJ..eI.....}....?h..T..%I`...*:.o^.&...o].9
.......wM..'R..K*nk.!%[email protected].*..\...A.;.kR.L.....2;..[":^..q.
..<A....h.....n..Mk..'`.}t?.........3.u..[u..:.\gt.#..k......a.j..c
.H..a8....\......yE.#.....!he[..........'&..Z......n#....p}[email protected]
(2.m(y.KN)...q........V.i..F...,...`]$...k_.O.....z.....Q .u,...V.
<<< skipped >>>

GET /celular-e-smartphone/smartphone-lg-g2-d805-desbloqueado_200x200-PU8422a_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 16 Oct 2014 14:42:01 GMT
ETag: "bea43090a07cacacb1c7717dd105738e"
Server: nginx
x-amz-id-2: eEph0MMxoVwNmr4q2/tejkjtOi7M7Us1/6h5uVDYWB27eJDXKPaVKElZHTHRks9N
x-amz-request-id: DA5BCE6A73C9902B
X-Origin-ResponseTime: 1422633274.434
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 9377
Cache-Control: max-age=31519
Expires: Mon, 02 Feb 2015 22:14:55 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..W.........................!..1.AQa..."q.B..#23Rb.....$%dr......56CFT
cst........&4u.....................................8..................
......!1.AQ.a....."q..B..#3R..2b................?...)J.JR.R..y....Y...
.|..@Dx.../.....76...=.D{.......w.......z..R.......2_"..P..z.>#....
]kz.wG..s./....`(..O.R.m.J.SP....'....7ZW.....v{rG.[.?...I..\...m.?...
........!....Bpp..Z..#..F..)`n... ..>.jH.......D.X..9.j.O.._..i..j.
..Y.b.p[}..P.r....t=j0...?.g.nn.`o...k.I.n.......U(..j>l..S.......Z
......j.[......s..t]...R.KA......4.7...K.X.-6...G....._..]S..l..w....W
ey...E.J.B.|...`t6...BW.V.k..l.......u.$.:....C..2^PJf....'..*[email protected].
.'.....]|..)?}.. ..[...YL........@q.[PRV.2.#b.."......*..<..i..-...
....s...(O.*C...@t....()JP.R......)@)JP......pV3.....W...sY....~..8W.y
..j.-1!.P29[YH...Y.....k[..R]....c..jQ.6...8VA......_.Mct..JL........p
3..xi..m.;A.... n..rkBx.U....o....k3o.F....G.c....M.V.Z.I."4..T.c.b.?.
..s...H.........I..C.*.1....O........._i....~..S..i..jC.WP..<.p.[K.
.@.....@. .O..z.#..$.kK..t..K.....iF1KVb.itd..#b..x.........5t.6..U..J
:.U.tP.06.5...Y.s%.u.7&.2......n.m....R.z#..."uJ.J.m.8Jp......_~7q[...
....zX=d\k{i..DE)[2....V0.Gg.1.....B.Z..k.*........-9t.....)S.k...fz..
..,...Z.~.oH.l.H...q......J.U.'a..&..V(....../1m....uH.J/.......I.....
.*..y..9...Ko.(~z.YuZJ....E.."'.~...n...s....d........]..V..E)J.JR
<<< skipped >>>

GET /som-automotivo/multilaser-p3108_200x200-PU4d3d4_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "7d75580516ddda25af7c8c0b58cbd122"
Last-Modified: Mon, 25 Aug 2014 19:04:14 GMT
Server: nginx
x-amz-id-2: lxFUehmEmDLkbd/cxP5UxKtif8IMxeHaXLFCdeXe8UBZ2b7mCcq7EHOgmcLHZEIq
x-amz-request-id: 58A5986D5FFB83B2
X-Origin-ResponseTime: 1422871175.566
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 6154
Cache-Control: max-age=73799
Expires: Tue, 03 Feb 2015 09:59:35 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.S...........................!1..A.."Qa...q.....#2CT......34Rbc...7Bdr
....DEFVsv..................................3......................!..
1AQa.."2q...R..Br..$3...............?.................................
......................................................................
......................................................................
...........A.......................j....n.jGE.dLk .v......s..$.s.%^...
...erm.W^..........`[email protected]...|O..._t.....K..n....n...........8..5.n.I.
:..q:.T1..i.....u.n........u4..GO........a.?..j.0....)..p..T h.[.=.s..
...L<...y../...M|..~.5...B>}7.)..p...Z?/...g.W_..0.....-...6~.5&
gt;..>T.>....F......_..h....6~....>.E....?...._.....i....4S_.
...E............C.B......d....p..P(..[....c.M|....=..*.E.3.&...(..}N..
.Q......6.i....uf..#.M....Os...G.......}.../..v.TTkM...j...... .g.^...
....%..<...Z..G....l....>.~...X|....^.H.s$v?C..K.y{.,.K..{V..,tT
si.ed.B.KQS..I..I.........o.KFk.......};O.....o...M..Y./w...q.$..W#z;:
m........P..r.(.e#.1.>K...xW._...X.kW.O.N.......G.m4..y........m...
.......P...,.............. 4....'.g..X...D.f.....5.......4N...Od.P_...
^..':j6.....v$.$...[......11:......X.:rMj.)t]...3....z.3..w..g..V.....
;...a.M..b..*........H..9..y..v<........m............6..MR...r..q.G
.SI..l.w.......K.i.oEO.v....tuM.....S.2I".d....[..@?.n?....VYv.[.1
<<< skipped >>>

GET /tablet/samsung-galaxy-tab-3-7-0-sm-t210-wi-fi-8-gb_200x200-PU8261e_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "4b7d898f2cc69b8be2ccab1902f04e53"
Last-Modified: Thu, 05 Jun 2014 19:13:50 GMT
Server: nginx
x-amz-id-2: SeNN WCSlV2qvjH6edb1 36kcs37Xnzr5hdx8qV1f2qb8rXsSJUS4iN/HwyiissoV7DBlH30w2c=
x-amz-request-id: 769CA2A93F3B1432
X-Origin-ResponseTime: 1422839654.851
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 10894
Cache-Control: max-age=42279
Expires: Tue, 03 Feb 2015 01:14:15 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
._...........................!.1Q..."Aaqu.#2....6BRet............$34DT
Ubfrs....%&57EFGdv..CW....................................F...........
...............!1Q.ARaq...."r......234S.C....#$BD5..%Tb..............?
...@..@[email protected][email protected]<.............R^W[V...O.
! .....u..........>.'.......i..*..?..!_...O..J..JU...?.t...V.OU...R
..UM...P8s.'"...V$...[[email protected]....&.o.o1.%..y.l.
.D....|.zO.t.......=)......,v..F.Ma.vFv?..W<..6s...@;.'K....^..t.q6
.po..%..7.d....A..@ ......i.....gGs....J\...[.}..~.;..<G..h........
.U.....;..!.<.....H*.a.......].n..V.An).m. v...q.u-.`.C....P.......
...........hv.........p\p..i.kBG.;..F....-.dv........(...u.....q9...c.
.......`.n.n@.}..9....*....Nm.p...W...e..8_....K..G.c.'......,.b..7m.k
U.>.iii[..THS.i.......z..v....I..q..J.S....:W..C.QVNs..t...l ,. ...
.L 6.x...m#.%#..a@:.;E.n...2.....xb..t]....$.h.....y.-)=.\m$vd.....4.@
..@..@..@`..~....._.\f.... .u..un..l(v-Ks.BU..K....V\t.....>.v.XxU.
.%}.7.Y.vL..x...../.... ..T.'..g.b...x.:.......Y....0...9......8....a.
 5...1x..Nt.9qU=\E...4...e..(.........R.8......Vk...F/.S...../'8.f....
....G...6.H.H....s.(...|....(.Q..T.3...tw....=T=...T...E...zG=..N5.8..
.....T...E....E..Q....g....m.8...8qm.0..\..#.|...Q..IZ.7...Q.f2.v.....
..^..\ ;V.k....2.1./J_.......G.z.k......W."..$.....h.[y......fM.D.
<<< skipped >>>

GET /celular-e-smartphone/smartphone-sony-xperia-t2-ultra-dual-d5322-desbloqueado_200x200-PU8f189_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "308a12d3e4b1ffda9945198e0c924659"
Last-Modified: Tue, 08 Apr 2014 06:42:31 GMT
Server: nginx
x-amz-id-2: MSf/fvzTNl5014LetbhIL/DLewzmm Qa7G1VzaP50OBaeA4gJvacwmZWfLl Qpmjf/mPLJvgmT8=
x-amz-request-id: 72FE851D538E9563
X-Origin-ResponseTime: 1422842818.474
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 6267
Cache-Control: max-age=45442
Expires: Tue, 03 Feb 2015 02:06:58 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..]...........................!1..AQq."2a....8....#$RUVr......&3BDTb..
..'....(7EGWcdestu......................................4.............
............!.1Q.A...."aq..234Bbr.R..............?..." ...""........(.
W.Yy2|]k...../....4r......x....U.m....kJ.}...o/.-.. .P..E.S.....f._._.
............?R..G.s...]?.......C......{z!.x.....G.sl...m$;@Z..pZ......
J\~..Z...:..#...]..;8.&...i`t../~.]..%/...P.^.........K.:....^........
.Y{.O.......v.....5.aKKU.[.h...2F:6..Ahp$o....X.....@**.""...." ..."".
..........5..#...Q..........p.bzxH..)k....GJ...j...Hi..Y.-..*...J....q
;...}k$)N...v5...e.$..../..k.....o7.W.f...v$~{3..o.IK....tg<|.dxp..
.X..e;jo..)...<}J...*.{..\.u...R..&6....2.~w.s..p8d...%.0...i.....6
~u....{Xid..i..@\....W.q/.2...y.5v.t........f2..PC.$.hy.-...9.3<9..
...K.Kq....i..M.....8... h.H.....os.g.,.i..[~.8.......q...T..DK.....:.
.e#edR..\.{..q..g.....qv.......Q..0.,..".....0..*....v......EL.......h
ccZ\K......I$..*........:..l....*:Q.VH...oD...[;\...=.....d.F..;@/....
...L....6g.o.Oz.].4..wK..j....A{..=9.o.n.-=....3.U..s..r..&w..X.......
..""...." ...""........S...I.p.c.ro.W?.....t....O\~-'...u..s.ry.d...[.
.|G..!b........'*....>*.v..r.<........$.)..Un.A!s.t..zL......._:
.7)%;..n..1.^...{..{M5..-.:..8..uE#....k..=....sI.iY.E@.............#.
..A........e... ..p...5 .Z...........R...d.......:.`..N.....F.mx8p
<<< skipped >>>

GET /celular-e-smartphone/smartphone-samsung-galaxy-core-2-duos-sm-g355m-desbloqueado_200x200-PU91c2a_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "220b0913fbdfd918c0a09bcd7f30b000"
Last-Modified: Thu, 25 Sep 2014 18:20:13 GMT
Server: nginx
x-amz-id-2: WxDs3XfSDQq  3bFuoyF99lgw/qAH8ONmDquhu1vte4PBNjFHi13 qBPyv0ThD h
x-amz-request-id: 86DBF686836BFCDA
X-Origin-ResponseTime: 1422851705.796
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 10562
Cache-Control: max-age=54329
Expires: Tue, 03 Feb 2015 04:35:05 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.Z..........................!.1A..Qs."25aq........BSr..#%CRUt....(368T
c......Dbd.7Eu........................................?...............
........!..1AQ..q.35Rar..."2....BS...#4..Tb.C.............?..S....@...
j.O_.8..Na.-S4.e4.5j.M%...\K..]!v....[ME..........5:......i..Q..a#..2.
......a...\..".}..'.<..L~. .|.a..k..h.......0.g.,;.i..Rs...>N.6_
......9.X..[8....%4......5...<.k..^....!.|....8}.Y....1t.....Q.HS.)
.....NKKT.q.e....n.lw.......a...S.R.45L.*..KI......I.2.3....(....xV.*.
_$.KA..ZE...Gk.[P......@m.....@... ........{..^v....x...i....h.V..g...
_.(.......$..I...`.....ER...f...-..9.d..X.......dX1KY[...$(...uw77.x_|
..{#.......V-V^..S.p ....sc........:....).............9(.:[....Hl6.eY.
....|.....&......vw.l...}..m....bG.....q..p.P.H.AY*.$..HTTP/1.1 200 OK
..ETag: "7338658593704f7bae04e8bc2adb28f0"..Last-Modified: Fri, 27 Dec
 2013 10:35:35 GMT..Server: nginx..x-amz-id-2: LpBBf3kkNbAms3QoTRyOAf4
kItvrsdm6mqZeWL alDWUig8jZ6U4z32nceZv2PDLDzdA9L4 zYs=..x-amz-request-i
d: BC66E6875FC3C9E7..X-Origin-ResponseTime: 1422859776.397..X-Origin-U
RI: 200x200..X-Server: el2-bpfront-02..Content-Type: image/jpeg..Conte
nt-Length: 6862..Cache-Control: max-age=62400..Expires: Tue, 03 Feb 20
15 06:49:36 GMT..Date: Mon, 02 Feb 2015 13:29:36 GMT..Connection: keep
-alive........JFIF.....,.,.....C..................................
<<< skipped >>>


GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "ca431ddad8f46a13fa9203178d54c239:1422883217"
Last-Modified: Mon, 02 Feb 2015 13:20:17 GMT
Date: Mon, 02 Feb 2015 13:29:40 GMT
Content-Length: 900
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150202131742Z..150212131742Z0..h0..
..X...140427081922Z0....v...140618150003Z0........140429180917Z0......
..140709194633Z0........140416233935Z0........140521155053Z0.....)..14
0617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..140606
204021Z0........100729164439Z0........140606222139Z0....%...0205141811
57Z0.....g..150202131742Z0....S...140423105438Z0........140725020038Z0
........100729164732Z0....M\..140430000442Z0.....-..140617185011Z0....
uU..150118022133Z0....V...140624123102Z0........120627171025Z0........
100301134531Z0........140618143256Z0........120627171017Z0.....>..1
40711125531Z0....[...100730213120Z0....j...140226123519Z0...*.H.......
.....[....#.x....UL....U...rU.{.0.....I...7.x.{....V......Ji... Mx....
{...w.a.&...v.1.....b.vWD..J7/..G.GM"6.H..\..7.u...............HTTP/1.
1 200 OK..Server: Apache..ETag: "ca431ddad8f46a13fa9203178d54c239:1422
883217"..Last-Modified: Mon, 02 Feb 2015 13:20:17 GMT..Date: Mon, 02 F
eb 2015 13:29:40 GMT..Content-Length: 900..Connection: keep-alive..Con
tent-Type: application/pkix-crl..0...0...0...*.H........0N1.0...U....U
S1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..15
0202131742Z..150212131742Z0..h0....X...140427081922Z0....v...140618150
003Z0........140429180917Z0........140709194633Z0........140416233935Z
0........140521155053Z0.....)..140617185515Z0....Bf..120627171053Z0...
..3..020515130611Z0.....#..140606204021Z0........100729164439Z0...
<<< skipped >>>


GET /public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/websearches-single-text-en-us.zip HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: 2AlsdjaW1uJkhdYZuNHB/w==
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:26:24 GMT
Etag: 0x8D20829CBAB2245
Last-Modified: Tue, 27 Jan 2015 09:21:41 GMT
Server: ECAcc (rtm/355F)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 35e6b931-0001-004b-3f09-897b01000000
x-ms-version: 2009-09-19
Content-Length: 40468
Connection: close
PK........xd.EE.C@`....)......index.html.Z.o...........Bnd9.]...,@v.D@
b........"W.....]J.....3.AQ.G...C.H"wg..y.cIw..zt5.t3`K..{...n.<...
...Q.J..^....K a9...D......J.V..d.-E.R.."...=%..,]rm.....9.k.....c.[..
...i._$.nsa.B..-.._$.w..vh...`R-K..N/......*..'g....W..,:.M..~Ys..~...
.*R U.:f.w...\35..=....."S....]......%tV\...u!.U.5L..................C
 [email protected]......'@.5@|....N&M.m....V..M,..j.....6.{"...hp.
%.0..9.Y].........w}..i [email protected].#q..X......T.k....{k!....\[..w..yn~
.._{S..},...1.7...Y:e...........:.j...s..f......NO.\.A5r....[.=..?.:Z.
..4e`......tE.a....z...7..!j.2...DX.L|t w.>..Z.[.>...\.U..@|...Q
|m.?..//.t....gy.....G.p......9.......<.=.)..r......ZeUj......3././
.f...o.!$j.s...(...m.........c..%....#DS.:..!....aE..T[....`.A.~......
...|.x....h.d....$r.\m....[.S....X.^..._....Kh..._...b..".....|W..~E1.
k........yr7&:)...J.;."._...\......L.n...E..K\z.b..../.o.?..f\.(5.....
ly^..i...._cm..Dz.d\.#c'g...ZD......W&0;=...f......}.... ....B.....2..
.2.z....W\.Q....G......./...^.%{.5..#....).....A....~X.A.c....i<.wg
*.2U...../..q-l......w3....sG./v%....?Ggr....s.l4. ...w'.s..jq...u....
"iv2..../...'..B...}.[...C..o.}.y.V.;..Jw...0]........T.....0.......S.
..4..`x..Ue...|./7g.."....=1a.NTS..!.8.....(f..u.....l.......I...Y&...
-3n..E...a..:QC..=u..}...<.M....6z.n'..s..Y.n.............5..V.~..^
...7....b..7......o.c8a......V.....t5..L..[.._....`.ap=........>@.H
.......\I .N..3............-{;.u0.&..5f....d..#....4)&..v.)....q...o;.
...'t...I..$...v9..`...I...c...'.a.z.f...O........p.nt;e......$}.u
<<< skipped >>>


GET /push?client=ca-pub-1712420989769758 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: cm.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
Content-Type: text/html
Date: Mon, 02 Feb 2015 13:29:35 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Encoding: gzip
Server: HTTP server (unknown)
Content-Length: 182
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
..........5....0...W./.t..-..R.".`.72...<,.9{........rUW.[.d.]Q.Y.a
..J.5..J......J4.l...Pm....k[V....m....b..q .....4................^.."
.._ d...1..]...~Y.%.hL..s......._%...TT......HTTP/1.1 200 OK..Content-
Type: text/html..Date: Mon, 02 Feb 2015 13:29:35 GMT..Pragma: no-cache
..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, mus
t-revalidate..Content-Encoding: gzip..Server: HTTP server (unknown)..C
ontent-Length: 182..X-XSS-Protection: 1; mode=block..Alternate-Protoco
l: 80:quic,p=0.02............5....0...W./.t..-..R.".`.72...<,.9{...
.....rUW.[.d.]Q.Y.a..J.5..J......J4.l...Pm....k[V....m....b..q .....4.
...............^..".._ d...1..]...~Y.%.hL..s......._%...TT......>....


GET /pixel?google_nid=dt8fb3he4rk&google_push=AHNF13JR99gZ9cyLWwuDb69fxz0ZedTFwWUd9_acUw&google_hm=UjM2XzY2RkIxQUQxXzNDOTJFODNF HTTP/1.1


Accept: */*
Referer: hXXp://cm.g.doubleclick.net/push?client=ca-pub-1712420989769758
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4
Connection: Keep-Alive
Host: cm.g.doubleclick.net


HTTP/1.1 200 OK
Content-Type: image/png
Date: Mon, 02 Feb 2015 13:29:35 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: HTTP server (unknown)
Content-Length: 170
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
.PNG........IHDR.....................bKGD..............pHYs...........
......tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT
..c.iy...... ........IEND.B`..HTTP/1.1 200 OK..Content-Type: image/png
..Date: Mon, 02 Feb 2015 13:29:35 GMT..Pragma: no-cache..Expires: Fri,
 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..S
erver: HTTP server (unknown)..Content-Length: 170..X-XSS-Protection: 1
; mode=block..Alternate-Protocol: 80:quic,p=0.02...PNG........IHDR....
.................bKGD..............pHYs.................tIME......-Q.7
n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy...... .......
.IEND.B`....



GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=438047, public, no-transform, must-revalidate
Last-Modified: Sat, 31 Jan 2015 15:08:08 GMT
Expires: Sat, 7 Feb 2015 15:08:08 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015013
1150808Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150131150808Z....20150207150808Z0...*.H............
....K.U;.N..4w.{......k.0.....2{KS.n.fU.Y.Gl).F....#...}..M........R5{
. t01.lli....].z...^...i..%[email protected]^{..TDe
.h.......i...H..Q.......2....|..[..!.Cu.Tt1.....p...{g...m.'{2k.. j...
0gp.8.E.o_...Ep..4^{M*`..*'Q.{T .......8.....yx....0...0..}0..e.......
.:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....Ge
oTrust Global CA0...141201130534Z..151216130534Z02100...U...'GeoTrust 
Global CA TGV OCSP Responder 30.."0...*.H.............0............\.h
pc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.....x.
.YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x........
......6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'....o...
A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.............0..0.
..U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0
...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-2830...*.
H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk$a...n
R9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(7...=.
.w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v.....\
.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%....
<<< skipped >>>


GET /jquery-1.10.2.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/usuarios/din/GooglePlusSignIn.aspx
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: code.jquery.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:31:08 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 24 Oct 2014 00:16:07 GMT
Vary: Accept-Encoding
ETag: W/"54499a47-16bb3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Encoding: gzip
9501..............k.#E...|_..a..].50gGF.i....6t..c.>j.l..*#...X....
."2..$.a..?8.K......Gd.......~...l.:.;<.{.....{[O..>.........f6.
UE9..>........r.._.O.q>[..........|..9...f..................?...
G..f6V..<.zw.F..Y6..A..:/......{.r....1).7W.....Q...ineS*.t........
..zpr...:..'.......F.K..o......M"....M.....7..^U>..L${........o..u&
gt;..d/..{...n......f>.....n..g4XT.c6..g...';.g....:y|....Nv.q..rf/
......:f/....w./.g...ON..7.~.....O..v. ....WTS.....ON_.~w.s.;......O].
v...z..g.P.......UO...|.......R.?..........1%...T.q._f=......=e....tNO
O._........t2.=........=..<.....:.............t./g7..r..d..%..>f
T.W.............h..>....;..k...h.wY._.z...ho4.|.....XT.,./..i9.t..`
H.H......U....<.M.<.FU.{...S...zY.G.?5........<.*_..^......Y9
c...t.O:....a/.7W.1z.^.6'y5._Z..N9.1.4...hv....Z...a.G........J.zp.x.?
.....5..y.6.0..x.e.w..<*...y/..uY,T..kP.......(....}....i.=`9;..".?
.]T.....?....O.2Y...Y....6.w.^.],.......G.0...r9...........q..5DQ.8...
~...!..l0.*.5..E.n............yW...z4_.......2.1..Y9._....^....8.0...e
...^..^./*......b..tT..~.s>..R...w...5.....n.....7....~..FU.G...%;r
..J.."........:.r...G.J..(..q....b.=.X...<...-....0.a......C.o..V..
..[.S.U..PD.....J.r...F.z...Y..Z..7..Tds.y.....U.m............W._.....
..8.......N.s..dUi......E.....S...Y... .*...8...,...?8.....w.......g.7
...h.K.Q...tn......^...|..am.^.*..~..Yu......q.0..=.s<`...Q..rR.^..
\.".0.Y..U....q.a...@=...."...w9._.\`.s^...........g..[.@o....(.(_.d..
.`'........e.&V..tg...G.......dvv.?9.y..V.).4...^.$k.[e.zR...W6...
<<< skipped >>>


GET /repository/gdig2.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: certificates.godaddy.com


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:31:47 GMT
Server: Apache
Last-Modified: Thu, 23 Oct 2014 23:14:10 GMT
ETag: "6c0-5061f38c8f480"
Accept-Ranges: bytes
Content-Length: 1728
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Connection: close
Content-Type: application/x-x509-ca-cert
-----BEGIN CERTIFICATE-----.MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFAD
CBgzELMAkGA1UEBhMCVVMx.EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2R
hbGUxGjAYBgNVBAoT.EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBS
b290IENlcnRp.ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxM
DUwMzA3.MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQ
QH.EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE.Cx
MkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQD.EypHbyB
EYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi.MA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzD.BNliF44v/z5lz4/OY
uY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOv.K/6AYZ15V8TPLvQ/MDxdR/
yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am GZHY23e.cSZHjzhHU9FGHbTj3ADqRay9vHH
Zqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HY.pDNO6rPWJ0 tJYqlxvTV0KaudAVkV4i1
RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7n.eTOvDCAHf jfBDnCaQJsY1L6d8EbyHSHyLmTG
FBUNUtpTrw700kuH9zB0lL7AgMB.AAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1
UdDwEB/wQEAwIBBjAdBgNV.HQ4EFgQUQMK9J47MNIMwojPX 2yz8LQsgM4wHwYDVR0jBBg
wFoAUOpqFBxBnKLbv.9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB
hhhodHRwOi8v.b2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL
2NybC5n.b2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMD
EG.CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv.MA
0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz.91cxG76
85C/b LrTW C05 Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2.RJ17LJ3lXubv
DGGqv QqG 6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi.DsoXiWJYRBuri
<<< skipped >>>


GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 29 Jan 2015 06:15:01 GMT
ETag: "2015b-6ca-50dc46885cd67"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Mon, 02 Feb 2015 13:31:16 GMT
Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..141203203511Z..15042
8204011Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H.............7.im~...|.....3........]..Cm...Y.[.......c.J[.....^
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?31a03987113885e6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..C
ache-Control: max-age=86400..Date: Mon, 02 Feb 2015 13:29:35 GMT..Conn
ection: keep-alive..



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 386
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:26:51 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"LoadingPrerequisitesCompleted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:27 GMT
Connection: close
Content-Length: 0



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=575380, public, no-transform, must-revalidate
Last-Modified: Mon, 2 Feb 2015 05:21:26 GMT
Expires: Mon, 9 Feb 2015 05:21:26 GMT
Date: Mon, 02 Feb 2015 13:31:46 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015020
2052126Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.A..2.....:...:......20150202052126Z....20150209052126Z0...*.H........
.....H.c...ZXgu.....F..w...z[P..-..H`` .0...1...U....^e.J...I..^..jY..
.*....Z!.....T0.2..3=...o.N.S.c.<CBP.......0.E(.....v......J_.. .y.
......XUy'...1wd...!}....r(.]N.k... ..n.g.@.".n.l.ipe.....6..Y....a...
... Ls.4...&.....sC..F.q.v..m..1....7i=......k.[J=.8.....#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>


GET /b3rNON HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: goo.gl
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Mon, 02 Feb 2015 13:29:44 GMT
Location: hXXp://s2s.yac.mx/ads/adsavess?sid=yac&ptid=bxk&subid=${SUBID}&lplink=hXXp://VVV.yac.mx/download/config/down.php?pt=bxk
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 252
Server: GSE
Alternate-Protocol: 80:quic,p=0.02
..........m.Ao. ...........&.........Iw.....)...~.<.K..._..KJ.....y
....i...}..|[email protected]?p.>.gs4.R....r.Hf..
{$..6/"(..<cl.6..&TW......k_m.#...2/fp.p=.`.....*......2.;...1...8.
V.(...N3.........F..,......X.. 8.C..T......&0r.G...HTTP/1.1 301 Moved 
Permanently..Content-Type: text/html; charset=UTF-8..Cache-Control: no
-cache, no-store, max-age=0, must-revalidate..Pragma: no-cache..Expire
s: Fri, 01 Jan 1990 00:00:00 GMT..Date: Mon, 02 Feb 2015 13:29:44 GMT.
.Location: hXXp://s2s.yac.mx/ads/adsavess?sid=yac&ptid=bxk&subid=${S
UBID}&lplink=hXXp://VVV.yac.mx/download/config/down.php?pt%3
Dbxk..Content-Encoding: gzip..X-Content-Type-Options: nosniff..X-Frame
-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Content-Length:
 252..Server: GSE..Alternate-Protocol: 80:quic,p=0.02............m.Ao.
 ...........&.........Iw.....)...~.<.K..._..KJ.....y....i...}..|..b
[email protected]?p.>.gs4.R....r.Hf..{$..6/"(..<c
l.6..&TW......k_m.#...2/fp.p=.`.....*......2.;...1...8.V.(...N3.......
..F..,......X.. 8.C..T......&0r.G.....
<<< skipped >>>


GET /public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/last.zip HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: VPHBgxVe R6Okz4w0l8lSg==
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:26:24 GMT
Etag: 0x8D20829CB5C15DF
Last-Modified: Tue, 27 Jan 2015 09:21:41 GMT
Server: ECAcc (rtm/3541)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a9cdf9df-0001-0023-27a6-9a9453000000
x-ms-version: 2009-09-19
Content-Length: 37813
Connection: close
PK.........]&FP.7.............index.html.W_o.6....}..-.......a..dn...E
.m.#E.-&.....#.w...m......X.....w.S.......>.#.-....E....e.....[as.E
...".`.j....Tb........lJ...o1..`........l...../..,...X.l..1.h.cj.&...X
J2..."m.WC.5m.1\....yLo...K.z3../..........K....Q.z......V(...._...&..
.eIb.d....P...h.X9..........W.D..~.2.X..%.......^...'(RjU..g.. ..=...^
.T.....dy..2.}.a....I..........[.(j..UZq{-.y.....q.C<[email protected]'.....^
.84emK...........rQ?..j'.]....T...B6\...._..F.....=.c..P..".........`.
h.r.Rh.Y......4..S.....aaK...]N..........&.O.c.;.....f.....K~...WB..f.
.$n.....H.2..H..]....L..b.`......EN..I.4.I..\.E.*..=.5..:.t.......=a.#
L~........u.y.;.p'.gm.L|N..].Y.kW....".....q{8PjK....bi.y5.z....y`..Hi
...NA....C.yk........(Q..(i .n}..Tc.k......f.>..:.l..:...}*.......k
..v....A.XrXZ"...1.gD..iL.m.[Ej.....N  V...].Gv..d....7.\..%..aQb...gx
.y.2..#JfsU.9X.....1.".Y..:n.|n...q.].P....rEl.8..L.).).f=$..db.....A&
gt;.)$m..i...<.....m....e...J..\...)..!..._q...}@....9ws(V.....&..!
...G...........hO...Dw...7['.R..=Y.B?...@[...%.I]k.H...D.T.\?..yfRY...
.I*$.}.....'.../,O.u.T..E...o=.)6..PK.........`nE-.b.....C.......css\s
tyle.css.V...0.]'R..mT.]..y4%......Xq.e...^..;~....TP..3...9.'.. z[-.\
..U...ipI...O....."..bqG........{..eI...'$p.....W....j.=~....Z..r...U.
..K.(......M*.B....{.s"........r..}.M...c..$..:....RI(.'....o..h...dcn
....!xC-?N.....\n4WU....s.h{..N......;p..qU..?q.$n..c"I...2 .n.-.g. ..
([email protected]..."..`.5A..%.R...I.....$.;..|....I...w...K..A.
....^=...BY.u.....A}v........A..*z.x.]...y|...).....W...h#.....` .
<<< skipped >>>


GET /PublicSureServerSV.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=864000
Content-Type: application/x-pkcs7-crl
Date: Mon, 02 Feb 2015 13:29:36 GMT
Etag: "2b0017-47061-eeeb7bc0"
Expires: Thu, 12 Feb 2015 13:29:36 GMT
Last-Modified: Mon, 02 Feb 2015 09:53:59 GMT
Server: ECS (frf/8799)
X-Cache: HIT
X-Cntnt-Length: 290913
Content-Length: 290913
0..p\0..oC...0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150202094503Z..150212094503Z0..n.0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>


GET /root.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:31:51 GMT
Content-Type: application/x-pkcs7-crl
Content-Length: 649
Connection: keep-alive
Set-Cookie: __cfduid=d56a85242664b36a73edb74145a7c69891422883911; expires=Tue, 02-Feb-16 13:31:51 GMT; path=/; domain=.globalsign.net; HttpOnly
Last-Modified: Thu, 11 Dec 2014 05:33:27 GMT
CF-Cache-Status: HIT
Expires: Tue, 03 Feb 2015 13:31:51 GMT
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1b26c05e16200cad-AMS
0...0..m...0...*.H........0W1.0...U....BE1.0...U....GlobalSign nv-sa1.
0...U....Root CA1.0...U....GlobalSign Root CA..141210000000Z..15033100
0000Z0..0*.........D.....141125000000Z0.0...U.......0*........)E.....1
41125000000Z0.0...U.......0*........ ...h..141125000000Z0.0...U.......
0*........,^.....141125000000Z0.0...U......../0-0...U....../0...U.#..0
...`{f.E....P/}..4....K0...*.H..............'~.f...V'..4..)..7....hg..
.,.f5k&'.....D.(.n...EV.Hx.h..Y...d..>....n.../.\...r....%ZX-Du....
.^/K.&.).....24.,.q..l.N..W.,.Lx...U'(.qn..^j5R........d_,.h8......C..
S..6$..(.\..5... n5h...<......za2.#r..E)..?..R.r..R.i...\.....9k...
w..V46..m...u..I.L.......HTTP/1.1 200 OK..Date: Mon, 02 Feb 2015 13:31
:51 GMT..Content-Type: application/x-pkcs7-crl..Content-Length: 649..C
onnection: keep-alive..Set-Cookie: __cfduid=d56a85242664b36a73edb74145
a7c69891422883911; expires=Tue, 02-Feb-16 13:31:51 GMT; path=/; domain
=.globalsign.net; HttpOnly..Last-Modified: Thu, 11 Dec 2014 05:33:27 G
MT..CF-Cache-Status: HIT..Expires: Tue, 03 Feb 2015 13:31:51 GMT..Cach
e-Control: public, max-age=86400..Accept-Ranges: bytes..Server: cloudf
lare-nginx..CF-RAY: 1b26c05e16200cad-AMS..0...0..m...0...*.H........0W
1.0...U....BE1.0...U....GlobalSign nv-sa1.0...U....Root CA1.0...U....G
lobalSign Root CA..141210000000Z..150331000000Z0..0*.........D.....141
125000000Z0.0...U.......0*........)E.....141125000000Z0.0...U.......0*
........ ...h..141125000000Z0.0...U.......0*........,^.....14112500000
0Z0.0...U......../0-0...U....../0...U.#..0...`{f.E....P/}..4....K0
<<< skipped >>>


GET /rexposta/2015/02/02/02103507839002.jpg?w=220&h=165&mode=crop HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ns.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "c229336362e35704efe78ec8479f0abb:1422880495"
Last-Modified: Mon, 02 Feb 2015 12:34:55 GMT
Accept-Ranges: bytes
Content-Length: 96245
Content-Type: image/jpeg
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
Expires: Mon, 19 Jan 2099 00:00:00 GMT
Cache-Control: max-age=31556926
......JFIF.....`.`.....C..............................................
......................C...............................................
..........................F.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?......(.
..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...
(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(.
..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...
(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(.
..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...
(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(.
..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...
(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(.
..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...
(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(.
..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...
(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(.
..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...
<<< skipped >>>


POST /Servers.svc HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "hXXp://tempuri.org/IServers/GetServers"
Host: VVV.speedcheckerapi.com
Content-Length: 797
Expect: 100-continue
Connection: Keep-Alive


HTTP/1.1 100 Continue
....




<s:Envelope xmlns:s="hXXp://schemas.xmlsoap.org/soap/envelope/">
<s:Body><GetServers xmlns="hXXp://tempuri.org/"><userOb
ject xmlns:a="hXXp://schemas.datacontract.org/2004/07/SpeedInMyAreaSer
vice.Model" xmlns:i="hXXp://VVV.w3.org/2001/XMLSchema-instance"><
;a:Client><a:Id>30</a:Id><a:LicenseId>0</a:Lic
enseId><a:Type i:nil="true"/></a:Client><a:CountryCo
de i:nil="true"/><a:Id>0</a:Id><a:Location><a:
Accuracy>0</a:Accuracy><a:AvailableNetworks i:nil="true"/&
gt;<a:City i:nil="true"/><a:ContinentCode i:nil="true"/>&l
t;a:Country i:nil="true"/><a:CountryCode i:nil="true"/><a:
IPAddress/><a:LanguageCode i:nil="true"/><a:Latitude>0&
lt;/a:Latitude><a:Longitude>0</a:Longitude><a:Networ
k i:nil="true"/><a:PostCode i:nil="true"/></a:Location>
<a:Session i:nil="true"/></userObject></GetServers>&
lt;/s:Body></s:Envelope>

HTTP/1.1 200 OK


Cache-Control: private,no-cache
Content-Length: 2130
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/8.0
Set-Cookie: ASP.NET_SessionId=eiipbbhpipkskl4kfjouh1am; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, Accept
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
p3p: CP=IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
Date: Mon, 02 Feb 2015 13:32:10 GMT
<s:Envelope xmlns:s="hXXp://schemas.xmlsoap.org/soap/envelope/">
<s:Body><GetServersResponse xmlns="hXXp://tempuri.org/">&l
t;GetServersResult xmlns:a="hXXp://schemas.datacontract.org/2004/07/Sp
eedInMyAreaService.Model" xmlns:i="hXXp://VVV.w3.org/2001/XMLSchema-in
stance"><a:Server><a:Domain>149.154.157.241</a:Domai
n><a:DownloadFolderPath>/</a:DownloadFolderPath><a:I
d>66</a:Id><a:Location><a:Accuracy>0</a:Accura
cy><a:AvailableNetworks i:nil="true"/><a:City>Milano 1&
lt;/a:City><a:ContinentCode i:nil="true"/><a:Country>It
aly</a:Country><a:CountryCode>IT</a:CountryCode><
a:IPAddress i:nil="true"/><a:LanguageCode i:nil="true"/><a
:Latitude>0</a:Latitude><a:Longitude>0</a:Longitude&
gt;<a:Network i:nil="true"/><a:PostCode i:nil="true"/><
/a:Location><a:Scheme>http</a:Scheme><a:Script>ph
p</a:Script><a:UploadFolderPath>/</a:UploadFolderPath&g
t;<a:Version>2</a:Version></a:Server><a:Server>
;<a:Domain>178.62.184.65</a:Domain><a:DownloadFolderPat
h>/</a:DownloadFolderPath><a:Id>70</a:Id><a:Lo
cation><a:Accuracy>0</a:Accuracy><a:AvailableNetwork
s i:nil="true"/><a:City>Amsterdam 2</a:City><a:Conti
nentCode i:nil="true"/><a:Country>Netherlands</a:Country&g
t;<a:CountryCode>NL</a:CountryCode><a:IPAddress i:n
<<< skipped >>>


GET /download/8/C/7/8C74F157-189C-47FD-8A75-AEF21E5D5F06/runtime/Silverlight.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: PCSUInstaller
Host: download.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Thu, 10 Mar 2011 08:49:12 GMT
Accept-Ranges: bytes
ETag: "3075d70dfcb1:0"
Server: Microsoft-IIS/8.0
Content-Disposition: attachment
Content-Length: 6280056
Date: Mon, 02 Feb 2015 13:31:33 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$...........K...K...
K.......D...K...!......._.......J.......J...RichK...................PE
[email protected]... ........... ..............
................k.`.......... .......................... .............
............_.x............!..........................................
..... ...............................text...`w... ...x................
.. ..`.data................|[email protected]............>_..
~..............@..@...................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................n...D...4..............
.....................Z...............|................................
...&...2...:...T...n...........................................&...:..
.P...n...x...........................................>...L...f...~.
.............................."...<...R...h.......N...\...8...(....
...................................b...........>...&...............
....n...:...H...T...`.................................................
..................................Hn.@.............&..............
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 420
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:30:13 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferDownloadStarted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"clickmein ltd/vuupc winsoftware/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:29:47 GMT
Connection: close
Content-Length: 0



GET /?gfe_rd=cr&ei=bHvPVNrZNaWt8wek2oDIAQ HTTP/1.1
Host: VVV.google.com.ua
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 302 Found
Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=bHvPVNrZNaWt8wek2oDIAQ&gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=7b4f50e8efaf23d9:FF=0:TM=1422883693:LM=1422883693:S=K2bscf5W4wf3Jm09; expires=Wed, 01-Feb-2017 13:28:13 GMT; path=/; domain=.google.com.ua
Set-Cookie: NID=67=oadYL4IAhmCUbllZsaRlUcGVtn0coh_5WzvbQ9IOuaCERRg5RdjKQwNCpQdzDRmCVGBXIWwqm7QtY6GfQ_c7Qii4hU20Y3CfYi0AeGGaX8xxmKlzgWgUc73uEtz7xnKF; expires=Tue, 04-Aug-2015 13:28:13 GMT; path=/; domain=.google.com.ua; HttpOnly
P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Mon, 02 Feb 2015 13:28:13 GMT
Server: gws
Content-Length: 278
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=bHvPVNrZNaW
t8wek2oDIAQ&gws_rd=ssl">here</A>...</BODY></HTML
>..HTTP/1.1 302 Found..Location: hXXps://VVV.google.com.ua/?gfe_rd=
cr&ei=bHvPVNrZNaWt8wek2oDIAQ&gws_rd=ssl..Cache-Control: private..Conte
nt-Type: text/html; charset=UTF-8..Set-Cookie: PREF=ID=7b4f50e8efaf23d
9:FF=0:TM=1422883693:LM=1422883693:S=K2bscf5W4wf3Jm09; expires=Wed, 01
-Feb-2017 13:28:13 GMT; path=/; domain=.google.com.ua..Set-Cookie: NID
=67=oadYL4IAhmCUbllZsaRlUcGVtn0coh_5WzvbQ9IOuaCERRg5RdjKQwNCpQdzDRmCVG
BXIWwqm7QtY6GfQ_c7Qii4hU20Y3CfYi0AeGGaX8xxmKlzgWgUc73uEtz7xnKF; expire
s=Tue, 04-Aug-2015 13:28:13 GMT; path=/; domain=.google.com.ua; HttpOn
ly..P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/suppo
rt/accounts/bin/answer.py?hl=en&answer=151657 for more info."..Date: M
on, 02 Feb 2015 13:28:13 GMT..Server: gws..Content-Length: 278..X-XSS-
Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Prot
ocol: 80:quic,p=0.02..<HTML><HEAD><meta http-equiv="con
tent-type" content="text/html;charset=utf-8">.<TITLE>302 Move
d</TITLE></HEAD><BODY>.<H1>302 Moved</H1>
;.The document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd
=cr&ei=bHvPVNrZNaWt8wek2oDIAQ&gws_rd=ssl">here</A>
<<< skipped >>>


GET / HTTP/1.1
Host: VVV.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=bHvPVNrZNaWt8wek2oDIAQ
Content-Length: 262
Date: Mon, 02 Feb 2015 13:28:12 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.02
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=bHvPVNrZNaWt
8wek2oDIAQ">here</A>...</BODY></HTML>..HTTP/1.1 3
02 Found..Cache-Control: private..Content-Type: text/html; charset=UTF
-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=bHvPVNrZNaWt8wek2
oDIAQ..Content-Length: 262..Date: Mon, 02 Feb 2015 13:28:12 GMT..Serve
r: GFE/2.0..Alternate-Protocol: 80:quic,p=0.02..<HTML><HEAD&g
t;<meta http-equiv="content-type" content="text/html;charset=utf-8"
>.<TITLE>302 Moved</TITLE></HEAD><BODY>.<
;H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://
VVV.google.com.ua/?gfe_rd=cr&ei=bHvPVNrZNaWt8wek2oDIAQ">here<
;/A>...</BODY></HTML>....



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 415
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:26:50 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"RequirementsCheckStarted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:26 GMT
Connection: close
Content-Length: 0



GET /pca3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com


HTTP/1.1 200 OK
Server: Apache
ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"
Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT
Date: Mon, 02 Feb 2015 13:31:39 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U
....Class 3 Public Primary Certification Authority..141210000000Z..150
331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y
.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.....
..fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R
.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....
u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2..
..{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N
....* [email protected]!..Y......w
`G........070411175657Z0!..Z`[email protected].*q..080403172017Z0!..l....I..
.Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1
..7<.....e..010207211822Z0...*.H............5..v...V.._)....A... ..
..>.5]....6.(.0uFW.*:T...6$.....R...Y.N.k........%Jn..I.j*.6.3~...r
../[email protected]?....0.A.HTTP/1.1 200 OK..Server: Apache.
.ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"..Last-Modified: F
ri, 19 Dec 2014 01:00:19 GMT..Date: Mon, 02 Feb 2015 13:31:39 GMT..Con
tent-Length: 933..Connection: keep-alive..Content-Type: application/pk
ix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc
.1705..U....Class 3 Public Primary Certification Authority..1412100000
00Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A..
...{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y
..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!.
<<< skipped >>>


POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: PCSUNotifier
Content-Length: 216
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","Silverlight":"Install","OK":1,"silent":1,"affID":"2380","srcExe":"pcspeedup.exe","OS":"6.1.7601-SP1","ShowUSBCache":1,"noBrowser":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:53 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



GET /site/dwnld109843.htm HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.baixaki.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-IISpeed: IISpeed-1
X-Page-Speed: 1.7
Content-Length: 11890
Cache-Control: no-cache
Date: Mon, 02 Feb 2015 13:29:33 GMT
Connection: keep-alive
Vary: Accept-Encoding
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"~........7....t.....WO.....m...
.{'w.>}.4.........x'}Sg..h.j..w....(.h...Gw.^]].........Ww....^._.[
.....}tD].....\6.E..>|.P^..y6;z..m...>.'...Z.U6K..'Y..{[<. .R
.E.f4.v....uq..G'........U.Q:..>.....w..a:.gu......r..........TY,..
.:?..c.$....f|QU.e...f<..w.M.{.g......U...5...........i...}...e....
.8m...>........l0.....|v.......{.....j...bR...=........H..T,.....r6
^...j..v,..H>.{.].o|H...4..n..6.on.<....t..Ve1%...... ...fZ. |..
.65.4}..N....%...&...;....1..iaj-...yUM...f......{.........~..........
....._.:9......|.....7.}DB....[.....o^.=............|r......7.....J..&
gt;UNm:/.|...yu....x..T..........a...7.2[^.i......IM..D^W.............
.x..qBMyB.i.&?=.&...9(.....{...........1..G....iz...ok.)=.......~....u
e...-.Is....:.......w.............p....d.....3.......].uVbh.v..>.y.
.......%........e~q.......mv1.......m....|....o...eV...E..>.??.3...
!~....|.{........j.l?.}L.bw..........'lH*y..%q.e._.....r.)......E.....
..W.i.gm~Z..k.c...;......U.....d..r.Y[.s..Zl..m.}...]V.1...j.iU.......
......'.?3....Z.....y;^.....(..!Pn....Ut.'.o...$1....|........Q..qA..n
...U.o]d..../..u.....yO....WUM".d...(..>.....Z....{.......q.4/..i..
..'./..rV..-.....k..JI ..:-..{[[email protected]..(..F
..k....NJDU......c2.C..@...~Q,...%9...s......{@..s...........w...O...z
'O$..1...F.n[m...w*"....<~.3.....{.C}..HY..q..w...~...gwWd..A.W..dp
.0.Z...BgD.......6.a./...N....|']...k.i5#.^|.......{".b.....o?.3..
<<< skipped >>>

GET /usuarios/din/prog.asp?cod=109843&versao=6.0.51  HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.baixaki.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Content-Length: 60
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
..function contdown() { ..document.write('<!--//-->'); ..}..HTTP
/1.1 200 OK..Server: Microsoft-IIS/7.5..Content-Length: 60..Cache-Cont
rol: no-cache, no-store, must-revalidate..Date: Mon, 02 Feb 2015 13:29
:34 GMT..Connection: keep-alive....function contdown() { ..document.wr
ite('<!--//-->'); ..}......


GET /usuarios/din/GooglePlusSignIn.aspx HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.baixaki.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=iso-8859-1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-IISpeed: IISpeed-1
X-Page-Speed: 1.7
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Mon, 02 Feb 2015 13:29:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 02 Feb 2015 13:29:34 GMT
Content-Length: 989
Connection: keep-alive
...........Umo.6.....A..PBl:.^..Q.$-.lm.5...(..:.t(.#);.....$;N.a.!...
=w.<$_..88}......7.../..N...r|G.;..K8{.u!.0...._..A;..8n....<...
..`.u.t.W...\....?..#zLK....g...5..:.....]d.T$.,v.,.E..Vq..h.%s...~k.G
9.....S......x.,.(.......G''...ON(3.....r`.V..B.[?....-..Ch....v~..(v.
..d...............J..jZt...h....B8.....}V.Ug..p....|`d.......i.H.....d
...[.d....Y<..C.....g1..........e...H.!.s.".j..V ]..W.d..D........Z
W..4tG..Q..LP...{x....hg...P.^..dR.Y..%S......D6.dV...I.^2.....WeC....
..0JH...c.i.E.a.....y[A....m....Q.p.VU...V......fy6g*.p.,...2.......]f
...c.5 .1..G....fq.:l...K...21....&M.....9 ....i.!u......$>........
..)n|.g..G......_...../.K^..#.....=..y}.WI...lo..0..........Y..$D..c.#
K|...o......]IJ..x...t.([email protected].*'#R..|7.g.uK.-
.h..^[email protected]...! f.v.\.....j.......7.,>......[&io.t...As..du.J.
....!=...AGz.*){.......W9.,#%[email protected].'..J......d.P.nz{5{m.N
...D}.a...2.NH.Y......=......(.....H..3.........4..g^B...........d....
..7.'.Nw.....{..8.......HTTP/1.1 200 OK..Content-Type: text/html; char
set=iso-8859-1..Server: Microsoft-IIS/7.5..X-AspNet-Version: 2.0.50727
..X-IISpeed: IISpeed-1..X-Page-Speed: 1.7..Vary: Accept-Encoding..Cont
ent-Encoding: gzip..Expires: Mon, 02 Feb 2015 13:29:34 GMT..Cache-Cont
rol: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Mon, 02 Fe
b 2015 13:29:34 GMT..Content-Length: 989..Connection: keep-alive......
.......Umo.6.....A..PBl:.^..Q.$-.lm.5...(..:.t(.#);.....$;N.a.!...=w.&
lt;$_..88}......7.../..N...r|G.;..K8{.u!.0...._..A;..8n....<...
<<< skipped >>>

GET /ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.baixaki.com.br
Connection: Keep-Alive
Cookie: __utma=248450708.402729839.1422883801.1422883801.1422883801.1; __utmb=248450708.1.10.1422883801; __utmc=248450708; __utmz=248450708.1422883801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); nav13767=15973615790_12


HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-IISpeed: IISpeed-1
X-Page-Speed: 1.7
Content-Length: 2432
Cache-Control: no-cache
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
Vary: Accept-Encoding
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"~..7N...O.<y...<M...L_~..
..I.......wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`.
.e.u.......GG.5.J.-.e.Y.......ui.g3..c?&.=^.mF8.........>:..m.l..\.
.......Gm....(..t..M.~v.........w?.  ..-...x.....O.......%..h.4..../&g
t;.....EQ^?...U.L_..?...EV.....y[L.QC.n7y]..n_...E..H.M..|;....i......
...f.....>.._..%.jv...Y}Q,......y5]7..Z.e.......gi;/..]6m..|.=.W.ym
......i.jy!.....y...../)...xR....V.i.g.y..Qv....ESL..h.....,_...fUf..&
e5}.a.s.3......<.T..p.]...o......~...j.h....?Xn/..v....W...?z..`...
.9..mu.(......;..$......r....../..f...;..U....-.eNh.U...w..Ksj.],.6...
f@;:@?.l6 ...m.z......u...$N&:......i..O......9...zuq'..m...XV..*.Z...
...I..D.N....|B.R...D....?../mV.....'#...Q..U.>*..V..............0.
v.]....4.0Y.m....J...:/in..._1.........]_L.....G...w.......N.>...m3
L..!$...7q...g.TI.tg...) ...#.E.;...f..yt....<.N.=.Jb...M.gMNs.MB).
ys#..7..nlr....Q..Y|...]Y4./Vi.._.Kw.?...I.E./"s...cb../.<.2..1.h.d
&...m..*3...(2..3m....?>..............'3".Mr....YuE....G)3.....w...
S.M.BGsF.K.D...G>5.n.%.|s......V............U.AS...7d#.j...........
...Xd...|.j......v.....R..d........1......,)8d{.......,B..E.n[."..{.-B
...Q..d.f.j....w..~ .{D.t.........H.b^..y.,...2....f=..Y!.N.&.9)Q.o.k'
.?.w....aN*6.P.......D@2}.RG..W7...vD..,...)....-8..J..k....~*.=...x..
.!.J.b..n..?.^....L..I..Tf".4...J.A.f......b............F..z.Z.;2...].
...~|.]v.7...o?F.{..no.....hN...6>~< ..i.5..`...!..1.#/..#o.
<<< skipped >>>


POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 104
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","SpeedTest":"Silent"
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:58 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?966c49e8f9a60aa4 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..C
ache-Control: max-age=86400..Date: Mon, 02 Feb 2015 13:29:35 GMT..Conn
ection: keep-alive..



GET /inf/geturl/cvs?name=yac_baixaki HTTP/1.1
Accept: */*
Accept-Encoding: */*
Accept-Language: */*
Content-Type: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Loader
Connection: Keep-alive
Host: VVV.kmu79.com


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:29:08 GMT
Content-Type: application/url
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.14p1
2e..hXXp://VVV.baixaki.com.br/site/dwnld109843.htm..0..HTTP/1.1 200 OK
..Server: nginx..Date: Mon, 02 Feb 2015 13:29:08 GMT..Content-Type: ap
plication/url..Transfer-Encoding: chunked..Connection: keep-alive..X-P
owered-By: PHP/5.2.14p1..2e..hXXp://VVV.baixaki.com.br/site/dwnld10984
3.htm..0..



GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.regok HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 02 Feb 2015 13:28:22 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.42 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 02 Feb 20
15 13:28:22 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.42 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /ads/adsavess?sid=yac&ptid=bxk&subid=${SUBID}&lplink=hXXp://VVV.yac.mx/download/config/down.php?pt=bxk HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: s2s.yac.mx
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: ngx_openresty
Date: Mon, 02 Feb 2015 13:29:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.22
Set-Cookie: think_language=en-US; expires=Mon, 02-Feb-2015 14:29:44 GMT; path=/
Set-Cookie: PHPSESSID=n8on5bppbulim70fec9du436c1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
302 Found HTTP/1.1: 
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Location: hXXp://VVV.yac.mx/download/config/down.php?pt=bxk
1ac..<div style='background-color: #ccc; height: 100%; left: 0px; p
osition: absolute; top: 0px; width: 100%;'>.<div style='backgrou
nd-color: #fff; border: 2px solid #f00; left: 0px; margin: 5px; paddin
g: 3px; position: absolute; text-align: center; top: 0px; width: 95%; 
z-index: 99;'>.<p>Please See: <a href='hXXp://VVV.yac.mx/d
ownload/config/down.php?pt=bxk'>hXXp://VVV.yac.mx/download/config/d
own.php?pt=bxk</a></p>.</div>.</div>...0..HTTP
/1.1 302 Moved Temporarily..Server: ngx_openresty..Date: Mon, 02 Feb 2
015 13:29:44 GMT..Content-Type: text/html..Transfer-Encoding: chunked.
.Connection: keep-alive..X-Powered-By: PHP/5.4.22..Set-Cookie: think_l
anguage=en-US; expires=Mon, 02-Feb-2015 14:29:44 GMT; path=/..Set-Cook
ie: PHPSESSID=n8on5bppbulim70fec9du436c1; path=/..Expires: Thu, 19 Nov
 1981 08:52:00 GMT..Pragma: no-cache..302 Found HTTP/1.1: ..Cache-Cont
rol: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..L
ocation: hXXp://VVV.yac.mx/download/config/down.php?pt=bxk..1ac..<d
iv style='background-color: #ccc; height: 100%; left: 0px; position: a
bsolute; top: 0px; width: 100%;'>.<div style='background-color: 
#fff; border: 2px solid #f00; left: 0px; margin: 5px; padding: 3px; po
sition: absolute; text-align: center; top: 0px; width: 95%; z-index: 9
9;'>.<p>Please See: <a href='hXXp://VVV.yac.mx/download/co
nfig/down.php?pt=bxk'>hXXp://VVV.yac.mx/download/config/down.php?pt
=bxk</a></p>.</div>.</div>...0..
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 424
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:26:50 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"RequirementsCheckStarted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"clickmein ltd/vuupc winsoftware/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:26 GMT
Connection: close
Content-Length: 0



GET /s2/oz/images/stars/po/bubblev1/border_3.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ssl.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 02 Apr 2012 00:13:23 GMT
Date: Tue, 27 Jan 2015 16:36:55 GMT
Expires: Wed, 27 Jan 2016 16:36:55 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 43
X-XSS-Protection: 1; mode=block
Age: 507163
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
GIF89a.............!.......,...........D..;....


GET /s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ssl.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Apr 2012 00:13:23 GMT
Date: Tue, 27 Jan 2015 16:36:11 GMT
Expires: Wed, 27 Jan 2016 16:36:11 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 318
X-XSS-Protection: 1; mode=block
Age: 507207
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
.PNG........IHDR...'...!.....m$B.....PLTE.............................
.........tRNS.."3DUf..X-....IDATx......0.DQ.I1..........o,G..;>e.6I
.<[email protected]@jOs8 [email protected].}.................}F........BY. ..Pv..P.
.B.1 .1.G.....Z.6{.4..L.x.tM.]Z.'Yw/.xa=.V.zf.N[.........x7..a.....2.E
..f8`"....~_..K...T..^......."=[....IEND.B`.....


GET /s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ssl.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Apr 2012 00:13:23 GMT
Date: Tue, 27 Jan 2015 16:39:11 GMT
Expires: Wed, 27 Jan 2016 16:39:11 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 116
X-XSS-Protection: 1; mode=block
Age: 507027
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
.PNG........IHDR...............y.....PLTE...................@t.....tRN
S.."DU........IDAT..c.1....t....{\....IEND.B`.....


GET /s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ssl.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Apr 2012 00:13:23 GMT
Date: Tue, 27 Jan 2015 16:39:33 GMT
Expires: Wed, 27 Jan 2016 16:39:33 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 117
X-XSS-Protection: 1; mode=block
Age: 507005
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
.PNG........IHDR.............v.......PLTE...................@t.....tRN
S.."DU........IDAT..c.`.....R.%l..G....IEND.B`.HTTP/1.1 200 OK..Conten
t-Type: image/png..Last-Modified: Mon, 02 Apr 2012 00:13:23 GMT..Date:
 Tue, 27 Jan 2015 16:39:33 GMT..Expires: Wed, 27 Jan 2016 16:39:33 GMT
..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 117..
X-XSS-Protection: 1; mode=block..Age: 507005..Alternate-Protocol: 80:q
uic,p=0.02..Cache-Control: public, max-age=31536000...PNG........IHDR.
[email protected].."DU........IDA
T..c.`.....R.%l..G....IEND.B`...



POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 100
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","serviceStart":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:57 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



GET /tag/js/gpt.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.googletagservices.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 6991555325526566283
Date: Mon, 02 Feb 2015 12:48:02 GMT
Expires: Mon, 02 Feb 2015 13:48:02 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 15220
X-XSS-Protection: 1; mode=block
Age: 2492
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=3600
...........}is.......G....X8v........5$.!75.....IN....u.,.-6p.}yU.K...
........)....v~^....C?...;.u.s~&Q.H...Y.6......c.......<.......5..E
<.|?p..`.o#....r..K.v...-./.W.yC.H.F.a=.._[.d....V6;..x:hq6.C].....
.1....3....$n.0B..nn..b.D...&...t......4...4...<5..c..J.D.Q.]...Pp.
.`......%...j.hd...W..V...g(m.....1RCo-.q.5....`<...j ...4."..AQ..t
'5.P..LB...nP7.). e....I......;..8.)f./.y.\0..#6-.&u....._....E..>.
..4.....2...Y.H..E..[M.sp..W,.....bb;..>l;n.....7 v...U/........Z..
&.%....,...Ts..o2'[email protected]#.(Q-.[..........
..q7..0..[.\Vk.....t....Oj...`_nm..l.J...vZ..}...j...2j.Y.4..g........
.Ea......y.c.C..<....g...K.9.4.jp.K....'.....A.[.;.;p~.aJ .#1rvy^..
q...........tF...v.|.vzq..F..)?S.......X..F..9K...x...n4..5{ms.....hl.
!..].t...e.N......"....._...........x......k..}..Y.......u.%U...5a....
.i.....n Z;a.........R..W|#.....C.s.N..:.C....1...iC:.u.T....^;.|w!.E.
..f.X..^..,w...^,f.....{.&5f..,e......./[email protected]*...Fzgu..i...C._.^
..._:e....t..A.R......f3.f....P..J...#.s...01.......e.....^....xZ[..9P
........8.w...PB.C]{%.n..yu......q..CV.>.7j...:..j(_.`.>.T.E.xVg
6...p<=C;.....j....Z.............{.&..R.a..`.Z....z.H... !4.ow..C.1
NWR .....Y<.-.a.I9.A ...v.q...K{.qG....c.........S....3.......m.w..
...E.._..(!E.........: .%....W.....j!.5=."?...(g........4.... .cz.4..]
..!.....E.B..(.P?.Zw!.sz../....$....f.......P........([email protected]..=@...
..|O0P..|...~..(...x...L.P...[(./z....$(0....(.sL....p... .]h.........
o..J...(y....P.....)[email protected]...../[email protected].
<<< skipped >>>


GET /dc.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: stats.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 12:27:12 GMT
Expires: Mon, 02 Feb 2015 14:27:12 GMT
Last-Modified: Fri, 16 Jan 2015 00:55:08 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15931
Cache-Control: public, max-age=7200
Age: 3742
Alternate-Protocol: 80:quic,p=0.02
...........}k[.<[email protected].^.,[email protected]..>
;.......i4...x...7H\..-O.9.d".....`wp=.$2.X...$.%......dv....q."..F..{
...yv.$."9..i*Y...g..;..8M....k.....{[email protected]
C...).o0A*y&.....sX7p........`.......Y.K..{......p..G.`x..........8...
...B.....Z.A6.....!.".1..!>......b<..=.e.k....=.....y...B..?..M.
..H....R...%.....aw.E&]......!D.....t...a.. .......e.{.....q8....c..=.
1..n.\.z...8JG.;......W......]......$....N...&A...X.KCV5.R...<..._|
b..$.l.*3..1P'.....N.k.\.....Z%[email protected]..}.q......7.u.......,
C.PX%.0..<...^[email protected].`..}.;n.....x{.........:.u G.iP
sv.........q......./.6.... .D.k....y&...[5..1..{0z<.8.ot...........
..h.../.....C...2L..;...P.....E.kBur~uY.`.$....z......D.a=...'E..Y.. .
s.7&X...y.....9..2...5.r1q..A.|.e\\P..R..u`iV!.7a...J...VNW7.j...R...U
c....^L..."8l..".........q.!f..V..-.1..G...*5..R..N.{Q.6..(8...j.;.y8.
........N3..<....,|.K.f;...tq....I...Y{[email protected]..)......oa.F..V..
....)......X..z#..X.....}.I.B....d.......N.....*].*..;pd.\.R.. Og5../e
..h^n.....U.B...;B<............j.........Z..H/.Z.,.~..~.3s.5..,.:..
K.L....F.D...2.......Ix....)tc.  ..j[....r.%..%<.[).k.N.v..s......?
."..^.c3....<...mo.7i)M....mQ.7.....p/..*.....:m2L.0%.-.KK:..y....&
lt;.4./..Nyqla...X...... .........<s<B...|......;*RC..n.9.\....J
.^..l......L 4;..4SC3_f0.P.P. p...........VX..I.q...D..p..N..w......-.
..F...A...cX....k..C..n..wZ..*...E..a- [[email protected].^..gE....>..
[email protected]...'...........w...{L.LB.......w.n.P,....H..
<<< skipped >>>

GET /__utm.gif?utmwv=5.6.2dc&utms=1&utmn=1872741324&utmhn=VVV.baixaki.com.br&utmcs=iso-8859-1&utmsr=1716x901&utmvp=792x554&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=YAC download - Baixaki&utmhid=1088351939&utmr=-&utmp=/site/dwnld109843.htm&utmht=1422883800733&utmac=UA-144680-1&utmcc=__utma=248450708.402729839.1422883801.1422883801.1422883801.1;+__utmz=248450708.1422883801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~ HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: stats.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 29 Jan 2015 08:27:12 GMT
Server: Golfe2
Content-Length: 35
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Age: 363742
Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..
Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 200
4 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/g
if..Date: Thu, 29 Jan 2015 08:27:12 GMT..Server: Golfe2..Content-Lengt
h: 35..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-re
validate..Age: 363742..Alternate-Protocol: 80:quic,p=0.02..GIF89a.....
........,...........D..;..



GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "ca431ddad8f46a13fa9203178d54c239:1422883217"
Last-Modified: Mon, 02 Feb 2015 13:20:17 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Content-Length: 900
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150202131742Z..150212131742Z0..h0..
..X...140427081922Z0....v...140618150003Z0........140429180917Z0......
..140709194633Z0........140416233935Z0........140521155053Z0.....)..14
0617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..140606
204021Z0........100729164439Z0........140606222139Z0....%...0205141811
57Z0.....g..150202131742Z0....S...140423105438Z0........140725020038Z0
........100729164732Z0....M\..140430000442Z0.....-..140617185011Z0....
uU..150118022133Z0....V...140624123102Z0........120627171025Z0........
100301134531Z0........140618143256Z0........120627171017Z0.....>..1
40711125531Z0....[...100730213120Z0....j...140226123519Z0...*.H.......
.....[....#.x....UL....U...rU.{.0.....I...7.x.{....V......Ji... Mx....
{...w.a.&...v.1.....b.vWD..J7/..G.GM"6.H..\..7.u...............HTTP/1.
1 200 OK..Server: Apache..ETag: "ca431ddad8f46a13fa9203178d54c239:1422
883217"..Last-Modified: Mon, 02 Feb 2015 13:20:17 GMT..Date: Mon, 02 F
eb 2015 13:29:35 GMT..Content-Length: 900..Connection: keep-alive..Con
tent-Type: application/pkix-crl..0...0...0...*.H........0N1.0...U....U
S1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..15
0202131742Z..150212131742Z0..h0....X...140427081922Z0....v...140618150
003Z0........140429180917Z0........140709194633Z0........140416233935Z
0........140521155053Z0.....)..140617185515Z0....Bf..120627171053Z0...
..3..020515130611Z0.....#..140606204021Z0........100729164439Z0...
<<< skipped >>>


GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "ca431ddad8f46a13fa9203178d54c239:1422883217"
Last-Modified: Mon, 02 Feb 2015 13:20:17 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Content-Length: 900
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150202131742Z..150212131742Z0..h0..
..X...140427081922Z0....v...140618150003Z0........140429180917Z0......
..140709194633Z0........140416233935Z0........140521155053Z0.....)..14
0617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..140606
204021Z0........100729164439Z0........140606222139Z0....%...0205141811
57Z0.....g..150202131742Z0....S...140423105438Z0........140725020038Z0
........100729164732Z0....M\..140430000442Z0.....-..140617185011Z0....
uU..150118022133Z0....V...140624123102Z0........120627171025Z0........
100301134531Z0........140618143256Z0........120627171017Z0.....>..1
40711125531Z0....[...100730213120Z0....j...140226123519Z0...*.H.......
.....[....#.x....UL....U...rU.{.0.....I...7.x.{....V......Ji... Mx....
{...w.a.&...v.1.....b.vWD..J7/..G.GM"6.H..\..7.u...............HTTP/1.
1 200 OK..Server: Apache..ETag: "ca431ddad8f46a13fa9203178d54c239:1422
883217"..Last-Modified: Mon, 02 Feb 2015 13:20:17 GMT..Date: Mon, 02 F
eb 2015 13:29:35 GMT..Content-Length: 900..Connection: keep-alive..Con
tent-Type: application/pkix-crl..0...0...0...*.H........0N1.0...U....U
S1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..15
0202131742Z..150212131742Z0..h0....X...140427081922Z0....v...140618150
003Z0........140429180917Z0........140709194633Z0........140416233935Z
0........140521155053Z0.....)..140617185515Z0....Bf..120627171053Z0...
..3..020515130611Z0.....#..140606204021Z0........100729164439Z0...
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1697
content-transfer-encoding: binary
Cache-Control: max-age=535144, public, no-transform, must-revalidate
Last-Modified: Sun, 1 Feb 2015 18:08:13 GMT
Expires: Sun, 8 Feb 2015 18:08:13 GMT
Date: Mon, 02 Feb 2015 13:31:39 GMT
Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 C
ode Signing 2004 CA OCSP Responder..20150201180813Z0s0q0I0... ........
[email protected].!......Q...==d6|h.[x....7..`..........cV.!.....201502
01180813Z....20150208180813Z0...*[email protected]....#...q)
D....C"BZ..o.gI....1.!.6.vl..o.....6mD(/a'H..fA^..|0WW...b?w?.1.K.<
.-....4s..^y.oY.....s/.W.o...tg(8eQ..1>ZVv."...&i.>b.w...s.....Q
@.X..$...z]8W....?.Y\.V[...q.ou.&H:..F.....i.K<.G_..VA5-.Hg.i.....3
(6. .........U....Gw...0....*..X..v.....0...0...0..{.........[..I|....
.Zm..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U..
..VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisig
n.com/rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140
428000000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 20
04 CA OCSP Responder0.."0...*.H.............0.........Y....h..@..>.
....%.-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l
.....f..;]s!.\"v...|....][email protected]. ..W..
..n..*..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....&l
t;..6.....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%.
.0... .......0...U...........0... .....0......0f..U. ._0]0[..`.H...E..
..0L0#.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.sym
cb.com/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>
q..i1o...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..w
o......E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|..
<<< skipped >>>


GET /download/config/down.php?pt=bxk HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.yac.mx
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: ngx_openresty
Date: Mon, 02 Feb 2015 13:26:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.17
Location: hXXp://dl2.yac.mx/download/dl/yet_another_cleaner_bxk.exe
0..HTTP/1.1 302 Moved Temporarily..Server: ngx_openresty..Date: Mon, 0
2 Feb 2015 13:26:54 GMT..Content-Type: text/html..Transfer-Encoding: c
hunked..Connection: keep-alive..X-Powered-By: PHP/5.4.17..Location: ht
tp://dl2.yac.mx/download/dl/yet_another_cleaner_bxk.exe..0..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=409990, public, no-transform, must-revalidate
Last-Modified: Sat, 31 Jan 2015 07:23:00 GMT
Expires: Sat, 7 Feb 2015 07:23:00 GMT
Date: Mon, 02 Feb 2015 13:31:38 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015013
1072300Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.eR&.....Y.)..".\....20150131072300Z....20150207072300Z0...*.H........
.....KX.GuA..j...RU...6.1......?J:D....- J./.]....A(L..H(.. ...V..^.d.
x..W..........7Z)]..{.V}{..1l.1...7.*.?.....\2V.....h/........7_7,|.2.
.\....L..|[email protected]........</..F-.v..y...E.c..L..b%.Uy...b.X.
.|`.....6%U..r#.L........w.p.qd^.....Z.8t".........9.M....0...0...0..3
......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSi
gn, Inc.1705..U....Class 3 Public Primary Certification Authority0...1
41202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corpora
tion1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA -
 G1 OCSP Responder Certificate 30.."0...*.H.............0..........'..
....Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; ).
....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p.
.^|o....S..v.).)[email protected]#qh...u1T.].G0.]E...=._..
.... ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. 
.e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. ....
...0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0..
. .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$
..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D..
.........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,.
...
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=489913, public, no-transform, must-revalidate
Last-Modified: Sun, 1 Feb 2015 05:33:16 GMT
Expires: Sun, 8 Feb 2015 05:33:16 GMT
Date: Mon, 02 Feb 2015 13:31:38 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015020
1053316Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150201053316Z....20150208053316Z0...*.H........
.....|eBd.................(R.4...g..z8...!....I..%(Fkn...l.Ua.4.....U.
...$.d7..Ft........((.......W........[....P................p...W.jpP.d
l..%CqW...\..X.._.D[W..7..1...v.6..........x.]kH..mt.1..5..&0...O(...x
y.xU....nP[........]P..^Tx...S)J<..E'..D...i0:...h-...#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>


GET /pub/firefox/releases/34.0.5/update/win32/en-US/firefox-34.0.5.complete.mar HTTP/1.1
Host: download.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=900000-1199999
Connection: keep-alive


HTTP/1.1 206 Partial Content
Last-Modified: Wed, 26 Nov 2014 16:59:55 GMT
ETag: "4b1e700-2dc5623-508c5f506dac8"
Server: Apache
X-Backend-Server: ftp3.dmz.scl3.mozilla.com
Content-Type: application/octet-stream
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache-Info: cached
Cache-Control: max-age=167866
Expires: Wed, 04 Feb 2015 12:05:58 GMT
Date: Mon, 02 Feb 2015 13:28:12 GMT
Content-Range: bytes 900000-1199999/47994403
Content-Length: 300000
Connection: keep-alive
d,.f.\s..H.vB9..b.I`.b..8%..g..m....x..*.....{....?..u;f....._nU._....
..y q....].~..N...=....c.:..wuz. g...O?....*-..U..,..]u.iE...9..s.gN..
5.A.v....;BK..H.....>.J..T.n.#. .......^:...9.giR..h.s..dX[:..D..3.
..I.`.5..pb.s.-..........P...M.3.,.Z.....t.&Z$nJ."o'.\..O.h.B,Y.......
W.........!<.eu.BWsJ.=...Z.l....~..l'...l..9l|....d.x....Fw.B.Gv8..
..2.XJ.Ed..r...V.J.%.$.~^..N..b.....!..w h-..3.......C[m......R.*/[email protected]
Jg..L.......t.#A....X......D.B.....w.d...$6....8.I....GP..e...o\.UJ.u.
.yX.I....c..<KG..T......L..mT..,7rA..g..".?....../.&...dI......&.. 
.k..p.....s..J\..J..p....!.1(...U...A=.......D.....{.H.....v..5!..w...
....&.s|......=...V...Ig..Dp..@k..*...o".......Q..r..l]u.u/...(.i.....
.(..j........1.g7..f._N..eVm..~...)%.hX0Zm............z.w...R.".^.hI.Q
..nZ@..|[email protected]..._.....(!$....gR..;O.$$#...w.{.k.hB.4.?.
....u.$...&}.......Od.. ....".......;[[email protected]$.n.[...B?n.....
.$.\%2........!S...l.(.k...:......c...h.f/...x..VZ..A..R*~....dHh.....
9...I.m [email protected]<...i.v./-.\-......d..~h..H. ..6.M
..0....Z.A.T....N..K @....j%....U:.^..z...~.I.....F"..J...`.......1F$.
..s.D......x$O6....;r.P./.es4.*......n.{g._.U..R?(......|.....B.......
m.N....p&.Z......*..ZQ..VR..[..8@".1xy.P..........z.n^.<....^...n3.
..1...'Ki../[email protected]..<.M$..2..|.v.n/6...V.
.......lE/......w8-........-R..\e...WA...756.H.]/d.....-......'.......
.. ..4J@.<.S.4....Fu6%...du.iP.....*>........%/..>#..}....._.
..c.b.f..!...D%L...../.......,...o&u...#..1...Ex.k.P.. .S.J/......
<<< skipped >>>


GET /download/dl/yet_another_cleaner_bxk.exe HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;)
Host: dl2.yac.mx
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:30:08 GMT
Content-Type: application/octet-stream
Content-Length: 1999600
Last-Modified: Mon, 02 Feb 2015 09:44:17 GMT
Connection: keep-alive
Expires: Wed, 04 Mar 2015 13:30:08 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......<.ydx..7x
..7x..7_Hz7{..7_Hl7i..7x..7...7q..7s..7q..7y..7q..7y..7Richx..7.......
.................PE..L....l.K.................d.......B...3...........
[email protected].................................
..............`...............i..@....................................
........................................................text...@b.....
..d.................. ..`.rdata...............h..............@[email protected]
...|[email protected].........................
......rsrc........`......................@..@.........................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
......G..H.P.u..u..u...|[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 413
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:27:29 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferAccepted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"clickmein ltd/vuupc winsoftware/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:27:03 GMT
Connection: close
Content-Length: 0



GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAaHMqBTgR3n HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Jan 2015 18:59:27 GMT
Expires: Tue, 03 Feb 2015 18:59:27 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 239408
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015013
0010229Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...2.S.......20150130010229Z....20150206010229Z0...*.H...............e
.r.s..w`.l.4.....)..d..9.h..(..|.v.........L.s\..:.0r.o..?.A.q...LZ...
.T...-........)}...p.ji..t.....p.eiZ.....fb.....`..j........#.y.qi...M
...-..[.q./.s....d..R....AzYT....iG.C(...7...z.G..............x....f..
.._Q.3o......IR.:.K....''....D....[.... j.P....


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCE96rdqtj60x HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Jan 2015 18:46:19 GMT
Expires: Tue, 03 Feb 2015 18:46:19 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 240196
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015013
0010758Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.Oz.....1....20150130010758Z....20150206010758Z0...*.H.............4..
K....Xw.\...,E.................w.\0F,.I9.>........R(e6i5&e"4.....k.
(/uT.....}......w. uj{ }......]z.o.....C.........:....'........U....v.
.X..Y......g........fE.3..x...Y..._H'<....k.....r:..v..u..q..T.0...
......9.d..I.b..?....pQ.u..;..R..j......C....v..KHTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Fri, 30 Jan 2015 18:46:19 G
MT..Expires: Tue, 03 Feb 2015 18:46:19 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Age: 240196..Alternate-Protocol: 80:quic,p=0.02..Cache-Cont
rol: public, max-age=345600..0..........0..... .....0......0...0......
J......h.v....b..Z./..20150130010758Z0k0i0A0... ..........j.....p.I.#z
...(~d..J......h.v....b..Z./..Oz.....1....20150130010758Z....201502060
10758Z0...*.H.............4..K....Xw.\...,E.................w.\0F,.I9.
>........R(e6i5&e"4.....k.(/uT.....}......w. uj{ }......]z.o.....C.
........:....'........U....v..X..Y......g........fE.3..x...Y..._H'<
....k.....r:..v..u..q..T.0.........9.d..I.b..?....pQ.u..;..R..j......C
....v..K....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCG+vFYDQCqlf HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Jan 2015 19:02:21 GMT
Expires: Wed, 04 Feb 2015 19:02:21 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 152835
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015013
1130122Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.o......_....20150131130122Z....20150207130122Z0...*.H..............23
._.pz...3.t.U...sYYP P1..y...:U..FP...?..[v..M..Y_.h.....Xg......3rE.l
..=Y. m.......u)m.I.;....=.S`/....`...ee ..........=...V.=/.f,z.?...a.
*x..b.:.....J.e.l6<.y..".nj...?.........?....W..p........W.n.5v..5.
O^.E..=G..r...~f.y..Hc.......Of..1.....1...l.{HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Sat, 31 Jan 2015 19:02:21 GMT.
.Expires: Wed, 04 Feb 2015 19:02:21 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Age: 152835..Alternate-Protocol: 80:quic,p=0.02..Cache-Control
: public, max-age=345600..0..........0..... .....0......0...0......J..
....h.v....b..Z./..20150131130122Z0k0i0A0... ..........j.....p.I.#z...
(~d..J......h.v....b..Z./..o......_....20150131130122Z....201502071301
22Z0...*.H..............23._.pz...3.t.U...sYYP P1..y...:U..FP...?..[v.
.M..Y_.h.....Xg......3rE.l..=Y. m.......u)m.I.;....=.S`/....`...ee ...
.......=...V.=/.f,z.?...a.*x..b.:.....J.e.l6<.y..".nj...?.........?
....W..p........W.n.5v..5.O^.E..=G..r...~f.y..Hc.......Of..1.....1...l
.{....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCC0gVOkA+hgL HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Jan 2015 18:46:18 GMT
Expires: Tue, 03 Feb 2015 18:46:18 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 240199
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015013
0010410Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.- T.........20150130010410Z....20150206010410Z0...*.H.............(X]
$......... ...##.......ZYdG.g.C.).... @Im&.&.HG, m.[...s...KP.K....f..
.D.$E.}N...........dC.).s._q...c..J...,.w|/.I0f...eu(...&.0.....{%Z...
....xT.....l...Z&]"......[?..\.....h.#.q.Jm....-.$o....u....v.e.Y.o.%]
...i{...................w...w.VC...K...2.....



GET /tm13767.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: tag.navdmp.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:29:34 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 25 Nov 2014 17:36:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 03 Feb 2015 13:29:34 GMT
Cache-Control: max-age=86400
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Set-Cookie: ac3=1;Domain=.navdmp.com;Path=/;Max-Age=31556926
Content-Encoding: gzip
ebe..............]s.6...B..K....4M...Ir7..5M.......%..j...$..g........
)qm7..l$.....@...<.......x..A.n.yWemQW......i.Est.x..i.<..;^.sZ6
.jk.u.F.y..E5j.........*K..jm.b..._l3BP]..e7.;....cN.......-/.E..n...k
.z5B..u.Z..?...Y}..fK..m..j......5.t.Z.....O/..0.:...Y.I.....&[L.E.d..
A..W"..H...ox..........`c.....9v............F....z.....-...t.M........
`.....H.....cM..k^CG ..z.. .......d.4.X*.).LH>!.....].E.3A.4O.j}A9O
'...G7E..7Ge-.8Z.M.......KZ.....[.]....T ...gb....m...l..^.g.........V
b..)..[3..UY......P...LG.CJ....l...N...I,z....k?.......[.....l......p6
6.....V.......V.jH..........H.....Y=..u.(.,?........1mG....#".G.;.....
..X..5(.o_]H....U.r......;..l.N..{.Hg.......Z......K..|S....v..'......
.K....f....T..7.ah.>.....z.....K h/F.....N.pf...[tf..o.r6... g.....
..;.E..".F.Y..J...z..m.....%wN.6A...:R....5..a..K.......(;.Z4.5vu.{.x.
.].. ...d...hZ*C.. ..H..............9.sb5t.t..8Y...n..aK/.....=.....i.
G)...'.o....}=E.Zs.18.1...E...&.....YQ70..O.~....;.....I={..JB7..tCZ..
..Ne.p.Y....NU.p.g..:.8.i..I/...Y,.o9....mL..K.........%#.i....r.....W
e~./... ..(qmz4...........@[email protected]
...LN...g..)...............AD.W....vd....AzCk;CR......L.. .G.P..L...,H
..K`..$'Ad...I|0j._.T.9.. [email protected]{.................y.~.....m@5..%.}..e..
.lv.....l=..M..;.. ..=Y....`........A.4P.h.C...].V.D%#...&CF..!.||.m.C
....;...i.....Q...X|..6..<LA.cr...l.v..N...?4..\.T.......^v5.....Z.
.$..3.[..V.]E..i..L..&....... ..E....\..}..Nc...#.t.0.....D...zO X.\l.
u.Z..r!...7.#b.a....."p..."g..".......f..c.x....k...a.#.... ...*..
<<< skipped >>>


GET //MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQdI2+OBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.godaddy.com


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:31:48 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=122069, public, no-transform, must-revalidate
Last-Modified: Mon, 02 Feb 2015 13:13:22 GMT
Expires: Wed, 04 Feb 2015 01:13:22 GMT
ETag: "160a123da41615f8965c9084d6dd6637b30bec14"
Content-Length: 1853
Connection: close
Content-Type: application/ocsp-response
0..9......20..... .....0......0...0..-...0..1.0...U....US1.0...U....Ar
izona1.0...U....Scottsdale1.0...U....GoDaddy.com, LLC1-0 ..U...$http:/
/certs.godaddy.com/repository/100...U...'Go Daddy Root Validation Auth
ority - G2..20150202131322Z0d0b0:0... .........#o..K......#..... ...:.
...g(.....An ............20150202131322Z....20150204011322Z0...*.H....
.........`. !..I.....~m_...}.t..[..,.aI .&.......Rb.t......-....-.....
.<_...4...m'..FlR~..V>.."bCN.T....lU..#.6?..a..^..... ..Hc.. M.m
.. L.N.....S./DF...,..;.i..p.o...=.....$..n.?............x..o.&..H..u.
...#P.....jS`}.........]>..nS.q....|.......T...w....{.nVY..7.....0.
..0...0...........0...*.H........0..1.0...U....US1.0...U....Arizona1.0
...U....Scottsdale1.0...U....GoDaddy.com, Inc.110/..U...(Go Daddy Root
 Certificate Authority - G20...140401070000Z..150401070000Z0..1.0...U.
...US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy.com, LL
C1-0 ..U...$hXXp://certs.godaddy.com/repository/100...U...'Go Daddy Ro
ot Validation Authority - G20.."0...*.H.............0...........~.....
...l&nbOp..|%..T8..v...p.........(..........|...L..d3z.......)..."y1U^
N.t...].a..v...d.$3H1T_.;.<~.*o...VWC....u.....{.7.8*Y...J.9.l.Ur..
2-.2.v....0E...d;cJ...5I..3.5.........R..^.c~O% ..)...P....H;.../.."c.
.{.VG...?...h...b3... i......-.B.Q%. ............0...0...U.......0.0..
.U...........0...U.%..0... ......... .......0...U.......v6Q.lE3c|l[.`.
.~.[.0...U.#..0...:....g(.....An .....0... .....0......05..U....0,0*.(
.&.$hXXp://crl.godaddy.com/gdroot-g2.crl0M..U. .F0D0B..`.H...m....
<<< skipped >>>


GET /adex.ashx?google_gid=CAESEHiyFVHopUq83ZfWFx4Ki0Q&google_cver=1&google_push=AHNF13JR99gZ9cyLWwuDb69fxz0ZedTFwWUd9_acUw HTTP/1.1
Accept: */*
Referer: hXXp://cm.g.doubleclick.net/push?client=ca-pub-1712420989769758
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: aep.emea.mxptint.net
Connection: Keep-Alive


HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: hXXp://cm.g.doubleclick.net/pixel?google_nid=dt8fb3he4rk&google_push=AHNF13JR99gZ9cyLWwuDb69fxz0ZedTFwWUd9_acUw&google_hm=UjM2XzY2RkIxQUQxXzNDOTJFODNF
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Set-Cookie: mxpim=R36_66FB1AD1_3C92E83E.21; domain=mxptint.net; expires=Thu, 02-Feb-2017 13:29:35 GMT; path=/
Date: Mon, 02 Feb 2015 13:29:34 GMT
Content-Length: 275
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://cm.g.
doubleclick.net/pixel?google_nid=dt8fb3he4rk&google_push=AHNF13JR9
9gZ9cyLWwuDb69fxz0ZedTFwWUd9_acUw&google_hm=UjM2XzY2RkIxQUQxXzNDOT
JFODNF">here</a>.</h2>..</body></html>..HTT
P/1.1 302 Found..Cache-Control: private..Content-Type: text/html; char
set=utf-8..Location: hXXp://cm.g.doubleclick.net/pixel?google_nid=dt8f
b3he4rk&google_push=AHNF13JR99gZ9cyLWwuDb69fxz0ZedTFwWUd9_acUw&google_
hm=UjM2XzY2RkIxQUQxXzNDOTJFODNF..P3P: CP="NON CUR ADM DEVo PSAo PSDo O
UR IND UNI COM NAV DEM STA PRE"..P3P: CP="NON CUR ADM DEVo PSAo PSDo O
UR IND UNI COM NAV DEM STA PRE"..Set-Cookie: mxpim=R36_66FB1AD1_3C92E8
3E.21; domain=mxptint.net; expires=Thu, 02-Feb-2017 13:29:35 GMT; path
=/..Date: Mon, 02 Feb 2015 13:29:34 GMT..Content-Length: 275..<html
><head><title>Object moved</title></head>&l
t;body>..<h2>Object moved to <a href="hXXp://cm.g.doublecl
ick.net/pixel?google_nid=dt8fb3he4rk&google_push=AHNF13JR99gZ9cyLW
wuDb69fxz0ZedTFwWUd9_acUw&google_hm=UjM2XzY2RkIxQUQxXzNDOTJFODNF"&
gt;here</a>.</h2>..</body></html>....
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 398
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:27:16 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferAccepted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:50 GMT
Connection: close
Content-Length: 0



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 427
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:26:50 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"RequirementsCheckSuccessful","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"clickmein ltd/vuupc winsoftware/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:26 GMT
Connection: close
Content-Length: 0



GET /infv3/index/2626/bnd/6.3.76.1516/a9409109ac27fbf6a1a384586cc86a75 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.inisxriy.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 02 Feb 2015 13:27:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.14p1
Location: hXXp://VVV.inisxriy.com/files/zip_r3/2626_399a97e50550d6deb3e2c990ef14e83b/1.zip
0......


GET /files/zip_r3/2626_399a97e50550d6deb3e2c990ef14e83b/1.zip HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.inisxriy.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:27:49 GMT
Content-Type: application/zip
Content-Length: 2157240
Last-Modified: Mon, 02 Feb 2015 07:37:40 GMT
Connection: keep-alive
Accept-Ranges: bytes
PK..........BF0..C............460.json.....K.......w.........L@.\...q.
..%.v..Q..~DO.M.|.Wj.d...k......w...a213;B3..M..)....}...]...e...8.i..
...B....H....(p..8..J.._y.....W".oC...r...,..X..EZ.,.].})..]ET.../#Q..
^......@x~.......NZ........:i].\..m.....z......CK/.b.3y......6.MyVq..i
5._.^1.......o#p..=.^1.........7y.D..}....s..I.w`k..MU<.<..~....
.....#.Q-..v^7 ..J...*.>#..g.o...BY..F..[U.....6.MyRx.G=\....<wj
.y,*.L_z.q.!D..*.).N..=.>.....g3.ol..Q.#[email protected].#..z......\...Xt{
;.."......U.....M=E.k}.0....g.`.$SaH...u.CG}....L.6(Q...6...-w.. ...f.
..........i53a2S7DPK..........BFm.i*.....<......uninstallDlg2.xml.[
[email protected][email protected]{-.m..%.V#.*E.......(...X..6Am/..(.<.&
lt;3.........e2...XN......b>.X...gd.LQ..Dp6..Xf..^.....c..;....m...
..k.....e.... 0b3.'j&..E"........_.$..._A#.t..>[email protected]$..R2g...M
.pb.h....... .K.. .u...;<X.u...y.Q.6.......k.or.....I...DP5..o.P_.{
./...6ty..]~t;(.s..2....\.%4.....Y..O.....v.....O...M2...z.9.....-....
P.I...X...r.<[..8. ..=....8...h..........&..:."I.PY....t.NV.<..?
]......0...dI...X....(.P...6.....r......z.~/@.H...w#.^................
...~#[email protected].;....SS.w......$..3..a......!..Bb..e.1...c.
.A*.6...l...)..~A..6......r..*c..`[email protected].....
.r..,...`.,#..V.?0...&.... r.Gj1..../X<[email protected]$.....V..~....X......3..
........y2b..o.#.?U...H......7....S....../.y.)dB..4.....K.eJ..H......a
-.....`....v./"......[..........Dwb..2...6S  ....U.6S./....6J?........
%.n...A..R. .\.....=Dp......6....z0.W....Q%..Z.e..H~.*r}T.......U.
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 412
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:32:27 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferInstallCompleted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:32:00 GMT
Connection: close
Content-Length: 0



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 401
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:27:29 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferShown","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:27:03 GMT
Connection: close
Content-Length: 0



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 405
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:27:42 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferDownloadStarted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:27:16 GMT
Connection: close
Content-Length: 0



GET /b.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/gif
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 43
Cache-Control: max-age=28881036
Expires: Sat, 02 Jan 2016 20:00:09 GMT
Date: Mon, 02 Feb 2015 13:29:33 GMT
Connection: keep-alive
GIF89a.............!.......,...........D..;....


GET /2014/05/14/14181700895757-t100x100.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 5089
Cache-Control: max-age=30366727
Expires: Wed, 20 Jan 2016 00:41:40 GMT
Date: Mon, 02 Feb 2015 13:29:33 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................d.d.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?........
.p.g.> ...>.j.....o.......H...1..X..8..eAP......I.CP.y.....Y.;..
./r...Q.Q....O.K.gi&....;....f...q...6...B..Wv....?...,F#.).N.vW.#....
.....E#.......v..i.._.R> ...I{...k.......U.#....g....4....)........
....L|J.........K..;\M.}^..........;o.i.._.R> ...I{...h........E#..
.....v......../._r......gk...1. ..G...)/...........|A.........><
6.F[.......?......RTh......U.......c.W....?.R^.........B.5...%....H.U.
....V..R....H.f.=2.Xv ..0.qIJx:..,...EG.Z....~.....a..OG..?gm7.p....._
O...\.;....I...GS.k... .G...^..|(.a.........nT..5...?* ..w..8..R.o....
~....j.ucy[W....b..i_...5...[5q>CW.~...i.h..m..x.T?.......,......W.
..... R~.^...-..>.>..]k. ......p#...c.(&.B?.....<..5.q...'...
R......P...1.u`......S_`|F......^$..W..n.....I.hZ......d..... ....{...
..xJ4\..y..&......S..u.(A.....~I.5...z|k................b...R.W.?.?..o
.x.....^)..3a..Y.d.^[email protected]...'....v.*../.O.5...:...-.. .e........
<<< skipped >>>

GET /2015/01/31/31134830489132.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 66278
Cache-Control: max-age=31532570
Expires: Tue, 02 Feb 2016 12:32:24 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..9.j.|C
$.hU.............^..].cs..U.]..5.3.H......Pb:.l.m..$.......o...;n...I@
...N..ou..:J...RPPQ.Ti.5::.Gn.:(..:(..............W3.?..:...6.F..EZ...
.r..^.$..%..M....... -.z.o..$m...h...P...#m.......Q.....Q%.PP..j7..(..
..)..?.=M.n..ej.0|Z.W<=...S.R.2...v..bwG..QC....8....F...-...}.._..
z..t.zl.?ybVj........%m......N.4Mo.....s.}....7..k.x..m...Vj...2D.....
....9....2...V...H..&.l.....Y>.........-lX..d. .........JR.1.*....G
...........kQ....]'...........3m.ib.....K.'.,.jy.b.s~-..!..Z.,...-....
Yw:O..l..............yM.........u}..[..-.{v.....^..x.J_..e.o......6.k.
..>...\.....;}y6.m*v........... ..i........ .....j..........j...G\p
.<........F.~.kE...>........n...{j..[j.k...j..wuZ....o.u...ur...
.B1<...z.r.QY..[...mUf....2..n_.Z.....|.dm....FU...?.V..7.8=7G.....
.>..O.Y.fZ..t.>k.6..m..'...........wV......EY..D.....j......z./.
.ZS,..,.......~..^.D{8...6......Wi..]>......w..~....W,..kz.8.s.
<<< skipped >>>

GET /2015/02/02/02104345431099-t474x237.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 42158
Cache-Control: max-age=31534359
Expires: Tue, 02 Feb 2016 13:02:13 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.....i..
f...?^Yf...4Z......H....Z.}.-..Y5..X...X.K.>...zF..6...].....>.|
wO..18c...9..e...\...|.<V.n...=. ....}..*e...G=J....#.O.MgQ......Z.
R..../4{{.L...w.$..q........:....}...2/.b,..{o..g.....|3g..kq......i.X
$e._i....H.>.?...W..f..Z|.....kO....KS..*.G.^.~s.m?M.......cm....m.
...A..{u....h..z..#w..s.Us....Om...8......i..cS.....{..n.t.)...3e3..~.
".?........o...........i..B...q34n.<.......?d..O..0.=.....F.x..r...
mu....7....%..whZ<.....J9M8../.y.,T....CK..u..6.......P/..1.j.}.s].
S".Z..0?.....P.;.k....&.O.Rj.P..rL.......9.. ..t_.Gt.{..go.....4......
O/.....&p........[iq.iWR.....H.K..!..W|......1..s^)=........;..f.?...l
........RmOR./...<J...}......=......./P.....}..g..#V...3..$R.#.3.Y.
....S..\iM. ?....~-..._.;.o.....C....*;/.OZ....k..2.....h.l`..-..i.G..
. [email protected]...?*.Z.......vQ..;.7^.............$d.s.s^..K.....x.N. .
Ky...\.m,.NF0x&.o.......U..U.v......_YxC.....`E...[.rp6...S. S.d..
<<< skipped >>>

GET /2015/02/02/02104524460102-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 16038
Cache-Control: max-age=31534332
Expires: Tue, 02 Feb 2016 13:01:46 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..^.....
$. x........7.....fa.#B..j.._.......j......= n.....*M6_;v...OLt...kT..
G.........f_......)'..m..MB. ...&>Tw....G.j...c.w3.i.....Z.....;W[.
..i:....7w..p.Z..].. ..hI.....$....V..w.fxw.^..L.\....&...{W._.C.....Z
...<@#8...=..3...._....cL.......C.>8....kv.}[email protected]...
....b6....?.g.<;.FG..|...Wx...y...|%-..........8..!Y.f$O$.i.....J..
.Cn.~.......N._aOW../-z.u....[..X.../..c...[.k0.7....S.j......K.....ty
....~&.O..K}c4Z..'...r..,......=.Oh........<I..P ..e.Y.xf.r...m.uy.
.g9.6.)..%w~......_....../.....\qr.......\1._?,...l...XZ..^...g..?..5.
..;.Ep~$.kI..} ......._...._.o|A.;.7..."....1....3.]F...~......m......
u..~4..=sK.K..[.,.mf?<...)..#..#._U........t....J.t<...My..q.I#.
.z......K.i.y...A..e|.........H.A.K'..G...,1........W]OL.h`[...LS...9.
]X...H.j}o.s...B.i....?.5....h...?.>o...~..G....Gk...............A.
..`......?..|..e A........,fl.U.......[.=..T3^l1Z .g....a....m....
<<< skipped >>>

GET /2015/02/02/02112915295231-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 7957
Cache-Control: max-age=31536000
Expires: Tue, 02 Feb 2016 13:29:34 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...Hx.:.
..jhm.....N.....ex..{..;~?..X..U....\.B?...g.X..'..5b L..P...V..q.z..k
........i`..9...A#.....m...'..........F.....y.G.&8......./k..O......&l
t;...0.k.,d........|%.5..x?.^..6.........bq.F..T?&7...x..........\....
.L....6.nE........0|.t.{...M...<O.\2..........x.....q}..b.I...0?..#
..r.......EUs...,.k..t].K.?..>8.Q......Z?.?............<].6.._Z.
..M..7...&.).p..n[......G\......`....JY.h|{.=.I......3?l.....-....|q..
|...4../.Ig..R..]h.....5..~j... ..:.\].G.....).ok..T.]... ..gx....^s.X
...sXG.....`....k[.......x..W._...._._..k...|a........G.P1.......".U.M
.;].tV7....cQo........~.A?30.......p.".s..8.o..Y..)O...Y...g....W.K.7.
....W...6.>.....j..NF..@^.g .c$s..o....c.............x.....3_.....t
{.....a.Gx..}.n......g........z....Kku..-........F&.t%$..)6:.8\..k....
5..~?..A.mcR.|E.\%...X\5....~W...X{u... .e.A.....z...C...6.qgymqgyg .q
o2...D%Y.O!...{.............|A...k. ./.C..[.R.aH~.t...d*.(fl..2I=.
<<< skipped >>>

GET /2015/02/02/02112042690211-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 14130
Cache-Control: max-age=31535517
Expires: Tue, 02 Feb 2016 13:21:31 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?......m.
......9..a.IG.....}..../....kqkt..z.. ..........?.......Ux.,....g.....
...?d......[..eqj..."...L..G<q^Uf.M......_.G.]7...1[..Gy.. 8*X.....
.Z......K..$.v.x..U.<Ioj...!e...r......|p...q..j9..H-$t..F....=]...
....fXt......i.>._.......W...8.=;t.C...=|l..;x..@*~lz.....y.5.....H
....X.....@.<...G..~.[..^C..r.o.......bu.w.&9.#..n.9q..yw;0.o.%..V.
.P.sn...VL..._..kE.[i.ei#U.y.$.g.....4o..z...5U..#.. ......z?...h...3.
...4W.GHÃ~....e .y....q\1.M;..*`)N..s...k..E.~.......K...*.8.:}..#.T
..*..n1...1.....s_]K...q.H.......=.O.....CX.L...h.R..........^.....k..
....G<v. E..7Zr.3#\.)....5.f..........x}..>.%d.......IV....f.. F
.^.<.........m..D-sn.......q_.....<'.......;...?..1...U....$]...
...~[.............8..s. c.1.q_...>.x?._.t..Cgkw.k...[.9.V..8B.0. .E
r..8........JOs.r...n.u>.....q..Y4......?......x].....teH.8..^Uw .f
G2.......h9'...<W...U..i.E}...=.$.....,}.(..m.L..U.a.......]Ni&
<<< skipped >>>

GET /2015/02/02/02111235343196-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 6041
Cache-Control: max-age=31535026
Expires: Tue, 02 Feb 2016 13:13:20 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...i....
...4..kJ....Y...M3nNi.r)..;[email protected]....|..#..i...Q4....LP..2:......
...=.......Z.N{.d.....n.....i...b....=.aP.y..qP.6EH.9......\f...Z..A.a
x./.d.V...\..f.a'...9.....S\x...;G......uLH.&.`...X..Mzey...|...6q..,.
.=={..jH.n2.x\R...$x.....wP.(#....(..yx5..5.J;Tmq..Z.....i..*...Q.....
s....UV..Lk.)s..i..31.U~.M7j)s.)h..cM.U....#....s1.^3.Li........mK".e.
&......k.......K..;..B[...Kq.T.P...}@1?7..x.....X.Bk.T.U......hIu.\...
?.d..5.>..u....R_.I.8..F_..'..#.]..b.Y...2.......7...{[...zz.......
....M...P...%J6g.I.:P.~^....qR...7....qP.?5...X./.m...9.j....I...}.x.h
]..!p=.W0.3._.4..V1\.........L....Q.j............n$......'......pk....
...<o.5....$A<.8.4..........q..,rI'..u....Y'..i\g9..............
...iS....1.............. ....X.....Pj..,.......o.zY?.....A....t..o..o.
...."....u.E.&~.~ub=FA..-....<?.-&.t............d..m.:O.......5...&
gt;>....MFF?,.......#o.q... _.m......5.q..U..|..1.........[....
<<< skipped >>>

GET /2015/02/02/02104419736100-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 7713
Cache-Control: max-age=31533368
Expires: Tue, 02 Feb 2016 12:45:42 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?........
i.....t.`$..K.oF#.....1..$c..ji.l?.-C.. ..9".c........_...f....iw..q..
.'?....k.n.;ML;.zm.~........}.......<e.wt..[...........s..F......P.
l...iA.1Mq.T...rz.~...p&..).`wm.0......1I.c.......r:[email protected]....
....". ..0....;lVV..}.y.....c.....$P.........$.~5bwV.n.c.]....~c...K..
;z...k..{[email protected].{..YF.j......(. .....q.l.AR.;..
*)\[email protected]....$x........0YT{....[..O>7^NZo.~,d.b.P..u
=. ..?...)..F.........H..,...#..a......g.....`T^c....{^....{ms.q}V..o.
^Z...J.G.j...XF7..c..g.^.Z.)..4....R/...-....i....k%.<A.Mm....^8.K.
..].....' {....<?h.(Y..$xf.Pn,.#......_..o.....>...K:.......m.X.
...v...U...m..clv....C:.._.........4h.......w..)S..xq....'......./....
Q....2~..?<.z..V...L_.........5....X.1n[...s.......Z......oq:.._...
?.)7...g.......]...h.*....~.au`.43.p....9.2.R. .Eu....n.C......5...r,w
.y..Z..... e......j%..?.6z.o.8L....sj5&.Qwo....ms...M.2.<..6?#W
<<< skipped >>>

GET /2015/01/31/31153129756217-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 9912
Cache-Control: max-age=31377715
Expires: Sun, 31 Jan 2016 17:31:29 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...e1..c
Wt..&^y^......^duF.1I....:.......E...zW.F....Yw).W..KPk[..x.5......'.f
U...W...A.Y....6.L.;...8|rO..~....!kYc...._..E.7V.7.y..(9.w...O.k.?...
.?........u...I..[..(....g.7 ..5....c[.)..6...hF.Y...Fz:.....>.....
k.7...0..M.wN]9..2.z.5h.jyS..J..m......>..g.j~....Y..........:^.'..
.........Pi....V-..D.9..b_.3..$v...._.sl..O..G..{SRN.../.......|L.$...
..........o..T..Z..\.....;.;T....$..%Fk....../..Wz...\.K$w;. ..2.FT..r
A.Z..<ooc....i.Co2N<[email protected]>a..c..._.*....X.$...`3.u..H~.nO..
?....n~..O ..!..OS...F|..{..N.y...;.>_6..R.Y.....n.S.Z.ZO...^../.w.
N.4...C,nQ......#....o...$......B......? ].....:.........S.l........2G
......f...E....v.<.'.....C..,6.%.1....P>.F.N.6*Y..:was..{....1..
.......W....... ..R.....8..#.9P:....=..4..Z....O.1..1......'..P;. Efme
. .^..._.....9.4 .9f......Z5..^i....o$WQ...:...W.....C...5....E.....o.
.S-.].#..%.....1..\.>....iv0...R...._.?.....................i..
<<< skipped >>>

GET /2015/01/31/31161003767245-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 10148
Cache-Control: max-age=31379971
Expires: Sun, 31 Jan 2016 18:09:05 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?........
C....q8....h.4.:.r^...w.sX....z.A.S..o.EG..o....W%q.P...X.....8.e.w.QS
.B...k....o..jd.8....h.s(....]...../J....j...6. ...>.............,H
...p...W./.A.{....C.{...Uzu......];5......>...K.....M..5..t....A.h.
l:......X.m............m'uzw.......5..Zo.4.7....i..X..Y....s.M..r...v.
.....Z...>6..O.{...j............;..B)[email protected].....;_.7.r.C.^F....l..
##88 ..8....=S.A..U\..*.H.=5..i~v..l..GXY.d.{...G.......t..-.......)9.
....b.y....Fk{....7./..b...E.....~..&..............K.\...$..E....~}j..
..wQ.....K...i'w....;.#8.....U.[5.^\.W.&...fe..8'..z...).UgZ..SvOyZ...
..~....].O.K<].....:....P9...ZM...~...q...Z__...............dmo....
d&.......WS.T...57Q..WTV.*.;.>.....e..U..Z....L..El..0..(....>.x
o?......i..7......6..../.!~c..?a.....?.?.~8 ..1_....\|...v.^..W.../..]
.......c._..2..mG.....^....^....."W.O...E....4..q.>...!.[.7.[O.:...
...f.Y..F............D........K._.....W..._...h...n......X...R..yo
<<< skipped >>>

GET /2015/01/31/31130314775122-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 11685
Cache-Control: max-age=31368736
Expires: Sun, 31 Jan 2016 15:01:50 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..L.A.jv
.6.=.......m,.. .(QFK31.T...\...9h>8...n>..I...`....8o..j.......
.....X|.....4....^.^..,[email protected])P.......y.R]#gg&.......
.hJ.E.-.....}......L>....c.:O....k-'..F.....jJ.F.....h.5.m....eX.T2
...`......'....Px..9..1.9...g..,..<5.9...|].k?...Q....h~..hp.Vh.H.K
j.@h.#.,..*.....w.<iV.qR..S.D...........m.....e|k).....G...6.......
....|_..:.....sJ.....r.u...#....zV.q_.?...lv.c..#Y.E.A....q..-..3....Y
..z....s;.......$.&UP.._......K..|...j...g....q.6;. ir.b.lR..Y........
..q.......d.<..X..o.-9.J..r...;4..W>...R..O..l}iEGkw...sA,sC2..H
.2H..A..}EI_.J.......Q.G.f.....Q.7.Z.4].Rh3......]0..Nz.r...*..kJt.j..
.5.FG.NE..4..t.......(....QE..QE..QE..QE..QE.~=.._.;|..#.K.f.....o.;Nw
~x...W........ S.......V..R%..3.\.&.B).(.)......C.el.T.c/.cP.......Jt.
......._W.u....l-.&?.d4.....Bz)........<=.h.~......U......}.Q D...3
.,1....8;......l.S..30........v..M^..u..)/...1X. ........vJ....gf.
<<< skipped >>>

GET /2015/01/31/31112647804063-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 14367
Cache-Control: max-age=31363001
Expires: Sun, 31 Jan 2016 13:26:15 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?........
 ..#...X..~-.e'.:.&X.s.....y.s.i~....S......>.....C.[(.8.c..K....Ru
pd....=.J.O.'.....z....O1..K..R..`qV>.|i.|u...x..Z..O...ma.........
8..!UP.{.c..P.8.-|C..2X.S...$.ZJ.....oWm/..:0.|..l.....B...K.....~....
....i...H.....e3d.M,...(`.....!K...O.G....=.......j.8.}....u. ..tH.]..
=.).<0..!...o.;....../.4..[j.t.e.......... .F.w...5...........[C...
.5..?I.#o.O.....2l...69..H..e..3.R.o*...x(..6.....Y..9...]....|w./....
.4K.....T.? .h..}.Eu....> |Z....V.k^........}.`F.......^.d0......Zx
...s|?....x......g8.'.....V.....#..:8.....?..............V.O...%...U..
...k.....5`..L=.T.r.RV..=-....6.Q|....o._.NO.|..\....b=b.%{.--....$ .'
p.7.G..]..?...x^.M...}..f..-....76.8.q.(.........d..C.....T.Z]a.B.r3..
'.#..~<x...'...$....P..m.#.$.3$...K....0.....t....Y.Pu'...$.}.]....
4'J ....#........(.Z.Y.....C.fkU...x.U............_<.......e.......
............n....$.-.v..E.......>".w....f...j^......>..&.o%.
<<< skipped >>>

GET /2015/01/31/31103035138032-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 8148
Cache-Control: max-age=31359618
Expires: Sun, 31 Jan 2016 12:29:52 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.......K
c..Y... ^Tc...(...3.(..T..(..9Ps0..(.A...(...3.(..T..(..9Ps0..(.A...(.
..3.(..T..(..K..3.(..6.(..;.[..W.......?k..u.....xd1.kw..NGT..38..(...
p....,.<^>..N;......]..nO...\Tpy}'R..K.}.][.G.SL.........?.$....
.q>[email protected]=.1.5.zO....6.....-g....J...Z.C1.Ae..8`.......
Ei?.'.~.....j.....Ro.Nmz.u}..3.1.d.  }.-~.x..<.W........V.w..K..a..
0.?._$~...D.:...S.[..ex....Y..y...|nC...=.Z../..LeEG..Po....kU..n.._.}
.s..7[.8.........)_.?8..o.x.Z.e.....:]...i.....6I..}...`H#.H.....ju`.R
jQj...i..[....jQ..U....MY..5...R...**.;...2.}..kF.Wd$......<..xv.n.
..X..[[email protected]...?F..Z.)>Z.q~j.E.V.AE.P.E.P.E.P.E.P.A..H..(
.N...9?uK7`.I4...o..G....&.....$...o....I....]..-cn..e....Yk..........
='J.....>%....1.PF..U.. ...b...~...O..:..z....Q..Ky0.&.....( ...W..
4......~..q..Yi..-..Yt?...x...d.R...D.R][email protected]~..?..
..O.;{..i13h......g....Nx....w........5../R...R.g{[.yF$.Tb..z....B
<<< skipped >>>

GET /sd/screenshots/2014/11/211120145427485-t194x97.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 17093
Cache-Control: max-age=31111346
Expires: Thu, 28 Jan 2016 15:32:00 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................a...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..4..<
;...$ex...[..l.v..*.....y.2."y.....5....w..4n.J...........Wv5c.h!.....
f./.. 6..j...u.5.y..d....?...e.l\..>..Wn....Fs.............q.....Gq
..,.vu*_.....3.............Z/..E... X...L^..|.....JI....1.Wa..f.......
........k..e..-f8....b`F..8*O'....{._..~......'Ik.......u$k..~fO ....@
q.3.W...V.....;.NU..[|.......2........Mt[.._^..i.....W.<Q...b....m.
1 .......b...|...T>.x:......?.ilfx'..w..r..,{..k.<)....F......g$
D..K.x...r7..........g.r..?.....).t..2...n.......r3.A.8....e.r...puq.6
V..I.M{..[...v..1..'.ZX......%{i.G....6.ym&....q..?....v...g.j. s....$
.....?...M...k...Lw.....p..nz..G}.o.....;..6.f.?..6Q.....(......#...8H
..t_.oS..&.y{*....#....../....W./.dTX......%.4V$..7...rq_O|....x).n...
KW...BP.~d#.a..d....c?...w.3d.B_^i.i*..o.....$.p].*.~Q......3.?.?.Yi..
.....bj.m..r'.m..6.X....<._.FXc............oMl..;[.....g..u~.hk;v..
...'c.>.~....o.^X..f...%Sw....../.y.O..v.T-cog..w%.!.D..D.~i.o.
<<< skipped >>>

GET /sd/screenshots/2015/01/210120155725873-t194x97.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 12101
Cache-Control: max-age=30490032
Expires: Thu, 21 Jan 2016 10:56:46 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................a...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..;.=..y
.,.g........~...$....F....p...W....O.....~.i.-.|...e.E48..E..P.s....&g
t;.Yx3..........8b..KI.....j.AeV.....C ....?`.....Y...~.V.<..8...o.
.<.c'..q........C.....gO.K.......V...o..5..H..j.F................_.
$........R....i-..}..wV..g..9".pJ..........G.B.V.........H....B.*.....
"(...#8..8....V..~ [.>.....:....eu.I..e....J.....Exx.:.Sth..]>Vz
....N.'(.....GMw..N.=Wg..|..'....~".Z|.7.....n.{.."..Sx`0.6..c...x..z.
..-}.G}q.....w........" *..2..g.^......>3......Z..u.!.e..q....x.p..
.....L ..1...D..Z..S...V....!Z.Gz{y.).. P...q....X. t*.~6.......&.9t..
a..z.........}.mnIZil.f.3....x..iA...1^i.@|4........4}CGv..)z.p.,...DC
-..........5kQ.x....}...B.#M..v........O....[h........g.; ............
B...B;..'...k.N.......7...c,~#..X...6...o9..UP...g..Mc.......f.,..O...
....:........n._.?...T/m.....Y.7.>6F...C.]....;....[..Vm{.E-...}...
4...Z..>....4?........_.s............V.=....d.|..c.3.k.~..~..7.
<<< skipped >>>

GET /b1.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/gif
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 43
Cache-Control: max-age=28880828
Expires: Sat, 02 Jan 2016 19:56:42 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
GIF89a.............!.......,...........D..;....


GET /bxk_v12/logo-nzn.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Connection: Keep-Alive
Host: img.ibxk.com.br


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 1631
Cache-Control: max-age=27949382
Expires: Wed, 23 Dec 2015 01:12:36 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
.PNG........IHDR...d...(......x_C....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:AC156233AE0311E3AC25FC
791834BC1C" xmpMM:DocumentID="xmp.did:AC156234AE0311E3AC25FC791834BC1C
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:AC156231AE0311E3
AC25FC791834BC1C" stRef:documentID="xmp.did:AC156232AE0311E3AC25FC7918
34BC1C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>........IDATx..ZAr.0.5...^ iz.wr.d...".6l
.6.uG.%.v.l .v..2..(S..M.A}..5}nUO,......yc..!....?Cc.......`08..-..8'
..?.>?n....".....y~a....#[email protected].
..c.G..".g.p..x.C.2AX..r..9w....|.Cz.c|..tU.-....^q..s..9.D\..........
......r;....^T.L....(..<v.!...K.?.Kp.,j..)...a..&......rR......5...
Ie!..Q.a.k....'..bc<e.B....#...Opa..3..3."<...).]..~..z.K.OQ...Y
e1..x-..9dJ..e.,.gl...>......fC.'... <...vP.......U:d./.......M.
>.RT..).V..`....U..=r........5x.A..Y....K.qf.6G...e...y."..5...Is.`
m..3c....&%..MC;..%.....Z.I....../_eG. ..9. F...QQ<L......TXNO%
<<< skipped >>>

GET /bxk_v12/bxklogowhite.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 5288
Cache-Control: max-age=28880936
Expires: Sat, 02 Jan 2016 19:58:30 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
.PNG........IHDR...............%....oIDATx..[.tUU..*.X..A...aPG.A..c..
*...... 2*. .EZ..$t."UDj.PCo.C............f./y..p_.^"....Zge.....{.w..
...M..r......6.6wo>.....yeS/.....r...T.. S.G.S.c.M...4.o1...."K....
..=..G.m....[..o.....o.Z.H.yu.%.%....../i>4....3..0.~?......=sqG...
..s.kz..ju..z.O..f^.w.#-o..P...5.d7|..`......._d....=.....".._..&X....
........_...x...~n..}[email protected]..)..l....q.......=K5.7..[.,S..()....
.5V.....,,Fw..G.>]T....1lM.|.K.....;........0g..3wY1yk....`.."t.aA 
/3ni...<s....g.C.....j.......l..b.. ;....{...6...[1o..?..cm...C...@
..]wJ~;U.......7.6...p`K..Y..}6.<*...0}QUm....o.d.._...9t6u..v.u...
)?..L.~GX....q...nwD.......a1Yg.F$O....].r*.ud|vLj.........b.pw.y...gR
.r.do.m<..p..k.U.......0y.....GK.Hp.>i...v.|...5..'V.N.........S
pS.Jl8.....d\.*-.5....y..6...C.._..WEd.Z.,W............I3...J...TI..'.
.....Y{K...........,.I{%...z.9....h..a*,.x<..UZ.J....d...O..x=.]U..
.<...n..........MY..Cxl.y...7....^.5z-.n~e5...h...[.3...."..s..../,
.g....E..V.._d-(...........Ke%4&3......B]V\..VU....-.._.....w...4C?WHt
f............../.K .k.o...a......{.;....D..E.#..-$..,@M.tY.CZm...n....
A.9..n/.5.u.}:i.p.yb.^.......M..U..R....).w.....Q...}..m.......b.A8.lu
......-.....&.rb...L..(....q...g%..vW...a ...p.^[email protected].
..R.[].%O.|...;.'.#.*.*....d...c.y..g.u...X...L...8...t9%/3*5/.BRn....
.G..m..(o...q.!...-?..._8....9....))o......=....O..*......K.,..QO..J..
.|G"y.... ..b.,..b\.....O..C..o..]......E.>0. .Z. ..N..ouK.bV...6..
...?/.0......L...`\..z_uH..I.......[...:9.K4.;...i.....M.[.4....a}
<<< skipped >>>

GET /logo-rex-white.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 3036
Cache-Control: max-age=28881902
Expires: Sat, 02 Jan 2016 20:14:36 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
.PNG........IHDR.......(.............tEXtSoftware.Adobe ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:3CAD8D266B5D11E49783
A7B9537C32D7" xmpMM:DocumentID="xmp.did:3CAD8D276B5D11E49783A7B9537C32
D7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3CAD8D246B5D11
E49783A7B9537C32D7" stRef:documentID="xmp.did:3CAD8D256B5D11E49783A7B9
537C32D7"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>K.k....LIDATx..\..NW.~3c.!....0..V.Re,.
..4T.XZ..T...V.*.].Re.....Am..XK--... ...e..9..../o....O..N...s....w..
.....&...)!.V.n.....n..a.a5a..I......5.$B...........He&..f.,..0...{,..
.2.0.a...7...G..J.a.YA...jN8.=..T......$.&dy....H..Z.b]e........Kh..m\
...../..[.. ..N..w..U.1.......A..Bu1........U..uy..<UI...pr%w.p.F.m
<o.~..bQ.c...l...E....Ty\...E..T.#.`G.?.>jMH.\p..n.B'......B..*.
..\L.w..Q.".>..!...\U..z.XW)B#\G..'...L....2.y.......S...<W. ...
.C$9....n3y...P.v1..(..a..v&.L8IHU...,U....#q..u...|.......B....}x..$.
.B/.,lH5);.....;.6...."....[...&}.I.SM.i.I...B6..E....>Q.~.wU.l
<<< skipped >>>

GET /doodle-rex.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 9853
Cache-Control: max-age=28881992
Expires: Sat, 02 Jan 2016 20:16:06 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......<...../hXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-
c014 79.156797, 2014/08/20-09:53:02        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="ht
tp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.
0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Window
s)" xmpMM:InstanceID="xmp.iid:20951CC16B5B11E4BD9ED5BC4F06C7D6" xmpMM:
DocumentID="xmp.did:20951CC26B5B11E4BD9ED5BC4F06C7D6"> <xmpMM:De
rivedFrom stRef:instanceID="xmp.iid:20951CBF6B5B11E4BD9ED5BC4F06C7D6" 
stRef:documentID="xmp.did:20951CC06B5B11E4BD9ED5BC4F06C7D6"/> </
rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket e
nd="r"?>....Adobe.d................................................
......................................................................
...........................P...............z..........................
........................................!1.AQaq"2..R..B3...#.br..S.4C$
D....................1..............?..7$..OSy... ?.....l".......c.@..
B. .^....,|[..#[email protected]..... .uQf......@.......... K..^.....
.B...........2.#[email protected]......@.......]3.[..r..ysQ....qP..6....
..`Y...k...T.U.....?!T.@6A.....@...@!.".5...a$...C...'....|L......./..
\.D........?....H........@......`/..M{[email protected].,..&.X...H5{.9._.
<<< skipped >>>


GET /pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1422883802301&bpp=32&bdt=38&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=28872627.1422883802&ga_sid=1422883802&ga_hid=58362135&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=339&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=1783566912&eid=575144603,317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=343,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=234 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 02 Feb 2015 13:29:36 GMT
Server: cafe
Cache-Control: private
Content-Length: 36817
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
[email protected]:[email protected]|.?..#...o.v.X..2
.H.....O......@...\S................ ..g..W...'..W...........X7n.c...q
...Q-.og.....;I.......,.tl......U.d.o..~..?.uCd<.N.....*%.Z..0...t8
4]c.%um,.YW...\....?....-....9............r...?^-..D.....b.a.<..V.`
....ou._e.Z.....^i\/.........K.*.h....=od.w...7;. 2.............9..X.m
..WH.. .1....dka.n.....Xc..Y.4.T.HTq,...yhm..q.u...S....\6.B]..c...7..
...W.&..IF..Tww.x:r..^d.jC...{...t........46....?/..:...f'.....9CH.P..
S......$...c/.[Z-.._.$,*m......F~E....,...&.`.dZag[..&.[..cw-.E..g{.1.
.wY..8.=>..v.6..p...c....]{`9.....6.............|.......S..ww.....a
...?.}.*)...ig.rL.9... [email protected]..*[email protected]~.3.....
.9....3...-.j@G".c._..s..F.Y..c/..'-...N..t..O.;.Xn.1....-l.]xi..*..d.
..:$..;.....~.i.X6,.0:..?.._...5....iK...F.) ....E.T..F.I....o].}.R7..
..F.6....o.9......`...Y. .Q..nT..m........Z.c7,N.d..4..>>...x..t
)...(.."......#.tM.J.c$ ....@/.;T.o.....G.Ft...7\.-..%......Us....>
6......lM...E....%5h..SHa......W. .m.rg....YO.H..f... ...4.[../i.p....
..$......U...1.....[.e#.S.~z..`?.\?=c.......S.31.....h2.:....#?^..i9..
r.?33...=..`|T.Pz05...Z...s..o..7............u.i6N....l%D.y..%<....
..!...(]..0....5S%...f...XA.GN.JK**R.X....i.(.....\..n..x.*<./U....
L.8..4rjQ.....70F.....\.e.4..\..q8LBW.D;].Dh..=S.9...I../...)c...r....
..p...NNn.......' 7.S.X.....0Orp..CO.J~u.D...]..y.....*....Q.... p....
..N.<`......,.|>....>30~...b.<.....]`2..$.r......,$...^K..
rE.v....^h.t.#...w.t....H>j<.W6...e......%1.D.......bW..2..&
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEBBwnU/1VAjXMGAB2OqRdbs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:31:58 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Mon, 02 Feb 2015 02:46:20 GMT
Expires: Fri, 06 Feb 2015 02:46:20 GMT
ETag: 0F849D434AC0A8D908463386842F13E8B9153234
Cache-Control: max-age=306261,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp4
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0...... .F....e*F.yG.b.......2015020
2024620Z0s0q0I0... ........m..Lco.>..... _.~..... .F....e*F.yG.b...
.....p.O.T..0`....u.....20150202024620Z....20150206024620Z0...*.H.....
.........j........c}.l.s..V.$....N-d..WD.\.Q.%.B...|k.MKM.n....t0..r..
X#[email protected]...`...(...I....8:..{.d5q [email protected].....
...:)........H3{..k.9b..O.-.....I.oG".,[...E`.........9...4..W...b..01
.....`[.2......].sL}2k....r._..w....:.j...m.;...O.......



GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?b22a5545307b1795 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT
If-None-Match: "0b96c77303ecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Date: Mon, 02 Feb 2015 13:30:05 GMT
Connection: keep-alive
MSCF....`.......,...................I.................,E.Y .authroot.s
tl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......
_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q
.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2
.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\
YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x
%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,
....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.......
[email protected]/"...f.......k..Jm7j....R.5q....Rz.
.!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%
T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m...
_.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..
*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<
;.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|[email protected].._.....7._6...C.0...
A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?.
..........WE.Or..O>..{.'[email protected]}.o:?~....]&l
t;!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..
{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......
q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!........
.`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=..
.f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..
].|......3..y..-./....K..6{...s.<R`.}[email protected]....
<<< skipped >>>


GET /c2/8756095/ct.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: b.scorecardresearch.com
Connection: Keep-Alive
Cookie: UID=120c9bfd-194.221.64.106-1384780341; UIDR=1384780341


HTTP/1.1 200 OK
ETag: "660bd936b3dc78cdaf12e7ba08e44f7e:1360783927"
Last-Modified: Wed, 13 Feb 2013 19:32:07 GMT
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1050
Expires: Thu, 05 Feb 2015 13:29:34 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
Cache-Control: private, no-transform, max-age=259200
..........uUmo.6.. .W(d.PvP`.U.X.}.Pl@.~....)...BRQ.G.}G.v...`.|xo.{..
..t..&....%.=.3.....*k.8..oj...r.q.d]o..9G..9..F=..".qd..uFW..)G..2.#.
./.....>q.T..Q.. .PKkZ..w`...#...d.Q.....eSW...EY)......:...3.Kk.k&
gt;..;f.B;.bDh..2M..c..aHv...dT.q..A.s........K.L.&!....?...q...R.....
............. >.6*.m.n...A..(.W ...N...s.....}.<......*c.!..%Dr.
....\..).my...... ..a...y8.K....1...f.p..&d.Lz0o..E..O.....y.g...5d..y
.7....^.V....v......~..8.e6.B.....Mr........... Q...D......2..=......k
...)O....;.*.....@9it...?a....qlU........H.B..V..\Ex.}.%!... ....0....
F...%.r6x...Y...g...L.7`~.....?...#fi.. 8..e..Y(...|.Y...[2.}$........
...";..>.......\......Va...$.1..[..;.h.(. .>....~.;....r..&..e..
.~M.H....O0...3~1....G..!....).T8.D..Q....g.......".|..#..............
...{_u$...~7C'N......9.GP..r.m..*..(......W.e.....-A.YJ{..!C{\0...`aY)
..a.-g.....L`..*.s}.r...r?v.............(.k4G.]Cg.M.h.@.&.....HI./....
...a.C....z...A.....y.....!.k9..x..,.x......]...7.x...b.;.[.....t.`..G
..n{.I..........h.OZ.K..[.ge.....xK...9.=Z..z.....7.9o6....R..M.Q....&
.....`.P./<.C.^...HTTP/1.1 200 OK..ETag: "660bd936b3dc78cdaf12e7ba0
8e44f7e:1360783927"..Last-Modified: Wed, 13 Feb 2013 19:32:07 GMT..Con
tent-Type: application/x-javascript..Vary: Accept-Encoding..Content-En
coding: gzip..Content-Length: 1050..Expires: Thu, 05 Feb 2015 13:29:34
 GMT..Date: Mon, 02 Feb 2015 13:29:34 GMT..Connection: keep-alive..Cac
he-Control: private, no-transform, max-age=259200............uUmo.6.. 
.W(d.PvP`.U.X.}.Pl@.~....)...BRQ.G.}G.v...`.|xo.{....t..&....%.=.3
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 412
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:26:50 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"RequirementsCheckSuccessful","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:25 GMT
Connection: close
Content-Length: 0



POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 102
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","serviceRunning":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:57 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



GET /SysInfo/count_vn.php?ch=test HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download-servers.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:29:57 GMT
Content-Type: text/html
Content-Length: 45438
Connection: keep-alive
Vary: Accept-Encoding
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
...p..................................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@[email protected]\......
.....v..............@....ndata...................................rsrc.
.......p.......z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h ...Pj.h`[email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>

GET /SysInfo/count_vc.php?ch=test HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: download-servers.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:30:12 GMT
Content-Type: text/html
Content-Length: 98816
Connection: keep-alive
Vary: Accept-Encoding
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......v.<.2mR.2
mR.2mR.]..."mR.]....mR.]...QmR.;...5mR.2mS.fmR.]...1mR.]...3mR.Rich2mR
.........................PE..L......T.....................r......pH...
.... ....@.......................................@....................
.............L[..P....................................!...............
...............8L..@............ ..D............................text..
.{........................... ..`.rdata...B... ...D..................@
[email protected][email protected][email protected].....
.........@[email protected][email protected].................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U.............rA.3...$.
...S... A.VW3...JA.9~.u9h.....D$.j.P. ........Qh.KA..T$..L...h.JA..L$.
...........h.........;=..A.v...$...._^[3.3..a4....]................U..
.M..E.PQjdR..5.....].........3...............U...E..V....dKA.t.V..3...
....^].................U..Q3..E....F..<!A.PQV.u.......]............
....U.......rA.3..E..E.S.E.3.._..............E......E......Q.I)...M...
.QP.........F...........U...WRSP..6...M....3...[.G3....]......U.......
rA.3..E..U..E.W.|...M..E.3..............E......E......Q..(...M....
<<< skipped >>>


GET /inc/v12/geral-201309170947.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: obj.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: application/x-javascript
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 14096
Cache-Control: max-age=26468640
Expires: Sat, 05 Dec 2015 21:53:33 GMT
Date: Mon, 02 Feb 2015 13:29:33 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........}yw.F...;..w...Q@.^..{..ZK.c....;.(....$!....:L..oU......L.
..[.D.........LViT&Yj..I..w.|...../YnE...>>..v .X`......i`Ge.!/.
x..{^N?DYZ...}..;K...K....8.V.(....<..b9OJ..s.I.;....x...<..3...
u.i..\...UX..3..-Ic~.z..~...."[..#.O......E......{...m0.lh:.8i...9/Wyj
.R^Dl....lD.mo....;S.z...X9.O.. N.9K.l.._...'...<.......2..y.......
.F.....|.\...3...Yq...e..]..s.....A....WyS...X!./.|..\.tn.E.Y...9.9v..
-K .y..YB.._..3v.d.d.y......4..|........\qt..M....q......Cw.Y.O..}.\.4
>.%..9w7|^........K...[..._.3...`VL..#..h..v..;.....l._.B..../x....
j.N...:..Iot*....h......f..zVE.<\.`..,.!......I.D......6..l.....K.[
X....E<N.~..q.s?......z ].n^[email protected].|L\..^.....jVG]
..R2..H..;"....H..t5.o........H....vQ.....[..$..2.B...V...^.......z.s.
q.....c$.H..Z.6....&s.vi.....m.m._/...(..e......F..6z.gW.....Ge.N... 4
A......~..o.Y..d}J.Y.^......_....F..x..........][email protected]..........<O
5}..(.xg.S. .....hB..e..RZ........&H.G[.....w.F.....zN..(.-3.Pf...Z..-
.".q...E.....aB.y.T...*q'3.[."L..?.g..>.....J..`.O...d-..Sv.LY..}P.
%........$.....k..d{@... ..=...<X.Xd..W.s .,X..k...d..L`.......JA..
......./........a~>.'i.gI..NB...\&.v!.F...tum.........._..}.. }LA5.
@..5.....s.W"3d.5;O.l......DCj..U..K.3..4j........8..YY......U...I.5.'
[email protected].^..&S..].VA........sz..V...H.7...<..(........
.$Q:[email protected]*.....h.D....Z*.qo.-.D%.p..x...E.....,K.
...W........J.,..1L. 4...Gqri%`.R..1.GsV....Y.m K.y.....3..}...>.b.
.....(.n...S.........f,.4...... ......h.<.-^[email protected].
<<< skipped >>>


GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.ient HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 02 Feb 2015 13:29:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.45 ms","message":"store 1 action and 0 upd
ate "}..0..



GET /pub-config/ca-pub-7019091094896260.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.gstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/javascript
Last-Modified: Mon, 02 Feb 2015 07:22:22 GMT
Date: Mon, 02 Feb 2015 09:40:09 GMT
Expires: Mon, 02 Feb 2015 21:40:09 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
Content-Length: 109
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=43200
Age: 13766
Alternate-Protocol: 80:quic,p=0.02
...........H..O.I.O,..K.O..K.LW.U(..K./..&YS.P]......[P..kn`hi`ih`ibai
fdf....^.T\..........d...S.Zk.....Xl...HTTP/1.1 200 OK..Vary: Accept-E
ncoding..Content-Type: text/javascript..Last-Modified: Mon, 02 Feb 201
5 07:22:22 GMT..Date: Mon, 02 Feb 2015 09:40:09 GMT..Expires: Mon, 02 
Feb 2015 21:40:09 GMT..X-Content-Type-Options: nosniff..Content-Encodi
ng: gzip..Server: sffe..Content-Length: 109..X-XSS-Protection: 1; mode
=block..Cache-Control: public, max-age=43200..Age: 13766..Alternate-Pr
otocol: 80:quic,p=0.02.............H..O.I.O,..K.O..K.LW.U(..K./..&YS.P
]......[P..kn`hi`ih`ibaifdf....^.T\..........d...S.Zk.....Xl.....



POST /log?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain; Charset=UTF-8
Accept: */*
User-Agent: PCSUInstaller
Content-Length: 124
Host: VVV.pcspeeduplog.com

"productID":1,"version":"3.8.3.0","uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","Start":1,"OS":"6.1.7601-SP1","silent":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:32 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



GET /Fan/rebirth?uid=535559167_198339_B48A115F&ptid=cvs&ver=4.0.1.1716&dname=webssearches HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: up.soft365.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:30:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14p1
Content-Encoding: gzip
15............3..!.........0..HTTP/1.1 200 OK..Server: nginx..Date: Mo
n, 02 Feb 2015 13:30:32 GMT..Content-Type: text/html; charset=UTF-8..T
ransfer-Encoding: chunked..Connection: keep-alive..Vary: Accept-Encodi
ng..X-Powered-By: PHP/5.2.14p1..Content-Encoding: gzip..15............
3..!.........0..



GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6c045185724c99c1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..C
ache-Control: max-age=86400..Date: Mon, 02 Feb 2015 13:29:35 GMT..Conn
ection: keep-alive..



GET /eb/4/12164/dc634773cd47817b?rnd=0.703704755870842&fv=11.7&ma=20&n=4f0x1c0&crs=UTF-8&cb=AEP.ads&ccb=AEP.syncCookies HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: afp.nspmotion.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Mon, 02 Feb 2015 13:29:35 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: CT=1; path=/
Location: /eb/4/12164/dc634773cd47817b?ct=1&rnd=0.703704755870842&fv=11.7&ma=20&n=4f0x1c0&crs=UTF-8&cb=AEP.ads&ccb=AEP.syncCookies
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
148..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<HTML
><HEAD>.<TITLE>302 Found</TITLE>.</HEAD><
;BODY>.<H1>Found</H1>.The document has moved <A HREF
="/eb/4/12164/dc634773cd47817b?ct=1&rnd=0.703704755870842&fv=1
1.7&ma=20&n=4f0x1c0&crs=UTF-8&cb=AEP.ads&ccb=AEP.s
yncCookies">here</A>.<P>.</BODY></HTML>...0
......


GET /eb/4/12164/dc634773cd47817b?ct=1&rnd=0.703704755870842&fv=11.7&ma=20&n=4f0x1c0&crs=UTF-8&cb=AEP.ads&ccb=AEP.syncCookies HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: afp.nspmotion.com
Connection: Keep-Alive
Cookie: CT=1


HTTP/1.1 200 OK
Server: openresty
Date: Mon, 02 Feb 2015 13:29:35 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, no-cache
Expires: Mon, 02 Feb 2015 13:29:35 GMT
Set-Cookie: E=Nf0d386493a046e1a; path=/; domain=afp.nspmotion.com; expires=Mon, 31-Jan-2022 13:29:35 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Encoding: gzip
17e9..............ms.:.....`3.SwjM..snmm...i....q..VJ....)..f...{D..I.
7q.3s.T.......O.stD.3:.n...KUI.4......9j......./....:.8... x.Qc......I
XCT.(.e|.........S.HPu..$..a_|"4..In...(...Qc..'G.... ...kL.e..v.....~
....N..y..|....8..0f..i.~:j$i.......H...SD.a..Xt1!* .........p..p..&8.
...Y8...k...!.......e$.o..v..g.q......5#7...'....|.....cd-..7.........
u.W..).=.x(..p..(. .5.i....(....].1I?..u.f........!..q.....i.....YcA..
..~XL....."..EL,....6....~A.e.v..eor...p.7u.g..h...Ydt"g.4N{......#gM.
O...n4.T.BeJf..kg.v...I....j....T_.%...[v...mV]UBioe..jOJ.....T.f...M.
....NoX.iC.S.*C#."{.\w...W.].....y..J.....L.e..dgf..f.8...3S...'\oXfN.
d.2.< .z.,(..(.rSj..V.ng[;....s......_....d...}C,'...u(......v.<
xh.....[.......:$....z.:.)..p@.'.8.>=~......u..).#...:......%...~x.
....?.b...k.x..G....0'........\.T...U....?....D...c......t.8.v.h.Q...7
..v.cV#'q. X-0.I.m.2...0.u&.7g....W.=...[..G.<-3.4..u....zY\.._.~.y
=......e.....}..^Qc0..oqEV........a..`&..Rn1t{..............R..9..pd.*
..:.........3E.gPfe.....zR.n....2.....F...........T42..o-..'.IP.......
...P..%.....h[\.W..C..CA.2..0.............l..d..YV.!.w.8....k..V......
.{gR..mA?.q...W..[......a....6....*.> .....O...bh.|fp/...].{.....B{
.,......1...=r......y{U........T.*.z.. L.wvn.p.z.............6....5...
I.H......kb.mAB..P.........fj.>..2...o..k.........J...Cl.}..sR.X'..
...=#.a..y....(4.;k<6.....Z.Y.f.z..6.).#......~y..........).>...
...{.d.p...T..C...z...T.#.....TE..6..G.e.cI}......"..B/..^..8.@=.p...:
..i....15?-n6....6.Q.,h....B.G....7.~.Tz.S...:4.h... [..J& #$U...&
<<< skipped >>>


HEAD / HTTP/1.1
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-configs.buzzrin.de
Content-Length: 0
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:27:15 GMT
Connection: close



POST /ocsp HTTP/1.1
Host: clients1.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive

0i0g0E0C0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..m.. ..|...0.0... .....0...
0... .....0..
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Feb 2015 13:28:13 GMT
Expires: Fri, 06 Feb 2015 13:28:13 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.02
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
2070801Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.m.. ..|.....20150202070801Z....20150209070801Z0...*.H............./w.
..........0W...Tq.......:i.....Q..>.W9...z.!......}.O.J!.{..ST.Ic.!
[email protected]...,\......-.....3...Mq=.ud}.... Z.D...wH..=-(ae...>......-
_.....-..`;.4jhm6...>y.6.Y;.X9...V...7... .........L. .......0.,...
).>..-V...T.M^5.=yz.wf.......{.../..b..h.o!.H...l$.@HTTP/1.1 200 OK
..Content-Type: application/ocsp-response..Date: Mon, 02 Feb 2015 13:2
8:13 GMT..Expires: Fri, 06 Feb 2015 13:28:13 GMT..Cache-Control: publi
c, max-age=345600..Server: ocsp_responder..Content-Length: 463..X-XSS-
Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Prot
ocol: 80:quic,p=0.02..0..........0..... .....0......0...0......J......
h.v....b..Z./..20150202070801Z0k0i0A0... ..........j.....p.I.#z...(~d.
.J......h.v....b..Z./..m.. ..|.....20150202070801Z....20150209070801Z0
...*.H............./w...........0W...Tq.......:i.....Q..>.W9...z.!.
.....}.O.J!.{[email protected]...,\......-.....3...Mq=.ud}.... Z.D...w
H..=-(ae...>......-_.....-..`;.4jhm6...>y.6.Y;.X9...V...7... ...
......L. .......0.,...).>..-V...T.M^5.=yz.wf.......{.../..b..h.o!.H
...l$.@....
<<< skipped >>>

POST /ocsp HTTP/1.1


Host: clients1.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive

0i0g0E0C0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....2.S.....0.0... .....0...
0... .....0..
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Feb 2015 13:28:13 GMT
Expires: Fri, 06 Feb 2015 13:28:13 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.02
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
2070235Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...2.S.......20150202070235Z....20150209070235Z0...*.H.............g..
.~..gb..k..3m...9.. P..H../.X...._.0hF..J;F.c.l.....3:{....Q(H.X...X.k
..[......:.].4.=u...B..[.~_K.o..(..KL...Q.2<n...B.....U}f<..2p.?
[email protected]@qA.J^.]m.M...P..z..0.... ..4.G4....LCQ.....z/A.......
....{aaA...t.....u/E.mz.i>.\sq...m...).-...h..c..HTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Mon, 02 Feb 2015 13:28:1
3 GMT..Expires: Fri, 06 Feb 2015 13:28:13 GMT..Cache-Control: public, 
max-age=345600..Server: ocsp_responder..Content-Length: 463..X-XSS-Pro
tection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protoco
l: 80:quic,p=0.02..0..........0..... .....0......0...0......J......h.v
....b..Z./..20150202070235Z0k0i0A0... ..........j.....p.I.#z...(~d..J.
.....h.v....b..Z./....2.S.......20150202070235Z....20150209070235Z0...
*.H.............g...~..gb..k..3m...9.. P..H../.X...._.0hF..J;F.c.l....
.3:{....Q(H.X...X.k..[......:.].4.=u...B..[.~_K.o..(..KL...Q.2<n...
B.....U}f<[email protected]@qA.J^.]m.M...P..z..0.... ..4.G4...
.LCQ.....z/A...........{aaA...t.....u/E.mz.i>.\sq...m...).-...h..c.
...
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 421
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:31:54 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferInstallCompleted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"clickmein ltd/vuupc winsoftware/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:31:28 GMT
Connection: close
Content-Length: 0



GET /gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk-utilidades-e-seguranca_redir-sbn-top&sz=728x90&cust_params=category=limpadores&cookie_enabled=1&lmt=1422883800&dt=1422883800815&cc=100&frm=20&biw=792&bih=554&oid=3&adx=32&ady=136&adk=3673371936&gut=v2&oe=iso-8859-1&ifi=1&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pubads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Google-LineItem-Id: -1
Google-Creative-Id: -1
Date: Mon, 02 Feb 2015 13:29:34 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/javascript; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 22742
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
............iS...0.W..9..C#$.c.qC.........%..-....b...s.....so....s,..
k...*3 ..~ .......y.c.^..6V^/.w..i..w#...R.....D.Cq5...d)..K.h.G.....~
._........x.\.wc1.D.....'1$.G.tq...D...U0..bL.<."R.Iz........P4..a.
.P.G...Q.W....D...t.8*......./"L.7q..J...M/g:....8.t.iM.P.h...7bR..Di.
.x-|._....3...U.~..\......q...~........V..$.E."[...w'q:..1..w|..9..N..
...x.U...x2JG..j::I'.a...\@..W......0..^.........Rg.....u8......f.....
...^.. .a....8...L.d.....3....$.?L...x..........FV.y.o.z_.x.........@d
..a(...Y.{.b......t9L....../,/...v....R.~......Qu(n.m..&8...J=...N.x..
..)~...mL...$..J<.......#...'Z.........1....N.$=>.g...>{..u.N
..t..Z.N......j...7.Ljz..j>..i..n...Hb......^7..\p.....u../j..#Ga..
...i.....Ba,..OiU@[email protected].'7........\.r.u.....7....E.4.8...
.{..\.d.V.s...8x.c.X..'....k.w....T..8t..t..~.P#v......oT...;v...@?...
.q3.F.......$.~.$R...d...0.........a.....&I..Q}.j.&....?.....iu_. ..j;
N..1>n...X]/T.q)esa......\...u..1..W#..}[email protected]...
@,.3-....1^\...US.c9.....M 1. ...A..p.N....r.<..`eo...%Uk.F8...Lj5*
...Fn..G.KU..7..E.l.0.....6..YO..x...8X......}j^..T.u..%.A....<..v#
\.............u.....qaV..Y....bX..E.)o.$.....i..9.0...y.y.b...t....,8,
.G..r.,.......w=xWMq.. .,...V&>...w....j.0'X...f.Y..?,.?,.?,..b!;..
....=.J....,d.} ..oX.N...X.P.9...<..y.3..........M...w4.B..........
...$......4..........<.0.....0......~..O[4...8.. xh.>qza..r..Z..
NHTUQ}V...l].zq..k....F....vR.m.s(ro.u..... ....v.z.4O........Q.w....I
....1...@....[....zSo..[...}q...PR..*.\..1.;[._...&.H...d.......B/
<<< skipped >>>

GET /gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk_programas_redir_square&sz=300x250&cust_params=category=limpadores&cookie=ID=ab4f9e22fbc2ca00:T=1422883774:S=ALNI_Mbx47jFb8NJnLLSj4M5SJVMkRQYng&cookie_enabled=1&lmt=1422883801&dt=1422883801414&cc=100&frm=20&biw=776&bih=554&oid=3&adx=0&ady=448&adk=241272540&gut=v2&oe=iso-8859-1&ifi=3&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pubads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Google-LineItem-Id: 164040138
Google-Creative-Id: 46777680978
Date: Mon, 02 Feb 2015 13:29:35 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/javascript; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 526
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
..........mSMo.0.. ^N....$....*....s[[email protected]...(.l..
.v.C.L....").m........Qn....a........VQ.v"..... )."..4.s!.r^.).w.f...=
.-1\..>. ...~z....u.H.)=.V..vH......2...i.......][email protected]'
......DC..J..R.`>N9......;E.7...ewL.....p..0.........F.S.K...8.....
...h........c..V..V\..Y\.E.........8.*.{0... ......xC .M..x....^...,..
.: ..*.........~..lC/F..P.A{.......'z~}.........(...I...".V2...\k....;
[email protected] .a.....S...Y..y...|...@ ......l.gx2..^L[.U.j
.....,...}o...^3..........m.../..?...S....HTTP/1.1 200 OK..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Google-LineItem-Id: 164040138..Google-Creative-Id: 46777
680978..Date: Mon, 02 Feb 2015 13:29:35 GMT..Pragma: no-cache..Expires
: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalid
ate..Content-Type: text/javascript; charset=ISO-8859-1..X-Content-Type
-Options: nosniff..Content-Disposition: attachment; filename="f.txt"..
Content-Encoding: gzip..Server: cafe..Content-Length: 526..X-XSS-Prote
ction: 1; mode=block..Alternate-Protocol: 80:quic,p=0.02............mS
Mo.0.. ^N....$....*....s[[email protected]...(.l...v.C.L....")
.m........Qn....a........VQ.v"..... )."..4.s!.r^.).w.f...=.-1\..>. 
...~z....u.H.)=.V..vH......2...i.......][email protected]'......DC..J.
.R.`>N9......;E.7...ewL.....p..0.........F.S.K...8........h........
c..V..V\..Y\.E.........8.*.{0... ......xC .M..x....^...,...: ..*..
<<< skipped >>>

GET /gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk_programas_redir_square-2&sz=300x250&cust_params=category=limpadores&cookie=ID=ab4f9e22fbc2ca00:T=1422883774:S=ALNI_Mbx47jFb8NJnLLSj4M5SJVMkRQYng&cookie_enabled=1&lmt=1422883801&dt=1422883801848&cc=100&frm=20&biw=776&bih=554&oid=3&adx=339&ady=448&adk=3931923773&gut=v2&oe=iso-8859-1&ifi=4&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pubads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Google-LineItem-Id: 159778338
Google-Creative-Id: 45316464378
Date: Mon, 02 Feb 2015 13:29:35 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/javascript; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 537
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
..........mSMo.0.. ,.TZ..$.....zXi..l.Vh..p..^.I@m.{m..R%...f.y.1`....
..e....8A...y\6.BiYi..)4%L....4..p....U...am.<....Q ....V...|..<
7..g.O.3.....LY....&~.z.. .. .._R:8..%i.N..7..._...)...Ju..v...[....U.
....}.. C.I.(.......0...../.c...6.WRV..8a.,.b....._M....1i.j.w...}...k
..j...`...=..;Y...............L....oV.?Kw.jVGK.....D.X..D.3*..a....r.,
."A..|1Kg.F...\.d.$.P.O..w.|...G.../... .0........X.L=z..[.e......r...
...L)j......s..."..I...*.:..n|23.......W...#..O.i..&.I.._\.H..N.}8...|
.e]..).....s.....{.......L.......#..r.?...y...5J~........


GET /gampad/ads?gdfp_req=1&correlator=346401658818800&output=json_html&callback=callbackProxy&impl=fif&eid=108809034&sfv=1-0-1&iu=/1010728/bxk_programas_redir_square-3&sz=300x250&cust_params=category=limpadores&cookie=ID=ab4f9e22fbc2ca00:T=1422883774:S=ALNI_Mbx47jFb8NJnLLSj4M5SJVMkRQYng&cookie_enabled=1&lmt=1422883802&dt=1422883802221&cc=100&frm=20&biw=776&bih=554&oid=3&adx=678&ady=448&adk=3989494659&gut=v2&oe=iso-8859-1&ifi=5&u_tz=120&u_his=1&u_java=true&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&vrg=56&vrp=56&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=true HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pubads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Google-LineItem-Id: 164041458
Google-Creative-Id: 46777675458
Date: Mon, 02 Feb 2015 13:29:36 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/javascript; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 527
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
..........mS.n.0...V'.([email protected]......%.4..T,....._2b.d....;Z......c
T...Q.&i.g..l..6.2..[.F.).[...I.:D..4 .UT....G.k5H....3..\.B.s;!...Y.f
@.gK....w0......yH..:T......KE;$....Sq....,K..9......s..{B.xU......l'.
.....XC.o.. .*..N9......;.......;.._..{8e.0..1.......<I..0..\ZD.X{.
...7.(....>.Pn..n.....R(.].I...n...W........(&.3y....M..$]&.4YN..y6
O..Y..].<...t./n...\g.f1......sI.~<.?>....X7...>..G./..a_.
.tZ...Vr....n...>....<.1.e.i.y..aC1..l.. ......N.....<...l:[.
x.heT.......4=..L[.u.h....S[....f.c.{f......'.uj.>.........w....HTT
P/1.1 200 OK..P3P: policyref="hXXp://googleads.g.doubleclick.net/pagea
d/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT
 DEM STA PRE COM NAV OTC NOI DSP COR"..Google-LineItem-Id: 164041458..
Google-Creative-Id: 46777675458..Date: Mon, 02 Feb 2015 13:29:36 GMT..
Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Contro
l: no-cache, must-revalidate..Content-Type: text/javascript; charset=I
SO-8859-1..X-Content-Type-Options: nosniff..Content-Disposition: attac
hment; filename="f.txt"..Content-Encoding: gzip..Server: cafe..Content
-Length: 527..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:
quic,p=0.02............mS.n.0...V'.([email protected]......%.4..T,....._2b.d
....;Z......cT...Q.&i.g..l..6.2..[.F.).[...I.:D..4 .UT....G.k5H....3..
\.B.s;[email protected]..:T......KE;$....Sq....,K..9......s..{
B.xU......l'......XC.o.. .*..N9......;.......;.._..{8e.0..1.......<
I..0..\ZD.X{....7.(....>.Pn..n.....R(.].I...n...W........(&.3y.
<<< skipped >>>


GET /pagead/html/r20150127/r20141212/zrt_lookup.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
ETag: 8281997907193036559
Date: Wed, 28 Jan 2015 17:59:50 GMT
Expires: Wed, 11 Feb 2015 17:59:50 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 5099
X-XSS-Protection: 1; mode=block
Age: 415784
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=1209600
...........;.w...... z}.UT..~..(.n.~l.6.t..^`sd[....mB....f$..@.{?.9..
....f<..q{...?....Yc....#..S.z.)..^[.yIp....Hr......2..<.q....s.
H.(..'....^LS..<]J....2?....#k...|......ic...4c.^......v!.qC...E...
.s..Ga.0.oc.g..}.{.....2_.1.8 ...{u..jx.......i.'.....<.....(.\....
...4....(..l...."GA..$^.=...x$;.q.O.M....i,.r.]...............38X.....
...E.a....$...}A.A.....Ix......FF.l..x.0...BZK(.....N......a. 2.<-e
>W.U....en>...8.X.......}....g/.....Etky..]..fMI.G7.%.iM...i...]
.i..9^A.w...yz.I......h6.....-.....T.i.(....8I.p~.q.T.Y#...?.|....M.&g
t;=...j..4.... J....;.s..G].9..G....T......'N......e......P.UL*m.A....
...4:....x.(.........p.u.Ij!x..c..4...A.\D...mY.<_d}g.....6..1l;...
0hY}.^.c...O..<..dle.0n<[email protected][& j.y..Jt.....Q.7.....J..~M
|.I...n...%M.....FtF.u.....$...})......#N.~..h.........6......._...8.m
cx!....21.G.g.hyZ...x..V j......x.IWro..Z#...lP.\^.}...S..H...).[F..&.
.2......=0........v[..z.8.c... ......k....6..."[email protected].&..*g.J=.K
[email protected]`..)..P1.NP7......1p.....2@..*"...N....GTQ...
...g.Y<[email protected] ...=...$..M....3..Y..X1#ZI...V..B.-......4...
.1w7..@..=...)(y.....l...ka.M...pohU.:CZa..!:..s..6...*[z...........#.
....n...1.........i..._>....N.Ac.....4..>.'.:......s.w6...^..?..
...-H.F.,o..;]ZxD.^.=.A;[email protected]@.4....D};..W['...O.>!...
...6g..a....n.`j..d...........=..........T~^.,..k.....Z.$.TXR......H..
".y....}.s.>.....k...0O..x.5...K.vTa9.8..._..h.....I..*|^..E.p.....
a...h._..V3...\P./.... ....Q.E..$..E8^r%.2....$..|x.,./..h..O.BGf.
<<< skipped >>>

GET /pagead/ads?client=ca-pub-7019091094896260&format=728x15_0ads_al&output=html&h=15&adk=3318342544&w=728&lmt=1422883800&channel=0894689340&alt_color=ffffff&color_bg=FFFFFF&color_border=FFFFFF&color_link=003399&color_text=000000&color_url=006600&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1422883800654&bdt=570&shv=r20150127&cbv=r20141212&saldr=sb&correlator=7738023443003&frm=20&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=thread-0000015c-id-00000000&dfs=16&adx=32&ady=226&biw=792&bih=554&eid=317150304&oid=3&rx=0&eae=0&fc=24&brdim=4,42,0,0,1716,,800,600,792,554&vis=1&abl=XS&ppjl=u&fu=1024&bc=1&ifi=2&xpc=5lteOC31vO&p=http://VVV.baixaki.com.br&dtd=275 HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 02 Feb 2015 13:29:34 GMT
Server: cafe
Cache-Control: private
Content-Length: 1488
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
...........Y.r.6....2.C.I...XPF.Ev2......p@.$a. .B..L~.....I..K.T.[..I
.'iD..]...r......h......\12z......D....g?H.l.8.l5..b.,.<kfD.@13zK..
...2'4...'".l_..l..K..4..9..`....... :..#*I3K.G..\.t.s.. J.D|....-.>
;...B..)...~.mk.]...%..................*..~...z>..*G...4.#[email protected]
.I,B".....*.n..47,..'A...#...h(.....7.`...G.K..S.V.b/j.B....S_F.k.4P(.
..h./...i...... ...(. [email protected]...$..iyI..~FxF..&
lt;M.!...mA>.I&[....i..DPs.....`..T)r1]..-4.\.. .m?..7.~..Z.M..C...
.%\".7.....F_.......{......\.......{[email protected].).\..'..,...b(......;..H.F.v
.e..4..;...._.G.L.....1.T...l..{.V.YW@.!....Lx*.....Pjf..l.}...[.\q...
.Nr.zI .AC ..5b...&#..X..............J.....XU...%....`.t.y.g..l...,.W.
7e..R...k.-?../P ..........T.....(.DA:.......d...D...k..SN.?C.e.,...vI
...-g,......Y=]..".9aH....^.. .....y..;.x.<.....b...s.;...].{.....N
WY.....ntt..*.\[email protected]*.!v........"...<d.
.:.....s........E..z=...5....P......<..v5.)..u.....T ?...j.~.. ..5i
5..Z..Rj]......z..0..Y`..[...ee....l....>...c..&.zu....|!w0..#.....
X......,.iz..\..Cw.f.8.."..2.P.Ir~`..sus]p.`..).eW.<...p.n.d......_
..G.F..)...... .Tx..T......1ZQ7..b<DjE...U........)..*E..D.....9..7
.P.......C.(4&....1[...Br}|3..{.j......U8y....OO^..9.y~z....:....x.7..
%7<=.6F...E[..............E.-2n...E..Z......8F.....~.-..i'..dn.f...
z.....c._.H....U.vu..[..b..#....}.. .....c.<?.N...t.V.H|p.;..8..W./
...G..Q....wq8...N...'.g..'....Z.!..Q.tt..[..... .s.|@|.... ..5~...V..
..:....d...C.t.._DF.D..CMyx....|I[...H).......o....0.......
<<< skipped >>>

GET /pagead/drt/s?v=r20120211 HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 02 Feb 2015 13:08:09 GMT
Server: safe
Content-Length: 145
X-XSS-Protection: 1; mode=block
Age: 1286
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=3600
..........%....0.Ew...]....h..F....x.$-....o..=..9..t..g{.Kwk.}..k]e.f
k....$...-...<o....RxzyZ...ML..bwX.).g.#..r..2....,U.....Q......M./
6PzR....HTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..X-Con
tent-Type-Options: nosniff..Content-Encoding: gzip..Date: Mon, 02 Feb 
2015 13:08:09 GMT..Server: safe..Content-Length: 145..X-XSS-Protection
: 1; mode=block..Age: 1286..Alternate-Protocol: 80:quic,p=0.02..Cache-
Control: public, max-age=3600............%....0.Ew...]....h..F....x.$-
....o..=..9..t..g{.Kwk.}..k]e.fk....$...-...<o....RxzyZ...ML..bwX.)
.g.#..r..2....,U.....Q......M./6PzR........


GET /pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=6752265473&adk=742962455&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1422883801927&bpp=78&bdt=36&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=2042192589.1422883802&ga_sid=1422883802&ga_hid=1444082417&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=u&fu=4&bc=1&ifi=1&dtd=156 HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 02 Feb 2015 13:29:35 GMT
Server: cafe
Cache-Control: private
Content-Length: 35902
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
............[W...6z.....E..ll......$$!.B....u.....d....o..=...c.....vU
u..:...s...w..f...nuWWUW=.f....f.W..p.....3...(...o..U...5..._.... .7 
.....)k^..^.{.q......07.].%Q.J......;r..Q....'.......d..g..^d..$......
....zm]..s..5.v.x.4........&[....1...8...hV>.6.".U...qm.Z...8.:kq..
.{A...........T.{..^.BK\Y.h[&.5.R..i.d..cx.].....w...I...^.{.\....=...
......f3Z...1s..v.<B.xa.Q.....b.e{K.......E..._^.......`.i,...&.`.d
Zag[..&.[O.cw,.I..k{..].:,..8.]>..v.6...J..b......o9c.. .t..5..5...
9.S..._oC....L3....;{.a..._.=.*)......9F...}..j..|.aCx.~......|.HS].N.
.c.9...4..Q..e[.e.`XL.....W....:c...... ..~M\.-..Mf.Z..8.<i...<1
...C?1.,c..`..........q.....]......w>...E.d..X4,.0:..?.._...1....iS
[email protected]....#.c....o.8..........c.vj]...EQ..Q1s.
=>f.-.......aq.'k.u.x}........M.r.@...(2...L-.j.k.V..#YA.q.....m...
Y.]...........f.<h...y....9.d.L..T.c.[@.&N.........4..)..x.....7. .
[email protected][A.p......A..;.....'.....5..[..9....{..l.t*.O.0...
...g,8.~..~b.c*..v...M&B........@!M'[email protected].$1..U(..L..h...k..q.{..
{..{..{........%.qj.6Ne !..../..s/.....x....a....M..*..m65.`..dz......
".......vx.k....U..v[.7o.....C...I...L#..u{.....c.......P6H../D....I..
..N.(a.j=....=|C.......tc...|......p...N.o.......'.7.SLY... .0.sp..CW.
J~u.D...U..y.....*....R.... .......N.<.Z..f..Xn.|2n!I}j`|..).vx.=..
2........MR..N......5.I*W$k...:..FS.}....m6...|........&>v.jn.5.G..
V.X.yF..]. .x.H.........d....Q.4)....\....%[email protected]
d.C..3.g3\4..Bz.f.5...6...<2u...R..v...CX...j.......tl`...r.1..
<<< skipped >>>


GET /icons/opera.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.winsoftware.de
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:26:25 GMT
Server: Apache
Last-Modified: Tue, 23 Sep 2014 09:54:30 GMT
ETag: "800662d0-776-503b88db83c29"
Accept-Ranges: bytes
Content-Length: 1910
Cache-Control: max-age=2595600
Expires: Wed, 04 Mar 2015 14:26:25 GMT
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: image/jpeg
......JFIF.....H.H.....C..............................................
......................C...............................................
........................0.0.."....................................../.
..........................!...1"A...#.2Baq.Q..........................
..... ......................!......1QAaq...."2B............?...{^...l.
^..*..,ZD[.,T..n.........{q....._.%..>.wx ...%...._.2..j..L.....K..
..8.;..K.F.}..[....N~?.b.....T[d....In3j..<..vR...>.~,..I.....d.
.....S..d.RO...o.O....'....V_...hd...u.7... .....OR.T.. ..)mC.t......_
.l.i.....#.c.....1n.*4H...jl!.%)H%d...@...$ie...vv..._I....I>......
.ot6.F....6gO.*...G...J;..2.d.%D..@...[..m...%.....&......i\L.Rr.{Qa|.
d..?...>@.7.Wy..Wv;.....K...T1..&-.S/.5...eS.S......W.p~..h......=.
cL.R1.y...n&Z#..Lp..O=%c..>.|}........( #.....n.p....A.e.Z.N)F..&R.
....@r.)....rd`.q..B.u.6..R.........k.A..&..)r&...ZR#.B.e......9#...9#
..>n.t..*d...Y.k.....".Z$7..,..........$...\i-........_t..FI.{..u.y
.[z.....m...\...~yq..&....;.I ......,~...V...X.....*.. .=..r;.....m.c.
B..h.....6..!...1..B......$j...7...j{.j....u."...y...4..JA..J....l=..c
nWD..{....>R..B.)o......4.%....~>...Jw...R.*.n{.................
..E.."`....L.v.;..L^........Q..L.m.=.....$v.?..N...]u7q...9.-T.u.mJ:.^
.u.....G.:../..~.Y.t....b.S..l..8M9........>B._D.....7....*....m.T.
...U.C..8....#.{X..Z...P..f.2..8..".x{j..'.......,.&.]P@.</...;}>
;....r..F......2kT....w............?....`..c..........nE=....SjL/.a. .
......J.>..=r,..p.``.....s..R......#.^O....X...M....#.q..G..}.4
<<< skipped >>>


GET /reportInstall.aspx?productID=1&version=3.8.3.0&uniqueID=55A7FF1E-3D08-4887-9474-250E52D97F7E&affID=2380&keyword=installer&campaignID=ppi_2380_installer&requestID= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: PCSUInstaller
Host: VVV.pcsuapi.net


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.0
Set-Cookie: ASP.NET_SessionId=tksrklhhevm2vgnzts0l4ybq; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:31:58 GMT
Content-Length: 2
UAHTTP/1.1 200 OK..Cache-Control: private..Content-Type: text/html; ch
arset=utf-8..Server: Microsoft-IIS/8.0..Set-Cookie: ASP.NET_SessionId=
tksrklhhevm2vgnzts0l4ybq; path=/; HttpOnly..X-AspNet-Version: 4.0.3031
9..X-Powered-By: ASP.NET..Date: Mon, 02 Feb 2015 13:31:58 GMT..Content
-Length: 2..UA..



GET /gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv+0+18N0XcyAH6gvUHoCEhEhR5HFQnItXEGJJ9zEpk51tw== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:31:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1474
Connection: keep-alive
Set-Cookie: __cfduid=d397c208237722ed6002785fa57cc366b1422883911; expires=Tue, 02-Feb-16 13:31:51 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Mon, 02 Feb 2015 07:25:27 GMT
ETag: 14f9d4a9367054bbdeecbc308c57dbb4e67a1fbb
Expires: Mon, 02 Feb 2015 19:25:27 GMT
Cache-Control: public,no-transform,must-revalidate,max-age=43199
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 1b26c05f26ba0c8f-AMS
0..........0..... .....0......0...0..........[..v.HM">y.2......2015
0202072527Z0u0s0K0... ........k..vY.d..X.R*.....C....n......>..t]..
../Pz...!G..Br-\A.'...Nu.....20150202072527Z....20150202192527Z0...*.H
............\.h.).'..8......XD. !I.'.(j.~K{.4..d./..v.........eO......
39...o..;C......u.......]N..6..%..'Xz.".kn.......B.K}.|q...nG.....,..P
......W..Y.A....;'...Y...C........#.m..........m.d.*......~.........y.
t{.....W../.........z.D........J.D.....o....:3...............0...0...0
...........!j..d\.k...9.... 0...*.H........0Q1.0...U....BE1.0...U....G
lobalSign nv-sa1'0%..U....GlobalSign CodeSigning CA - G20...1412121621
43Z..150312162143Z0}1.0...U....BE1.0...U....GlobalSign nv-sa1:08..U...
1GlobalSign CodeSigning CA - G2 OCSP responder - 11.0...U....201412121
721000.."0...*.H.............0..............LK..T..D5As..>.7.p0.h..
...P.|...9J.>.r...i..0^..4.....A.kp...K............{.K|...=.`...=..
v......S...j.Vm...21....N..f.......|.k.......eP..l2fP2...3......R....l
Q.A..*..=...=.|X....c:.O&U*T...8...K..Cz...N......YT8........}Z.......
....En..d%.6....K..w........0..0...U....0.0...U...........0...U.%..0..
. .......0... .....0......0...U..........[..v.HM">y.2....0...U.#..0
....n......>..t]..../Pz0...*.H...............c."...t......'.:=.Zw5.
[email protected]..=.6.......t......K......;....#...69.......,?.Z..E....z.*E.....
..`.......w..>,.".j.f.~V..?..V...k.........C...l.*....M..N......&..
........M][email protected]......`...V.....{...?..[.JH.FN...#..\$.7....Ku1...
f.pB..I.....^.E....u.S.D%..
<<< skipped >>>


GET /v4/sof-installer/535559167_198339_B48A115F?action1=xa.geoip&action2=visit&action3=cvs.visit.webssearches&update1=ref,cvs&update2=identifier,installer&update3=version,6.3.76.1516&update4=nation,us&update5=language,en HTTP/1.1
Accept: */*
Accept-Encoding: */*
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 02 Feb 2015 13:28:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.22 ms","message":"store 4 action and 5 upd
ate "}..0......


GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.dlzip1.webssearches.finish,50 HTTP/1.1


Accept: */*
Accept-Encoding: */*
Connection: Keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Host: xa.xingcloud.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 02 Feb 2015 13:28:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.35 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 02 Feb 20
15 13:28:08 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.35 ms","message":"store 1 ac
tion and 0 update "}..0..



GET /req?v=7&upd=1&new=1&id=15973615790&acc=13767&tit=YAC download - Baixaki&utm=248450708.1422883801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&id=15973615790&acc=13767&tit=YAC download - Baixaki&utm=248450708.1422883801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: navdmp.com
Connection: Keep-Alive
Cookie: ac3=1; ndi=15973615790


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:29:34 GMT
Content-Type: application/x-javascript
Content-Length: 6
Connection: keep-alive
/*OK*/HTTP/1.1 200 OK..Server: nginx..Date: Mon, 02 Feb 2015 13:29:34 
GMT..Content-Type: application/x-javascript..Content-Length: 6..Connec
tion: keep-alive../*OK*/..



POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: PCSUNotifier
Content-Length: 219
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","Silverlight":"Download","OK":200,"silent":1,"affID":"2380","srcExe":"pcspeedup.exe","OS":"6.1.7601-SP1","ShowUSBCache":1,"noBrowser":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:33 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 375
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:26:51 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"ApplicationVisible","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:27 GMT
Connection: close
Content-Length: 0



GET /pt_BR/all.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: connect.facebook.net
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "3c95fa5420970ba2b102946086632c4a"
Content-Type: application/x-javascript; charset=utf-8
Timing-Allow-Origin: *
Vary: Accept-Encoding
Content-Encoding: gzip
Content-MD5: RuCGZPZ/T NYYfx6JxrAHg==
X-FB-Debug: SpLK23gZEe I5eEi6Jv1hApo7VjQfrQOD9NivMXy7sujmQczQhixRaOF4vL6Dbgyhxymal1zvTv1cDCfbyIjCg==
Content-Length: 52531
Cache-Control: public, max-age=1200
Expires: Mon, 02 Feb 2015 13:49:34 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
............{..../...^..$.1.(J..4...%.....=.l(....H... %Q..k..[..h. %'
.s~.l.......U.U.G?.?99y...i..........$....y.O...../N.7..~......_G?...J
?Q..r..........xX.8.T)...D.p....b..g.y?,......r.._.YB].N.5..........M5
...x.;.I.....o.....PJ....lYZ.D.n|S..si.../...tY.....]..R...K~I..R7.,..
dn..:...1..hBC.K.q.-.$=....q./..i.....y8..F..:....`....*E6[.$70.V.....
ZT.F..]..........^..j..[-. ...0..j....I)h.....*W..P....E4..V..H.M....W
.^..t......`.x...~.[N.q.I.~....k.w.#..o..l.8..U .S.].............,....
.....l..^4..^....^....h...g.Mi.....f......(9.......$...a8)).p..=......
..{.n8M..>...<.-..p.....7....Kj.5F~.1z.5F...Jn.y._.7G....$...@}.
...Y...........)..M.A&]..2.gQ.^...x...CM.. .b4O.U;.hTF......V..._..g..
`:.-..7t.X-kRje...d7..^...:...0..e..... ...R=.{.....v.I'...{......h..}
.....H#.G4..!...-..Q.b.u....=}3..KB.y...{../..^..x].1V..vc.:...t.^dO..
gO%....-.....Za(..F>J.h..S...Pm.j..T..u0(E...~..\.}.h.!...Qej.....J
..':...OA....D)...@.;&G...7.{H&5...J.A3.%....y.cAC........^....>d..
.. ...Gh..j...?..O}.0z......6.7....]...zU.L.y.I<.h...Ao.3.33~......
.en.2.k....z...W57....I#z5hD2.H.....ytA;..;.t....m...6..}m...j$?...4.k
.6.1.....L......J.@$N...............]..aV..D..`.c.%..i....a....".t.i..
..\.iw7J..`.) |s.1qFu.R....:.N..S>si...<.6.E...Ri..H5C.kD.......
4.. Eu..J.B.D}>...F....6.EB.Rl......Ug!.HC......IeM.........f..4...
.Mhe../[email protected]|..e.&..Ot.....?......8...#.-....
E.9..H....a.%...@[email protected].. .hv\....4p..?>..RxY..
.,:.h`AB...p.M.v...m.y.M........=.P.e...4...{>S...V.X..?9Ei...`
<<< skipped >>>


GET /delivery/rta/rta.js?netId=2028&cookieName=cto_rta&rnd=87967043742&varName=crtg_content HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: rtax.criteo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Date: Mon, 02 Feb 2015 13:29:33 GMT
Content-Length: 163
crtg_content = ''; (function(){document.cookie = 'cto_rta='   escape(c
rtg_content)   '; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; domai
n=baixaki.com.br';})();HTTP/1.1 200 OK..Cache-Control: no-cache..Pragm
a: no-cache..Content-Type: text/javascript; charset=utf-8..Expires: Mo
n, 26 Jul 1997 05:00:00 GMT..Server: Microsoft-IIS/7.5..P3P: CP="NON D
SP COR CURa PSA PSD OUR BUS NAV STA"..Date: Mon, 02 Feb 2015 13:29:33 
GMT..Content-Length: 163..crtg_content = ''; (function(){document.cook
ie = 'cto_rta='   escape(crtg_content)   '; path=/; expires=Thu, 01 Ja
n 1970 00:00:00 GMT; domain=baixaki.com.br';})();..



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 410
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:27:16 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferShown","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"clickmein ltd/vuupc winsoftware/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:51 GMT
Connection: close
Content-Length: 0



GET /gpt/pubads_impl_56.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: partner.googleadservices.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Mon, 12 Jan 2015 20:02:58 GMT
Date: Tue, 27 Jan 2015 22:42:43 GMT
Expires: Wed, 27 Jan 2016 22:42:43 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33962
X-XSS-Protection: 1; mode=block
Age: 485211
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
......n.....i{...(......u...%giC..u.'q......U?.&.ZCR^b...3.. E%.y.}.i,
...c0...b.....v..x.=f_.|0.X......q.H..W.a....}.b.... ....XY....x.lso..
.,........W(.....,......).uD[......yK..B......Hm..Y>.6...C....f..ch
.:..=..4.F....$T.....Qw..riM.. N.E..9...|..k-.Q...qd....|<..M...y..
....T..<.C.......Y.....>.s..[.,NF.K[.m....Gj..U<..m.:]@..R...
.l.R7.r.....{.B^[email protected],.....U?..*v%ti.*.X^.pF{.(.bWu...]..v$.....|.
T.....S..s..Y..%....,[...b.]X.-.}...k...)..1..'O.....~..........5j..||
k.f......;c.g.......;.....z.$Mg.M...P.'.Y.0.....9../..............w.j.
.4...\.-d.n..4..j...Z1cBV.vmBn}u^..q&ww..;.25T..&..7o.PMy>....Y...3
..P...[.....%..Z...5..r.jZ.../^.m....h.....M.~...<_..7......v.....c
/......ISk;....9..8........N... ~.;...JW..v..NXL.....o~.......vh.4..\0
.".g..!.....Y...q.....;w..a......io.h8.....:.;.i.Vt.....b}.9t.]r?.....
q.../...a..(:\...Ps.!...,.a.lH.....`D.-..<....y.R..x..{.U.$.2..}.'.
...#{....xcs..|....".g...h..N?.:h..O.<;........y....gue....|.c*>
k,..O.}fY.........\....S..C.k90j...|.......w`...Z..K....O..gX._W.g..j.
...Y.j..y........u..oZ........W..b_....S...!.f...~s...w..?....b..8...&
gt;..>.~.....[....Xj.[...tn.bto./t......k.B.r.]X.9..L..5.&.../..4UC
.0.y...c|..hxe.w...#..0....?...^[email protected]......"..
.=...7v.Y..D..f..&.P.1.{.rV...0[.8}y............0....p.5.P.O>^.k.n.
.v...[?Y..........x....r.......y8..)...Y0.. ..]....\..Z..H...OTA\.....
......U..Vg12g1,.".o1..>.u..9 ..q..p..p...].r.......S.Z..-.C..=....
c..Sz..cJ.)>.....M.)../.!.?..[?C.9%....ck?.......:...D#5q.b....
<<< skipped >>>


GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 812
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 23 Oct 2014 05:05:32 GMT
If-None-Match: "a2f3ff97eeecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Wed, 07 Jan 2015 06:02:43 GMT
Accept-Ranges: bytes
ETag: "88c4768d3f2ad01:0"
Server: Microsoft-IIS/8.5
VTag: 438331116300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 813
Cache-Control: max-age=900
Date: Mon, 02 Feb 2015 13:30:05 GMT
Connection: keep-alive
0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....mic
rosoft1-0 ..U...$Microsoft Root Certificate Authority..150106214825Z..
150407100825Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..
%..*..S.Y..0... .....7.......0...U......(0... .....7......150406215825
Z0...*.H..............vQ..r..L.Q.N..=#.......V;..r../\.m..<.."...F/
U....(:.....xm.....P.e.F..BE8......=...G....6t:...?...L..B.v..p.M.....
...z..Q.%J.6..I.......8...U. .g..=T=K....L..$w...^....y~..-a.'...*s#N.
o..Qs.$h..:duV'~....8.6..w..b3.... .~)...|.I.y".>R.nJq.ws...3.....f
}.E)\......EB.d\.2.....h...lMjT.7..lj.'lj.b....".L.Os6{[email protected].|7z
.. ......>..Q...([email protected]\]#..Y.*.......T. .C.....A'..
5FW.ETDvX..tE.....g5.....&..&.....x.^H;...../7..'9.t.I&<[.HX.j....Q
w......}...qy3..q`<.....LB.9w|....;..Qw..a ..=.C.:.........


GET /pki/crl/products/WinPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 06 Oct 2014 05:06:02 GMT
If-None-Match: "3e1c83923e1cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT
Accept-Ranges: bytes
ETag: "d2e35dc7e31cd01:0"
Server: Microsoft-IIS/8.5
VTag: 791141515700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 561
Cache-Control: max-age=900
Date: Mon, 02 Feb 2015 13:30:05 GMT
Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Window
s Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p
............<.J0... .....7.......0...U......30... .....7......15032
0224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c
.{[email protected].^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo....
_...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..
A..fi.}& .x.v{TFP[.G......A......L.o...)R.......V.u..V.../.Q..(L.]....
.uki~......


GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 04 Oct 2014 05:06:12 GMT
If-None-Match: "58cddbea90dfcf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT
Accept-Ranges: bytes
ETag: "9a9a44d511bd01:0"
Server: Microsoft-IIS/8.5
VTag: 438589357000000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 550
Cache-Control: max-age=900
Date: Mon, 02 Feb 2015 13:30:05 GMT
Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-St
amp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#[email protected].. .
.5..0... .....7.......0...U......10... .....7......150318222600Z0...*.
H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-
....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q&
gt;[email protected].('..e...Y..Bo..q..........I....'....i>
..y:.eH@h`..\...UA.m#.~.. ;.3..d..;..<..........p..s..J..N `Az.....
[email protected]/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modifie
d: Fri, 19 Dec 2014 06:02:00 GMT..Accept-Ranges: bytes..ETag: "9a9a44d
511bd01:0"..Server: Microsoft-IIS/8.5..VTag: 438589357000000000..P3P: 
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR S
AMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Conte
nt-Length: 550..Cache-Control: max-age=900..Date: Mon, 02 Feb 2015 13:
30:05 GMT..Connection: keep-alive..0.."0......0...*.H........0w1.0...U
....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corp
oration1!0...U....Microsoft Time-Stamp PCA..141218221600Z..15031910360
0Z._0]0...U.#..0...#[email protected].. ..5..0... .....7.......0...U......10
... .....7......150318222600Z0...*.H............./..0Q~.r.}.E....&\...
.F.Z.C..#..F.s........<&\..9G..-....j..N... .C.Fk....;l.....2.K5D..
.......-.>...(...g.0.S.[?...T4q>[email protected].('..e.
..Y..Bo..q..........I....'....i>..y:.eH@h`..\...UA.m#.~.. ;.3..
<<< skipped >>>


GET /cgi-bin/CRL/2018/cdp.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: VVV.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 20 Jan 2015 06:15:01 GMT
ETag: "200c0-409-50d0f5bed6e6c"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Mon, 02 Feb 2015 13:31:15 GMT
Content-Length: 1033
0...0..n...0...*.H........0u1.0...U....US1.0...U....GTE Corporation1'0
%..U....GTE CyberTrust Solutions, Inc.1#0!..U....GTE CyberTrust Global
 Root..141217194339Z..150419194839Z0...0....'.x..110110211653Z0....'..
..141119195306Z0....'B...141119195752Z0....'....141119200006Z0....'.:.
.071121154528Z0....'.v..080219183346Z0....'....080514142515Z0....'....
080515170349Z0....'....080924143337Z0....'#...081203144336Z0....''j..0
90209174351Z0....'b...100414181148Z0....'....080917150432Z0....'#...08
1203144209Z0....'#...081203144241Z0....'#...081203144304Z0....'%u..081
203144409Z0....'/9..090318130930Z0....'8...090715181853Z0....'TU..1001
13191852Z0....'k...101130163724Z0....'.B..111107193907Z0....'@...14111
9200409Z0....'....080917150312Z0....'....140709175318Z0....'....141210
173900Z0....'-E..141119195854Z0....'....141119200037Z0....'F...1412171
93909Z0....'F...141217193956Z..0.0...U........0...*.H............ ....
.....0.g97a.b...5.h.....<......G...}.E/.y1.n..>... ...........U.
.O../..1...~t[I/y.:.....s.#E....b.1.k.._........y#*...:Ol..HTTP/1.1 20
0 OK..Server: Apache/2.2.15 (CentOS)..Last-Modified: Tue, 20 Jan 2015 
06:15:01 GMT..ETag: "200c0-409-50d0f5bed6e6c"..Accept-Ranges: bytes..C
ontent-Type: application/x-pkcs7-crl..Connection: Keep-Alive..Date: Mo
n, 02 Feb 2015 13:31:15 GMT..Content-Length: 1033..0...0..n...0...*.H.
.......0u1.0...U....US1.0...U....GTE Corporation1'0%..U....GTE CyberTr
ust Solutions, Inc.1#0!..U....GTE CyberTrust Global Root..141217194339
Z..150419194839Z0...0....'.x..110110211653Z0....'....141119195306Z
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 375
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:26:50 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"ApplicationStarted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:25 GMT
Connection: close
Content-Length: 0



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=424722, public, no-transform, must-revalidate
Last-Modified: Sat, 31 Jan 2015 11:28:16 GMT
Expires: Sat, 7 Feb 2015 11:28:16 GMT
Date: Mon, 02 Feb 2015 13:31:52 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0...............w/.|`....a...2015013
1112816Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q.
.%Qq.........w.O.....20150131112816Z....20150207112816Z0...*.H........
.....qd.0m.....,w......#..rf......ps.@~s..w..N.5H...>.{...4qS( [.~.
.jY(..#..!.uF...?.(.[..,v...q.x,......"...?.U.`.#o... ...w...\.......E
&W.bS...!}....|....;?).-LW .`..n2...Yr.....Q...A&,...`.qM....a.k.G....
..Um.][email protected].[3.o}V.L.....Q1d.]....0...0...0..y
[email protected]...*.H........0J1.0...U....US1.0...U....Thawte
, Inc.1$0"..U....Thawte Code Signing CA - G20...141210000000Z..1503102
35959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code Sig
ning CA - G2 OCSP Responder0.."0...*.H.............0..........P.....].
8?e...8.0.. ...-.uP.3....pQ......mi..wVt.......<....{d.?..9..z%.?..
}.N`.V.........I.X...E#...*.f...X.;...75......%...n.%..#..T.<.....f
EQ.\\.f.{M.H...M..u...9~..C....B.o..........dc...V..,.........{...j.9.
xw?D..ooNf&=......D|.R..../.....So....*-5.......d0b0...U....0.0...U.%.
.0... .......0...U........0... .....0......0"..U....0...0.1.0...U....T
GV-B-25170...*.H.....................2.).xO...].6..R.k...H =d...L...(o
0#.......<O#.;[email protected]...^.q.Y...}....S(syt&...$..L..7<...nb|...]
2c..q..Q.L.3,.............n>....tND..fJ.&. .....%7.....f.31.>..d
...ET.E.~.x...]N...*.......n......HI..*M..t.......:.=.:..(2M".S.....&.
...................
<<< skipped >>>


GET /plugins/login_button.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f76a68bb1d3f1&domain=VVV.baixaki.com.br&origin=http%3A%2F%2FVVV.baixaki.com.br%2Ff3d7897cce76774&relation=parent.parent&locale=pt_BR&login_text=Entrar usando Facebook&scope=email,user_birthday,user_about_me,user_activities,user_hometown,user_location,user_interests,publish_stream&sdk=joey&size=medium HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.facebook.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Location: hXXps://VVV.facebook.com/plugins/login_button.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f76a68bb1d3f1&domain=VVV.baixaki.com.br&origin=http%3A%2F%2FVVV.baixaki.com.br%2Ff3d7897cce76774&relation=parent.parent&locale=pt_BR&login_text=Entrar usando Facebook&scope=email,user_birthday,user_about_me,user_activities,user_hometown,user_location,user_interests,publish_stream&sdk=joey&size=medium
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
X-FB-Debug: K mBgOprZMssvoNcVBQnlOO08GoPn3wwRZS5Qtm76Z1M0bhiCCa210yBszOcXg6bdUz7tpg43bU88Bv2zW25hg==
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
Content-Length: 0
....


GET /plugins/like_box.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f270f1c58e01b64&domain=VVV.baixaki.com.br&origin=http%3A%2F%2FVVV.baixaki.com.br%2Ff3d7897cce76774&relation=parent.parent&header=false&height=190&href=http://VVV.facebook.com/baixaki&locale=pt_BR&sdk=joey&show_border=true&show_faces=true&stream=false&width=300 HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.facebook.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Location: hXXps://VVV.facebook.com/plugins/like_box.php?app_id=132330753483600&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f270f1c58e01b64&domain=VVV.baixaki.com.br&origin=http%3A%2F%2FVVV.baixaki.com.br%2Ff3d7897cce76774&relation=parent.parent&header=false&height=190&href=http://VVV.facebook.com/baixaki&locale=pt_BR&sdk=joey&show_border=true&show_faces=true&stream=false&width=300
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
X-FB-Debug: aVEEqK2uTjo5gH0muDiKBsCttoru3LX94Xd9/RibogZ5oSgL31cZv3TC38iZ3023GU484kF/055 ncJGgjz iQ==
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
Content-Length: 0



GET /console-de-videogame/sony-playstation-3-super-slim-500-gb_200x200-PU72efd_1.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "83f3db43eff1c37fe85bbc61c9e8c392"
Last-Modified: Wed, 04 Jun 2014 10:56:17 GMT
Server: nginx
x-amz-id-2: gTdk0 q Nns6oyscp1vk5FCYx/sy3kwGeb6Q7ZcgFOEG0MaQZdLepoYD979y3zEDQfZdwLCaDRc=
x-amz-request-id: 44641FD562DAC1A2
X-Origin-ResponseTime: 1422839130.277
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 7360
Cache-Control: max-age=41755
Expires: Tue, 03 Feb 2015 01:05:30 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.@...........................!1..AQ.."aq..2BRr..#$C....3bs............
.............................................!1."AQ.............?.....
@.P([email protected]([email protected]([email protected]([email protected]([email protected]([email protected](...[....."}.
[.`.Au.2\Km4.2T.(...Rh4..^zV.;HjAh.N.j...=q...4y.......S.........w[k.-
e..\..z.wA...........%....P.V..G..}.([email protected]([email protected](...Mg.l[y....It
.f.Al."[email protected]...?...z'M.].o..Z..c..JB..........h...@i,.-1.
.]nH._...AA.......n$.pd...#0mol...E.t..."...d9.2G.I.........w1...bz.%.
..._.....Z......1..i....<..z..w*...4....;}...*$..........B...(*....
[email protected]([email protected]<.S..)...a.P8.....,[email protected]..
..8Ul..9.c......#..!....C..(*...z....2......-.IR...?m...J..Z.Sc1%%...N
........}.ARa..O.P8....t_.o.3p..B............)..RM\....j.........(Z.0.
T.?`.>\......._..f.#.b]../=}Y.#...-?..Y...?.....e.........}...<.
[email protected](.....A....4.g]. Tj.\...Q .A.9.e-4.....I.'.Pq...h.W.O]...4....
...YY1.....<Tyq,.Q.....#.......(*..P{....B.*.T..>~..........7. .
..R.........R.....s.Y.h.*...S.ZII..x.?x......./...k....^....r...B..._1
.Q...}....}H.=[.<..#..~1.O.4.F.mg.3ju.s....Jj.....g?.s. *....ZWp""N
.....J...!*[email protected](....{..Ll...5~....c..Xo..o.x.i?ij...I...p..
?h.Q.Sp.jmH.t.8..Z.Y,[..Ch.Q.*_U. ....sAP.s..A..A....{.rh*[VzP{....P{$
.A].'........5....GJ.R..$.J.A.PC.4.........q........n..R..P.7%>
<<< skipped >>>

GET /teclado-para-pc/aerocool-arma-gamer_200x200-PU7a105_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
ETag: "d0ff59243ab63589144163f7b14a26d2"
Last-Modified: Thu, 12 Sep 2013 08:39:38 GMT
Server: nginx
x-amz-id-2: QZut7yXpWoq4VPWlafsm3WqA8iNJRI6WAT4XppiLldPR7RnIDLN2nZSvlfff4h62m7pHSvTsNL0=
x-amz-request-id: 3CC5DF4720F874A3
X-Origin-ResponseTime: 1422830427.306
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Length: 20500
Cache-Control: max-age=33024
Expires: Mon, 02 Feb 2015 22:39:59 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
...H................................!1AQa."#q...$23..%..&b...45Uds....
......................................=.........................!.1.."
AQ...aq.#2R.....B..3S..$4r..............?....).).).).).).).).).).).).)
.).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).)
.).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).)
.).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).)
.).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).)
.).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).).)
.).).*\...j.D.....R.c..EU_.s~..W.'..S....o.....[..c.%p-.n.."....O..6..
[email protected]#....R...W...W.\.......t...r.)..I.Q...b.;....%.#..n*.
..6.../......(..........?CS...P.....UTB..3.Z......UE../t.y\..b..w...R.
R.R.R.R..........dO.x.I|..>.>.*}.e../............L....t....>.
}./....'..B[J...A....'.J.....~;R.4.O....r.......)GZ.1.]c...uY.......?.
x...~....U..>i].......;..?..J-.2w..{V}?...........u....N...W...'...
...g.D...........i....?CO.R.........>....l..o...L...5..t....b..v..{
.........u....0~.......~......tT.........n;.O.........O.1W..."...#....
.o.L...4../.~oY.......^ONO..........5d......tf.&.....Q....O....92{*(..
...:B.;..6.. . ).y..8.....|....eH.r.Q.'[email protected].:\...<.j.2$...
.1...r..5..c..6.mc..DT.QB.....'.9'..p1...8...ad.....'.....k..e_.G.
<<< skipped >>>

GET /tv/sony-kdl-32r435a-led-plana-32_200x200-PU87629_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "adbd7a560de1f199f6713d78d8cd81be"
Last-Modified: Mon, 18 Aug 2014 17:42:08 GMT
Server: nginx
x-amz-id-2: DkAQwj2GbKZnkcW91l02UwulA9Qg0TjV9BTj1U8uvPyWTFnuKO 1PsGuMjJlLM1ic0PxZT4V1VU=
x-amz-request-id: 7766099BD97A4D64
X-Origin-ResponseTime: 1422816300.594
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 6739
Cache-Control: max-age=18925
Expires: Mon, 02 Feb 2015 18:45:00 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
..]...........................!1...AQ."2q......#EVa.....CRr......&6FGe
.....'cst..57DUWdu....................................0.............
.............!1QS...ARaq..."#2...............?........................
..............................................9..p5M=>#..k.EC...s..
..4..h{.....hn~e..\....^i..H9.-,.gFWRH.F..G..H..hu\m$j..Bt..">C..m.
7lJ@q.. .?..n..<.w.}....O.]...x.....%.........n.]q .............bO&
lt;...m..V_|y.~.....Y}....Z...(..`n..%..>.J.......%#....A.g:.......
...=.2......?}k.9.e..k.&?....Tr........p..Pl.....q....?}q...?....)..[G
7.YI.U.c....r..o.........>...;=r..s...-.......6..L(<..n.._.pe...
..;..>.S<..7'.1 .;..A.g..W..c.!..Sw.S.. ..9......^..'s`...48..n.
..j....5.5&"w..~.[....r....!..^..Q.V?.....^...sZdO]. ?.].].5.C....?.].
Pl....#.........(....n.../}k3..r..._.4....k..o.W.L...g.|~S...n.../}pyI
e0...;............}........-........2wPm1.).............Q.9...=K.Z..m\
.h.g.|..=J....8..{..d. ..r...q.,.?>.w.7r...q.L...n...9..A...G../.X.
o7.MZ......xeM5.D.9..H.dNsI.o.......;..m-UN....K.$.)..VGP..F..,'BF...3
...e.e....FN....\..}.?r.=......[..l.c..;v.......\.2....`..}b...~.f...H
..|-.(... ...D.bo.26....L...A"&j.F.J....... ..*(.([.K..;2=Uf.vc8...5..
#>E...!..>E.73.*/.Otj........Q$f.......7].". TI[....C.q...7..#w.
6P..8..0...r.p..v.j..^......&.a.......=..s1..3(.J....s2...0.J.....
<<< skipped >>>

GET /jogos/far-cry-4-signature-edition-playstation-4-blu-ray_200x200-PU93903_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
ETag: "0d835b98b4ef954bf78a337a647bac8a"
Last-Modified: Tue, 21 Oct 2014 18:52:35 GMT
Server: nginx
x-amz-id-2: 0ceIzGU7vzN/iG d8H8SsCT1pIOPHmj22NVkVoAedqVK4WneAIFy7AzJcQQ1MVQu
x-amz-request-id: B39167C20DEAC1F9
X-Origin-ResponseTime: 1422833864.612
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Length: 22977
Cache-Control: max-age=36489
Expires: Mon, 02 Feb 2015 23:37:44 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
..T...........................!1.."AQ.2a..#3qr.4B.....RVb....$U...%CSs
....5DETct.......................................G....................
....!1.AQ..aq....."S......2R....#BCT...Db.$34cr..............?....!...
..O...!5..,....IH.b|4<....u.).F...P.,.X.>$.P.L..h....X\.|......l
........H..sb....#..b..s/aX.O.............O.Tks. unq..............w.Yx
.O.>..V.....m....X_G..$....}................/......G.>..........
.x< ....D..Q......;.m .n..........x.G.>..U...U..................
}.bu>.}......x<#..=..bi...}.....t.J.......3...E..A...Q.....*...W
.`...........>..Nu....D.. ......{....~...`...]&..._....o...E....}.z
3>f=%.?.s..^w..=..c....i^...... ....^s..=..';..>....3...r.....Ns
..=....~..J..L.~e.#...?...0............$...*W.....9.p....v?H}.94.T.vJ.
.<..i.p....|.. ..........~ G,e....b.. Z*.iemE3......A]{a.......m.c.
G".$..D.`B....,..5}.....?..?.....8.;~.\=..X....'.l...N..2.....pv.....&
lt;..S.]..!hU...x.;...<Fc...,...qmF.o..D.(...i..gc}....."S4.Z3.W..T
.U2z....z....b..RTRO_.<.t.j.UI...8..j.q..MR.......V........U.......
.[[.T.W#..n1.T.Cb.4...{..C...5....O".m.g.....f...JK..V.M".]..{.V..G...
.......3..n...s...b......m....Q^.i.._Ur.Ln..?JL.eMJ;.....-)...A....L\V
.x.3..o./eOIK.U.....ff..0.TX......R....CC.PU...*..O.=1.N.qi.6..{.fm#A.
&....3k..W*...9X....H k...Fi>9..6,?YI.............g@:.@.#.t....
<<< skipped >>>

GET /jogos/grand-theft-auto-v-playstation-4-blu-ray_200x200-PU91c99_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "d866c2bbb2aaf9089f515d1948c96738"
Last-Modified: Mon, 20 Oct 2014 19:51:10 GMT
Server: nginx
x-amz-id-2: FY2osP2PgpJIq0t9NxadSMRkLNJhAeeoqB/dacIVq3s0HqA94e3JVrCtQFjAW0MW9EPT02hrP0k=
x-amz-request-id: 5CC687350705967C
X-Origin-ResponseTime: 1422863177.911
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 19067
Cache-Control: max-age=65803
Expires: Tue, 03 Feb 2015 07:46:18 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
.]............................!.1A.."Q.2aq.#8Bv.....3R...$U..WCGSbfr
uw......&(9Tdet.........................................;.............
..........!..1A.Qaq....".....2......#$5Br3R.............?..=.4hB......
...&.j...W..:.~.......?.5[l...K...t.j4.N..e1'OR.~Y.0.fB.p.8...z...86lN
[email protected].).F....S...HW....Q..VG.r3.4.ji.
.P..0....G....G.s#o.l.i.4..E.....g*.p.0..i.......)'........^....]U=..$
..2...\.Z...;.m........FQ.6..;[email protected]:....VYi~..S.
.!(V3.E. .w..I{G}..-vE..$...<...~...weR..75.].....U.Jb.A...u.S.....
....':.Y..e..m"..O..J..D..............>.y..Z.yIp.....uuv.6.......'O
.....}5*......?....a....t..J.|.!.....Z..wA...e].LV...X........J1..=...
].. .*.Rw.P............!.......=........*....i..$..i{..|.o..t.I)ZIIJ..
#..|..j.-.......8YD...%..T..q*....i.....<VfT.m_w....TZ.tR.......J.(
z.....I.........J6...).).,.....6.H..(KM...@.......:o..{.k. ....?n.M...
..].|._g......J..W...-.Pp..IJ.~.{.}[...5 #....k.......z....g.....{....
>Z.3..j|..U$...F.-2..4hB.>..........~..W..T............#j....=..
.r=.}..O.C...h..X..F..4!R.i}.*...{.........(...u....r.9..v.23O...ZQ.b.
w.Ea..j.z.a.>}.,..f{sN?.?...k>.}.7.*...h......=..A.R..V..[["(.4q
...w.}}..M...2o.OhW.....R............n.F...xe.w...m#...<.......Jv.U
..&..<..........]T..........N.)...n]......-..V...:..l.-...X..p.
<<< skipped >>>

GET /jogos/lego-the-hobbit-playstation-3-blu-ray_200x200-PU7ab0e_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "fb6e1be628e925e44b5efe3a56a73d3c"
Last-Modified: Fri, 11 Apr 2014 18:47:19 GMT
Server: nginx
x-amz-id-2: Ji/KaqudU0ulEPOH2G5UpOekYOBUPga/zvUn7yjdQIzhSCxi59dhPV2HAy CK3Vj
x-amz-request-id: FA8605A8316A2FFA
X-Origin-ResponseTime: 1422863118.170
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 18302
Cache-Control: max-age=65743
Expires: Tue, 03 Feb 2015 07:45:18 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
.V..........................!.1.."A.Qa..2q.#..$3BR....%Tr...&(5Sb.....
..47DGWstu.......................................A....................
.....!1AQ."aq.....2.....#.....34Rrs...5Bd..............?..=.4k *.}...]
3....'U...K-.....r....;}.._v<.. B.1.J.A..F...FqN....TRA..I.P.......
U....[...w...7..J......:.;Nw......P..p0...$...#j..%.........D]y.:.)...
.......2..Q.jm.nHZA (r.8.>.n..R.\.G.Q....J...#.. t.n.[s#[email protected]./X.
..R$.........n.).*|..)R..B.m..8I.....$.u.m3.w...M.j.G.. [email protected]
A...H]...u.....y...%...B.2.....?...O.gz...(...i/..".t..cVi...J.!=%..|.
.......P..y..A....o[..;.:...Q5'.>...^.M._....-..~...C...\F9 [.....s
..4.*K.Y....:v..f..4.J.u<t...=i.7.........r.".R..4.D..":..*Z....#..
.t..C..K..(.m.T...).l:.r&..F.J........H.ig..I..]*...XUf....5..Y.....Q;
R....H'..x...~.....[.[.<............o.y...8:..8....RJ.k...vx.8.....
.;o..{|*Q...t....[.Q..r.g]zCJ...b.i... .".....I...............{.......
G..?..}z..;n..l{j....-x.Z.....d.\XZP.y...q.J....#6_....L..A..lm.N.....
.6.G....u..k..Z.l.......ufF.W..k....Y..q.....d..z.9].~-v..6..mv2..:.R.
 ....g.\l...XI.ka.-r..x..3.).....}...S..#..{O......=.&.l.C.x..... ...=
.&.....z?.?.....?.....a..J(..F...h..F...O.{...O...S)t*.qQ........Vp...
.|.~z.....J.......j..~....X..L..p..........$u.e..n.....(............$.
...}.........`...).........].P%*.z...../.{~z...*...U.`6s.........7
<<< skipped >>>

GET /tv/lg-32lb580b-led-plana-32-polegadas_200x200-PU8f8d9_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "87091399969d0abe51040dffcc88f8c3"
Last-Modified: Wed, 13 Aug 2014 18:30:01 GMT
Server: nginx
x-amz-id-2: fllhqdIU9WGI8zLqMuoRlizGvNXgBJ XXUj8btGWRD6g06lSGqwuNxDIIBOnxP5lrVoCQ7JsuDI=
x-amz-request-id: 054F61EA5911DA3D
X-Origin-ResponseTime: 1422853627.948
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 11288
Cache-Control: max-age=56252
Expires: Tue, 03 Feb 2015 05:07:08 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
............................."........................................
.W...........................!1..A.."Qa..2Tq......#BW....$37RV.....ß
SUc..'4.drt.....................................3.....................
..!.1A.Qaq..."....2R....#BC.............?...)J"R..%)J"R..%)J"R..%)J"R.
.%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R..%)J"R......PV
.....Q...../.1..........z.LwT.. ..n .HZZYJ.....Z.N..J.AV...R9.G..QH.[.
....G.....h_,.......................z.....,. r.v.....Z.}<...l}j}...
.Z.]u}...j5...vG=]x.I.i r.t...>.>.....V....Zi;.........k.._[....
.JU.I[...?.........V..'.Ze;.../.....\.........TM%no...V..'.O:C.[.Z.}i.
.....Sw.Z...n.=uE..j.h s.t...>.>.y........L?|.c.'.}.U..3X......Q
4....:C.[.Z.}<...l}j}....N..~......T;...}..~..&..?.X_ c.S...!....O.
........[..UW^..j .....5.n........RR.K.R......'.\.X$4I8Q#H.p...X_ c.S.
........Z.}jcK]...E..p.....\c.......q.O....R.@[email protected]....:..56.?..
.. 6..@.....%D...G.... ........c.j}..........T7....C....R..........~- 
....O..M.)..h..........K.....v.|[email protected].. r<].(> ..YM%m..6..
.F.....<..lo.O...z...i.-|....X.....nR...Is......J..x.x..\...f.vz...
.].CQd;5..<...........pr:.'...i[Yi.>.[kK.WE$.............,...%jZ
.J....iYP^....Z.z.... .D[4...H.V;.@`(.x......%.............h.u..nF..m)
....s.},.c.*.{i.S.[v........X.mn..2..k.....U................b.i.m.\.O.
..!Kyn...FU.^..'..n..N...,...S..........D.....s.. .U...X.K.Lw....z
<<< skipped >>>

GET /monitor/lg-22mp55hq-led-21-5-polegadas_200x200-PU92528_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "a4fd53f876c8d68960fb249eda006d20"
Last-Modified: Thu, 28 Aug 2014 20:42:33 GMT
Server: nginx
x-amz-id-2: lRa2n4T55bID2eZi4yyK24MG1cXff8Ow5zYm6atEOC2OP07m3uT5TK1Ahm9YWGIU
x-amz-request-id: 2CACD7C3029D1F21
X-Origin-ResponseTime: 1422858173.065
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Type: image/jpeg
Content-Length: 10748
Cache-Control: max-age=60797
Expires: Tue, 03 Feb 2015 06:22:53 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
..S...........................!1.."A..Qa2q......#BRe......3Fcdr.....$C
Vb......%(467s.................................5......................
...!1A.Q"aq..#2...B..3....$R.............?........P..@(......P..@(....
..P..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P.
.@(......P..@(......P..@(......P..@(......P....}..m..7..YS........./8.
D.9...Gn=...z...>...;m..3......z..}.4.?......z.....e..j..9..@y....[
.Zf...>...w.........1....=..............;.0..u.z..^......J..g9.:..^
......J...y..S.p......KF.4....y.&/.P.Ez^6..t^...b}....L..'.......m@|..
.....N...O...........].X.m@w#....t.z...>...7.o..:h.V>4..j.....n.
[email protected]@_.;..Eo...t}..~.O.......h)... ..FB.<u....h
.h...1.....vi.}.0...4a.;.......C..x.X...L.5.... ....yW..$]....-_{?..?m
oU.>........c.J.5...`._1....U6."..wM.;L..?w.....-.....(<...$.*9.
...c.........r.'....U...7......"...s....!...?MRr....."s.'"5.R.'.d....[
h..V....K~..8..T......>..p.....<>U...*..%|^>./.U.%..).V?.Y
._.u_...........3.7.^... .<)..TU...8..............M...O.n}..T.Z..lq
.%.bChp.Hl..J.U.59.Dr..R...(.C6..(...76.W3}.../.U3J...o...Z^a..A[(....
G......MQ....:..Fjx.t.b......]..j..P..GK$..... ./`'.O*.....;U..t>.m
.k.m...Qm>..~..Y.;...!je$) .t.y{.T.9!...t....k.o.D.....6J`Z GP.....
. .d.]...i}N....x..1..$Z.g..R..}.,...]h(UW.g.W...K......t..\x..S&.
<<< skipped >>>

GET /hd/seagate-expansion-stbx1000100-1024-gb-externo_200x200-PU6e6ee_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
ETag: "997c629cece56983fef81157aa130118"
Last-Modified: Wed, 24 Sep 2014 18:55:20 GMT
Server: nginx
x-amz-id-2: u tqN/fJNlI/a3TKs7nU/ NEkvZ8HsY30tJbfvAPanEZ5OQ0YQtawVO6QUAGP/vw
x-amz-request-id: EAB6B6801153C369
X-Origin-ResponseTime: 1422832417.266
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Length: 4496
Cache-Control: max-age=35041
Expires: Mon, 02 Feb 2015 23:13:37 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
...................................................................?..
.........................!1Aa..Q.."q..2R.Bb....$3Ss...cr...........?..
M........................................................P.UQ.........
5...9.....{.[.....uS!....2...#....D....b.S>[email protected].'..R4=...<._.{
.[c...q.KS..;6........N..o..p...^~.C...Y...........8{..|..h...O....>
;....e.^.......\[U.tl..|..<........J...........|...{....K....Z.4.7.
...2..Y)gn...T'.v...w.h...o.[F.v.U.%...l.....!...J.~.......cV{.D..*.%d
.....b..U..j...\...p.h`..Q.......J..\e...S4.3..e..G..v.H....mW]U......
}. h...d4..r.5....,GP..c.x=..N.......[......F.w/~.dN~.............)r..
..."""..6o.at..._m.*m5..U.......3.h..0..... .S...`......<....m.....
..l.....U......q...Ahl..i.....}.....i.h.k......{....6..m.B.....u......
.3]....S.#....0.............N.).JvUj9.[T...........r..U...^?.x)..v.%E.
.n..xh2VQ..N.0z.0?7%..3..s [email protected]>..<...........\..
.W.T.^b|..'...J..A.s.<..G.........VdSh...M...~\Vl3.YqO.e.Q.U..Q..d.
...v.p.V.pW..G45]..Wu.....u_u.6..o1..}5x.X..N...-[....:sc.........~..R
a~"..[.W._ .:..X.*i....H..........""/..u..*..T5..W.A$on.. .A.E....&.6K
......XA....{..xq...,qk.k...5....\U...Y.TwYqTwYQ.wY.....eB..:|......U.
..{.uCU.Uc....R.}G.dX...'z...n56....e=e..9bw.\>.....z?._.Wl..G..^Z{
-..E.F.#..<..r......s...32.&I..$o..sN......DE......<J.y.v....-d.
W^m....=.y....DN....I..wz.e...!..=W...m.{.r.01..KH.......zs..U;~...7\:
...9........~.&:....YS.U;jG.J..\T.......{.uCS..5*7T....B.}Ou.%N...
<<< skipped >>>

GET /tv/lg-55la9650-led-plana-55-polegadas_200x200-PU8a7d0_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "6eac943a8c3db1bb95456fccc3cb4fe2"
Last-Modified: Mon, 11 Aug 2014 17:42:36 GMT
Server: nginx
x-amz-id-2: G7NhVKIWgTzcMq5Llb1jjPhTYLdoT0DG1E/R5c7uFbQ276Cv5zcbJ6S8gSrWUP3BISk9QIgl3CA=
x-amz-request-id: A5EBFA2249AE589C
X-Origin-ResponseTime: 1422851568.207
X-Origin-URI: 200x200
X-Server: el2-bpfront-02
Content-Type: image/jpeg
Content-Length: 15879
Cache-Control: max-age=54192
Expires: Tue, 03 Feb 2015 04:32:48 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
.]...........................!.1.A."Q..2aq......#BRUV.....3.....$ETbr.
...Ìs...456DFSetu.....................................A.............
...........!1.QAa...q."2S......#R..3Bb....5Cs.................?..S....
......................................................................
......................................................................
..........~j}#0U 4..M....R.........2i.1....K...|....h.>.t7U..t/....
.<...3U..A.._[...}..X.M...}|..2......... ..4y.?. W..r.....L..3..B5x
.V^....L..3..B.|~6\....\..3..Bu..s-.......].O......l|.....G.A.A...FZ.%
.m..<......R.....l..2.....x..~._..4y........d.3/...<....[?......
|..0|..w.G,..U...G.sL...5....'/K....j..O.../...<....h]....O....z\.D
.Q.R............o.......4........Z.....]Z..f....R.SJ(.v...I...lFI.~e..
`...Ev.....v..Z....GB..t}#yo..v..8..g.......H]J..Y~(*...P.... .j....z.
..'...2./x......@..:&B!...r#..........T.!...$h.,[email protected]...<)i[..
z]=..V.>[email protected]..?_r~c.M.?....m.CT.....ma K.\..>i .........
..gJ. sP... ....../....E?....R..........v...O..a.=..O....b.C.......z7.
.....!..O.".$..0H.C.?.......v.......0..Gqo....../........S...&4.wc:..R
...v..M.?&..N.l.L..j.".e.S.}....H7..........B.Pri.......F....o=......^
.I......2.....')rW%....)[email protected]..%MV.D\.T[........G ....
..bzH..),.3.L.PZ9buW*"..r....H.u..."..q..........6..#......u&.>
<<< skipped >>>

GET /console-de-videogame/sony-playstation-3-super-slim-500-gb_200x200-PU72efd_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: thumbs.buscape.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
ETag: "0d835b98b4ef954bf78a337a647bac8a"
Last-Modified: Tue, 21 Oct 2014 18:52:35 GMT
Server: nginx
x-amz-id-2: 0ceIzGU7vzN/iG d8H8SsCT1pIOPHmj22NVkVoAedqVK4WneAIFy7AzJcQQ1MVQu
x-amz-request-id: B39167C20DEAC1F9
X-Origin-ResponseTime: 1422833864.612
X-Origin-URI: 200x200
X-Server: el2-bpfront-01
Content-Length: 22977
Cache-Control: max-age=36488
Expires: Mon, 02 Feb 2015 23:37:44 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
......JFIF.....H.H.....C..............................................
......................C...............................................
......................................................................
..T...........................!1.."AQ.2a..#3qr.4B.....RVb....$U...%CSs
....5DETct.......................................G....................
....!1.AQ..aq....."S......2R....#BCT...Db.$34cr..............?....!...
..O...!5..,....IH.b|4<....u.).F...P.,.X.>$.P.L..h....X\.|......l
........H..sb....#..b..s/aX.O.............O.Tks. unq..............w.Yx
.O.>..V.....m....X_G..$....}................/......G.>..........
.x< ....D..Q......;.m .n..........x.G.>..U...U..................
}.bu>.}......x<#..=..bi...}.....t.J.......3...E..A...Q.....*...W
.`...........>..Nu....D.. ......{....~...`...]&..._....o...E....}.z
3>f=%.?.s..^w..=..c....i^...... ....^s..=..';..>....3...r.....Ns
..=....~..J..L.~e.#...?...0............$...*W.....9.p....v?H}.94.T.vJ.
.<..i.p....|.. ..........~ G,e....b.. Z*.iemE3......A]{a.......m.c.
G".$..D.`B....,..5}.....?..?.....8.;~.\=..X....'.l...N..2.....pv.....&
lt;..S.]..!hU...x.;...<Fc...,...qmF.o..D.(...i..gc}....."S4.Z3.W..T
.U2z....z....b..RTRO_.<.t.j.UI...8..j.q..MR.......V........U.......
.[[.T.W#..n1.T.Cb.4...{..C...5....O".m.g.....f...JK..V.M".]..{.V..G...
.......3..n...s...b......m....Q^.i.._Ur.Ln..?JL.eMJ;.....-)...A....L\V
.x.3..o./eOIK.U.....ff..0.TX......R....CC.PU...*..O.=1.N.qi.6..{.fm#A.
&....3k..W*...9X....H k...Fi>9..6,?YI.............g@:.@.#.t....
<<< skipped >>>


GET /safeframe/1-0-1/html/container.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: tpc.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Last-Modified: Fri, 14 Nov 2014 14:57:36 GMT
Date: Wed, 28 Jan 2015 23:47:14 GMT
Expires: Thu, 28 Jan 2016 23:47:14 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1786
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 394940
Alternate-Protocol: 80:quic,p=0.02
......n....W{S.....Oa<\...;..i.qD...RJ...8IzG.......<h..~W....{.
9sfxH...O..o..........1...x....Fc.h(.0....q.....cf..D.(a...%.....~.>
;.;..G..'.....$.Q. .kF...1.2;$ 9..>.......E.d..........t._#[email protected]
N.1gb........\)#...{..#Z.Lx*R...iG.(.:..c...t5..K.....HX.......(...L.c
.q..Grb......i...\dh..W.I...........<k.a...........L..nV`.../.>.
V^.?.I.Z.*_..Y.1..&S....Hb]iA.l. ..w..|.\....O...<.77...A...y..E.&1
..r.w{YoA...r5:p..i...n.....7..a.N..f.^..F.......I.,.R.r.Nc....;....!K
..'...$....7x...ij[.rX.'#.b.-..........]......].[.........6..vw.e.}jb.
:.....C:g.E3..Zk...HH.}..]b[.>...=%;.C.B.4...{ _.IW..4d.Y..F5.gOw..
....XV..x.%.H.J....`....!.L."\.^....g.:.~.a._.....v..r...f].s.g.[7.O..
e!P....H.\..T..=H.D.....[...0....u.....j..a.?.P...8..............Wn/.r
.<.>..wi.._>.z..#...TX.a..K ..w..^.. ..%.#gL...Th.,...`....7&
gt;{.R. ....}`'..J>..o......2Q..........m.....c..Se..|.7.."....O...
.Z.uK.o...w.....<^...G.'C.X .......D ).kUl......../,..jz.j..{C$.m).
.|....;..~4Rm.?_q......O.hY.M......N..J..*......L....L......Q.s.c...g.
..X?..)}C.0.Z.......7..r.Z.d...N...A.^.......p...c&g..........d..X...Z
MK[d.f.n..l...`.....^...C...L~..=I.%.:.x:........VGk.'.].3J..9.1.,....
......v...n...e..-.....3..../........h.n..m._.....g4.&..v.JH..0 ......
.3.:sX"Kyx..by.....4T.....$as..^h........N..L_A6.C{........G..8(..*D..
7........%...~.S..6U.....!8.s]..%.w .I.......*:.......|G...4W.(..c..T.
6.B.a1...hs.<[email protected]#..."5.Bp..`.m.*...9Ye.;I.........o .
....'.`6.3.Q.>.....S-|Q.>..u.. .n.L.&]....\.d`..3..`....q*;.
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 418
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:26:50 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"RequirementsCheckSuccessful","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:27 GMT
Connection: close
Content-Length: 0



GET /featurelimit.aspx?productID=1&uniqueID=55A7FF1E-3D08-4887-9474-250E52D97F7E&requestID=&version=3.8.3.0&language=&campaignID=&QuickScan=0 HTTP/1.1
Connection: Keep-Alive
User-Agent: PCSUService
Host: VVV.pcsuapi.org


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.0
Set-Cookie: ASP.NET_SessionId=1bhzojoibwgfvam4cqyf2o1n; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:31:57 GMT
Content-Length: 1
6HTTP/1.1 200 OK..Cache-Control: private..Content-Type: text/html; cha
rset=utf-8..Server: Microsoft-IIS/8.0..Set-Cookie: ASP.NET_SessionId=1
bhzojoibwgfvam4cqyf2o1n; path=/; HttpOnly..X-AspNet-Version: 4.0.30319
..X-Powered-By: ASP.NET..Date: Mon, 02 Feb 2015 13:31:57 GMT..Content-
Length: 1..6..



GET /partners/pcspeedup.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pcspeedup-7ff.kxcdn.com
Connection: Close


HTTP/1.1 200 OK
Server: keycdn-engine
Date: Mon, 02 Feb 2015 13:31:28 GMT
Content-Length: 6580288
Connection: close
Last-Modified: Tue, 16 Dec 2014 14:53:31 GMT
ETag: "5490476b-646840"
X-Edge-Location: rumo
Content-Type: application/octet-stream
Content-Disposition: attachment
Accept-Ranges: bytes
MZP.....................@.............................................
..!..L.!..This program must be run under Win32..$7....................
......................................................................
..............................................PE..L......N............
.....P..........xd.......p....@..................................4e...
[email protected].........
....................................................P...L.............
...............text....C.......D.................. ..`.itext.......`..
.....H.............. ..`[email protected]..
...W...........b...................idata...............b..............
@....tls.................r...................rdata...............r....
..........@[email protected]..............@..@................
.....&..............@..@..............................................
......................................................................
[email protected]............
@...string([email protected]......@...............................@.....
[email protected]@..:@..:@..:@..:@..:@..:@[email protected]@[email protected][email protected].
[email protected]...%..A....%..A....%..A....%..A....%..A....%..A....%|.
A....%..A....%x.A....%..A....%..A....%..A....%..A....%..A....%..A....%
..A....%..A....%..A....%..A....%..A....%t.A....%..A....%..A....%..A...
.%h.A....%d.A....%`.A....%..A....%..A....%X.A....%T.A....%P.A....%..A.
...%..A....%..A....%..A....%..A...S..........$D...T.J....D$,.t...\
<<< skipped >>>


GET /public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/winsoftware-flow-5-text-en-us.zip HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: zUEKDXmo9S8jMu9fZ pn2A==
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:26:24 GMT
Etag: 0x8D20829CB6DC993
Last-Modified: Tue, 27 Jan 2015 09:21:41 GMT
Server: ECAcc (rtm/3577)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: ba295d41-0001-0040-5fd5-783087000000
x-ms-version: 2009-09-19
Content-Length: 49228
Connection: close
PK........}d.D-.b.....C.......css/style.css.V...0.]'R..mT.]..y4%......
Xq.e...^..;~....TP..3...9.'.. z[-.\..U...ipI...O....."..bqG........{..
eI...'$p.....W....j.=~....Z..r...U...K.(......M*.B....{.s"........r..}
.M...c..$..:....RI(.'....o..h...dcn....!xC-?N.....\n4WU....s.h{..N....
..;p..qU..?q.$n..c"I...2 .n.-.g. ..([email protected]..."..`.5A..
%.R...I.....$.;..|....I...w...K..A.....^=...BY.u.....A}v........A..*z.
x.]...y|...).....W...h#.....` . X.L....7p..$.`...?..'......E,..i]N.N..
...=e.....^.U..._...i\do....#2.]..v..=.m...X..d....3K...3.G..4{......5
S...n...,.....Ui...x..v.m......qn.A.).!.w..:#.N.........;.....f...[.U.
..O..0.4......E...m.D....m/V.D>....P......W.bI..z..-Qg..c)....`....
......G.......4{a...n....x.$^8.7=/z.).,o....8.............).8.g..~{.h.
.MPo.wi...H..M.B..<..uv...W....2R "gOS.A.vr..PK........}d.DY.......
[email protected]/img1.png..yT........RQ^E..!T.b.dB.II..jP.,Q.meH&0..$.v..Dy
.u)..Z".....(..j...B..EZ.P.-...E.o."..s...;g.d.....~....;....._biak...
./...}......)v.Z3s..5%.......`?.... .... [email protected].\"
B.......D..rU.\A..p...\.J..p.*......JdVDD]....R..ysNP...5.k....K..n31a
..?J...t....e....>...b....::.4.K...... #.;... ..l.^19......Z...y...
.)u.eY..L..k....../..O..Ke...cB7.z...eA...A.m6..HI.N.9.....%..;.<%d
.':.l....6.7..,.. .~...l.z.M......k.}.p.tc7.j....(.H.....i....6.......
T.3#.u..^.I......s..|....t.i.9.Psqy_........^...f..o.;........B..|?.P.
u.E.H.5A........,.E..H$.....g...T."...d...D..$%.../.&..."."..g..3."j..
 ..T.......... ...E.."z.......G.D.4W.IH...............)T.L.)T..b..
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 422
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:30:17 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferDownloadCompleted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"clickmein ltd/vuupc winsoftware/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:29:50 GMT
Connection: close
Content-Length: 0



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 419
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:30:17 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferInstallStarted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"clickmein ltd/vuupc winsoftware/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:29:50 GMT
Connection: close
Content-Length: 0



GET /install.gif?bundle=webssearches&ptid=cvs&uid=535559167_198339_B48A115F HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: log.very911.com


HTTP/1.1 404 Not Found
Server: Tengine/1.2.2
Date: Mon, 02 Feb 2015 13:28:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 670
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>404 Not Found</title></head>..&
lt;body bgcolor="white">..<h1>404 Not Found</h1>..<p
>The requested URL was not found on this server. Sorry for the inco
nvenience.<br/>..Please report this message and include the foll
owing information to us.<br/>..Thank you very much!</p>..&
lt;table>..<tr>..<td>URL:</td>..<td>hXXp://
log.very911.com:8080/install.gif?bundle=webssearches&ptid=cvs&
uid=535559167_198339_B48A115F</td>..</tr>..<tr>..<
;td>Server:</td>..<td>us-pub00.v9.com</td>..</
tr>..<tr>..<td>Date:</td>..<td>2015/02/02 0
7:28:11</td>..</tr>..</table>..<hr/>Powered by
 Tengine/1.2.2..</body>..</html>..HTTP/1.1 404 Not Found..
Server: Tengine/1.2.2..Date: Mon, 02 Feb 2015 13:28:11 GMT..Content-Ty
pe: text/html; charset=utf-8..Content-Length: 670..Connection: keep-al
ive..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<htm
l>..<head><title>404 Not Found</title></head&g
t;..<body bgcolor="white">..<h1>404 Not Found</h1>..
<p>The requested URL was not found on this server. Sorry for the
 inconvenience.<br/>..Please report this message and include the
 following information to us.<br/>..Thank you very much!</p&g
t;..<table>..<tr>..<td>URL:</td>..<td&g
<<< skipped >>>


GET /public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/progress.zip HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: QvlbK6aqLJZcIUHooVxRIw==
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:26:24 GMT
Etag: 0x8D20829CB56BE8C
Last-Modified: Tue, 27 Jan 2015 09:21:41 GMT
Server: ECAcc (rtm/3561)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 42d5754f-0001-003d-2522-baac4e000000
x-ms-version: 2009-09-19
Content-Length: 85669
Connection: close
PK.........M;F...!W...........index.html..mo.8.s..?...T..6.M[....&..$.
.N....m..Np..i....N.8iR...Ikj?..v../.<.......".... ?.<^DIX......
N.q.im,.$@A.#.)g..>M..\..nR.QP|.`I?...p.............M,f..I@,..,.H.x
.3y..,.Tb..:.`...UWA.m2Y X*Q&.....W.r*nF....{...w.2...`.8.x....3.y Y..
!..K...x.R....2..Q,[email protected]....=...9....p5e`.........$u.'....s...&l
t;F..._.C..)W.l......X(#g.~...|p.....6%X.V....$-..Km_.aI\~..r*.....2..
h.n"..."7..4u>.5"...1..G*8:!...dUo.:.*..i){.dL.,..S'.#..m"4E...C...
.r...P.s.A..d........(...[.~..`.........% [email protected]...[... .. ^.T..B
@N..*.d.}R..$...9*...c.........t.8.1z...`*..)"..C.;..E.......P..R.W<
;......J.;...e.8.;..{.B{.&.>[email protected] q...F.*k.......I ..*..
h.w...1r@}..D....c.V9f......."#7.,....;K. e.M.^.{^.sUQ...eEr.(........
.O..Uy..Z. .g.....d...jT..~.};J...;.....V.....2..v...J.Nix....t....y{.
zZVC...l..-...\J..........Y.O....%T.7.C.....?X...D>~..x...x.?m.q...
...r.nc.Qc..GN.n..Z..1i ...z.%...dIw.F....A....I.fm.X.cU_.<..,(.&..
.s........Y....-.1.T..NH.._Td`@{....gYUe...wl.6.e..kJ.v?.p. .`G....D..
..."R9..q-.5=.....([email protected]>K.........A/
...1.s......h..T..;...>.P...(...2J......&.4.g...6.h..._Pr....3.=c.u
.y...a..@}o...N.N^...nUi..`qh....A.W..S..%..q...[.....Z..z.......S..4.
PZ&X....L...}.".\..g\.....Gp|(..`8V..)....NE.bSv...Qt.q..........:....
=..l.....i.|..0...n!"......-...U.{...e.u...@.. .C..Z..1R..P.....3.&..9
.p...JNf...I.T....\}E..jT...... ..*|..x.4.j..C..Von.s =.....=....#xc..
%.q...u.....bC.1......]w.aS%..._.E...I....9K....$.~.EV.... ....^..
<<< skipped >>>


GET /images/lavadora-brastemp-ative-11kg-bwl11a-photo2202269-7-d-34.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: i2.zst.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 2119
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Cache-Control: public
Date: Wed, 28 Jan 2015 14:47:33 GMT
ETag: "4eceb952-847"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Thu, 24 Nov 2011 21:38:26 GMT
Server: nginx/1.6.2
Age: 427322
X-Cache: Hit from cloudfront
Via: 1.1 1fcd1033bfe42d3b0b03eb4bfbf9624a.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Am7Lm9ARdAvXshEzUCDO5BWIqaOP4crtfpqxU-70Pu6tC5zoIiEe7g==
......JFIF.............C..............................................
......................C...............................................
........................n.n.."........................................
.<...........................!1.AQaq.."2.....BRbr..$%3...CS........
.........................................1!............?....,%.......0
.9....A.n.j.e..M...#[email protected],/.*.8tN- <7......<UIs.4.
.{.... .KU...........$s..3..6...&..........k.].jrs....9W..s.)*....Z...
[email protected]'u... ...o.3.R.(..v....f.....7<.8...=nH.g.n.
.p..p...9...}d..c..T.J.....t.....-l..............K..6.Y [....K..|.....
...b.M<.9.. .....q.V.......I...8~.I.r......:*..w.......fh....e...?.
...;A..... m.U-T5.6h$l.;.sJ..B..M..3-....u4..aN..c...;.p ..J.....3...R
..==...e..l3..........5..D}.....a9A#....G'7.).0.m..lmc..O..`..k.%3:9Hc
Z0........-z.eN......QK#....;.?...........i..6..Q.9NZ..x?8'.9.T....{}.
.....v"..3......7..~.%4........p=.....8.......H...p.....c.(.m...<2.
.H...}...{...z*;{ $...C.<...9s...I~..=.D&q..x..sP-C..t.....p;...9k.
.p.o....u^..O.RE]EP..i...vZ..".m;.h.5.OH..Y.$...g.........h.W.?...}..D
y...@` .K......'.Y.98.M'...F...!... ....-Gv...VL...p.gy...5.^....|....
.1..........'W............q..;.,.....#K^.8....j.i..XMc...Yc......gQ>
;.e5-u.s.K,..{Fx...c..`...Rl.i....AF.}...1..av.....F1...p....L....c..?
Ek..7.>.....T.8G..,`.>j......:.6...sG.'.S.dy..o.#....q.B.I.S..A.
#`.,..5....(".......xen...W....]..k.....T....HB.....>........_...).
.L...*G....QY.9t..G.....Ch...Qz.{.......8~.|....'.W......*........
<<< skipped >>>


POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 104
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","serviceConnected":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:58 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJH1zOoYiteHgktAQ1oBkA= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=510536
Content-Type: application/ocsp-response
Date: Mon, 02 Feb 2015 13:29:35 GMT
Etag: "54cf2178-1d7"
Expires: Mon, 09 Feb 2015 01:29:35 GMT
Last-Modified: Mon, 02 Feb 2015 07:04:24 GMT
Server: ECS (frf/87BC)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......P.s..)...... ..y.H....2015020
2064900Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H...
..G.3.b ^[email protected]...*.H........
......}...5'..2.....{...>.P'.p... ...ih$.F./.<..I..t.q'07P....r.
.Pgt...T....G.......-.:...0c6..H..>9SW..;9.......M.....>.e....N.
.S..>...3...::.B..G.0Rv..4......J..d..A.&.Q]>,....=..L<.u....
n..u.!q...G.....C...4...j&.l...GJ.P...?.VV...NR.F.U$...>.N.s$4=.`.*
.%.>.HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=
510536..Content-Type: application/ocsp-response..Date: Mon, 02 Feb 201
5 13:29:35 GMT..Etag: "54cf2178-1d7"..Expires: Mon, 09 Feb 2015 01:29:
35 GMT..Last-Modified: Mon, 02 Feb 2015 07:04:24 GMT..Server: ECS (frf
/87BC)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0...
...0...0......P.s..)...... ..y.H....20150202064900Z0s0q0I0... ........
.H...{....*.....04....P.s..)...... ..y.H.....G.3.b ^[email protected]
02064900Z....20150209070400Z0...*.H..............}...5'..2.....{...>
;.P'.p... ...ih$.F./.<..I..t.q'07P....r..Pgt...T....G.......-.:...0
c6..H..>9SW..;9.......M.....>.e....N..S..>...3...::.B..G.0Rv.
.4......J..d..A.&.Q]>,....=..L<.u....n..u.!q...G.....C...4...j&.
l...GJ.P...?.VV...NR.F.U$...>.N.s$4=.`.*.%.>...
<<< skipped >>>


GET /MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: vassg141.ocsp.omniroot.com


HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 1765
Last-Modified: Mon, 02 Feb 2015 13:20:19 GMT
ETag: "88f14fc79398c601e9a9021346590b46c5116c8b"
Cache-Control: public, no-transform, must-revalidate, max-age=339488
Expires: Fri, 06 Feb 2015 11:47:44 GMT
Date: Mon, 02 Feb 2015 13:29:36 GMT
Connection: keep-alive
0..........0..... .....0......0...0..........[us..Ni......f....2015020
2132019Z0w0u0M0... ...........]d...N....P5....0...l.|[email protected]./...
.j3."d..Ii...............20150202132019Z....20150206132019Z0...*.H....
.........:XBR5T..y....0;./."S.U.!l9.C.p,..H!SRR.....jJ....).b. .).....
......o... .e........^..\....4...H...u.4...9....g.R[..4.H...h{.r......
[email protected]....,j....r............f.......Fv......he..rL1Q.Cg
[email protected]......;ZX..D........0...0...0..
.........=......Ri..\..(.{..0...*.H........0..1.0...U....NL1.0...U....
Amsterdam1%0#..U....Verizon Enterprise Solutions1.0...U....Cybertrust1
.0,..U...%Verizon Akamai SureServer CA G14-SHA10...140410115548Z..1504
10115548Z0..1.0...U....NL1.0...U....Amsterdam1%0#..U....Verizon Enterp
rise Solutions1.0...U....Cybertrust1806..U.../Verizon Akamai SureServe
r CA G14-SHA1 Responder0.."0...*.H.............0.........f..).1.......
......Z.45..l. IB..r`...f....h.....h..._i'...J....|.c....E.D0bg.b.v...
.......:Q....W._U.w..3....i...k........t.....m.CO$..j@.....>..Q.m..
....1/Z.r......L..a.n..;..KoIY.......fk{..c..d...IU.......zy.X...zp...
F.1..F......b...Z...=9.o...N.fL.%Z.........H0..D0... .....0......0L..U
. .E0C0A.. .....>..0402.. ........&hXXps://secure.omniroot.com/repo
sitory0~.. ........r0p06.. .....0..*hXXps://cacert.a.omniroot.com/vass
g141.crt06.. .....0..*hXXps://cacert.a.omniroot.com/vassg141.der0...U.
..........0...U.%..0... .......0...U.#..0....l.|[email protected]./..0...U.
.........[us..Ni......f..0...*.H.............Fk:..%..H.:.|P.;..-3.
<<< skipped >>>


POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: PCSUNotifier
Content-Length: 204
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","installerStart":1,"silent":1,"affID":"2380","srcExe":"pcspeedup.exe","OS":"6.1.7601-SP1","ShowUSBCache":1,"noBrowser":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:32 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



GET /public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/yuupc-single-text-en-us.zip HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: h9NMolU10veq9lx9L2PUxg==
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:26:25 GMT
Etag: 0x8D20829CBB7A5B7
Last-Modified: Tue, 27 Jan 2015 09:21:41 GMT
Server: ECAcc (rtm/357F)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: fae29c98-0001-0031-6235-1dc68b000000
x-ms-version: 2009-09-19
Content-Length: 43261
Connection: close
PK......../I.D"G..I....L......index.html.\.o#7v.y.......|...4I..m.k Y.
..a..[.EA.P..3C....;,p.A...%}_...4.:.....4C.=....H...W....w#.,........
 .......L.K]f......^....B.:V?Uz}..4E...x.]..H..Y.T?.'H..H..:U.=L.?.../
...Q.0..O....... ..rK...XZ5?....z:.Q'.2..zU.g...Gw...J......../.....].
...`...........").).G.....ZZa.se..8..].f3...-d6....W..R....P.ee-l..g..
....i..N_..........8.`...pn....^w.L2.<F,z._<..Z...d...a..J..r...
=.mR.R].e.Pio ...i.........2..Yi .)p.ki.V&...?Q d.`m.."I..$>z.A...H
G:pK...1,|?.^.-.T.h.........,. .....u17.N...U..D...!s.K....|.&.M.s.l.i
..[? ...$3Na..k.K.K[r.....8.s....P=......".Y.b.t.......h....7..R..=.l6
xP.8......Nu.LUv0......O.....y..W/_.|.D$E......2Ds?.sL....Sx..:(......
... k.*)..`...g._2_..d....."...._....Ge..\..Cl.x|$..=../..!b.kO:......
..Y`l.ei.=.?.......V....8V<.|B\t.z% 1....3.....o.]5s.....r ^}{$..D.
G....../..,2PU....._..h..z.U.@$..7."U?.D...}.4^..Z.z..L..r.......$...C
.'...q....{...k.....U....)..6OHgg..6g..UD.-.u..f7.~.. ....r..k..6.k...
.....W.S..wr.'..g..,DF.K..nD^.2.h.O.z...1J1ae6.(....._?;*..2<.....I
...Ne*)AM..T.......=x.Z.8......\...[.*S..I&.;.m,.^...%&.!...B..W..h ..
:=.....RZ..z.|.U...eI......J.u.....,1.:....Ng...H.......qW`/.......W.*
..:=..w%..lgw..ki.4 V..w..2<...9...~L..].~n.lL..............*.9.5..
...*......*...hb....aA.D....yD..t>*R..`.k.(.pq....PK.3....i.......t
|9..[.0....z..'........w..ft}.^\....x3..... .~.....n.C!.|.........X\\^
...=?...._.........1..L/..q8.........o...0};.......@u >.>.......
.]..l.......?......g......an..}....... 1...o.........[..,.....P...
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 413
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:31:58 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferDownloadCompleted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:31:32 GMT
Connection: close
Content-Length: 0



GET /ThawtePremiumServerCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.thawte.com


HTTP/1.1 200 OK
Server: Apache
ETag: "4d58ccd5bbdbe45e62236fc9fe11cc3d:1422872422"
Last-Modified: Mon, 02 Feb 2015 10:20:22 GMT
Date: Mon, 02 Feb 2015 13:31:52 GMT
Content-Length: 11297
Connection: keep-alive
Content-Type: application/pkix-crl
0.,.0. .0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U.
...Cape Town1.0...U....Thawte Consulting cc1(0&..U....Certification Se
rvices Division1!0...U....Thawte Premium Server CA1(0&..*.H........pre
[email protected].*.0!....l.C`..L.
%|\.T...130819183955Z0!....T..W...p.[..%...100322161038Z0!....hx.....k
...7....130919164724Z0!....$#.R|..$.....j..130926101045Z0!...!P..6{.lS
[email protected]!...Da\v..........%..130920062728Z0!...>.e..-
...s[.2I...140418142220Z0!....dU...(...=...*..140801114607Z0!........d
.{#E..9`...130926061856Z0!....6..q.'tT..1.Q...130926062249Z0!.....cXzF
..(O0.|.N..131002103626Z0!............>..i....130528164218Z0!......
....#.P.......130716072254Z0!.....W........JH....130924125316Z0!.....%
.......R......100801221434Z0!.....M..HK.....x....130926060355Z0!....k.
"..z......64..130919082450Z0!...N..D...0....`H2..130829152308Z0!......
Q..m...A..j...100226190909Z0!.....-...k......h...130930085951Z0!.....}
.L....\/..$^..100407191443Z0!....1....c...s.>9t..100215170304Z0!...
W..._....%..I....130926063253Z0!..._._~gq.I.)[email protected]!...
..=X>...][email protected]!.............U.<....100318180248
Z0!... .(........n.S...130923202627Z0!.....k(....k4.......130919073042
Z0!....rF..O..#^.......100312081338Z0!.....:...B..=]Hsx_..130920011556
Z0!....]h..g.o....@\ ..100107184454Z0!...z..1).Ht.........100323155426
Z0!.... ....z.i.a.nl...100312213725Z0!...>.K.H.'.tx.P.....100319033
236Z0!...K.......Y.>......130815051547Z0!....>.ITt.Aw%*I....
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=489987, public, no-transform, must-revalidate
Last-Modified: Sun, 1 Feb 2015 05:38:09 GMT
Expires: Sun, 8 Feb 2015 05:38:09 GMT
Date: Mon, 02 Feb 2015 13:31:42 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015020
1053809Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.l$.%t...............20150201053809Z....20150208053809Z0...*.H........
.....?...b....NlG.asw.....n.g..c...... ..C.....^......j...._...lV.....
....e,.Il4u]....p....qF3.O...(..`..n...L...pn..X.'r.....'..B..&..z$VVz
.=..T5,.8.=.42....5.<...@... W.`.o...g....|...7..u1.%3x.)....?...[~
l......V..q2..B.y......1Wv{.R}2u%.=...9^...LvL...........#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>


GET /pub/opera/desktop/23.0.1522.75/win/Opera_23.0.1522.75_Setup.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: get.geo.opera.com
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:24:18 GMT
Content-Type: application/x-msdos-program
Content-Length: 27977216
Last-Modified: Mon, 11 Aug 2014 13:36:43 GMT
Connection: close
Accept-Ranges: bytes
MZ`.....................@...................................`.........
..!..L.!Require Windows..$PE..L...'..P.................(...........-..
.....@....@..........................`................................
...............b..........................x...........................
.................................@..d............................text.
...&.......(.................. ..`[email protected]...*..............
@[email protected]....)...........`[email protected]....
..........@[email protected]...`.A.......S3.;.VWt.f9.b.A.t....`.A.P.....P..
|..Y.nj'.v....u..v..=.BA..6P......P.....9^..].v8.^..3......hhDA.P.....
......P......P..pAA..E..E....;F.r.......P.J|..Y.24..j...lAA...t$..D...
[email protected][email protected]$..`...|$..u..@..
...3.....t$..D$..t$...`.A......t$...P.Q..%`.A....D$...V....t...P.Q...^
...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u...
L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9
F.~...f..Af..G@;F.|..6.....Y.F..>f.$G..^._^[...U..QQ....A..uVj.j..E
.P.5..A...tAA...t>.E.;E.w6r..E.;E.s,j*.w...P.#{.....YYt...l.A.j....
.@... [email protected]$...t..l.A...@...:V.t$.W.~
 .?.t..N..F0P...........!....~..t..v<.v$..xAA._3.^...U..V.u...|AA..
}.j.u.u..v$j....}.iu..v$j.j...z......u...V.P.^]....=..A..t...j....AA..
[email protected][email protected]...^..
.V..3.W.|$....F..F..w.......7.6......G.YY.F._..^...V.....f..f. .W.t$..
....Y..W........t$..6.....YY.~._..^...VW.|$...;.t#.f....f. ..w....
<<< skipped >>>


GET /bxk_v12/bxklogo.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 4804
Cache-Control: max-age=28880937
Expires: Sat, 02 Jan 2016 19:58:30 GMT
Date: Mon, 02 Feb 2015 13:29:33 GMT
Connection: keep-alive
.PNG........IHDR...............%.....IDATx..\.|M..?J..*5..<..<5.
uDUMEQC..c..V..H..4"1$...K...<.PjN.5.G.*.Md......9.nw............[g
........k..SEy&....C.....z5.H.~.?uE=...u|.....2j~cHq.b8Uc.aI......R..Y
.^...............e.....x...V!.....OJ..4.q..c....J3....w..*.2..w.^....{
%._.H.*..l(. .jy.....R;.I^>o.....-..Q.OB.........4....uN&.Ge.Cx.ZLJ
..A..( .......OEM.TT.l@..)(I.%.B........O...g...f....._..#q..j..>uH
tv...F..6b..l..../"no...2..4......!.a[...a...F|.o...&D.4b..l.....%....
..~.(.)..=..lb.{......n.D......o..d..mf..3....cc..[.....e..Xs..u...D .
~...k'[email protected]..."."."4'Tp..y..<
!.0.......6..&!.p.0..........0...K.5....GD...L.n..u.!..L.U..Xq...G...g
....K{.tu.W..4...4.J.......[.pW....z. ...D.'..n.m.B.'.:....LN.7q..Q..A
W..QE...<...J.....'u......U......>..<...x.....).m".....K...&l
t;;.o(...0...5.L. ...9...yp....yvT..fI..'.J.......I..;.._.......A..Y&l
t;..F~.D.!.....y.."9u....P....b.<.r..@..@..'...Yx. ..../EH.:o&4$...
.."....>Msn.XB.-y.....}....j<.g.G#_?..Yp>..G.....N..m..F94...
..a.g......:#......][email protected]..%.{......M..b...._.]".04.....g;.R.M.....Z
../.r..w.....Z..q..4h.%......<...=.T.21..................:.6.... .L
X.j..:.lU$...F.6V.t.e...Q..q........_...l...........BX....(...[@......
.P...mw.l.^.kE.....o....-.v......N.|....w }..^....U..x......Nr[....../
2....6"l.........([email protected].... ...KB.......!Fj....u....<...e
...*M."....{.2.....CK5......C....;S.......Z.f.?K..*a...]..J..|B.~..V..
h.....3......................l.tJpC.. ...2...%T.A1.\.h.ohgn{...|w.
<<< skipped >>>

GET /2015/01/31/31114408441072.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=474px:237 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 77249
Cache-Control: max-age=31532652
Expires: Tue, 02 Feb 2016 12:33:45 GMT
Date: Mon, 02 Feb 2015 13:29:33 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..M#i"..
I.5'..n..../...B...n.Z..3 ......To..sr..Ti.,~m..^...S.r....M.M.....o.o
..P!U...[n_......2|...m.z.(.....y..z...m%.5..\;.U.*.>f.............
..*..m...~fM.jQ^.Ue.....o......f..r...j.w....j......m...59!e....8.....
~m.F......*..7../..S.o1jG].m.(j*...Q..o mI...w..yk.}.]...W.j..tm..e...
....T......V.$.4k%.J.*..../...j.H...~.:..o".g.6......1..m....S|.|.Z.[,
....-...._kno.mP. ..Ww......j../...HW...h$s6..).o....R....m........M..
...N...\.k3-.......3n..cr...%....m7r.3E.Y.K ...2,l....H..*......_.....
./..57...S..-.SEf.~..k^]A..661..wK'....G........YWo.5...T..m....&.V_.&
.........'......!.~e...>.......;.....=.....j...Y...{vUY.U...'...W..
...W../.|.{}H.......b...P...,_..U..6..~jk....|[email protected].^J.m
..4B.w.{[email protected]./........V9W....j7..4.....Z.Ww.C....|
.AE8a..VU..j....g....r.._.y......*._....v.5..J.]M...fe.V./.g..j<..s
J..,L..[.......*.G.d_.kKR....Ag;\.....}.gX.U...(...0nejj |.......p
<<< skipped >>>

GET /2015/01/31/31141203282139.jpg?crop=w:w;*,*&interpolation=progressive-bilinear&downsize=222px:111 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 78379
Cache-Control: max-age=31532664
Expires: Tue, 02 Feb 2016 12:33:58 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....#L..
..?..G.F...>0.....\|...w..............#K....?..Wh.^.w..............
#K....?..Wh.^.w..t.3.| ....G{.i.g#-...I.A.iT:..x...._.q...s.......}...
k...8...#L.......X..~......O.4.;=.6......v........_.....|..E-{...K.#K.
...?..G.F...>0.....F..w..............#K....?..Wh.^.w...............
.Y[h.K{h.}.yW..Z.....?.uQm.....#...a>....C#.Ve.5....g.<-....U...
."...Z..K....}.?..g..A..|._../.|`....]....W.r..F...>0......3.......
Q.q].).di......)?.4.........j1J.{0.}[email protected]^7.........X....~..
.... ...?.kk....-..A....J..hM......<S..4...-...pU.......T...t....)I
.).d....o..|.?....cn?........S.H...x..e)Z.wm....Z0.......x.....?......
<....3B.*G8..Z..c.4......3#......?..._.M.{..W..2.5.[." 8,...W8..}N.
...e?....~3....A.x..H..d..|...t.,......<[...u.^$O9..=A..m.lx.......
...d9..."q...F).xc..H...I.].|.....E..g$V)Iu=.HZ..Z...z..t.GU.5..#,cg..
..V.Q....'*x..}.Z.e."..k;..fI.j[...2..V...B.}n..V....d_xOJ.k.".O..
<<< skipped >>>

GET /2015/02/02/02104626362107-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 10906
Cache-Control: max-age=31534374
Expires: Tue, 02 Feb 2016 13:02:28 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.....w}.
x.9.T.K......A!b.........#.s$v...]..|...W.~..ke...d.....m..c.z....y...
i.3.$n.......#=.....;.M_.....5.W.N....].R9.&.-...t..l.8Z...g.Vc..[6.S8
.....C....ClG...sYZ.;%'...M....U;.&..=...aS...4'..Y.o......\.Y..&.....
....c..../.(...F1....%..mf).i..DO$?'.........z.*.1.2.V.v8....K..k..'..
......'.%... .B......g.>........l1\....J.o.........._.....Q...1..*.
[email protected]}I.I.......y.... .~..-...o.]X.c...29E....~ .Xo
....?......d.t..'3H_.8.q.k.;.........^...9.4.gP....]B.1.B....0.....M|.
.........Y.i.../y..>..h..)..............V.v:....9o...mC.....x..m.V.
B!..I.C.....A......J...6..|6...6.yq.i>"..;.....y.:...=.G.Fk{.:.....
.5...cY..E.....4x...9........qi6...'iW:.Kq.... >......L.....k.p4.S.
.5............._..RT.....3..K84..i6..e..HI....?.A..8...<.i.i.o50.C.
.=8.^..|$....e.T.f....o...u. SN...4...c.f/..-..pW.S........ek...e.....
...7T.4./....m...a.Rc(.....V9$u...|a.[|/..........:..mm..9o.(g.yX;
<<< skipped >>>

GET /2015/02/02/02112705985226-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 4111
Cache-Control: max-age=31535865
Expires: Tue, 02 Feb 2016 13:27:19 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?... .iJu
......>....!N*Z1.....'..............0...R.o..Pk%?.*.4.{V..I..(."M/.
...M1q. u...h..?J........y4e..L.j...j..qg..#\M. ..r......s@...(...*...
.8V.......L.E.Vy.......$...T].a...D...zW........:...C.].K.....k....z..
.O....(.t~..h..D.#*..Kt_.qz....h.-....,..U.F9.g5....{.......~*..Ec....
`.H..?*.<.|........#.....2....m5;YX.9..|?..[. ".........X..F.....x.
.C1.o<.........8....z%...[....g\xSq..W..</q..t(.!]..W_..........
...)......=.>......W.O........xe[?/[email protected]...}.Vu.....{..........K.o.
._..>...(...(...(...l...e.u.GVc.(..V....O....r..c...X..../.......7.
..P.m....R.........-y..._.D.......l_.b..........A<.}{..J......h....
.....R:1..X.82\I.>...d.~.....1...4......../.Ev...-tM.0.E...@>O.W
.....@.<../.. ..5..|.u..BU..w.....g.w?.'.*.z...W.G.\~....*.....;.J.
....?c.jw.w,}[email protected].....|....5v..J...G?..i..|3q......BQ_..
()Y.....~F?..;.G.Wt..k......6.~.L...?go.x.wj...-....O....%.~...c.j
<<< skipped >>>

GET /2015/02/02/02111132989193-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 6781
Cache-Control: max-age=31534871
Expires: Tue, 02 Feb 2016 13:10:45 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....^*.)
..H.O.....il..j1,[G...j%......P.*.R.2H.........Q...J..ax.U...N.....PA.
.j;h...P.#..zT..$^.J...x....(.e.;.R.9...m.>o..y...q.^..{M`|].3|A.q.
....].~m......s.......r........J..mko..~.|...~.x....:'.|'og.[..^[....c
-..w<.._rd|..d.=kr...U......;=j..}..|........\.>....y...g.......
....u.....N8...C....g.....6.I%...O......F.&..i......9...tx......C.....
JuifU....jO[....[..._MO.~.e..5/t._...|;..:{=kD...e.{v.[.......*\.I..Pz
........~..?..4.'.....t...g2.e.*|..o....p.....4..o.-...MK.?..2..3.<
A.F?._..B...E.X.Mx.......7.O..O.|?..... ...!nIk(c.KH.1.'f..}.09......c
.,<.J.vvm.i.?.K{=.6..E.y.3*.)c.R....o4.......a.......\.g...........
O.f.fd .t.y'.G...._q.3..G..G.i:n....[ke...1.d`[email protected]?...>...,
...j.G.......sqt.VtxPs!m...#..k.<.k.o.2([email protected].
0......o\x.f..eYc&......f.r..7d...#.<....e\n6M.Rm.....y.....H....a.
.B..0\[[(...p.).,`.V .C\7.u.=|=.?.....j...[I.m6.m .3./M......J....
<<< skipped >>>

GET /2015/02/02/02104132034096-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 15513
Cache-Control: max-age=31533060
Expires: Tue, 02 Feb 2016 12:40:34 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?........
.[.T.H.{W;.[.....I.......53jw...>.p}.A...D.Y.IG....H.-..S.e........
-?y>p?..^..r]....XL.....55..um^_...z....W. ..zT../zI|.z....?M......
......T......~.<.n.#T.........m.)$..#...I.9...O.f...'..xg........?.
~..\.H.|Q. H/........I6..|.Z.*..5%y.._.|..|F.....L...d[X...`....q\....
..3].z...ct.. .....Eq.|X.... .5...YH..#4.:.P...._....x.Q..~.....<..
A/.l...wS.x.D..........3.s.*.\.......h]/..w?.5kv?.M..~..* ... ......W.
........?f..|..}...e..S.:[email protected]..........=..|M.....[.J.c.sI.4.....z..
?...z..Cqy5. ..|\/.=............xcK.^.f.s..dd....._.....k...,;....*...
.....N.J...).6P......... .I^.~Z.x\...9...?F<%.]"....C&zu...zO.....t
m.A...7.%}%....HA..........m..0.Gq._5ZQ.is..u.h......g..;}I'.\......W/
.G|D....n-l..=KVF..[.Zc.o...8..I(....j|..k~....w.....5.^.V...6...G..y&
gt;....:...........6...................1%...O.^7...............W....pJ
I?..&...}...S..I.....?....P...k.....c._]...U.!~....y...>h.k...V
<<< skipped >>>

GET /2015/02/02/02095317012015-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 8833
Cache-Control: max-age=31530191
Expires: Tue, 02 Feb 2016 11:52:45 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...Dq...
NX>_J...G..._M..u...?...j1.........O5....g..8...VD`.....f.cNT.>.
...{oN*......o..u<...-B....\......-......K..qT<S.{...[T..GX....m
J..........>.V...n?Z.........~......5O...:$*..`R&.#...?..q.........
.....%%...S.g.e.....^)...G.]..R....2../.......W..?. ..(..t..{{.......u
.z.B.&.K.....Jr@$..._../...z.....[H...d..,F.....O.F.N...X.....x.A.e...
......q.~...A..V..V&\..jW....O_.'.~G.y.......]>..........T.G.*..Km.
...oQm...5W.b...N....6.....A..x..^...{.[.}7^....-.....G......r......h}
Ph.o.k.K......e.?.U.c...\.2q......[......^....O.......GO..V.P...."?..x
..........*..eU;.4......Z^..RUh.2.....5...R...O...i.L|.....g...s......
m..e.......J...<d..{.m......D.?.*.}....Z........b..sF"...y..y..F...
......~4I}....|&e1...........eF..gPX $.q[K!.....I(..8..F.,V.;%{^...V-Z
K..O.5O.....^h..6`$1...\...3..=.......}I..X.t.v...#.........8..29...0G
...|y.......e..Kx.ds.*..$s!,..^L1%T`. .....f........v..x..]...uX-.
<<< skipped >>>

GET /2015/01/31/31151459476187-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 10895
Cache-Control: max-age=31376670
Expires: Sun, 31 Jan 2016 17:14:04 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..!.`.jj
...Y...$..... .A&..gz.x.Y.,.k.5,b............b.......J.Z.tD..Kn..g....
_...F...T..L.-...r.w...Eo.....|y..Z.vE...j.7-..RV.n............2...>
;.T.v..M.......w.F6A.l.p ....<.$...y!.....q.G.]?N2-......J...`.....
.............w.~0.o#.....(cp{.....~.x.X...|..ob$.....{......".....8..T
F.I"..E....0 l.b0..B...........I.>....~..,...o.|....j.........a..'.
g.X.;_.h/7..=In...'5....#..H..4m5mb.^.$r{v.} .o.../.\v?.w........DL..j
.Lr.y..q...Yn>T.*.G...Q.......v......t...=1u............ .._.."kv.X
.'..Ky.D.&.<.....f...<..........kosg..V.2....yF.$.w.....g..X.]..
A5....".<c....i'<..#..\t.Z."..Z...O.W.w.q. .....;~.>>.5...
..KS.iN./.!.....d~5....L.....uy6..}" Y.N....X....6W.s.H......x?.cG5.-k
.k......6q6y..#......n....1.<s.....kE.y.M..*.9f\d).....Z|..;.:...J?
;Z*...y..?3.kS...j..K.e..<..\......1...:.5..%....9|.7.,n.X&a.}..M..
.V.kO..M..N...4.6.4....|..nr.!.s.#h...9...c.9.\ir]]I..vH..#)-.wq..
<<< skipped >>>

GET /2015/01/31/31130302560121-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 6321
Cache-Control: max-age=31368828
Expires: Sun, 31 Jan 2016 15:03:22 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.......)
..........P..N<.1....G..9...g4Q}G...8.1..R..."....LQ...Zu..]F.n..#.
.!...<lx....6...Z.....k..c..HG.......kA.F...2Ggg$.....9..Tw5...z&..
S......N......J..f.B......?7Z..........j..._......=.......TC8.....Gc..
.... ....:..U.W=L.]..^"...........\#^[..g_/.=....x..Q$.Xy.3s%...37.#.?
3_._..d....Wq.....z}...7.t..W.$...B...y.8>.W.x........w.]......2..4
.Oi.....:gp$..^...9.$.[....z...JZ=......z.C4.*.q.......?.ak.*{..Wnrwq.
..}........O...M.]{G...'.s.....1.9.._'x..<...;......f.&UT...G\W....
.......].j.g.5..Kc..3....Y....Y....={S. I,`.<......w.2zw.~W.y.....g
..`z..".*...K..Q#..."nZ.n.j.v.X~.j.....0j0..#.:.3.J...8...MIM ....U.. 
S..rt4.r...Gq..FM:.A A.......E...#=jD.jo.RD2.I.*q.|.).b..R...5e.*...U.
..O&..[....xGP.......9../....0lzdW...K......UO..:_.\kZ]..a.....T....&g
t;A!.....J........e........z........-K..\6......,r;fLs..<zW.:..&..-
..zY5h...U......A....g?.~.~;.!.....v........=...#..n...).....|.i.x
<<< skipped >>>

GET /2015/01/31/31114811600076-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 11267
Cache-Control: max-age=31364303
Expires: Sun, 31 Jan 2016 13:47:57 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.....(..
.(.......o.....u..2.~..s.1...._.|J....~.?..Kq..|E....]....S.B..U..Scr.
*....I..t.>.........#.9.r.6........Z......>HJ.....0H...Z..3....$
.#.w..1..^........~..Eq*..$vo...&2y..0....u=i.9v...s....M.....<x...
........l..(..|O..R.m...Ie.UUs&.X.N..\..w./....~...<.z...O.....Z...
.....5...Y.JG.2..WR..A..q.7.>.'..d...z/./..^ .....z...\...N.[....wb
..._..... ......X.....V....&........A2.......6....#...3.....VO#|I.../.
.....O.U.O.s.e..$;.....09......m.......TA...%.........*.....z.c1.h..y.
....aQ..V4..].x.......l.wm...^k..nc.l....`Y<. e.~.T{.I=8..../......
....Z.4]>. ....tS..F2m.~................E...O.....xNmF;.....s.....#
.....m9..4.gO.?..?..?_.....y>$.R..$w.[...,..........q<n..p. ..V.
........<?..=#[email protected].}...P...g..G.......|9.w..^".o}.i.......
.k......Li...|....rA<.^.. ...] .~.E......x....s.Z........b.'.y.....
1.........).l..bN..'..q.......>WG......Q...>f~.~.>0......
<<< skipped >>>

GET /2015/01/31/31103021160031-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 12213
Cache-Control: max-age=31359612
Expires: Sun, 31 Jan 2016 12:29:46 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....!|Y.
_.U."..m.C.9.W.K%E.....D..,...8..3....E./}.4......!...[.MMR.;.l.)....[
.~N...{...._....o.?.u(..[t..Z.c`.../..?......#.....R.T..."..rvE..,... 
...wz....ri.!..o.5..8[.?...........qw..Q........4....^2......_H^K.^...
c..........SY..r..&..Y\..JK.brI.$.....W.'.....'...N..[..IEr..O...5/..?
.. ...f,G......@<q._...w..?...5.]j.....~#Z[../......n..x..a....W...
....................C<..RE8*G?....PVi3.Qr{....]....|#..n..;......&t
...%...r...g..n..1..5...[.....x.O.m{Gk[}..T...d2....R.Y.9;Pd.d.......z
O...kP.&.g.k.......%......^..@~..J....._..|....\x{....[....x..\.......
..s..V. ...e...>......5..r.c....WVk..._.~(^x..kB.....>H......r..
.4......l...].0.?. c.>...g....U......t....X...7...T.........l^.....
#m..}>...!B<...nu .......{.../..&H...8.O.k..~.x..d_gY.x...<d.
....}..a.4.y.6i.Q.9...{.o....\.&..Z}..c.M..[|../.s.q_7.....$}&.!n.u...
=.....j0....b.A...............!....o..~&..a.....o.F..h.@eI...]... 
<<< skipped >>>

GET /2015/01/31/31095233060003-t222x111.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 14823
Cache-Control: max-age=31357283
Expires: Sun, 31 Jan 2016 11:50:57 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................o...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..a.....
.^.............f.......5...I.........7...^...>.........w.}?....G...
Q.<Z....G,Q4....w.Y."[email protected]..=..&#.W.k_..g.....].......u.>..
.......]Cmq.N.2.......*#...Ym._..!... .....q.......?..........4.l.-x.&
...:[email protected].. ..1...E|ecu..y?|W6..XSq..OC...f_...._.'..t\..ee..mm
}..............V|?.c..4...Y..k...k n^.|w..I_.2.W................!.0...
.|e..|........*[email protected].{........:.J.F1...5..~6...&..>.......O..`... 
.l.......T........g5.._...O..~........\Kym..} .Aq)&I.....I,..rrk....C.
......&....>.e.-.X.=.........Gx...L...a.Ri.H...W......N...~>..C&
gt;....w.......x........w..._......~M...7.<.$...F'h.lf.#I..-.......
...=.?.....w.QIy.S........i>.........-...L..s.X...$..P.$.^../.2....
Z....-....i...Vh..$..-....R= ....9.r~....w......E>W...w.M.....u8...
[.F.C........(,.*.?..........>.......Aq5..A;T..i..U.!...5...>7j.
.//..'.z..g.4.$:n.....^...K*..Qc...X.T`..5*.q.........'...?...?F|.
<<< skipped >>>

GET /sd/screenshots/2013/11/081120130629104-t194x97.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 16352
Cache-Control: max-age=30198806
Expires: Mon, 18 Jan 2016 02:03:00 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................a...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..g.-..g
.u.......!.-...K<2X.. .&.`m...n..'#hQ..>.|x.......8.-B.V.k......
o.e@{....g...T...F.axg.... [email protected].[Z..j......g.-.H........-..[..
x..x.#....]b..R]4....>.f...1$eCD.Q...2U.5.st..J......v}.W...KV...Rp
..K.I.okr......~...d..._.5....|e..KM....(...........M.$...n.....!...:/
..../@..&.b....n_l..][.M......Y. ...xw.v..q.y4.[.........fm...PVU1...F
...X.....w........|O...0.~....g.P.7&.U...1........).w.8........j.....M
Y..m......A&.......w...z..#.g.OJ.W..o.}6..Z../.F..^.mP..M$....Q..F[...
.....oc.iF.....vz....-... k.%..ss:by.6...F.K..|._.._.......5..../.j]Z.
.w..bP.!.%C.p....3........3...o.f..;.2,).....kO!.b.......(".X<=<
 X{.t...VZ_.....g<...(U.....f...{[M.......x..a.u....}....S.}....Qr.
[email protected]....!.....B..S.."....c-#.PNp. ..0...Y.g...<Iy.^.Ox.m....
.-g.f..P.HE.H.3.2 <..}.~...........<95....7.x....R...=....1.W...
U$.q........5k.Y-<.......JR...X.f.w.._.mz.0|B......!2G.kZ.....R
<<< skipped >>>

GET /sd/screenshots/2014/07/100720143007825-t194x97.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 14536
Cache-Control: max-age=31322020
Expires: Sun, 31 Jan 2016 02:03:14 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
........................a...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...c....
...l.....5uc....3';.8........(......i....^x~.E...|..[...?.x.V...6.....
:yp ..BG.. ._..S.~..9.$....I.xN..U.L....bR........E.@'lBW.@....../.|D.
.i...n..G.f...H>X.P...i./..K.4L..w&.z..d...|.Y...e...!k....}..5...F
.O.i.m../....5C..x.K..M2 ..Zk...h...T.x.F2q..~.:o.~..|J.........K.ug.6
.B..W.7._..8RIX)...m.W....u..7......hzPM*t.P.|....N.....(U.GZ.>$...
..McE.....O..1"...wO........|.|.. ..W8..8<..W...hh.......L./..[.S..
.......=[...u..?...Z..........h.9......@$..m.q.w)...3_X^........Z/....
_..C.X..0....a..O...4ns..._&... ......'...okf..(&..YO>....m.. C...2
3[..S..N...;..t.n.?.nS.6K<M...../..r2.(....#..K[.7R..U.........x...
....JI&..$.U............}.....Z.....2.y...l.]....YATF..4E['.I.8.{.^..&
lt;s......my.Ik.F.0.H...?..ORH...u..'........u.........w i..s.).H..7Z.
|f.......P...m........-..K.h.g....>.....b.'.>....G...o.*=...#/..
....w.T..z.}..S..c.|.I..W.{....t.u. .R...]1..m.1..'.]7............
<<< skipped >>>

GET /bxk_v12/_sprites20130903.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 67153
Cache-Control: max-age=27949202
Expires: Wed, 23 Dec 2015 01:09:36 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
.PNG........IHDR.......K........Z....sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.03.09.13..k.....tEXtSoftware.Adobe Fireworks CS6
...... .IDATx...y.\U......;...JH.!$...i.!a1(.."....:...:... 2....:....
...GP...qD...0...B..!.l$!d.,..r..GU'.....v.....t...sH..s.s..Xk..w.j...
..B-...Z.1...c"~/.|..%_=[.x.).;"R...".Q.E..P.8F..q.B-...Z.1...c.j.....
...Y.xq..""..H-...i.CN>..j.CD...Z.1E.S..[..i..qLQ..:......E.S.9...E
..Fj......*g$..4R.8.w......Z.1...c.j..(."...&...}...g...guKK..4R.8F..q
.B-...Z.1...c.j..(.".Q.E..3....g...>[...H.4R.8&g5..|.......D#..c.:.
.9.H..H-.....u.-R.4R.8..sj.c.....".....rF".K#..c.B..c4R.8F..q.B-...Z.1
..D.^uO.W.......%RC..E..P.8F..q.B-...Z.1...c.j..(."....'.t=O...j.ED...
Z.19......j.CD...Z.1E.S..[..i..qLQ..:......E.S.9...E..Fj.....V9#....Z.
1Z.C.1..E..P.8F..q.B-...i....K.zfo.X..DjH#..c.j..(.".Q.E..P.8F..q.B-..
.Z.19Cmo..{.......@#..crV.5w<\[email protected]..?..".)..Z..".O#..c.:
..9.H..H-.....*g$..4R.8F t.8F#..c.j..(.".Q.E...B.C.J..u.D....!..".Q.E.
.P.8F..q.B-...Z.1...c.j....|r.D.%.......Fj....&...j.CD...Z.1E.S..[..i.
.qLQ..:......E.S.9...E..Fj......rF".K#..c.B..c4R.8F..q.B-...Z.1..D/...
%_={..E..%RC..E..P.8F..q.B-...Z.1...c.j..(."......[...-.V_D$...E......
...Z....h..qLQ..:......E.S.9...E..Fj...uN.sl....Z.1.u.U.H.qi..q.V..q.F
j..(.".Q.E..P.8.w.........v..--...H-...Z.1...c.j..(.".Q.E..P.8F..qL.P.
v.......H#.H-....D.xX3>E..Fj...uN.sl....Z.1E.S..[..i..qLY..:...?..E
..[.[..D..Fj..h....h..q.B-...Z.1...c|..~..sK.z..3..--...H-...Z.1...c.j
..(.".Q.E..P.8F..qL.P...G....T./"...."..YM....[[email protected]..?.
<<< skipped >>>

GET /loading.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/gif
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 4178
Cache-Control: max-age=27949402
Expires: Wed, 23 Dec 2015 01:12:56 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
GIF89a . .........................~~~.................................
...>>>VVV```|||......JJJlll...............,,,^^^...LLL.......
......................................................................
....!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,.... . .
[email protected]$.8.Gq.$N..A.3(..L....V....K|P(...:.(..r.B..._@X!/...BxBnb}E.g.
...o.r..E.g..^..oWD.c.....JC.g......oqm.o..........E.....{p~....r...D.
...}..M....d......K......r...........o....|..........].q.....` 9C.f).$
'.=...}.C.^.u..-.H..!...............O.K"1......5.&{j.T. .BBo..e....6..
<[email protected]?..1..)..G.b.K... .!.......,.... . [email protected]$&4.Bq.$..D..b(..
.....V....[4.._..:.t:"[email protected]..)...g.Bk_.o..E.g~.....#r.JD.g.xl.oWF.C
....~mg......o.D.....B.....w...K.!.......C.........wE... ...d....X....
.........r................s'...xM.&T$$..|M...C..... .A...Bl..d......K.
d.V..?oFl-X. .L[.J*.....6..!."...5\@....p..oI..m...N!Q.Xm..@...%2u:uH2
.\.R.#.a..!.......,.... . [email protected]$...Bq.$&.D...(..L....V....[$.....:4
P(.r.s..._...I...g.BxB.o..E g.w^.....r..FgW..oWD.cB......g......o.D%#.
.......v. JE..i.n...E...~..".#.L...d$....L....X.."yrv..E............d.
......)xWO.<2......I.&..1a......"..UJ.(q.z... ..k.Q.\" ....*.tRj...
O.}C....7":..s..dE& ...R*."#..-......=.L......Q.2s:d .q..V..... .!....
...,.... . [email protected]$...Aq.4...B..d&.."t ....jQ.P(....q8...Hy.."..3\HV$
.QB.m.{Oe..u....p.zB.eRu.mTD..C....W......m.D.....C.e..t.B..].....c.~.
....aV.jU.....U.f{.........L.....{[H.....U.........{............i.98..
\q....*....3...n..%...L.\[email protected]...*..9....}.t...I.*D9.x.
<<< skipped >>>

GET /ns/rexposta/layout/rex-default.png?w=220&h=165&mode=crop HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 26857
Cache-Control: max-age=29472929
Expires: Sat, 09 Jan 2016 16:25:03 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
.PNG........IHDR.............7w......sRGB.........gAMA......a.....pHYs
..........o.d..h~IDATx^..gt.W...........x........%...!..P..$.9..D...s.
98.gl.6..&...".....*.T:.]...Z.Z..-....{.s..B.................YV7B.. ..
.."{M0...!..X.......x.4....pi../m...Z9..t...........N..WF.......9.e...
B..81}..-].CK..d....g...Y...t..q.4.....26`\.....&f...Vk1..F.....S?F.).
...O`..........X{...........w7,...e...d~..........cX.m.Z.......D.. .).
.r .[.%....-.2.a.r.1....wF.^..9.-.....scF...y8.l.\6......Q.....}? ._..
...k1...........a..S..@..$Y...K....!.L....$..b.......G?......X.L.M.M..
..p.K.l$dr.X. ..YH:.6{...\..S-.....0..K., .qgQ.\.E"9!......7b(..l.'M..
....& .....V..8p..t].Q.........0.d..c.......?.d.H...;..m....".<h._G
:N.~.jC....d..}..p.$]..:.&.....O...tM..:...!...).v.i.*.....[....;(....
f.b&...........B....H.../......p?P).I.9"....\.)..:....q#vS.X.j....J.$K
.1.Rn..t.K..REI5...)..!..t4..A"......N8(1s<.p..^.A...#.........j.$.
gD .J...u.~..T0=.2.........ocF.....i.r...l.......%.w..*'.t\.Q.=.nZ.8..
k.o;.O..R.c...V$.......F.....RN...`.B?.......s.1,....6..Y.X*.{..t.$.Q:
3.q.iC.....1...7.;...f..J%E-!..4.J.E.l,.\,[.p?.Z.o.9/...;{..h...\>N
I_..]. d.^T......(....T.....J_..H...J.Y...e...S....[H..T......*. ^..o.
....(.=.X..<.T[..T3..s#{....~../...(!I....9UB..z.......H.~%....J..?
....?(..q....n....B-.......'kM......lz..|Rz)'Rm',.?%......r../J-g....s
....g..{y.....p.P...T....&...=.=.r.~../.d.p80..%..L..;..E.)..,K....E.n
0...p?Q.....#.,%.|.H....64...R>.."2...>..nc.i.2..8p....q..=.j_9-
.... .*}.L(3h.j%&..;../...J.xE.b....2m._...Y..[..H..X.........r0.L
<<< skipped >>>

GET /icon-reply.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/ads/rex.asp?utm_source=redirectProgramas&utm_medium=baixaki
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: img.ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Type: image/png
Last-Modified: Sat, 19 Jan 2013 00:00:00 GMT
Server: nginx/1.6.0
Content-Length: 1067
Cache-Control: max-age=28881924
Expires: Sat, 02 Jan 2016 20:14:58 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
.PNG........IHDR...............w&....tEXtSoftware.Adobe ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:2E6C67E36B5B11E4A50C
F8E4C75619A7" xmpMM:DocumentID="xmp.did:2E6C67E46B5B11E4A50CF8E4C75619
A7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2E6C67E16B5B11
E4A50CF8E4C75619A7" stRef:documentID="xmp.did:2E6C67E26B5B11E4A50CF8E4
C75619A7"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>...e....IDATx.b.{.8.....v .....X.....@.
...0.Px..C.)[email protected][email protected]...../(....0g.4....
@|....X.....*.{. ...`....@[email protected].. ... ..... .........p.2ni'.....IEND
.B`.HTTP/1.1 200 OK..Accept-Ranges: bytes..Access-Control-Allow-Origin
: *..Content-Type: image/png..Last-Modified: Sat, 19 Jan 2013 00:00:00
 GMT..Server: nginx/1.6.0..Content-Length: 1067..Cache-Control: max-ag
e=28881924..Expires: Sat, 02 Jan 2016 20:14:58 GMT..Date: Mon, 02 Feb 
2015 13:29:34 GMT..Connection: keep-alive...PNG........IHDR...........
....w&....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adob
<<< skipped >>>


POST /config-from-production HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-configs.buzzrin.de
Content-Length: 215
Connection: Close

{"os":"WinNT","osver":"6.1.7601 (Service Pack 1) SP: 1.0","lang":"en-US","uid":"c0322acd-5e5d-42f0-b163-c591ee6ff5b9","prod":"winsoftware/1.0/campaigns/paid content/","expiresOn":"2115-02-01T13:51:21.7718831 00:00"}
HTTP/1.1 200 OK
Content-Type: text/plain
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:23 GMT
Connection: close
Content-Length: 8695
{"certificate":"cyberservices","productSetup":"","windowHeight":389,"w
indowWidth":506,"product":{"version":"1.0","displayName":"WinSoftware"
,"installCodeJs":"","installTest":"true","files":[{"url":"hXXp://az687
722.vo.msecnd.net/public-source/downloadguide/winsoftware/1.0/default/
campaigns/paid content/exe/DoNothing.exe","localFile":"DoNothing.exe",
"cmdParametersJs":"","fileType":{"name":"Product","assemblyQualifiedNa
me":"Freemium.Domain.Campaign.Product, Freemium.Domain"},"etag":null,"
hash":null,"isExternalFile":false,"region":"default","version":"1.0","
id":"winsoftware/1.0/default","name":"WinSoftware","isEncoded":false}]
,"uiFile":"hXXp://az687722.vo.msecnd.net/public-source/downloadguide/w
insoftware/1.0/default/campaigns/paid content/ui/winsoftware-flow-5-te
xt-en-us.zip","logo":"hXXp://az687722.vo.msecnd.net/public-source/down
loadguide/winsoftware/1.0/default/campaigns/paid content/ui/DoNothing.
png","installationPath":"","infoText":"<p>We will not save eithe
r your IP address or other user data. We will only evaluate anonymised
 statistics for the optimization of the usability and our product. By 
using the downloader you agree to the usage of such data according to 
our strict privacy policy guidelines. Please read our detailed licence
 agreement (EULA) as well.</p><p>In order to finance our s
ervice we permit software producers to advertise their products in the
 downloader. Before the integration every product of our advertising p
artners has to pass a security control. Without a positive confirm
<<< skipped >>>


GET /vuupc/stats.php HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download-servers.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:31:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
e..21422883882LP9..0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 02 Fe
b 2015 13:31:22 GMT..Content-Type: text/html..Transfer-Encoding: chunk
ed..Connection: keep-alive..Vary: Accept-Encoding..e..21422883882LP9..
0..



GET /public-source/downloadguide/winsoftware/1.0/default/campaigns/paid content/ui/base.zip HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: az687722.vo.msecnd.net
Connection: Close


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=3600
Content-MD5: yfeb6HeSX7QcohHPlnHtCg==
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:26:25 GMT
Etag: 0x8D20829CB507CD3
Last-Modified: Tue, 27 Jan 2015 09:21:41 GMT
Server: ECAcc (rtm/3573)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 27349f6a-0001-000d-7a05-363045000000
x-ms-version: 2009-09-19
Content-Length: 34496
Connection: close
PK.........`nEP...............index.html.VQ..8.~...a..........&=q.Ew.`
.....M..wS;........N....p.....=.?.3cO...W..O....y1~.(n.A.#..F.[a.....&
gt;~.....r2...?W.!a.%-J;.Y.. ......F5...9..m.........B..%.f~j...E..].h
rD. .8M..E.7.gE. pDM.Ei..4aw&..\.^....a.,.....F.......k..*[.AL5.#|u].B
d6...g......Q.r;....}..}kW.,.r6.ac5.z&.h.1..v..../.V2.BI.R....k.3.Vs.5
...,.n...;.1......H`!d..!I.Z.".e..5.9...o.....0...{ga..5.m&U.q.. ..z.k
)..Z...I..RQ.It..jN......."#....zwRM.v...B.\-...bo..%uk.@......}....l1
[email protected]..#.w...........G.:9P.X.-......
......>4.........;.............g} p..G5O._...d.t#`..e..|O.H.vE..VZ.
...[?...@#................Ai......q#..*....,j.wY.......O....).0.i....H
...e........v..N.o.J.7.gn..\U.;3... v7....Y..Eu......H.n.].T...P.....g
...1au..|9.Jb.N.........-l0B....\...*.9n...Q.JSp..{.z..Q9...%.....0..W
..ug......q.G.L....]%lg6.<qD<v............k%_j....TMc.....2...G.
...{.T7..k...C2.'.9....T..Tj...:N.C.M..?..C.DD=...mR:.uD.Ymd9..qYp..qS
z.J&_>.J.>.V.-?......U:C..!...*..$B..uA.5...PK.........`nE....m.
..5.......css\style.css...n.0...C... [email protected]..&..H.(...../M...]......
.......4q.......n..YXL...x4k....g<z..v..X.,.(...q3*.7&./M.2T..P.,-H
.....L)YT.....y].>.p......)Y.....|.) U.oCp&..Y./....EL...q..m......
..C....s..;[email protected]....>..=5..".....9...5O.d.;d7K..h;.aUH.'.. .
.K-.u.s4nX'. ...W.|...6.W.W........?#...............Q.^..y.h.m...n.4L_
.i=.....................R._A....W.... sC.1]V...PK.........`nE.H}.1....
k......js\jquery-1.10.2.min.js..i....0.}[email protected]...'.]....N....;
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 369
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:26:52 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"ProductShown","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:28 GMT
Connection: close
Content-Length: 0



GET /bxk_v12/logo-nzn.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ibxk.com.br
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Location: hXXp://img.ibxk.com.br/bxk_v12/logo-nzn.png
Server: Microsoft-IIS/7.5
Date: Mon, 02 Feb 2015 13:29:46 GMT
Content-Length: 166
<head><title>Document Moved</title></head>.<
;body><h1>Object Moved</h1>This document may be found &
lt;a HREF="hXXp://img.ibxk.com.br/bxk_v12/logo-nzn.png">here</a&
gt;</body>..



POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: PCSUNotifier
Content-Length: 253
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","installerEnd":"WV-6.1.7601-SP1-DNF-4.0.30319-RID--TC0-RIERROR-AX0","silent":1,"affID":"2380","srcExe":"pcspeedup.exe","OS":"6.1.7601-SP1","ShowUSBCache":1,"noBrowser":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:32:00 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



GET /aep/css/baixaki-970x200-v3.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: akfs.nspmotion.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "2bd8c6a06faa6cafc93d70064221c7d6:1413382911"
Last-Modified: Wed, 15 Oct 2014 14:21:51 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Encoding: gzip
Content-Length: 26315
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
Vary: Accept-Encoding
..........|.G..\..7v..O..2>"..-K..sfb.E......<o.ey..P......}.T..
.N.....?.[.....?.....E...........y.(....z...].8.C .......`..1._...o...
.......K....._.t....OS..6C._.......{9... .............5....._.....5...
..>]......u..._.....tK.=..........o..8.........Og.#K....._....f....
.4...........#:.c....l...<a.S............w...p...3..wj...m...c.T.k.
......;i..Rv....u..=._.....g[[email protected]..;..w.........>.
..........s.k./.6...Dx....?....f...3dR.{...x._...'..W....7....G...r1.0
......P..'._{h....0.Y...3.....;d......u..._.....s...,.k.P.........'..D
'.=...==#.9./K....n......C.I..w|...F.\R..x............G.Py..T%..f}~(..
. .<Z.....g.S.O........1.gT..T.m4.....T..F.~.x.w=n..{...K.h....^.:.
.....&a,3...... .!..6.\.L...M.6t..1T....UV.../.w.lw.....i....4....m.=P
........:a|.\.........P.."=.zw..dv.c.)....Q....G!y[p.....e.5l....!..._
..P...t#..b.cT....7.^.\....}Ik....$.1....~j..!...... ...V..k.O=.~...;j
[email protected];.....*...}...G..p.\j....KX>i..
.)... 2._..q.\...H4.....b?n=<-..L..t^uR....L...O.3.y.......l..i.3.~
..~......3....c}......t)..."."....,...O..$_V&.3.I.b........<xg.....
G...?....I...(....z....r....F......V...Z........l{.i.y.a....U....w..{.
..p...S..Cl.n.F.~>$.P`.4q.7......*.....K..Q......FEL.u..6 $...;u.4?
...2.....L.Y.._..5.......|....0.i~..![...b.B&...6.d.'.mH..%c}..b..K...
.5........".S Y....K.#i...``u...2]r9..yH......_;............t.ay..u.}.
#-....0/..,t!...Y.|b...H...g..wy#.L....L..0Cr...YcBI.8Q..}...r...E._..
..... !....s=53.N...g1..].....S.i..|%u..A..P..5.....{(............
<<< skipped >>>


HEAD /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: redirector.gvt1.com


HTTP/1.1 302 Found
Date: Mon, 02 Feb 2015 13:31:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://r3---sn-3c27ln7s.gvt1.com/edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1
Content-Type: text/html; charset=UTF-8
Server: ClientMapServer
Content-Length: 613
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.02
HTTP/1.1 302 Found..Date: Mon, 02 Feb 2015 13:31:39 GMT..Pragma: no-ca
che..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Location: hXXp://r3---sn-3c27ln7s.gvt1.com/edgedl/chr
ome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirec
t=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=14
22883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,
pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E31
3BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1..Content-Type: text/html
; charset=UTF-8..Server: ClientMapServer..Content-Length: 613..X-XSS-P
rotection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Proto
col: 80:quic,p=0.02..



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 410
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:31:58 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferInstallStarted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:31:32 GMT
Connection: close
Content-Length: 0



GET /v4/searchprotect/535559167_198339_B48A115F?action=visit.heartbeat.cvs&update0=ref,cvs&update1=nation,us&update2=language,en&update3=version,4.0.1.1716 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 02 Feb 2015 13:30:41 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"0.51 ms","message":"store 2 action and 4 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 02 Feb 20
15 13:30:41 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"0.51 ms","message":"store 2 ac
tion and 4 update "}..0..



GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.ds HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Mon, 02 Feb 2015 13:28:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.28 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/1.6.2..Date: Mon, 02 Feb 201
5 13:28:13 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encod
ing: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-
version: v4..48..{"stats":"ok","time":"1.28 ms","message":"store 1 act
ion and 0 update "}..0......


GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.nt.ff.tab HTTP/1.1


Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Mon, 02 Feb 2015 13:28:17 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.47 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/1.6.2..Date: Mon, 02 Feb 201
5 13:28:17 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encod
ing: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api-
version: v4..48..{"stats":"ok","time":"1.47 ms","message":"store 1 act
ion and 0 update "}..0..



GET /home/cvs_webssearches.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.girlwurina.com
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:27:16 GMT
Content-Type: application/octet-stream
Content-Length: 291424
Last-Modified: Mon, 02 Feb 2015 07:47:57 GMT
Connection: close
Expires: Thu, 05 Feb 2015 13:27:16 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......EN.E./.../..
./....N../....{.>/....z../...WS../...WC../.../..}/......./......./.
...M../..Rich./..........................PE..L......T.................
............:............@..................................\....@....
..............................9..........P............V..`....p..`...`
...................................@..................................
..........text............................... ..`.rdata..l............
...............@[email protected]...*[email protected]..
..........`..............@[email protected].../[email protected].
......................................................................
......................................................................
......................................................................
......................................................................
...................................................B......U..V......B.
......E..t.V.....Y..^]....j....B...2...u.3.S........]..^..^..^..^..^..
^..^..^ .E..9].u(.E.P.M..E.|.B.. ...h(&C..E.P.E...B..[....u.V.....YY..
.Q3.....j..[.B..j2...u.V.E......&....F.Y..t.P.....Y.f...F...t.P.....Y.
f...F...t.P.....Y.f...F...t.P.v...Y.f...M...........2.....U..V.u......
......B...^]...U..Q.>.u$j..M.......>.u....yC...yC....M..........
[email protected]...^..U..QVW..j..M..*....G...t....s.
H.G..w........M.#../..._..^....P.B......t........t...j........;q.s
<<< skipped >>>


GET /images/lavadora-brastemp-ative-11kg-bwl11a-photo2202269-7-d-34.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: i2.zst.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 2119
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Cache-Control: public
Date: Wed, 28 Jan 2015 14:47:33 GMT
ETag: "4eceb952-847"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Thu, 24 Nov 2011 21:38:26 GMT
Server: nginx/1.6.2
Age: 427322
X-Cache: Hit from cloudfront
Via: 1.1 69ae15d1338b64299d3942a44fc1fb96.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 2DdzXnpBBdcecXrfZxqiHrqh88CarDgxDBU_tObB44KDt0CJSCMKvw==
......JFIF.............C..............................................
......................C...............................................
........................n.n.."........................................
.<...........................!1.AQaq.."2.....BRbr..$%3...CS........
.........................................1!............?....,%.......0
.9....A.n.j.e..M...#[email protected],/.*.8tN- <7......<UIs.4.
.{.... .KU...........$s..3..6...&..........k.].jrs....9W..s.)*....Z...
[email protected]'u... ...o.3.R.(..v....f.....7<.8...=nH.g.n.
.p..p...9...}d..c..T.J.....t.....-l..............K..6.Y [....K..|.....
...b.M<.9.. .....q.V.......I...8~.I.r......:*..w.......fh....e...?.
...;A..... m.U-T5.6h$l.;.sJ..B..M..3-....u4..aN..c...;.p ..J.....3...R
..==...e..l3..........5..D}.....a9A#....G'7.).0.m..lmc..O..`..k.%3:9Hc
Z0........-z.eN......QK#....;.?...........i..6..Q.9NZ..x?8'.9.T....{}.
.....v"..3......7..~.%4........p=.....8.......H...p.....c.(.m...<2.
.H...}...{...z*;{ $...C.<...9s...I~..=.D&q..x..sP-C..t.....p;...9k.
.p.o....u^..O.RE]EP..i...vZ..".m;.h.5.OH..Y.$...g.........h.W.?...}..D
y...@` .K......'.Y.98.M'...F...!... ....-Gv...VL...p.gy...5.^....|....
.1..........'W............q..;.,.....#K^.8....j.i..XMc...Yc......gQ>
;.e5-u.s.K,..{Fx...c..`...Rl.i....AF.}...1..av.....F1...p....L....c..?
Ek..7.>.....T.8G..,`.>j......:.6...sG.'.S.dy..o.#....q.B.I.S..A.
#`.,..5....(".......xen...W....]..k.....T....HB.....>........_...).
.L...*G....QY.9t..G.....Ch...Qz.{.......8~.|....'.W......*........
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6f29061aee1e4a10 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..C
ache-Control: max-age=86400..Date: Mon, 02 Feb 2015 13:29:35 GMT..Conn
ection: keep-alive..



GET /files/third/2015/01/16/172511/350/XTab_4.0.2.1716.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.alchcz.cc
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:28:53 GMT
Content-Type: application/octet-stream
Content-Length: 2463400
Last-Modified: Fri, 16 Jan 2015 09:25:11 GMT
Connection: keep-alive
Expires: Wed, 04 Mar 2015 13:28:53 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
p.y....I^.@..,....s..pG0......V...PL...N..PL...N..PL...N.n..0.@......,
...QO..9}.$...U...ZM\....!../...x...........Sw@.*H&......Kw........p..
.rr.F.n.U...C..N"SPN.?`E.....}[email protected].[..%o....C.....~F...PL...N..
PL...NQ.b.5..kM.QYD........h.;..{.......- .{.tG.K.........|ag12.$.....
.,8..A....W...".$:.[.pJ..s.h..x.4M...-6.4M...-6...R.}.J...PL...N}V.#R.
.m...w......PL...N.i...o)...PL...NJR!Yw..v..PL...N..PL...N..PL...N..PL
...N..PL...N.....3$...PL...N..PL...N..PL...N..d...8"....._r...j...Z...
PL...N.....Tq...&..8.{..E...Qe.t7W...S..PL...N..<....Ncx....z..n..t
!..J...Z.9...PL...N...4.u..5.;.6z..=.. .e..Q* ..`M...PL...N...4.u...iw
U.>..H....f3...PL...N..PL...Nj.G.....bd6..q\..B.=S-....#VY;....PL..
.N..<....N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N.
.PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...
N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL.
..N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N..P
L...N..PL...N..PL...N..PL...N..PL...N..PL...N..PL...N.H..h.......:....
.....4.C.A..rM8L.Q..D../......_,..b.9.......OnKA.zj\,.....b.8mW...'...
.u.~?..5../...i........x.....7.._...dL.W....^...t..../.....Y.....<.
.....$E..........L.p.z.s.R.....:...([email protected]..|. ..0.1.n..F...]..
?..c.<"...f.............2r.....o..h`..t#..*..0D*..1..xLL.....5.q...
&..Fj..L...3..!Ltc.n..\"*4....y....h7 ....y /.......&...F.V VU.....`..
}.....2..4.z..F..4.z..F..4.z..F..4.z..F..4.z..F..4.z..F..4.z..F..4.z..
F..4.z..F..4.z..F..4.z..F..4.z..F..4.z..F..4.z..F..4.z..F..4.z..F.
<<< skipped >>>


HEAD / HTTP/1.1
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-configs.buzzrin.de
Content-Length: 0
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:23 GMT
Connection: close



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=510959
Content-Type: application/ocsp-response
Date: Mon, 02 Feb 2015 13:29:35 GMT
Etag: "54cf28fd-1d7"
Expires: Mon, 09 Feb 2015 01:29:35 GMT
Last-Modified: Mon, 02 Feb 2015 07:36:29 GMT
Server: ECS (frf/87A7)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0201200000Z0s0q0I0... ............([email protected]....>.i...G...&...
.cd ...._.M.[........?;....20150201200000Z....20150208200000Z0...*.H..
...........0...y.y.~d.SJ.u....-.....\..`{.l..P....$.T.&.g...0.......J.
.o..O...bA......][email protected].,......
......#b........S.>..M.....]P.=F..s.../R..[H....[G../F.R......P2...
u#......5!.%..........D.......e_7/o..DVV..D.....y.[q[>.\..#.
....


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1


Cache-Control: max-age = 510959
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 02 Feb 2015 07:36:29 GMT
If-None-Match: "54cf28fd-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 304 Not Modified
Accept-Ranges: bytes
Cache-Control: max-age=510959
Date: Mon, 02 Feb 2015 13:29:35 GMT
Etag: "54cf28fd-1d7"
Expires: Mon, 09 Feb 2015 01:29:35 GMT
Last-Modified: Mon, 02 Feb 2015 07:36:29 GMT
Server: ECS (frf/8796)
X-Cache: HIT
HTTP/1.1 304 Not Modified..Accept-Ranges: bytes..Cache-Control: max-ag
e=510959..Date: Mon, 02 Feb 2015 13:29:35 GMT..Etag: "54cf28fd-1d7"..E
xpires: Mon, 09 Feb 2015 01:29:35 GMT..Last-Modified: Mon, 02 Feb 2015
 07:36:29 GMT..Server: ECS (frf/8796)..X-Cache: HIT......


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJH1zOoYiteHgktAQ1oBkA= HTTP/1.1


Cache-Control: max-age = 510536
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 02 Feb 2015 07:04:24 GMT
If-None-Match: "54cf2178-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 304 Not Modified
Accept-Ranges: bytes
Cache-Control: max-age=510536
Date: Mon, 02 Feb 2015 13:29:35 GMT
Etag: "54cf2178-1d7"
Expires: Mon, 09 Feb 2015 01:29:35 GMT
Last-Modified: Mon, 02 Feb 2015 07:04:24 GMT
Server: ECS (frf/87BC)
X-Cache: HIT
HTTP/1.1 304 Not Modified..Accept-Ranges: bytes..Cache-Control: max-ag
e=510536..Date: Mon, 02 Feb 2015 13:29:35 GMT..Etag: "54cf2178-1d7"..E
xpires: Mon, 09 Feb 2015 01:29:35 GMT..Last-Modified: Mon, 02 Feb 2015
 07:04:24 GMT..Server: ECS (frf/87BC)..X-Cache: HIT..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEFDCHiL8lcx+/7bkTzDOA4Q= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:31:59 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Sun, 01 Feb 2015 17:50:14 GMT
Expires: Thu, 05 Feb 2015 17:50:14 GMT
ETag: 536B354D6EA2E2CC4A8CAEFF2C5E462D86FACBB7
Cache-Control: max-age=274094,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: h6edcaocsp4
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........,}...h|%....?......2015020
1175014Z0s0q0I0... .........%.6..Ga....e............,}...h|%....?.....
.P.."...~...O0.......20150201175014Z....20150205175014Z0...*.H........
......|.ek....OT7..&<..NX.]...U.oY'\wN.)..3..J..z....5W@'.a.o.{....
.I...a.o.8..d..7<'...S.^.....~.B)3......r9........U..E.Jh..H`.?....
Q..R.jN..E..Z....L..$U.~..4k..N..T&,.$...Q........XN...A.#...y.......S
..m>%...(.;\(...sD/j...4....j.^.4..../.".. ..8..E.....c....



POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 111
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","serviceAction":"--install"
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:57 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 404
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:27:43 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferInstallStarted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:27:17 GMT
Connection: close
Content-Length: 0



GET /pagead/js/r20150127/r20110914/abg.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 12855107806509661363
Date: Wed, 28 Jan 2015 17:59:54 GMT
Expires: Wed, 11 Feb 2015 17:59:54 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 14398
X-XSS-Protection: 1; mode=block
Age: 415781
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=1209600
...........}i{.H..w.....)...F.Y..._...1..up...!|....>....d...g&....
.....Sjs.....W..;..Zz.....N..f..f..I..A...JQ.t....u......x.)...}n..A0.
.1U..J..5...*.].*v.~ h....i...N3P5..D.x|.u.\.4M.........*.1.'.....L..L
....=.n0..9R|.j......{.#.....#m..<.\..#F..*...k..P.A.`.o.....o#....
G.U...(F...".@9.`.e.......Y......[E.t.P.%..Q....;.}.(.Dm....%.B..J...\
.".I!..Q.q....(..L..]l...0.(..~.x0....O....fg..C.hi....s...3.En.G$!.. 
........O.....)Hj.."....S.........1.6.=-!.......w..O.f|...$.HI....G..-
....-h.?.B..X..Z..8K...{..=...J......B...cR...v...EV.. .`@B.Xo*..I.Q..
..6Kw...O..L&.ZS`.G&.../..B*...........p..Z......N...;7g{...Z.To....'.
.-.G#s..n......V.Qqa.D.&....,..X.}....P..9.O. ..%..m...?...7....r.....
.Vo..U..S.h..Y1nS"e...Z...Pi.a..m#.<.!.VC......:.GL.1%%.wz..8....U.
T33}w.%....}]...H.....w.-]Q.s.C..N......B.....Db0.h`......].'....(....
. t7...L..B.V..{.}..G._#/.....!......].(.R..Z.D..w&:X..y`..~7....n....
.....=....h!...5..76....}..)....] ..d......~..Us|..-..zA.&......"...`.
_.............?.T..h5.ZD....U._....|.C.]...^.kc.^.U ...."..PZc..P.*...
..\..gnk.a.*..J^.k..Z..y..W. .yE.-Tt..^\L..a;...j).n...>.k%.4.Q....
.....?...l:..;..z34c ...>.....-.&........<...O..6.0.............
.l..T...J#..w.d.v...w.Z:...>[..{[email protected]<.
M:i....\..z.".IkN........"\..t..T6....e.M._....#.^.A}t.yGC...m5B..i...
...#.& ..mr.l.o.'....bF...5.R...-3.......)......$...f .L!`.S2...p.....
.h..%!........gJ.]@21,....@.}...7u.....u.(M.................... T[C)..
V..W........pLz.......WTN.....N.f. .%..h.6.....9...*..2...D..m.V..
<<< skipped >>>

GET /pagead/images/ad_choices_i.png HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 14036706360268997840
Date: Sun, 01 Feb 2015 22:42:44 GMT
Expires: Mon, 02 Feb 2015 22:42:44 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 365
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
Age: 53211
Cache-Control: public, max-age=86400
.PNG........IHDR..............D.,...4IDAT8.c....fja.l.l...eXw.....W(6.
d.2.|..Y..k......w..#..[..8B.a3..>.,....{.8..../}...l...^........}.
..4.$.....G.~.$....^.A.....2..Ig..&..{_....f...'.......f A..o<..b..
....{.wA....`..^|[email protected].~9......q..i.!&.........0[.....~... .zHB..
~.3z.#......s.o...}...........#..t.x#.a...}[email protected]...."R.@.
.......I.....IEND.B`.HTTP/1.1 200 OK..P3P: policyref="hXXp://VVV.googl
eadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR O
TR IND OTC"..Content-Type: image/png..ETag: 14036706360268997840..Date
: Sun, 01 Feb 2015 22:42:44 GMT..Expires: Mon, 02 Feb 2015 22:42:44 GM
T..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 365.
.X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.02..
Age: 53211..Cache-Control: public, max-age=86400...PNG........IHDR....
..........D.,...4IDAT8.c....fja.l.l...eXw.....W(6.d.2.|..Y..k......w..
#..[..8B.a3..>.,....{.8..../}...l...^........}...4.$.....G.~.$....^
.A.....2..Ig..&..{_....f...'.......f A..o<..b......{.wA....`..^|t..
[email protected].~9......q..i.!&.........0[.....~... .zHB..~.3z.#......s.o...}.
..........#..t.x#.a...}[email protected]...."[email protected]`
.....
<<< skipped >>>

GET /pagead/images/google-logo.png HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=6752265473&adk=742962455&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1422883801927&bpp=78&bdt=36&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=2042192589.1422883802&ga_sid=1422883802&ga_hid=1444082417&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=u&fu=4&bc=1&ifi=1&dtd=156
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 13513653691308934734
Date: Mon, 02 Feb 2015 11:08:08 GMT
Expires: Tue, 03 Feb 2015 11:08:08 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 4114
X-XSS-Protection: 1; mode=block
Age: 8488
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=86400
.PNG........IHDR...j...$......t......IDATh..[.\SG.......Q ...*`D.r..E.
C.'...D..x"...Q.z..(...R.bD.r..T....e..6.Z/ /.w....~;.......Zw..g>$
/.f.w}.........cI.'.....58...X..}Yq....t..Z.....<(5....u..F......./
..g...........O.oHqL.a.E.6c..,......Z..M.U..>........".SE.I..H..n..
.)...w..O`...r...5..".H..u.$.:.P........\.8.L.Q..._....._..."fk..`?...
........~|J [email protected],.?.0. RX.Q;SS%.....s....n. ..{.'p.....< 
.z"..g`xr..Qw..5s.~s[...........4.... .Z{....(b_u..._..9o.b..M.li!bya.
.-.p.L..m 7..j1..o.y..g6.J.......B7\Fs..zM..}B.H(...j.4-.<i......Bc
n/....z..........x5C...@$......A..Xt...f`Z[.....g.......{`t.e...5_....
=.D....J..{X*7.PG;.m.`..K..KW......$.x...- .?\[.....}.....#.{..p......
\.E..g(!.I.wD........%.... x.~.-.Zj..\...r.%V.~.5......?q.. f...0[..o.
[email protected].......%o.0...2kyc.Z.u..#.H[..j.t...c.....<C...N..........
..G....xh*.%|~....... [email protected].>.....W.......`GG.*X.1..d.#..
...'[email protected];..q.NY.r.5....r..=.=f..@...')6H..&..
..##.o:..@{A3-.;.#.......F..e......u.|.k.F.2.....V# ..Q....C.@.....'..
.....x....I.^o......p..g.W.>.......C.ps......XU....._b.........f.p.
?Tk3l.4^...../.6q..l...VZ..<8...[...Q...,.f-..8r.7#..<7n_E<7.
O.a..0...=Q*!B.."...s.......SJLI... ..v...X.^'b.E..........Q......PZ..
..s..&....M...ve....7...5.,...x.^.F$....T...e.........%.....Q.........
.j.%N."...sX.....=....0......7.Q....fK.[O..?....~..!..........V.......
.LI.......2.P.... I.n..ymw_.. ..Q..zM.q...B%l.;..u..y..ta.L7..^h.e..{K
%x...r}....#.A.l.'.`...xP..d..},.(.\]..B[M....p...&.....).L...i"..
<<< skipped >>>


GET /pagead/show_ads.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 14983693584729952714
Date: Mon, 02 Feb 2015 13:08:07 GMT
Expires: Mon, 02 Feb 2015 14:08:07 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 7551
X-XSS-Protection: 1; mode=block
Age: 1286
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=3600
...........\ys.F.._...KQ.....5...v..I|.g.......".P...".....N..f_.....\
===}.....,.#....I d.,HM.Y..U.........._.b.B....c..}.o ...G.u{.$..HD.J"
...fo.y''.;....q..v.I...f7.?fI.M...C.%.. .Z_....'..-V.qkt...^......H.R
l...h...mm.y..".i.Uk...W...D.".n_...X$....p.....4c.6%..r....]......MU!
T....a*Z94Z..} A.k..,[email protected].>...7.Sg2.1]..oT#.|[email protected]..#.
.!7.Y._.N.$Nt.&..r\~......Qc..N%..b.94.|........v.U...?.....\..0..f...
N..A6.b. .VpQmy.d..ppx_cy.t..Wq..G..,..-7......[./.^...{.Q.w9az$.[?.L.
...>...s..UC.p..I*^.1.......[...........>.[|c^7v[...w.....n&R.et
..z....[..,...Y.o}|v.p.9...........5.?|6....z..[k)F..Y....;...ww.....%
....t...<..s....x../.-h.].oC<.9..5..f....C..;.p`..-....A.oc..MjD
..[.X......#..Vi..X.;<..6..!......4K.o.....w..c.F...$..[......n..lJ
y...8M4m..{...N.>>y..Y7.....0.K......S!..q.. ..O...A.k.?.nr..bb.
.r....D.tl...d...'...Hz...Z.6.X..0..r......W.(....S..v.m...B....-.....
..t.f..N.A..HS>.3$oh.*.R1w...9...1.m.&..|....y8s;.Y.....v%.m~..m..M
.(....B...,....:.u...z.....5y`.y.}du.g...8..L........E....I....8..T.#.
..y. E.....5.6c..x...D.|..).^.~... .t........n.R..:..2....&..3..\i....
N..=.o............. .....x|..4z.,....a;.|t.....&7I..=&.1..L>f.x..!_
..<.....3...g..... .;..G...o[w.82..Y..;V..........k6.N.Q/J.......Z.
..;....D.V(l.X#.J.o..}2V....n....L..V......q..9.tV.a........... ..=H3.
.d...5(%O.R.<....n.d.v....8..b......q<....r...L%".z...........T.
.c.c`.[......^.#VQp....g.....<.V.c~./.r..`.d....oW..........=...mq.
...1...d......''C.B....%L....k.....gO..>{R...1T.U..v\..o.Q.9gw.
<<< skipped >>>

GET /pagead/js/r20150127/r20141212/show_ads_impl.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 15809893636173888869
Date: Mon, 02 Feb 2015 13:29:34 GMT
Expires: Mon, 02 Feb 2015 13:29:34 GMT
Cache-Control: private, max-age=1209600
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 53958
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
............i{... ...B..8d....l...b .;..r...=\%.."J."......."w..;..='m
.;P...B-z8.y..x...o.iih.z..9..'8..i0.OG..q./U.m.Y2W..\......D.A..k...&
lt;.[,..sUm.G%.^.*.}...i.2[,...a.Z.3.V8....-.2.F.YocC...^?...a..I....Q
.......(|P.....%.......O...t...(.9#/Ps.a;.....L.c........Z...={.....X.
P......i.....<....-A..t.<......fe..Q%"S.........t<.c....5..G.
......u......?..wm..'[.}...|....Xh.......c.!..G~..G...'.8.^.*.z:......
...S..@....]..iF.8qg?.....6......V.tHN....QP...9..(...g.%.....avR.d/..
`..`[email protected]..../.5...I^.IQ...1%..u.PE..%.=._.. x!0.m....q..y...T
.f..L...Sqa.3g..9.."...|I..u......Rs:..C[g{/.' .{...G....B..N.a.....~.
...aes.G....<...8".G.\.[.e[S .d.r..e............J...nT ......9..mP.
.>l.z.1........IN..Mz.. `c.U`wm....u .y.....=.*:.]......YP......l.x
"`..Ms.t...d..#..m....2c.........v.o8.{.LD..;..1.o...t...S{..$....a...
.8|...zv.ln..go[....z......m;N...ct....k.]...a:....?q.Q.a0vf.B ..S.T..
..............x.P.G#.....Jx.q.(....@.<.....{P_..[?B.P..Y3.1M.{..~u}
..._W.....6[...yU.|....g[.W.-..2g.S.:3..O.q{@.T...e.:.\.........d.B.t.
\..5...0O...}.'....K.>&).....\..}..;.X... ...4.!I.(.x.a.r.W...D6..S
..q*.$..S.^.A=.*.....,].<...{@0n9y.P.nWk/......].n.................
.j....K.O6...YA/K..zZw<.....*..?..-..&......X.q.H}..M...........{.a
~o<.LQ.....P]..][....:...E....X....`2p..o.......j.....mu..c.q...5..
"....6.....8....L..1....b...8.......U...W.(".i..t%......pu..sC3.....F6
.^.w2.\.w.......k.......~...`.&...~}..2["..!....}.......w.~C.}..].....
......X-|... ...{.=oo.q.b.....c../...........BO..e...o1;&T!`o.....
<<< skipped >>>

GET /pagead/osd.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 12703393386612283312
Date: Mon, 02 Feb 2015 13:08:08 GMT
Expires: Mon, 02 Feb 2015 14:08:08 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 18328
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=3600
Age: 1286
...........}iw.......D..-..c'.R........l .a...m.).2a.......d...]...z.k
.j?...iw8....b.z..................a7]..q..L.'..U....d..N}...,..QrZou..
.|.....L..qw4.../.....&..l8..[FI.'..ig}..<.M:.l..A...1.?....l.8L9..
WHA.....B_D.......$...Z.....Y..........do"W.x`l....K...R.7#9.VE..y...L
...1..i.w.;.L. .d{....T..../*.9.B.So..^..F..t.u......;h....A]..S......
tx...$.6..h.MG..d..7..c9...';..l...;......('..Xh.H..7..}(X.E...k......
.....}......Z....&aQy...{.g.x.D<.h..6.,.B x...I..YZ.....\..... _pP.
]..`c........'..M ..r..vY...<5x...wLq...j?...;......K,.R.Y..Q......
>..6..`:.&..s.D..`....V..c...y.wm>=p..).].l...U..L..m&h..q...?..
.f..T.k.Km.B.ao...Z...8#.`WK#r...r...\_.l...iA....S^.....i.R.&..6s3.a.
L...n.Nra.:..._.{..a...`....6.M:v8.A/.........u....x"_..b.o.........yc
..n..h.C...%...5ju@...^....GO.<...........<C7f..va"..aEc...3....
..TN..e.`...Z=\kP....Tp.8.\2........?X...c9........M..E..1.o.....`v..@
.w.L.V..]...B..:Z.......Zn...E...L...]J}..{.......a.vU.......c........
.~...g.iU...z}).K.P..ft...fx..........3x>........./......^O.}}...Wk
....o4C.%....T.zC.....t..bT....S..k?.`.I.?Y...:.....n..76......n...X.K
.:..e{.z.{..Yz?......ym.g...(.R..|DD....x.%.....3.. .#...].Qj)......x,
.....P).&..8A.....`....2W&..I.~S..I...O........N........d.^...,.......
.......F8......S.TD...6.S.y..`.T.....2.2....L]..>.B.............n..
..Y..b.y.v..?s.......U....kx......../^......@.@^.....o....L.F...6.....
[email protected]...\.)...........r0..}....W...3O.7j.p..|mMX....&..mg,...R..@P
....p._.G..W..H.t|....n,,...S.).Z.......o.o>xF[x,.g.`...[...&.q
<<< skipped >>>

GET /pagead/000000_new_ico.gif HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=728x15_0ads_al&output=html&h=15&adk=3318342544&w=728&lmt=1422883800&channel=0894689340&alt_color=ffffff&color_bg=FFFFFF&color_border=FFFFFF&color_link=003399&color_text=000000&color_url=006600&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1422883800654&bdt=570&shv=r20150127&cbv=r20141212&saldr=sb&correlator=7738023443003&frm=20&ga_vid=402729839.1422883801&ga_sid=1422883801&ga_hid=1088351939&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=thread-0000015c-id-00000000&dfs=16&adx=32&ady=226&biw=792&bih=554&eid=317150304&oid=3&rx=0&eae=0&fc=24&brdim=4,42,0,0,1716,,800,600,792,554&vis=1&abl=XS&ppjl=u&fu=1024&bc=1&ifi=2&xpc=5lteOC31vO&p=http://VVV.baixaki.com.br&dtd=275
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/gif
ETag: 13269602005625199902
Date: Mon, 02 Feb 2015 11:08:09 GMT
Expires: Tue, 03 Feb 2015 11:08:09 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 74
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
Age: 8485
Cache-Control: public, max-age=86400
GIF89a.............!.......,..........!.......kkF.hz;..x....v@..,.uJ\.
1..;....


GET /pagead/js/r20150127/r20141212/expansion_embed.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 9988433392431841906
Date: Wed, 28 Jan 2015 17:59:54 GMT
Expires: Wed, 11 Feb 2015 17:59:54 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 51392
X-XSS-Protection: 1; mode=block
Age: 415780
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=1209600
...........}iW....w~.hr.)n....D....!.aI...im.cc./.......E....{.9.,u.z.
.....d..'.A.v~<..b...I.3fw.....Q<......N.X[.}>c.gJp.W..^gb[U.
.........B/..v'....t..?.....*.q.....8^..`.'........3.f...L... Y...n...
q8.|?.....].......Xs4.O.h...by.2.T....a;./R...`2.6....d....!...-......
.N?.|.....5..L1...z~.... ....R...[....5.Gq............\..0.M....Pq<
.A....g....rrs.`.vGN..pi.8.....U.=RKo.....d,.D.U].@ ..?.....@./..9.0j.
.3...".y......(.G..y..e......3v_V.P..M....#....eA...<.....02s.g...0
..J....M.~...F..[ao0....i'..*v}...C>iWG......{......k.c.......jV.p.
{.y5.m....0......./.L..3i.....G#@W.u.........|......N..^}..../..j.K.;^
...OxS.-d.n..4..lVl.P......&d...m4.3....R_......T.5~<......C...".%.
.w.*.Z... .d...]..f.X}...~._.....t.........p...->.........V...E...o
.]7."....^.n:....y)...qx..:.....f[..U..)...P..;.Q.r..t)......].7~.F>
;>..KI?`@.......Ik.........~.$p. .Bh.T..P..4..F>...]...%...V[...
.t k...k^....n..... k7.....h..v.....X...Hx/..z..Z.nR..8...~....<dNF
Oj{..}^.7.[..B>..6l%......~.n.Z.. .Y.....]..9..2.X:|.E..'.._t....b.
a.|#.......A..ON..O.7..6.....v............\[...W.....`[email protected]~..A
H...........Q...=<........#....t.!..DH...I.].c1..........J...c..}..
....G{....x..t.......x2..|..0..p_F.V...._?.......I<..A.q... .:w.2.H
90.ni.(..p...*....j.Y.4..0.Kc....X.!*.).^...(d.U ...e~7.....~[(=...IY.
w...X.UV.w..|.oX.~:(...B..X...7e...k...O.A.....&._].)...[.]x..w...~-.}
......~.^x....>/.}g.~..6..C.......q;.F.F.FV..J.....v$7!..ndm.....[^
n.M.6`H.%]..m..,...X=>..qk.qh[..u....[/..Y-hg.'.^4.j..OD.....|.
<<< skipped >>>

GET /pagead/expansion_embed.js?source=safeframe HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 9988433392431841906
Date: Mon, 02 Feb 2015 13:08:12 GMT
Expires: Mon, 02 Feb 2015 14:08:12 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 51392
X-XSS-Protection: 1; mode=block
Age: 1283
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=3600
...........}iW....w~.hr.)n....D....!.aI...im.cc./.......E....{.9.,u.z.
.....d..'.A.v~<..b...I.3fw.....Q<......N.X[.}>c.gJp.W..^gb[U.
.........B/..v'....t..?.....*.q.....8^..`.'........3.f...L... Y...n...
q8.|?.....].......Xs4.O.h...by.2.T....a;./R...`2.6....d....!...-......
.N?.|.....5..L1...z~.... ....R...[....5.Gq............\..0.M....Pq<
.A....g....rrs.`.vGN..pi.8.....U.=RKo.....d,.D.U].@ ..?.....@./..9.0j.
.3...".y......(.G..y..e......3v_V.P..M....#....eA...<.....02s.g...0
..J....M.~...F..[ao0....i'..*v}...C>iWG......{......k.c.......jV.p.
{.y5.m....0......./.L..3i.....G#@W.u.........|......N..^}..../..j.K.;^
...OxS.-d.n..4..lVl.P......&d...m4.3....R_......T.5~<......C...".%.
.w.*.Z... .d...]..f.X}...~._.....t.........p...->.........V...E...o
.]7."....^.n:....y)...qx..:.....f[..U..)...P..;.Q.r..t)......].7~.F>
;>..KI?`@.......Ik.........~.$p. .Bh.T..P..4..F>...]...%...V[...
.t k...k^....n..... k7.....h..v.....X...Hx/..z..Z.nR..8...~....<dNF
Oj{..}^.7.[..B>..6l%......~.n.Z.. .Y.....]..9..2.X:|.E..'.._t....b.
a.|#.......A..ON..O.7..6.....v............\[...W.....`[email protected]~..A
H...........Q...=<........#....t.!..DH...I.].c1..........J...c..}..
....G{....x..t.......x2..|..0..p_F.V...._?.......I<..A.q... .:w.2.H
90.ni.(..p...*....j.Y.4..0.Kc....X.!*.).^...(d.U ...e~7.....~[(=...IY.
w...X.UV.w..|.oX.~:(...B..X...7e...k...O.A.....&._].)...[.]x..w...~-.}
......~.^x....>/.}g.~..6..C.......q;.F.F.FV..J.....v$7!..ndm.....[^
n.M.6`H.%]..m..,...X=>..qk.qh[..u....[/..Y-hg.'.^4.j..OD.....|.
<<< skipped >>>

GET /simgad/8007231901646850404 HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 29 Jan 2015 16:30:19 GMT
Date: Thu, 29 Jan 2015 20:44:33 GMT
Expires: Fri, 29 Jan 2016 20:44:33 GMT
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 30069
X-XSS-Protection: 1; mode=block
Age: 319502
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
GIF89a..Z......................{...........rrr.........].....bbb......
"..............................., .#..................................
...........E....'.p)...^.`...U.O.................2....................
...............&~...........!........k.....-}.>.C..............$...
.....................QQQ.{...........................................Y
..Y.....9.....q..X..k....0........................!..XMP DataXMP<?x
packet begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xm
lns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 201
4/01/13-19:44:00        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org
/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns
:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.
com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0
/" xmpMM:OriginalDocumentID="xmp.did:7131908B9AAAE3118E5681278AE2EA9B"
 xmpMM:DocumentID="xmp.did:056973BDA7CD11E48DB8977FBEF81B49" xmpMM:Ins
tanceID="xmp.iid:056973BCA7CD11E48DB8977FBEF81B49" xmp:CreatorTool="Ad
obe Photoshop CC 2014 (Windows)"> <xmpMM:DerivedFrom stRef:insta
nceID="xmp.iid:4857acd0-728f-c343-a7db-a7aa0538d2c8" stRef:documentID=
"adobe:docid:photoshop:fd5b4b2f-a7cc-11e4-9c50-f0f46b7ec737"/> <
/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket 
end="r"?>..........................................................
......................................................................
..~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?
<<< skipped >>>

GET /pagead/images/ad_choices_en.png HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 3514261995661079078
Date: Mon, 02 Feb 2015 11:08:12 GMT
Expires: Tue, 03 Feb 2015 11:08:12 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 776
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
Age: 8483
Cache-Control: public, max-age=86400
.PNG........IHDR...M...........B.....IDATX....k.A.........O..?..'..C..
"z........"A.j.9Y....Z..-.DwMm.66.vKCmk.H*.._.[...t......._o.|..7.....
.J{bt....-..w....l..-..=`R.M/[email protected]".5...........
w6.}......p1/.N..\....6.}....n~l...#C.Kh.w..wk.9.....d...d........9.:.
..m'<MB;..r..W......x...8_.Ro..mA.wa.,e;@.....J..:.....a|*..BI.h.7.
 .gb...~.g.4.u..[........v...c....7.........Xn".H..P...C..F...../.....
WB..].O.~........6x.L.:hU.5...]_..cN.M.......$......Ss.......<..Nhj
........!..u...a..T..i.!...Rm......M`g.zEB..K.\...0$..J5$......A.m.GB.
u..^...W......~...1..=.7..q...L...7...v,H)6......g.E.M.Ak'<.[....u.
.X.va....................^....O...0.oAn@&\y......{rH........"..04..\[w
....R.}e.[...}.....h.w.$...N|......Ao2.4.~O.u....?...Q....z..h...._...
(V.....IEND.B`.HTTP/1.1 200 OK..P3P: policyref="hXXp://VVV.googleadser
vices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND
 OTC"..Content-Type: image/png..ETag: 3514261995661079078..Date: Mon, 
02 Feb 2015 11:08:12 GMT..Expires: Tue, 03 Feb 2015 11:08:12 GMT..X-Co
ntent-Type-Options: nosniff..Server: cafe..Content-Length: 776..X-XSS-
Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.02..Age: 84
83..Cache-Control: public, max-age=86400...PNG........IHDR...M........
...B.....IDATX....k.A.........O..?..'..C.."z........"A.j.9Y....Z..-.Dw
Mm.66.vKCmk.H*.._.[...t......._o.|..7......J{bt....-..w....l..-..=`R.M
/[email protected]".5...........w6.}......p1/.N..\....6.}...
.n~l...#C.Kh.w..wk.9.....d...d........9.:...m'<MB;..r..W......x
<<< skipped >>>

GET /pagead/js/adsbygoogle.js HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 9027986617581926428
Date: Mon, 02 Feb 2015 13:08:08 GMT
Expires: Mon, 02 Feb 2015 14:08:08 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 10908
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=3600
Age: 1287
...........}iw....w....W&#X...4.a.....m.VV..ACDQ.Iy....>..'.N{.}...
@....3.s...t..L..B..%O'.......J\.^/...!...4....K..]...C...(IE.Q.Gq,..8
HWqd..0..:.d'.R.uh.....2^......>..4.w<...KN`.f..2.....3.....*..t
d....Vs7...-....8..Z.*...4.|.Y.&.p....b.. N._&..8....n...4Tg...7.d....
.[;,m......bB...M.&AC.F .q.d..5....L.W..............nt.j...exm....3..1
.(M...v[bJMa..xq.8..ElJ49:..i. l..D...%...aY.vde..:'..jo9..VQ2..R.4...
.B..j6..Qw..6d...l.w.aQix..V.....0?k...gp....D:.........\a{"..w=.B....
Y..f.\6..4.:. .8.....@.....]., ........Z7.......a.Bn.....9.L.k..,W...&
...4.L...O...-.}.V.\m...a ...[-..;.P..Fr..G.D.o..oP.....5]..N.t.v#.4..
.a..w...w.v...F......Cl.C5f...........J.;.T..ng".w....H..V...;..Yq.s:.
.b..|.. #.9..6........cY..6[;..n.\..X..]>...h.-....o7.v.....#~.o...
gg.>3.....0.P&..:se...H&G..d2.d,.1%S.L)y.},?V.n.56l$...j...v. IMC}.
x..hP....].FgW.........-..e.....n\.WX..J.E'.....s$X.Ek..x.q.G.1t...9..
.......J..R..............~.i.........#'S.-....P..X. . MV.....m.8y<.
...........-..|...,9...a{[email protected].~...~g.5...w..s.. ..c~#.!..
[email protected];..".=...cHbP.d....E.-.WZ......3....
..Q.&0$\xB..I.........F.....]u\....A.A.7..mr....l)(...[.$6m.N.........
.o...q.J.M.;v.......i...H.i.,.R.../.^...2.e.."\....x..t.......@Or..\. 
[....Q.....d..5.y2...E@......{..3........!{.k08..J......l._L3%aY}a..%.
.u..(.fGt"1.......Z.. .N-QH.... I........2......f...:..u.!.P."..SK..th
...[.#..w,..F..g.4'i.L...a.s.....}vh...g~.....Yd.......K..F..Y..C...Y.
l].m....]../<)..W\..,.m.C..zDM....TY....-.U.J..x`.L.,....y.."t&
<<< skipped >>>

GET /pagead/images/x_button_blue2.png HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=6752265473&adk=742962455&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1422883801927&bpp=78&bdt=36&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=2042192589.1422883802&ga_sid=1422883802&ga_hid=1444082417&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=0&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=3046898373&eid=317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=4,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=u&fu=4&bc=1&ifi=1&dtd=156
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 291775052866240956
Date: Mon, 02 Feb 2015 11:08:08 GMT
Expires: Tue, 03 Feb 2015 11:08:08 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 145
X-XSS-Protection: 1; mode=block
Age: 8488
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=86400
.PNG........IHDR.............b..x...XIDAT(.c.....3g.G........#.*."@q..
..9#..E.4...#[email protected][email protected].%..ap.%.V.2}\.......IEN
D.B`.....


GET /simgad/7347923224040542989 HTTP/1.1


Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1422883802301&bpp=32&bdt=38&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=28872627.1422883802&ga_sid=1422883802&ga_hid=58362135&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=339&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=1783566912&eid=575144603,317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=343,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=234
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive

GET /pagead/imgad?id=CICAgKDjx-TKxgEQARgBMgjKJogpsuz_fw HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive

GET /simgad/17277594690423083363 HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 17 Apr 2014 08:36:33 GMT
Date: Thu, 29 Jan 2015 11:37:50 GMT
Expires: Fri, 29 Jan 2016 11:37:50 GMT
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 74647
X-XSS-Protection: 1; mode=block
Age: 352307
Alternate-Protocol: 80:quic,p=0.02
Cache-Control: public, max-age=31536000
......Exif..II*.................Ducky.......P.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:1776673A86C0E3118
0278FCC33FE3449" xmpMM:DocumentID="xmp.did:5932354BC60411E3B5E9AA9D750
414D9" xmpMM:InstanceID="xmp.iid:5932354AC60411E3B5E9AA9D750414D9" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:1610E21A04C6E3118C07E2899606CE94" stRef:doc
umentID="xmp.did:1776673A86C0E31180278FCC33FE3449"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
....................,.................................................
...............................................!.1A"..Qa2#.q..B34.RbS5
...$6..rCc7..d%...D....T.v........................!1..AQ.aq"2...B.....
.R.b..#3..rS...C$4..c..T5..s%.................?.~a.y.%I]MjI.j..0[A....
...}..'.i..Zu..s.1...p...K.T.R.[.)....P..a!...M..9.1....w)N.rX.=.....;
|v$.r.n7.M..).............b......JTDM.9..N....x..H..\..Ib..aq{...M
<<< skipped >>>

GET /activeview?id=osdim&avi=BHEQfvnvPVMWqM4bt7Qb93YHQDADnn9PB6QEAABABOAHIAQPgAgDIA5kE4AQBoAYDwhMDEIAB&ti=1&adk=3673371936&p=136,24,226,752&tos=1150,0,0,0,0&mtos=1150,1150,1150,1150,1150&rs=3&ht=0&tfs=1517&tls=2667&fp=client=ca-pub-7019091094896260&url=http%3A%2F%2FVVV.baixaki.com.br%2Fsite%2Fdwnld109843.htm&correlator=7738023443003&eid=317150304&oid=3&afp=&output=json_html&impl=fif&dt=1422883800815&adx=32&ady=136&ifi=1&flash=0&tmo=283&tme=1514&tdl=2559&abd=2-0-1&r=u&bs=776,554&bos=800,600&ps=1348,4004&ss=1716,901&tt=2667&pt=-1&deb=1-0-6-1-3--1&tvt=1151&uc=1 HTTP/1.1


Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Date: Mon, 02 Feb 2015 13:29:38 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policy
ref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA 
PSD IVA IVD OTP OUR OTR IND OTC"..Access-Control-Allow-Origin: *..Cont
ent-Type: image/gif..Date: Mon, 02 Feb 2015 13:29:38 GMT..Pragma: no-c
ache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache,
 must-revalidate..X-Content-Type-Options: nosniff..Server: cafe..Conte
nt-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80
:quic,p=0.02..GIF89a.............!.......,...........D.;..



GET /0.gif?2920545&101 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: sstatic1.histats.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:30:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Set-Cookie: CountUid=cb619164-91fm-43e4-80b8-4a1bb2c631b4; domain=.histats.com; Max-Age=31536000; Expires=Thu, 19-Feb-2015 14:10:43 GMT
GIF89a.............!.......,...........D..;..



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 409
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:26:50 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"RequirementsCheckStarted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:23 GMT
Connection: close
Content-Length: 0



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 407
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:27:43 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferDownloadCompleted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:27:17 GMT
Connection: close
Content-Length: 0



GET /r?_=1422891050&pid=10732314-18&evt=VO:Init&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: data.biphysics.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:33:47 GMT
Server: openresty
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: application/octet-stream..Date: Mon, 02
 Feb 2015 13:33:47 GMT..Server: openresty..Content-Length: 0..Connecti
on: keep-alive......


GET /r?_=1422891051&pid=10732314-18&evt=DL:en&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: data.biphysics.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:33:48 GMT
Server: openresty
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: application/octet-stream..Date: Mon, 02
 Feb 2015 13:33:48 GMT..Server: openresty..Content-Length: 0..Connecti
on: keep-alive......


GET /r?_=1422891055&pid=10732314-18&evt=DL:mc&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: data.biphysics.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:32:26 GMT
Server: openresty
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: application/octet-stream..Date: Mon, 02
 Feb 2015 13:32:26 GMT..Server: openresty..Content-Length: 0..Connecti
on: keep-alive......


GET /r?_=1422891101&pid=10732314-18&evt=DL:mc_9&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: data.biphysics.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:33:13 GMT
Server: openresty
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: application/octet-stream..Date: Mon, 02
 Feb 2015 13:33:13 GMT..Server: openresty..Content-Length: 0..Connecti
on: keep-alive......


GET /r?_=1422891102&pid=10732314-18&evt=DL:me&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: data.biphysics.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:34:39 GMT
Server: openresty
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: application/octet-stream..Date: Mon, 02
 Feb 2015 13:34:39 GMT..Server: openresty..Content-Length: 0..Connecti
on: keep-alive......


GET /r?_=1422891103&pid=10732314-18&evt=DL:st&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: data.biphysics.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:34:39 GMT
Server: openresty
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: application/octet-stream..Date: Mon, 02
 Feb 2015 13:34:39 GMT..Server: openresty..Content-Length: 0..Connecti
on: keep-alive......


GET /r?_=1422891110&pid=10732314-18&evt=VO:st&ch=CO16&ver=20150202070241&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: data.biphysics.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:34:47 GMT
Server: openresty
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: application/octet-stream..Date: Mon, 02
 Feb 2015 13:34:47 GMT..Server: openresty..Content-Length: 0..Connecti
on: keep-alive......


GET /r?_=1422891113&pid=10732314-18&evt=VO:iv&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: data.biphysics.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:33:25 GMT
Server: openresty
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: application/octet-stream..Date: Mon, 02
 Feb 2015 13:33:25 GMT..Server: openresty..Content-Length: 0..Connecti
on: keep-alive......


GET /r?_=1422891113&pid=10732314-18&evt=VO:std&v=A0804D56-A87A-6E51-A934-1069B2C7BDD2 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: data.biphysics.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 02 Feb 2015 13:33:25 GMT
Server: openresty
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Content-Type: application/octet-stream..Date: Mon, 02
 Feb 2015 13:33:25 GMT..Server: openresty..Content-Length: 0..Connecti
on: keep-alive..



POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: WinHttpClient
Content-Length: 113
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","serviceAction":"--speedtest"
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:58 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



GET /css?family=Open Sans:400,700 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css
Timing-Allow-Origin: *
Expires: Mon, 02 Feb 2015 13:29:33 GMT
Date: Mon, 02 Feb 2015 13:29:33 GMT
Cache-Control: private, max-age=86400
Content-Length: 186
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.02
@font-face {.  font-family: 'Open Sans';.  font-style: normal;.  font-
weight: 400;.  src: url(hXXp://fonts.gstatic.com/s/opensans/v10/cJZKeO
uBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE.eot);.}.HTTP/1.1 200 OK..Content
-Type: text/css..Timing-Allow-Origin: *..Expires: Mon, 02 Feb 2015 13:
29:33 GMT..Date: Mon, 02 Feb 2015 13:29:33 GMT..Cache-Control: private
, max-age=86400..Content-Length: 186..X-Content-Type-Options: nosniff.
.X-Frame-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Server:
 GSE..Alternate-Protocol: 80:quic,p=0.02..@font-face {.  font-family: 
'Open Sans';.  font-style: normal;.  font-weight: 400;.  src: url(http
://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJM
gTvxaG2iE.eot);.}.....


GET /css?family=Open Sans:400,600 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css
Timing-Allow-Origin: *
Expires: Mon, 02 Feb 2015 13:29:35 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Cache-Control: private, max-age=86400
Content-Length: 186
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.02
@font-face {.  font-family: 'Open Sans';.  font-style: normal;.  font-
weight: 400;.  src: url(hXXp://fonts.gstatic.com/s/opensans/v10/cJZKeO
uBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE.eot);.}.HTTP/1.1 200 OK..Content
-Type: text/css..Timing-Allow-Origin: *..Expires: Mon, 02 Feb 2015 13:
29:35 GMT..Date: Mon, 02 Feb 2015 13:29:35 GMT..Cache-Control: private
, max-age=86400..Content-Length: 186..X-Content-Type-Options: nosniff.
.X-Frame-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Server:
 GSE..Alternate-Protocol: 80:quic,p=0.02..@font-face {.  font-family: 
'Open Sans';.  font-style: normal;.  font-weight: 400;.  src: url(http
://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJM
gTvxaG2iE.eot);.}...



GET /csi?v=3&s=pagead&action=loadimgad&it=bdt.38,req.234,bpp.32,fb.742,e2e.1375&e=575144603&rt=1ad.132,ol.633 HTTP/1.1
Accept: */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7019091094896260&format=300x250&output=html&h=250&slotname=1361330275&adk=3326294409&w=300&ea=0&flash=0&url=http://VVV.baixaki.com.br/site/dwnld109843.htm&dt=1422883802301&bpp=32&bdt=38&shv=r20150127&cbv=r20141212&saldr=aa&correlator=1719585431252&frm=23&ga_vid=28872627.1422883802&ga_sid=1422883802&ga_hid=58362135&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=16&adx=339&ady=448&biw=776&bih=554&isw=300&ish=250&ifk=1783566912&eid=575144603,317150304&oid=3&rx=0&eae=2&fc=24&docm=10&brdim=343,490,0,0,1716,,800,600,300,250&vis=1&abl=NS&ppjl=f&fu=4&bc=1&ifi=1&dtd=234
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: csi.gstatic.com
Connection: Keep-Alive


HTTP/1.1 204 No Content
Pragma: no-cache
Cache-Control: private, no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Access-Control-Allow-Origin: *
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
Content-Type: image/gif
Date: Mon, 02 Feb 2015 13:29:37 GMT
Server: Golfe2
Content-Length: 0
Alternate-Protocol: 80:quic,p=0.02
HTTP/1.1 204 No Content..Pragma: no-cache..Cache-Control: private, no-
cache..Expires: Wed, 17 Sep 1975 21:32:10 GMT..Access-Control-Allow-Or
igin: *..Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT..Content-Type: i
mage/gif..Date: Mon, 02 Feb 2015 13:29:37 GMT..Server: Golfe2..Content
-Length: 0..Alternate-Protocol: 80:quic,p=0.02..



GET /b?c1=2&c2=8756095&ns__t=1422883800535&ns_c=iso-8859-1&c8=YAC download - Baixaki&c7=http://VVV.baixaki.com.br/site/dwnld109843.htm&c9= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: b.scorecardresearch.com
Connection: Keep-Alive
Cookie: UID=120c9bfd-194.221.64.106-1384780341; UIDR=1384780341


HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
Set-Cookie: UID=120c9bfd-194.221.64.106-1384780341; expires=Sun, 22-Jan-2017 13:29:34 GMT; path=/; domain=.scorecardresearch.com
Set-Cookie: UIDR=1422883774; expires=Sun, 22-Jan-2017 13:29:34 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
HTTP/1.1 204 No Content..Content-Length: 0..Date: Mon, 02 Feb 2015 13:
29:34 GMT..Connection: keep-alive..Set-Cookie: UID=120c9bfd-194.221.64
.106-1384780341; expires=Sun, 22-Jan-2017 13:29:34 GMT; path=/; domain
=.scorecardresearch.com..Set-Cookie: UIDR=1422883774; expires=Sun, 22-
Jan-2017 13:29:34 GMT; path=/; domain=.scorecardresearch.com..P3P: pol
icyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"..Pragm
a: no-cache..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Cache-Control: pr
ivate, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate..



GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=437919, public, no-transform, must-revalidate
Last-Modified: Sat, 31 Jan 2015 15:08:08 GMT
Expires: Sat, 7 Feb 2015 15:08:08 GMT
Date: Mon, 02 Feb 2015 13:29:35 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015013
1150808Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150131150808Z....20150207150808Z0...*.H............
....K.U;.N..4w.{......k.0.....2{KS.n.fU.Y.Gl).F....#...}..M........R5{
. t01.lli....].z...^...i..%[email protected]^{..TDe
.h.......i...H..Q.......2....|..[..!.Cu.Tt1.....p...{g...m.'{2k.. j...
0gp.8.E.o_...Ep..4^{M*`..*'Q.{T .......8.....yx....0...0..}0..e.......
.:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....Ge
oTrust Global CA0...141201130534Z..151216130534Z02100...U...'GeoTrust 
Global CA TGV OCSP Responder 30.."0...*.H.............0............\.h
pc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.....x.
.YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x........
......6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'....o...
A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.............0..0.
..U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0
...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-2830...*.
H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk$a...n
R9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(7...=.
.w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v.....\
.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%....
<<< skipped >>>


GET /aep/tag/br/br_nzn_baixaki_redir_970x200_5adsx4.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: akfs.nspmotion.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "c8c8b66b3261878b47c867349e5c8468:1421685471"
Last-Modified: Mon, 19 Jan 2015 16:37:51 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 02 Feb 2015 13:29:33 GMT
Content-Length: 536
Connection: keep-alive
...........R...0.}....%....$]o..(...Ca..... ..X.uA...K...W.l....s.....
.)/..a....mc....<.....-.a....s%Z.. ..66(......../..}.v.4.....&.....
-.f\X.....e..Q...Z.e..0S...-.6FN../ ...L.*8".%...r._6.e...Y.......F%O$
.&cG...3.V).d.e...x.2<.G%.....T.1..~....Q.F....v...C?.!am#.=>...
l........[..'...JQo..U.?...I.[...........jE....s..S`....H\s...D.(.....
%..O.|L.I~....I.0..J;;B..Zp.....V=.....glj..}[email protected]
...#..J\3.............>|zD..cx...'wB,)XO]jk...l..R...7h.....Z.....4
..H....L.. .O.C.....;/k..~.....i.,E9....o....mt~..h.6.....HTTP/1.1 200
 OK..Server: Apache..ETag: "c8c8b66b3261878b47c867349e5c8468:142168547
1"..Last-Modified: Mon, 19 Jan 2015 16:37:51 GMT..Accept-Ranges: bytes
..Content-Type: application/x-javascript..Vary: Accept-Encoding..Conte
nt-Encoding: gzip..Date: Mon, 02 Feb 2015 13:29:33 GMT..Content-Length
: 536..Connection: keep-alive.............R...0.}....%....$]o..(...Ca.
.... ..X.uA...K...W.l....s......)/..a....mc....<.....-.a....s%Z.. .
.66(......../..}.v.4.....&.....-.f\X.....e..Q...Z.e..0S...-.6FN../ ...
L.*8".%...r._6.e...Y.......F%O$.&cG...3.V).d.e...x.2<.G%.....T.1..~
....Q.F....v...C?.!am#.=>...l........[..'...JQo..U.?...I.[.........
..jE....s..S`....H\s...D.(.....%..O.|L.I~....I.0..J;;B..Zp.....V=.....
glj..}[email protected]...#..J\3.............>|zD..cx...'wB
,)XO]jk...l..R...7h.....Z.....4..H....L.. .O.C.....;/k..~.....i.,E9...
.o....mt~..h.6.........
<<< skipped >>>

GET /dhtml/aep/aep-full-10.7.2.min.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: akfs.nspmotion.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "8a021a15d056c6d1653db073cc9b3e9c:1417545917"
Last-Modified: Tue, 02 Dec 2014 18:45:17 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Encoding: gzip
Content-Length: 15833
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........}{..6......;...CF.,9.t.2....z'.....\...$(..H...xl}.{..@....
3{o...7........p.d....M....Y)_.b.C.Z...t.^.u:....\.</..a.e.......y2
..,..k...C ...&...[....w:.D.H..:.....\@.I.......BXYl.S.O..V...{k)..*d.
.'i.N,n..U.J...L...;..(.Y.(.0....e.z!....Yq2......./T...N"...$.0OgYw.j
..WV..U..P....|...t.<Y$...N./:......8....$._A.Z..yRL..%.t.^Ab...H..
.. ..B...h!.q.\..Q......R *0.n.-.3I.N..S.RP.(..Q...p.)X<.......fi..
......,.d...".7.V0T9.\.e..*.............L.....b.......r..9.>....uq.
...W.'..........'o-..............-(q.......w......z..-.N.......uv.9...
.....~|.......b..z.......N/...3.;TM..\`c.N......^..?.....;...m.;;.^Y.^
._......s..O....N..............'./.. .Y'?..u..........`..8>........
..K....oO ........'. .....N?0......rB..........~......W.......8.7g./..
..,./....^.0............ApB.3j..}<.. ....@.|....l.z{..=......|.....
x..A.....%..K..>`.7.l8L.<..H.[....n.>f...o.f0........<[e..
.....Y.hU............O..w. .,.....<>..|.....H.p...q.;8......gt..
.Myqv.~.38J..~.G..X...;.*.....V.FF.......8<.1/.....|.......a...._.:
..P...9 u'..z..lc...@7....}z..E:YM.{.oo........a..l.?.......#|......'.
..~......?..?}9.._.G..y..d..p..tl?.......x..}.e%...G.........-w....k..
..N.}[email protected]|k..}.*.......l.&....W..F....?....*..=d....v......u\
vJ..=.*m...u......./...%.9..~....b.....7P...t.q....Q.....$/V..T..".xg.
..V...Q.V....d.."uG....$...XM L..:\A*M.......`...jW..n.....*......E0.:
.s....".9..RB....Db........dI..ld%>.S..US..lR.'....T....g.M.f.Sqg.D
5...m. m..B,4...#...I..HIK.#e-...".x.. ...."......-}@b.Nlf..$v....
<<< skipped >>>

GET /aep/template/br_nzn_baixaki_redir_970x200_5adsx4-1.0.4.min.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: akfs.nspmotion.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "8ff45efc4fd08ffa0ab8971a1e81c192:1422471700"
Last-Modified: Wed, 28 Jan 2015 19:01:40 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 02 Feb 2015 13:29:34 GMT
Content-Length: 999
Connection: keep-alive
...........W.o.6.~..!......;wE.....l...t....`$."B..I.Nm..;.r.[N.`..'.x
G.}......T}..4.C.?.._>|...>...l.s-X........r~G.....a)7......(...
.]...A4.#.(d...A.1..Fz{....,..7....4....`.s..B7...&.....<W.Bx.....~
..L2C....M....%.. ........w.PYA.hzl.~.s.}|l.. .vK{=Z.0'...,.,....0|...
..r..eq1.Ji....F-...7...8...r....v.P!.$..Y...-....v..BD......q..w....L
(....b.a@|[[email protected]..^... .......n...q.f....u.
.....z.z.a..|..)(..o....&....0..*E............}....\...^...y.U.W.$...y
...4=k.}<. .;I..Q..._lC..y-}..[.z.... ..M..<.".Zp..M..V8p.`k.}).
<....m..q|P..u.lb..I..R.cQ.R.!O.._'4q....#..c...M.rT|2<a..wo....
..}6..!....:........*.\0..\(....)...`....T*93K..L....Zg...z.fwS...S.`.
m.k....p^[C..f...0k..g.|}.G....E..W.q'Tr...n....*.G..n93?sN....F..,.Z.
Fu..0..vAs........T.x.E..([email protected]%?J....`W..xZ...D...s]X..2
J...}.<e..C.....T.[.F...N.s.b}.s.G..|u...........8.A...8.;..e.3..(.
HZ.V..8.....v.n........i...l..#.v.......u..u...L.....tZ..P........U...
.<...,....0z.....*g.wT8............[..J....HTTP/1.1 200 OK..Server:
 Apache..ETag: "8ff45efc4fd08ffa0ab8971a1e81c192:1422471700"..Last-Mod
ified: Wed, 28 Jan 2015 19:01:40 GMT..Accept-Ranges: bytes..Content-Ty
pe: application/x-javascript..Vary: Accept-Encoding..Content-Encoding:
 gzip..Date: Mon, 02 Feb 2015 13:29:34 GMT..Content-Length: 999..Conne
ction: keep-alive.............W.o.6.~..!......;wE.....l...t....`$."B..
I.Nm..;.r.[N.`..'.xG.}......T}..4.C.?.._>|...>...l.s-X........r~
G.....a)7......(....]...A4.#.(d...A.1..Fz{....,..7....4....`.s..B7
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 395
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:27:04 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferShown","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:26:38 GMT
Connection: close
Content-Length: 0



POST /1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=installer HTTP/1.1
Connection: close
Content-Type: text/plain
User-Agent: PCSUNotifier
Content-Length: 329
Host: VVV.pcspeeduplog.com

"uniqueID":"55A7FF1E-3D08-4887-9474-250E52D97F7E","productID":1,"version":"3.8.3.0","ReportInstall":"affID=2380|keyword=installer|campaignID=ppi_2380_installer|uniqueID=55A7FF1E-3D08-4887-9474-250E52D97F7E|requestID=","Error":1,"silent":1,"affID":"2380","srcExe":"pcspeedup.exe","OS":"6.1.7601-SP1","ShowUSBCache":1,"noBrowser":1
HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Mon, 02 Feb 2015 13:31:59 GMT
Content-Type: text/plain
Content-Length: 17
Connection: close
Last-Modified: Mon, 12 Aug 2013 21:11:59 GMT
ETag: "52094f9f-11"
Accept-Ranges: bytes
log completed: OK..



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 376
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:27:42 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"DownloadScreenShown","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:27:16 GMT
Connection: close
Content-Length: 0



GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Wed, 28 Jan 2015 06:05:55 GMT
Accept-Ranges: bytes
ETag: "75565c7ac03ad01:0"
Server: Microsoft-IIS/8.0
VTag: 791863242700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Mon, 02 Feb 2015 13:31:46 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..150127173215Z..150428055215Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......Y0... .....7......150427174215Z0.
..*.H......................YIw.. ..(..y..O.G].B.."?.@...[1.}.X...]...e
.J....pP.I....!6...%.D.k...>c.|R.?.i..yt.z..B.........b....n..m5...
0....2..I!)v....z....y.#pXz.DO.....mF...e.'e...@.%...6./.bPZ...=....bp
[email protected]..@.. ...M....z....Q...{u. .W....



POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 406
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:30:13 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferInstallCompleted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"elex/websearches/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:29:46 GMT
Connection: close
Content-Length: 0



GET /connect/xd_arbiter/DU1Ia251o0y.js?version=41 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.baixaki.com.br/site/dwnld109843.htm
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: static.ak.facebook.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Content-Encoding: gzip
X-FB-Debug: zGxUGTr28XP7LnfwC2GGF OIn6bjOuos9aNngxqem9Pi37XxlKarvu0z350i8DLG2VlRRxBUVhfLuq5OHNeTcA==
Vary: Accept-Encoding
Content-Length: 9955
Cache-Control: public, max-age=31022080
Expires: Wed, 27 Jan 2016 14:44:14 GMT
Date: Mon, 02 Feb 2015 13:29:34 GMT
Connection: keep-alive
...........}y..F....) nB.C.....TK..r..|...d.d.k.M.$.P.(.".>....h...
..{./...Y]U]W....W.^~....V.........y..y./_3...df.L.,k.J.,..w<..$.'V
...O/...E[..%..."..p._Z~.-.<.[..M-{..my...Y..9{..l.......t...<Lb
....b...("y.&.V.../...N.$u...).r .,lc%...}>.c...w.RkDY:..d......O..
O. .\N.@0.;.9.......(.(......e.0.)...k.....v'......t9......v..;..:....
.~uV\...n.(..Q..!..w...w..9.Z1_..!.......[w,Zr.{Bft..X.9.;sC....!.y...
...".O.......4......S..p.0{..;1.n....i..8.1... -<(`........-h.?...f
.J*O..R.$.[.4.....'....ZN.....H~...m.)...us...?nn....vz.r....5....y...
._.u..p...8xe!P..`.c..CK.{g&....H..z,..|....[.*...*v.B..@........(.j.4
.\.{.F....D....d.N\N.B.DS..4,.ud..d...N.<..$...._A...bX!;p2.Z...y~.
.X..C`..q..'d.C0z....&E.....Q.3<... ..w`.s........No...[..S...9ow..
m.{.../;.m......Ak.%..q.F..][email protected]%.N....R..D..d..
.hL..'.h...!. p. .....L)*.zB..Q.J.k...D......^.tj.0..@... ...1Q5...J..
...H..V..hL..Gd.Z,....3d....;.......... .(.....$......B).B\.X.Y.....7t
'.P.3......T...e...c...k;.4...2./-D..aLN..-P.lpYo.E......q.N......H`..
..u.l.....L.p...e....v..;...,s:n.)9.!K.#].u.U..W..Rj...ie/...v%..-..Do
.t d........)..s.%..-Vma...$.B.....\.1MR.....i.*.N...V...5...D....1.r.
....5..W.....;djY\.V......a..;..-...8.4W..}..Z....L*..X~........R...e.
...i.^H.zAl.D.2>.H....@B.]....rGJ:..H.^.t=j$|.8..!.E...............
E.0..B.L....p...............l..G.i.!i^.=...{.o.a...8 V;.5...p.w....\1.
i....A..m...F......w....#....?=...7.^.Z..R..........r........`Q.~y....
.......h. .iw...O.......MH..;...(d....,.=.t...^.][email protected].
<<< skipped >>>


GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.CrashReport_v6 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 02 Feb 2015 13:29:25 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.28 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 02 Feb 20
15 13:29:25 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.28 ms","message":"store 1 ac
tion and 0 update "}..0..



HEAD /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 41175632
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
HTTP/1.1 200 OK..Accept-Ranges: bytes..Content-Length: 41175632..Conte
nt-Type: application/x-msdos-program..Etag: "4ec28"..Server: downloads
..Vary: *..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGI
N..X-Xss-Protection: 1; mode=block..Date: Thu, 29 Jan 2015 19:31:36 GM
T..Alternate-Protocol: 80:quic,p=0.02..Last-Modified: Thu, 29 Jan 2015
 19:07:00 GMT..Connection: keep-alive..Alternate-Protocol: 80:quic,p=0
.01......


GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=0-8262
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 8263
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 0-8262/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........ K..A%..A%.
.A%..Nx..A%..A$..A%...K..A%...Y..A%..A%..A%...]..A%.Rich.A%.........PE
..L......T.................(....s......-.......@....@.................
.........@t.....l5t.....................................d1..P....P....
s...........t.P<...................................................
........................................text...&&.......(.............
..... ..`.data........@[email protected]..
,..............@..@...................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
................................................2...2...2...2.......2.
..2...2...3...3.."3...3..D3..Z3..f3..r3...3...3...3...3...3...3...3...
4...4..64..B4..X4..n4...4...4...4...4...4...4...4...4...5...5..(5..>
;5..N5..b5..~5...5...5...5...5...5...5.......6........................
.T........0...............{.8.A.6.9.D.3.4.5.-.D.5.6.4.-.4.6.3.c.-.A.F.
F.1.-.A.6.9.D.9.E.5.3.0.F.9.6.}.....{.F.D.A.7.1.E.6.F.-.A.C.4.C.-.4.a.
0.0.-.8.B.7.0.-.9.9.5.8.A.6.8.9.0.6.B.F.}.....{.8.B.A.9.8.6.D.A.-.5.1.
0.0.-.4.0.5.E.-.A.A.3.5.-.8.6.F.3.4.A.0.2.A.C.B.F.}.....{.4.D.C.8.
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=8263-20483
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 12221
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 8263-20483/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.u.S....@._[^[email protected]";.s.3....
[email protected].^..U....D...SV.....je^.M..u.......M........u.
.u..M........^[..3.8].t.3.F...E.P.E.P.......YYu.......P.u.f......f....
.........YYt..E.P. .........P......P......P.u..E.Pf......f......f.].f.
...............u..E.f....:[email protected][email protected].....
.....u..E.g......................P......P......P.............j.....@.P
[email protected]=..w... .E..P.f...w... 3.f;......].U..V.u...69
E.w.2..?.U.3.;.f...v0W.E...........f.<}[email protected].<[email protected]
;.r._..^].U...M...t..}..t.3...f.<[email protected].].3.].U..V.u...Wt!.}...t
..U......f..AABBf..t.Ou.f!>2._^].....U...U.V.u.RV......u. .R..FP...
.....^].U...}..SVWtH.][email protected]) ..<0..{..|!...P.E..
..pP.......YYt.NKKOy.....2._^[].U..S.]...VWt8.u...t1...3.f..t#...3....
.QP.q.....YYt.G..?...0f..u.....2._^[].U...U...SVWt^f.:.tX.E....f....tC
 ......f...u.t"...f..t0P...7P.......YYt.FFf.<7.u.f.>.t.CC...GGf.
.u.3........E._^[][email protected]"........f..-t.f..t.
.u.Q.Q.....YYu.2.^]..M...t.......U...E....w.3.]..U..LB...f.9\t.II;.u..
. ........#.].U...E.V.u....u..&.P.F.....@.....^]...3.9......1.q.....@.
[email protected].;.u.2..eP....@.;[email protected]
[email protected]..}[email protected]...<[email protected].....<.@......[_^
.......1...........2.......1...........5.......2...........6..........
.................2...2...2...2.......2...2...2...3...3.."3...3..D3..Z3
..f3..r3...3...3..................................................
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=20484-35519
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 15036
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 20484-35519/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
p..B..?..D.C...w...m.$......K..."tl.....\F[.o...f.>.$#...htSX..5p..
t.Bwx.X..^o..._.;.l.y.....V]-.Nw..D/[email protected]..!...@."hW$Dc
N..N.Z..q..\Y.b..f..~1.(..j..jB..]..D[).......b..g..x..{(. ...\... .N.
.W..........`m..7..m)...P....M.dL^......C..jG.>.....2p.....y....5.,
[email protected][...X .Vp.f.#.j1#_.........uj..S.Da>H.k...`...'r...Z.F.
.......-....d.:....._.>P)?O}^[email protected].
 ..&.#:87z.{;..B.........].5....%.{.Y.1l..B.......dT.u.;...t...Y)..G..
.....:hw=...#....k..1.).....y...e..'.y.......2.F..'.byRR.V......5E....
'....>.a.B...)_.......Wm}.'..up.=<........W;.v.*.U.J...;...BH.G.
.V....[.z........y.0..&v..O..yk. ....{.....#7(=...H...<!%0.s.D..A!.
0'..........\.........V..7..KI&......z......Y~....|....^ouLw"M-`.kS..C
....?^3*Q.u3!1.KC*.\H..[t}...Af......C.O1O!..Y..dc..4e.........(.A....
~I..3.3|.o56..H..0.H..$...lJ.Y....p.n.Z.S.q.......(..(.s..O..U..?.:. .
f.6.JW..J.hV....$ .......o{.t.....D.;...-.8G[#..It.j...d..F~..k..v=...
7............X..1,!y......{...s"...m>[email protected].`[email protected]
.....5}Q.......p..3..<.i.BO..8...\,.?...ua...w...mM....v.......o-..
........(R..m..R85..L._gc7....~....n{BU..c....{.Y.T....!.?.kd.t.....X.
{K....N.."...'........-...r...Z/....hY0...>.4........b..'W...^b....
.......v...K.<...x{.....B5k.W...!....O..*.D..z...-..#.....YVcA...U.
.._.i.7.....?.R.......}...C..G......Z...X............g.r.N...'....S9&l
t;s.6.. ......T. ....4.s..[.J;....^$..G.........r9.Kz..........wW.Z...
..............w.N....e3.!c.M.K... .p,.o...DF..32...1. ..og...B....
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=35520-54274
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 18755
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 35520-54274/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
-..n.k. z....J.'H...*...X...<[email protected];p.F.k(..1f...V...7D.Ho=......
H...q..F.n...Q.z...u3...r...{.0).....L...sKS...y...Q,.83.M/sF~....=..Q
S...3.G..2.Ha>}....*l%..u.o........q..Z...............%.V8.3....)..
~q=b.S../..=.NSC...Q.!p.....=.....b#loN_.4.|....%7.8...6S.p{H/......g.
..v...E..ml.`.!.....P....Tv......o`A............M.}\Pi=h=......."..R~@
4..8&...e../\....f.9.Y!....K._...B...c....q..3...eY........`....@w'...
5..P....X......G..gd.].|.....<.J.&..<$y..*.....R..R...8_R....eG.
*d.ugs.v)Hc..h....... ..\..po..~....q.}..l...a..s..L.........~I.t.V...
<q...h..e(............j.Hi".....T.]..9.54...qk.....7....N:$.,......
5<.ZO..>8.../Z..Ftr0fm.....(7z....O w'....C..m..~....>.TZ)...
>.r/.)c...f..........Y..\C....,......c]..Q....n.g`....5 .6......B^.
...S......#n....:.H/.:........Yj.$.....6....cSz..".L".,L..n...Jz......
.v..E.,...Z.<.IsZ.l.0..t(..7..An.........G..9...CL.=v...G......i..)
.A\...A. !...B.22kG|cg...F*....3.......Et..5..%'....=>...r.x3......
.a....R........jd.m2dD..B.q....vK.....)..C=..].j.e^$l.......(......N:.
[email protected].~......Y.t..~..|...gR.9...5`...,5......v. ~.G
....I.H...z..V.K....T.b.?8...n.O2...c6icV..L....:(l....b.J.@..........
;.\<"c.7..|.E0.B.u...g.;`o......3...3.?.."."..1....=.E1."]O......n.
.2.q.....d.K).n.....g\..P.....4}.....8 %x.W.%..;.7c4...]...^.r.9....;.
@........&c....GHk..B.....Z..................=......0r.B....b..=..f@Sd
..zB*....S.t!<#=.T.z.i...P........T..7<......)....g.....!'......
&*"A...m.......A.ZT....%H..*....# .0u.._H............x..f$.>[.O
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=54275-75321
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 21047
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 54275-75321/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
....8..hf.!.Y.:.....,..L.....!.{i...X...0....'....)..U]0....A"v.).F;6.
|!Qj.[...|..sW......x......mw.}..'f....9{.BD....H........O..P..E.@8i..
..ss...J.ii...8$'.Hxea.|.*H...g..]. :[email protected]
.v..kFg._...!.&7... .....9j.......3Mr....R\\.v.d.[h......-U..B.l$.....
{....!.,.#..56......_#J.6Av.V...H...t<Ir.v..)..z...tY...S.ozM.O..A4
....w.;..~..^K........gE..X.Ty...L.}.Ux.q.A3r..........\.;......[...Y.
.....K<y.. ...g......P,5..O..zK...6..t...6{I.5..( ..#..{G..$.....5a
....G].f.[...#x....A.IV..g...4.~.".......6?])=.E.qn...PC.....Q. d...:.
.k.\...D..c.Q.U*..x......}.g...s.7...f...B6{.... 7....W....]..}u..'.p.
..F.......F..,. z..m.<.FN..i.....#..k.-............W.......'..u....
.......,a_h..rS./..\..S\s......*.Cc.D..3%.....$.N6.1..=9.V.L....4.....
vv R.[.|../.....F1de..Q5..Jj.........i'y.f...j...o.bf.............|.h.
..X.|....E3].........?.V..d.FGh.2.l..u....}.G.z...A.N`v.........)B?...
$................(7Ra....hZi1.H....4..y.,..V..Oi.T...j'..(z..m...`.HJ.
.8...[.....I..<.....#...hX_........xwP#/.......k.!L:.....aT.u.....Q
O.......m...7...\.[X.E...;~uM.aj........:[email protected]..>..Q=
.K...%...$..(B.Mq)j.......)....F......F.|.g.A.fd?..*o.... ...h.....Q..
L1.....RCg...~5......jLu..n.Y...C.CVCYC^....=Ov.....U'....<D..{...$
..q"...9$....le#.Q..`..>. ......4....\..>...........V....i..W.CO
....L..w... .....-A.\.3M.).F*)6e...NqJ....\.A...U;>...w.C.J..nS....
d.[.S.....M.3..'h.%*...m..C...........6........7(.i>......u...N./..
Ie?...........S...K.\..UX.G...H.....B. ...'.>m.M 2P.:...L....o.
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=75322-118816
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 43495
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 75322-118816/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
e.o..K..$u...U....n\....:.oJ.....*....3F8.f!NJ...l..,..I...S.=....q7.&
u3..P.mq.Z....e..%E....L...#*....5..V.i...q.y.ntJ.... .............|[Z
.Lf\.-.o...d2...bF.o$x_..!Q..Y.m.\[email protected],fb.....B......)_G..60-....b.
R..z}C....ZIT...M....Xam<h....y.^...!E'.5..P.S9)k...^..k/.:..x.....
....}E.5.. .......j. v.J.'.......2...Mw\[email protected].
..<.!;ZC..P.I...m..$...k.?..V.9.....Vr...k..,@#......Z...*....A.j.,
.HE..Z.a....$.W...1.p.n...l.R.....M.D.j<..........ePK._.........):.
z_...Sg....*...X`@.!...d.2.,.......(.<4..........2..C...F -.=.k....
..;|!.'4fA..........:FF..@...[H....m/c.U.....).p.y./Q<...".Fn..t...
.[w2.....O.....&$..%7J.6.^..1.R........6'i....h.^W.MG......-.JV.....oQ
.....h|._...,..a....1.....L>(....o.[.....X....*.(l..0...$...j. b...
.Y...P......O.>Fp.....L,...5c.".mO#..Sw.u6.GI.....{?,.V.HV.....u.).
.z`).....0..V..sa...|...d.?\..b..Q.5..4D...Q..)...=..x......#.....uZ..
....@|K".kv.O..ITg....,....B.WA(X.L[_~..R....F.e..P...mp?1.b..s\D.&.O.
l.......fM...:......Ag.P{..ks.8......)..;1 V.r....39U.-.....Cz.Y..]..Z
...5..]=....x.....z.A..G............2...B...w.Y..3N..~K.8o6X_;....-...
$.*8...U.K.4..3.Rl ..Qy.H...#..F..<..W.K.f.D..d.....i.*s.}80z..)...
x..p...<....... ;..=.[.I$..V'...-..._..........7.F.-..RS.Z.q-...Y..
...].)W.%..5O.......l.......L..y.Xs..%y0...I..F...M....HD....-i W....@
jHz..r&........%{...}iD k........Q..%.. .u=`A.=G..0...|_J .xg..m^U....
.P~)3.......#..z.]..z1..7.]j.B"W...]..k%y.......N..T....`..e;.B/).UR.=
..C.I.?9\...hE....{._.......m...,y..A..|.8Gq..S.F=.....&.o.<...
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=118817-177218
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 58402
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 118817-177218/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
..../a.{...I6 ..".......Y.F......V...-/\`...{)-..[...(hd.A.!3.....:...
.K../.6o...:I~.......`"l..H=U.8.fk..?....."\...ibG.c.2.....rx07.<K&
lt;8.5<W..4...>.....J.Y.....#..*.R.!y.`..g=.'..)............0u(.
..O([email protected]$......x9..zU......O.../.F..y........m.A...).G.l.y...vjp.
.....n...?i.#.1........,............>.|.)W.W..ON...M.l..K......5...
.l..bM.&....UF.................h.K...;.T.JZ.<.I.l.8r{.......(7U....
....J....f..9.<..z.V..I..P...v.DP:....L<..AJW.....D..\.a....!X..
....T....F3 .0......*Q.7\...g......m.|FH.9..&q.G..]...o.M..l...6I....?
.|...L....[..B.o......u...N...G..e...w.....x.......t...6jT......#.A.i=
.O./,*..m..Yh..=.-...Q?...69"x..j........Q.f..Z....i..xmN.p......4.we#
c.A<.f491..v...46.....Ka\.v=X7.8"m.>.....n....h;1W.>MK{..!..(
Y.w=..Xtu...z.fxs. .m.~].H.k.kB!u.._.Z.w.B.7..B...O.E.K..............}
.%....$d.E....X6..6.?.......p..c....Q...;..{....t1.?.3L.`.a...........
...Z..]..7..`!....(~<[5...O9.......UR......Xe..?.........7.D.f(bc.C
l....8...;Rc.\".C.%.E.%7...0~o(....7....t..w:....:9.......82{.....6...
.....P.5.e..e.0....z.8.......]._....U.B!j.VAq....u.......@..?...Nw....
]<.}.....<.v......v~......j.....o......|.....3.....z...b.....SS.
...<uO.c..../...R..H..._*bet.,...&.bD.0#....k.......p...L.....-F<
;.i..G..?..).U........~..n.*.F.q...$H...o.S).9....[.....h.iT....o.....
"......T........V...9..QC...}g..'wO...B..k..E..oTn..7d].R..\QP....W.4#
....k).|[email protected]`....'.[zJ...^[email protected].....(.y...i'..
.2wJ...............P.TX..;.Ld.l&4W...Y...S...9DG....ZJ...k.5......
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=177219-297443
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 120225
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 177219-297443/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
T....[. McJj.pu...&t...0...B.v(k..("..W..y.9.qdB/....\..8f...[u)C.....
...B.(~x..0.P..!...c.-.VtAh.....xV..../a..c|`..i...-...=.3._0...Re.3u$
J.eE.XyI.N....WR..c.n.q.z|KF.. n...:[.u.*D..,Jt.jB.n../F....D...s..P.b
VL.w.E~.._.`..[.......|`.....Y.&.1..-...B..:..yC.{k.N.\...n}e\.~..).y.
.p....%.7n...J.rzXOW.k.1.3/u.......0x{s...i.N.B.[....GSW.J.x.M.r.}.w..
/.=M..dl....sW.y...&.,.8.G....Y.W.L. ...._...1.L3_.7..Z&.E.f.... q7.4.
..._..c...........${........Y.:.......Ht7T.t..Q..MRE...7...L.P.s.A.W..
.....k$..._.]......V.DB...Rv..~......3.\......4...P..c.[.........=-...
.,6's.c.*.....;5...F.]p.....c.V..Tu.$.5N...?l..2...........s..u..Y..Y.
.=\{...t.n)..I.r.7.S....%..u..F0. ....l.Q........1..7...~...{..}.|Hq&l
t;.....e.......G......]Y.....A.9....Yz.)...;.N.....P...p...n......\Bt.
z.&........g&......i ...F-..b.......]P.{.l.!..aR.[...,F7[..n<....Se
DG....8.x.a..,..8..g....3..F...R.\.r.#..(......B.....[.i.]d."....,OT..
..C.5...M..o...W....^ N\....ZD1...^......#...:v|z.m...."....'..k.@....
....Wc.......b..4V..=F.....7.##V1]P...1]Q.....ZO..JiQK...R.....q./J...
..>T.T....{m'l%"v...VH...5..24zB.w.yy%C........z/..{.tK..E.....Z..-
.H...X$.=.U.....K..3.m.J./3..m.. ..Q.i......*...g..P_...N.b...M...x.E.
..(.k..mtO..r(bBh..n.b ..|3."_1$.w'<j..A.......C......9..:.z....5..
o...V.$e...x.p..P.'.S8P.\.......Z..~...F...7...............|2.}..x.Vf.
..}I..d...c.u{H..;..^..5.D.-........=.[Y..k:~...!.|...6.....g...2.1vq.
.SL..<i.R..{.TT....."....Qe..l..{...7.......*....#z'........?Y.....
..y........h..N.....".1=.o.I8....ki.x.ju.:S........U.....!... ..w.
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=297444-455602
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 158159
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 297444-455602/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
xTY..".Ph.8.5*.Q....m...Z..............=... /.=.. ..-.....t....w.....j
..."...$.F.p.%.u..d..*....T..%.7z..S..<...a.k..1.....[.....7 @.n..)
.....S]dz...r..F..Y...I....b....#;...l*Y.m<._....U...S......kw..(.!
....b.......h.p..zcb.U.2./....p..ww......JZ(Z!..=.............e.....&l
t;bwo...o...[.`Gc..b.X.ZKw6%r.y.....d...M@...)...c}..^#....G.F....S..S
"`...,_.8.7...w..e.1.:vh.......HXs.._.u.. ....2..........a..|.Lvf(8...
..E.......)3..>..8/s.].\p...Q......<...}6.HBA. ..x....F...s...."
e.O.K......E.n...n..d/..(.......Tz...............v.KL.Y...."..K....8..
s.. Ve]in...a....e:.SX.5io..;......O....C!.F...ET..c..;....s..e0.....2
6...&.l..M.2.E.k..z1.6.WLgIQ..P...&.s.$.......7...-...5.......&.......
..O.h....&5?...V.......i.....V.._.i....^....W.\..OY.L..r.L...^.N.../JH
(2<...wM,x].Nsu.%......F.]..e...nI..}..3...9....'......%...........
..j...-...G....~.....d.......J.....`.IR..S......[......R"...^.Hy.}..A.
.B.f.....N]/.rG.Cv.e,....3L.............-@_[S:.X .......O,x..;..*.<
..U.q#z...r.nC2>..Sw...U.m...d.2.A.2..}...O...?..2....e.....5<\.
[email protected]/?I..P.`[email protected].
'.fd....3.5.UH.i.A...uOV3@$...l...#.. 7.....&..}n}... .#.4.>..0....
.*....c..".......^@c.......k.8....|0.C.y..g.'.h7N.....j...m.......M...
6.....N..R=..........6......r..0B.....6].;x X.^..{.a. ...(....u.X.R.,.
.W..,....U=?V.z.%L.|4p..EP.-.......p...........Y 5.l.. .X.}...t,ao.l..
_?..l.>..\!!..%........w..Qd.'..Q...p.L...x.*.6...6....='wQ...U.2..
.rK..al.WM.3.vChD.ka...X......|..$.....4.P....w.M.@`; ........G.x.
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=455603-1029481
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 573879
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 455603-1029481/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
...z...Gyn...:[email protected]<01........&n....n...=Y.V.?.."KI
GN..;.#.x....c}..r..c.........l0......c..d......;.Z.n....E.I.=.3C1....
..m`,H..X...FBn]0.t...Cf._..(.D^.FB.wfcm......k..Ft...%9.O4 ..X.P.C`.!
;o.?K..n.Len.C...]Mc...-..tI..w.....].J.7...5[.p...V.WT.&`.#.?...vkG..
....$.K.}..<ryq....|J.)....~4...w...s.g..-..n2...vL.uS-T=.....7;...
k.I.u.....S..s....>......zQil....E.....c...m...c.t.....3Rqx......yH
6&,.Z .5.B....Q........>.h.Q..V.....xdaf.2..D..;^...#....H...e.u}3.
w~u..k.I.......f.....[).[.%...E....\.z 5.V;.p..x.4tD.#~.~.f.....-.xP..
.E..6...!.:..&RMn..*.H...|.....=n.$.x..=..r.^c:.m...Q.>..8.easb<
.:R.^D]?.A..p.w:z...@\?..j.....#[email protected].&....H...m<%K..t..F...
.....v.......<~g..1.P.0_u4.M.....9...p.B ._..KV'^.F....\9.i.M<.E
CO...c.`9..h...*.&.....%2.!...u%.uA..y9P.ZR..$....'b[8..n....*.7.lZ...
..o.1....;.S...x,7..N~.I...."Eg.P.L..\[email protected].:......k
X)dZ..`^...i"k...#[email protected]......> .(....n. ...Y\!.)........f.B.<.
ae.}F....{.:.q4&.......T.o..w.K...;&...w\........d.Q..rD.'.CA.g..4w.lj
.X.....ck........1...[.../.V.hp.7.....h....|..9w.{N...S/.$W..z..s.....
...]./n#4......6@...:|...u...Y..E..o....y...":0..(._.r..1...w..s...j..
w..@...#.F.W.t....yh.u:.9..{#dt.....?q....{h-.a..E.w..Z ....t.'.zS....
.......f...... .....,...j4.V.7..:...s1q.7...mr....<l.i*...w....l.Z|
P%..6..i0..tX..0=.{.....=..[$ f...r...5...d.v.~.g).....%S...:.].l.X...
...m.W)}...j.K$......wg.j8.......D...f.3].Y..,^7V.yYD{.5n}d ..o.i.....
.... h....6lO..$.....]..kk._V..2.?.7];..K..?tf..n..,:X}...3.......
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=1029482-2154412
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 1124931
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 1029482-2154412/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
F)h.mvI...Y.3...kST..T.2.n.:.,.....`...`..&....>..JD.d..|];C.I.@l#.
..Q#M|..8...:..=C....Hg(. ....~UK.{K1.B.|W .B.;\.........%0.u..]...4b.
..CE........i$#h....w..u. <....p:.......l.mq..:...a...=..U.g\..yVzC
.....TR..Sx.r.g..H..qF.\......R..|v^.9.r....0..Gxw...Q,....e......#...
O.B.;-.E......m..m.}C~O..m....&m.j#}HC8/.h.M.3..MG...fWy..C....\]. L.x
.i.]R!........G.G.i.1....h.{D<E..y.T8JSA\. ..].7#g.).P..._On(yX....
...9....!9oi{.S*.O4.u>@..%..`...Y..P..!Y.&.6-;1...!.......03.[m]..D
..)..s...AY......?6J.......%.O......E...q...6U...f...Ea.......!......X
.a..!.)uyt.9.<lT........^=.....z.0V.>s..*#BB2..)f].e...t.D..fX..
`.~...[S1b~K.....h.....=.*..,...E...g....9-..;....%..;.....7..jC.....I
.$..$.......>.`.....  .Z..."..D../....,m T.Q.h..sy.....E........C&.
..}.....,...Z.3...X$.f1...)........u\..1P..6..-2..nm.w;...V......F..n8
o..c.d...f.,..w....[.X'.~.:.4.e..1!$.......|.\*cx.......j;..q........q
......z....5..#.....m......Q..B%.7u.e....G@. .......*......Uv..g].4F.t
...YGP%uQZ..D.,.....pw.H........t!.N.........6V...;..)1|x.e/........hu
N4..$|M...]b.<.J..p,.CY.P.=.A.t....<.$yBd.e6......K..]G...u.rf..
,.i.....l....P.p.4...u.a.C...L....4t....DR....4.C...5Q.$-E......T-".0.
..f.1.S..N... . i..S--}...E.w..........LR.(.....|3..g.........;.w...z|
.tw.@....$.g.H.h.....sI.a....t..u...]EF..#..6)S.>.....|.......7>
t.hf..D.9Sg...!,..7.....j..A^&....b...Ap..8%4.`'}vJ..>*....V?.5 ...
.z...y....q..........S7.`V.HL.r.Z......C...n..x.=..~.j.....W..[..N^..\
...M..^...!.v.h..9.Q....?.c......lQ...~.........y=.I.I...2..@.....
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=2154413-4256983
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 2102571
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 2154413-4256983/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
...2..T..{[email protected]...!....[..V....G.,..P...G#.....5Z...
.j.8..e`.z%J{.o..y.,...Y.V0Y....i?*.uRL...1`q7.V.>L.)\@.v...R".../.
..^h... _.3=.V......v.s..D.?...F..,:..o..(..I.Y>..`....u.?NE.u.....
w...7........U..`j..r.q-......D.[.~,........B....Q.I...$,.<...Y...Q
.M....C.....lL.|G'...J./..'....E..d..Q.|...r...D.....`.....(......B.H.
..uVO.s...S.s..G....#x..!h...5.L3.0....aW..r.<.'.5.....5C4..}....R.
....c.l....JFf.. .CC(.......y.Sn.T.g.F<..yQ.. ...O...~..J.n....z..n
.p....8.6..o8hd0..Y...B".~.......|kH...Cr......C...c=zqK....hF.e......
......#t:1.. .g......'..&...,..]...%I_..../. ....&..j.i;..?.G4u.)].2.6
.2.7.....t.."...}.....*..n.Zr..."...(.T>pX[...W...z...../.w...1....
:[..,..I./.n.f....Q...!.Z....~....w.zYZ. ....sB...?w.Z.H..k.....8R._.-
.....:..Vu. .......I|.2...E...K.V _.....)4sW..j.._....3...l.$....bN...
u..L...hy...._.8....H...#.*~.O$[[email protected]<..O.;:.p.r......&...&
dU..YiD.....#W..M. $....F...2;.......ic.}q..........E..uU......G../...
.....m._.{....]..uk.W.B.6....A>._X.S.}T..%..M.I......W.t|..s..f.<
;...l......[...#[..Zg_..M..8.m.x.p&.L.9.s...G...^".Ao..Z.L.....#-Z....
.LY]z.w.1!....!g...S5#....Us.....no.....4.v........e*T...(}..........i
....j.[..S...P....>...?.../..|[email protected]......
..?`.."..%....$..2......M.5.\.........>......`........<..o.L...P
..K/x*.....z0|.R0...;|1{.....[z.........|.....V.b.o{.]Cbl....O.r......
u.).d.... ....`..d......Ie...*2e,l..M]y>.=&..........}hC..\......E]
YC.........C....7.).X.x.....v"..5...L..wG......|...$..o.U"r.. ..SI
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=4256984-8364605
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 4107622
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 4256984-8364605/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
....O...b...gbe.'P.pB.re...xZV......Z....oK]....dV...,.i7d,...V.#.l...
. [....,q.....M.6.T..$U.<{`.F6....1$.......W.|.x.%,D|gd..... ......
c....9...E._..O."u*.....:...(...a....G....Gc....z....W4..nLQZ.$...R...
.=...........I.K._..o.p..u/.=.}JM..P.f..x}.0.l.e.4......L.....J_...{..
v.[r.....T...H...7f?S^. .K.T.../:.'...{.g\..0...........]'Zr_....Xh.c.
......67mVw....N.?.f.6h.L..9.Y...i..D..q....z#~.....Q....W..M.../...7.
..."#..[....u#/.....x\T.`:s..9.m/.Q.t...@G.[D.w..6.._.m.t?B"....~#....
...S..9......Z.R..&-o..x.x.6.gc..$MD....C.#.'..&.^qP.1....#...xm.J.O.o
..)..R.6....Os.BK<`.......f.ki2y.......9$...?.Q....Q...so...?......
.T0..=..t.(q@..".....>3...8..j..O......p..A]...*..J.u.E#8..........
rQ..gN..$.!..i.c..!..o....`........... e.../...Y.k.%...M..1v...f<.@
I[Ag.........q2.F.......g...i...C..,...EJ.,L.p:..^.B1......&.A?..qB7..
...N..E.3"..#....9T,..i....l.t|K.t=.."...;WT.wA......B.9;.;Jw.t..F9.A.
........f..S...,tYu......\.........Zo..&.^'[email protected]....}(...wPZ......iE..
.}@xd....... 0.n.Y6...H.}.....;.M.fF...7Mlw.?A.x..J.....f.R.m.>/t.E
t].....U.?..H....i...'......&(-P.R*..d.".....w.V.F....l7h.............
.-f.7.&.*.Hw.S.. ..k......oT.u.6f...;.w..1.....J,N..v/NqW./.....;.`..|
G..../]r...-.......b.S....K..>..1....N}O.Nn....3.W...4.............
.a..66E.!......*]..Y.,.-.p.mv...........". .:..c{-P.u..;.\.-0Ž......
.w.....j.^.~.n#/.U.%4V.2.i..|.2.L.j{&.Z.A.<6.....a..p.4E..l.......S
.....Sv..8........i.].}.....NtU..SA..w..P......:..9.=...Ye=.v...$h..m1
M..`......V.d..$...r_.*qq.='..M....Zl....^.S8.....\n.\.....j..>
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=8364606-17967714
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 9603109
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 8364606-17967714/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
..B.[{.p...B.M*...]5.S(I....mu......ug..W.tm.f...LZ..y3}.;......,`...*
.vBw#$..w...F ...L....g.l.7.rJ.RjM.C...... =-..U..LW..7..........I.(S 
.[..W.............X....=Eg4>..Z<.H....(. ..w....1u....C..^....T.
.....W. ^.\aS`......T>=n....k.~4./...V>.D..*....o.,.....Jzz{...R
[email protected]*"....M%{.....ux....W...)...4_../.m...g...1..&l
t;....8....p..d....o..~.V.........}...k...}.p:..r#.8.<......!.`....
1.....5....%..=......]....Y....e1.LI.%#...-.7T..V..$S.....{..j..i.....
....HA.m..D....Z\.-...:.".VYX....a.v...>V..i..... -'..g..!.#a.#...?
.:e.H..M..\3.."S....X...|..I-...........r`[email protected]. ...aa..<.w.A.....
|W..*t..v~..I._.Al.4q.-..g..........:dk ..S.$...<...IR.-v..3TK,~...
.<.........E.4... ...*/gI.i...:.$...o.$..h.._....(.e...t(.K.%.V....
...Em ...Bk..grg#.......2Pr.c.M3.j.GMe.....G.......m..6o....1.E.Y.....
.i....}.......I..s...a..>lzVlEC.....b.....8.5.. }..jz.....(...P....
.l...7.....#...V;....4..MT.......=...3Y...$.8.[./....*....R.......... 
ax......ZV.......'.. F.b...x....7.z6.l.... ..Py..T8M.3............Jw.i
3:X......OTR3.?......BR.v...p.x.t"..*L/..C.../.....V...sQ....W.jF5....
.Qa .,....Z.t}\S.Z .`_q........@;.. X..d.:.......^$a}t<....d.......
[email protected]/.#.pSy...:*..o7..PRr....1...5...[l7...e.2X..?.9...."
FA.CZ.......k!...(.BS.p..w.9P..V..:m..w|...`..H.rq[M......p.<....@.
..c...s..l.5.3<...n....j....jg%`..]2...8.rR..1I....\.yO.a.C #Y$mx-.
i...K.K..0..".....k.._....Z.. ^V.Xr......&.h..c...rN...9...th)03r.....
..I`.....t6N.x.z'.....Tzk"M...%\.>.........<.7.y&.&.......@.
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=17967715-32608031
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com



;.....e~....F...kph=}8.[....m...t.A......H.......<1.VXH...Z..F...S.
...dC.=........Ey3..~N......._..v:w..D...M.bnu.t...3N....Gt..<D^X.U
"...j..[....G.......".\=.*.........4i.....?j...h...C;.B.....).8...C.;.
M.yV..(r...t.1:8(....i.1.ft#..A4SM..-...H....p....rTT..J...[.....^...|
....V.^.\[email protected].%PZ...;U..,Mr.....|....i6%.T.nW...{.
.'.R..u......%"u%.u..J.....tyy24...o7C...-...!J.HU..\L.R.#W).H>.W..
gH...LP..}.]"...E=...m%.e..)....T..,V.#|,.G<......U.q.....U}.C.F..K
FAQ.E.P...........;..QP......?.......N..ru*...0.m.P..^....'...F.V..I&g
t;.?..Nd..=.\..."..r&pzb].;.......I...../....R.p..kK^.g..'qa..,w.3.-$.
#2.W].z...}....Bc...U..6...&....G..........E/..)....V....E$~...8..j..z
..~H....$..\.....P...}.u#3."[Xd...6va.W&V.....^.........~G........q...
T....`....C..$U..B..!..........t..1..9......%.....[..ku.........w.:*`.
 '-1....U7.....)N ."[email protected].@......|..u8.(...3.x..
..Kg.%e....V.].....9...Eu(Q.........;ae.8...= ....NO...}....!GG...8.U.
.`.Q...TE.b.U.l")....#u.%Q.........R.9.K..-.c..y...(...'$..,1.y(H..4..
[email protected]./...y(..{^...i=..7.........'.7Y...W.....inU...W..Q....\...BM
.$q..].AN..A.lhL.D......aW.b..`.B..3#[email protected]...==.U.X....
[....z.~.3mv....Z.K.......V..v%..._....:>Vc......Q...^At..z...K.h..
P...i3...v.0c.]..u...F..c...n./...(.R.......(..,..qW...H^...&.........
[email protected].{.....g,...N.{~~..-vV......8...Ho`...O...J....`.
6..)..v...[H%W,[email protected](2.u....=W.y..}....A.[Il..^).To.... -.UK...
Ry&~[.|..^..G.?....U.2...$*m.m/._..#...'1.6.T....5.Nk........t.en.
<<< skipped >>>

GET /edgedl/chrome/win/8681233296A99640/40.0.2214.94_chrome_installer.exe?cms_redirect=yes&expire=1422898299&ip=193.138.244.231&ipbits=0&mm=28&ms=nvh&mt=1422883515&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,ms,mv,pl,shardbypass&signature=48EC28A1E45ADAD0E896EEDF1A4C26288DA72280.1E313BC2D67D47A6DD2D2ED04B391DDE9114325B&key=cms1 HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 29 Jan 2015 19:07:00 GMT
Range: bytes=32608032-41175631
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: r3---sn-3c27ln7s.gvt1.com


HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Length: 8567600
Content-Type: application/x-msdos-program
Etag: "4ec28"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 29 Jan 2015 19:31:36 GMT
Alternate-Protocol: 80:quic,p=0.02
Last-Modified: Thu, 29 Jan 2015 19:07:00 GMT
Content-Range: bytes 32608032-41175631/41175632
Connection: keep-alive
Alternate-Protocol: 80:quic,p=0.01
.#2.[r?/H'..~P.$..,...=;..a...vuGs`F.X.!X.!~^.^..,..R0z..>tc...;../
..v..}.....'.u...c...LDw..q.*H.U4hg......n.bh.Z...6h..d....Q...q.G.c#.
......[@OD.c2.....Gmp`t.V:..='U....(5d../....I...;=f..).0...8..G..9..d
 ...d%.Hl.... b rYu...-.....~8..-...5..X6.....\...T*6.l....g.I.....n.f
K.....!9....&.d...............8...... ...4.%p5..L..pp..g...D...N..\...
\..\O=.(.4E..L#@.....\[email protected]....?......l..<u.{$...E.n;.......L..8...I
...M>.F...3.[.qOC...iT.$(..%/..].9.:|? ..#..1.........b].........[#
.~..De.(.9.P......,......W..m..?lQ..n.........[.=.f.w<p.7q...s.....
c ..|..8.t...=......lVP......m3.^.,Y...A..........~>..#..%.0....fyQ
9.b*...x.#5. r.M.V..&. [email protected].=.......(h.tW.I...
...K(...H._...N.,[email protected].{.f.I.....T;0KN37|.....W..$P..w
vZ...z.....a.`.J...O.....vZ..g\..<m..{|V.:.........4...Dq.. ..o.X..
6......0.0......p.O}..J........$..4..;....?.MY.2;T..8....<W/...aO?.
.Z.x..|z....!....zq.l;..5...=.7....w..wy..{.g.P....4..jo.\[email protected].
..{F..T...". .BP..vU...va$.......o.1.D..l.....;.X....tJw.0 3.O.I.....@
.....$s.....f<\.w..r.?......u..m.......Yj.......9..B.^...r...._..K.
?.a.-.L8.E~..5z-...v.2Hcah.\.z......=h.!.fpK....Gy....s......x2.d.mO..
X.....'...|./....).s.i`.o..r...K.....Q.......L.T..S.BWX...;..Gv..##..9
...l.:..otS..........B...w....U.j......%.....}...{~....d.....m........
?.n>..DM...3....%..l.wP-lz.MI..(........... ,...0....V.k...`n.RG=..
R#...HN.....O.By.w........H."...<..^......X.....]..i.H...&.=.N@Ys..
..p%...K....0.Xy...!.....b^..!"....~<13......[..........2..hv;.
<<< skipped >>>


GET /PublicSureServerSV.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=864000
Content-Type: application/x-pkcs7-crl
Date: Mon, 02 Feb 2015 13:29:36 GMT
Etag: "2b0017-47061-eeeb7bc0"
Expires: Thu, 12 Feb 2015 13:29:36 GMT
Last-Modified: Mon, 02 Feb 2015 09:53:59 GMT
Server: ECS (frf/8799)
X-Cache: HIT
X-Cntnt-Length: 290913
Content-Length: 290913
0..p\0..oC...0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150202094503Z..150212094503Z0..n.0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>


GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX+2yz8LQsgM4CCQD+rJ0jfxxchg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.godaddy.com


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:31:48 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=122382, public, no-transform, must-revalidate
Last-Modified: Mon, 02 Feb 2015 13:18:52 GMT
Expires: Wed, 04 Feb 2015 01:18:52 GMT
ETag: "9d1f291ffe94bef6088c994e602f4eac3e1970cf"
Content-Length: 1897
Connection: close
Content-Type: application/ocsp-response
0..e......^0..Z.. .....0.....K0..G0..0...0..1.0...U....US1.0...U....Ar
izona1.0...U....Scottsdale1.0...U....GoDaddy.com, LLC1-0 ..U...$http:/
/certs.godaddy.com/repository/1 0)..U..."Go Daddy Validation Authority
 - G2..20150202131852Z0l0j0B0... ..........._lkv...8..f..R34N..@..'..4
.0.3..l...,........#..\.....20150202131852Z....20150204011852Z0...*.H.
.............o..../.....!....."...5.=;...b..]1...5G..._.o.....&z.t...a
..d^=..N..x....WN..c...e.#....xB..".9.......`...A..^..>#.....(.Mfe.
..Bv.....I...U..i.5.h.<..R[.....U.....'ygc.f~......Kqd../..`W...:..
Ii...9..r-..Ma.v.Ka..%.N...=.G.c0..~.B.]....K....]e.....'....jZ.....0.
..0...0..........$..0...*.H........0..1.0...U....US1.0...U....Arizona1
.0...U....Scottsdale1.0...U....GoDaddy.com, Inc.1-0 ..U...$hXXp://cert
s.godaddy.com/repository/1301..U...*Go Daddy Secure Certificate Author
ity - G20...140401070000Z..150401070000Z0..1.0...U....US1.0...U....Ari
zona1.0...U....Scottsdale1.0...U....GoDaddy.com, LLC1-0 ..U...$hXXp://
certs.godaddy.com/repository/1 0)..U..."Go Daddy Validation Authority 
- G20.."0...*.H.............0..........?.........'' ...X....0.........
T..W............,\...zZ./h....W......>.......Z..K....n..$Us..Y..e..
b_I|T.....$.>....%D$.3..$....*.|)........S..$A.e<...r..rE)....(.
..C[V.........~`C.........L....\....W......M....w.Zk......h. i.....J..
n.........u.....K)...E.........0...0...U.......0.0...U...........0...U
.%..0... ......... .......0...U......wI.p......!.(..d.tT(0...U.#..0...
@..'..4.0.3..l...,..0... .....0......01..U...*0(0&.$.". hXXp://crl
<<< skipped >>>


POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dlg-messages.buzzrin.de
Content-Length: 411
Connection: Close

{"BuildId":"16fc2602-02d6-45c7-a1f5-ff565bfcaf11","Client":"freemium","DlgVersion":"3.1.0.170","Culture":"en-US","LocalTime":"2015-02-02T13:31:54 02:00","SessionId":"049617b0-70bb-4dd7-8d78-b405c2d7ba9c","MessageName":"OfferDownloadStarted","Product":"winsoftware","ProductVersion":"1.0","Region":"default","Campaign":"paid content","Offer":"speedchecker/pcspeedup/1.0/default","TrackBackUrl":"","SubId":"bing"}
HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 02 Feb 2015 13:31:28 GMT
Connection: close
Content-Length: 0



GET /0.gif?2920516&101 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: sstatic1.histats.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Mon, 02 Feb 2015 13:30:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Set-Cookie: CountUid=387f948a-0crs-4886-b714-82e67c6ab6f8; domain=.histats.com; Max-Age=31536000; Expires=Thu, 19-Feb-2015 14:10:43 GMT
GIF89a.............!.......,...........D..;..



GET /download/dl/yet_another_cleaner_bxk.exe HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: dl2.yac.mx
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Feb 2015 13:30:08 GMT
Content-Type: application/octet-stream
Content-Length: 1999600
Last-Modified: Mon, 02 Feb 2015 09:44:17 GMT
Connection: keep-alive
Expires: Wed, 04 Mar 2015 13:30:08 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......<.ydx..7x
..7x..7_Hz7{..7_Hl7i..7x..7...7q..7s..7q..7y..7q..7y..7Richx..7.......
.................PE..L....l.K.................d.......B...3...........
[email protected].................................
..............`...............i..@....................................
........................................................text...@b.....
..d.................. ..`.rdata...............h..............@[email protected]
...|[email protected].........................
......rsrc........`......................@..@.........................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
......G..H.P.u..u..u...|[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>


GET /v4/sof-installer/535559167_198339_B48A115F?action=cvs.installer.webssearches.wpm HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Pi/3.1415926
Host: xa.xingcloud.com


HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 02 Feb 2015 13:29:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
xa-api-version: v4
48..{"stats":"ok","time":"1.23 ms","message":"store 1 action and 0 upd
ate "}..0..HTTP/1.1 200 OK..Server: nginx/0.7.67..Date: Mon, 02 Feb 20
15 13:29:31 GMT..Content-Type: text/html; charset=utf-8..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.3.3..xa-api
-version: v4..48..{"stats":"ok","time":"1.23 ms","message":"store 1 ac
tion and 0 update "}..0..







The Malware connects to the servers at the folowing location(s):







%original file name%.exe_3524:




.text
`.rdata
@.data
.rsrc
@.reloc
9>t.hH
8%uEP3
!|$<!|$,
operator
GetProcessWindowStation
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
F3.1.0.170
KERNEL32.dll
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
GetProcessHeap
GetCPInfo
zcÁ
 E60%xA
.WHH`
.VF[$|
q.pxlA6
F.daA
R%8x?T
ru.xq
.Nl?n*
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
0*00070>0
3'474@4_4
0 0$0(0,0004080<0
7x7S7X7a7k7|7
3 3$3(3,303<3@3
: :<:@:`:
8,888\8|8
< <$<(<,<0<4<
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
KERNEL32.DLL
WUSER32.DLL
Advapi32.dll
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
c:\%original file name%.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG2432.tmp
3.1.0.170

nsq61E1.tmp_1580:




.text
`.rdata
@.data
.ndata
.rsrc
uDSSh
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationA
ShellExecuteA
SHELL32.dll
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
verifying installer: %d%%
hXXp://nsis.sf.net/NSIS_Error
... %d%%
~nsu.tmp
%u.%u%s%s
RegDeleteKeyExA
%s=%s
*?|<>/":
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgB2DD.tmp
inetc.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfDCB9.tmp\inetc.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfDCB9.tmp
@.reloc
u.Uj@
MSVCRT.dll
HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetCrackUrlA
WININET.dll
Open URL Error
URL Parts Error
FtpCreateDir failed (550)
Error FTP path (550)
Downloading %s
%dkB (%d%%) of %dkB @ %d.dkB/s
(%d %s%s remaining)
REST %d
SIZE %s
Content-Length: %d
Content-Type: application/x-www-form-urlencoded
Authorization: basic %s
Proxy-authorization: basic %s
%s:%s
FtpCommandA
wininet.dll
%u MB
%u kB
%u bytes
%d:d:d
%s - %s
(Err=%d)
NSIS_Inetc (Mozilla)
Filename: %s
/password
Uploading %s
8!8-8B8I8}8
^2S%S
nsgB2DD.tmp
s\"%CurrentUserName%"\AppData\Local\Temp\nsgB2DD.tmp
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfDCB9.tmp
Users\"%CurrentUserName%"\AppData\Local\Temp\nsgB2DD.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq61E1.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp
nsq61E1.tmp
ers\"%CurrentUserName%"\AppData\Local\Temp\nsfDCB7.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>

nsq61E2.tmp_1884:




.text
`.rdata
@.data
.rsrc
@.reloc
xSSSh
FTPjKS
FtPj;S
C.PjRV
portuguese-brazilian
operator
GetProcessWindowStation
C:\dev\src\dl_generic_library\helpers\voping\voping_cpp\Release\voping_cpp.pdb
KERNEL32.dll
HttpSendRequestW
HttpOpenRequestW
WININET.dll
WinHttpCrackUrl
WINHTTP.dll
GetCPInfo
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq61E2.tmp
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
3(3/394@4
8#:0:9:|:
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
KERNEL32.DLL
WUSER32.DLL
,hXXp://sstatic1.histats.com/0.gif?%u&101

ProtectService.exe_3604:




.text
`.rdata
@.data
.rsrc
@.reloc
GET %s%s%s HTTP/1.1
Host: %s
%sUser-Agent: Mozilla/4.0
POST %s HTTP/1.1
%sContent-Type: %s
User-Agent: Mozilla/4.0
Content-Length: %u
%*s %d %*s
%*[ ]%[^
?456789:;<=
!"#$%&'()* ,-./0123
file_url
E:\supsoft\SupSearchProtectV4\SearchProtect\Bin\Release\ProtectService.pdb
GetProcessHeap
GetSystemWindowsDirectoryW
KERNEL32.dll
USER32.dll
RegOpenKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
SHELL32.dll
MSVCP110.dll
InternetCrackUrlW
WININET.dll
WS2_32.dll
SHLWAPI.dll
MSVCR110.dll
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_calloc_crt
__crtGetShowWindowMode
_amsg_exit
_wcmdln
__crtSetUnhandledExceptionFilter
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WINHTTP.dll
SensApi.dll
VERSION.dll
PSAPI.DLL
USERENV.dll
.?AVCHttpClient@@
.?AVCTcpipSocket@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
2-2v2
hXXp://
Software\Microsoft\Windows\CurrentVersion\Internet Settings
http=
WinHttpClient
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) in my heart of heart.
hXXp://xa.xingcloud.com
xxxx
%u_%u
%s_%s
%s_X
\\.\PhysicalDrive%d
UpDateProcess.exe
hXXp://VVV.theviilage.com/searchprotect/up?ptid=%s&sid=%s&ln=%s_%s&ver=%s&uid=%s&dp=%s
g{2EFFE99D-743D-44D0-BBF2-F9DDDEA2F92D}
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
Report HeartBeat
cmdshell.exe
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=visit.heartbeat.%s&update0=ref,%s&update1=nation,%s&update2=language,%s&update3=version,%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action0=xa.geoip&action1=visit&action2=install
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=uninstall
explorer.exe
Advapi32.dll
"%s" %s
psapi.dll
Explorer.exe
json_value.cpp
ljson_reader.cpp
ProtectSvc.exe
4.0.1.1716

HPNotify.exe_2968:




.text
`.rdata
@.data
.rsrc
@.reloc
<9%uo
wszUrl
strUrlTemp
hKEY
strSelUrl
strUrl
strConfUrlTemp
strDsUrl
strHpUrl
strCmdLine
tCPW
%UUUU
e_GetBrowserCurrentHpUrl
e_GetBrowserCurrentDsUrl
URLDownloadToFileW
URLDownloadToFileW ret:0XX
Error : %d
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.1.3
monochrome
unsupported bit depth
`'\%D,3
Run-Time Check Failure #%d - %s
%s%s%p%s%ld%s%d%s
%s%s%s%s
RegOpenKeyExW
RegCloseKey
del /s/q %1\*.*
%suninstall.bat
E:\supsoft\SupSearchProtectV4\SearchProtect\bin\Release\HPNotify.pdb
KERNEL32.dll
GetKeyState
USER32.dll
GDI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteA
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHDeleteKeyW
SHLWAPI.dll
MSVCP110.dll
MSVCR110.dll
_calloc_crt
_CRT_RTC_INITW
__crtGetShowWindowMode
_amsg_exit
_wcmdln
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtSetUnhandledExceptionFilter
GdiplusShutdown
gdiplus.dll
IMM32.dll
DeleteUrlCacheEntryW
WININET.dll
COMCTL32.dll
GetProcessHeap
#*1892 $
%,3:;4-&
.?AVCActiveXEnum@DuiLib@@
.?AVCWebBrowserUI@DuiLib@@
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />
3?3
1-2}2
77t7
9":,:6:@:
12u2
: :$:(:,:0:
4 4$4(4,404
>$?(?,?0?
2 2$2(2,20242
0 1@1\1|1
hXXp://VVV.bing.com/
hXXp://VVV.yahoo.com/
hXXp://VVV.google.com/
%sconf
web/?type=dspp&
web/?type=dspp
hXXp://VVV.v9.com/
Itemd
BrowserAction.dll
%u_%u
%s_%s
%s_X
\\.\PhysicalDrive%d
\\.\Scsi%d:
UrlEdit
conf.xml
hXXp://v9.com/license_agreement.html
hXXp://v9.com/privacy_policy.html
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.show.%s
hXXp://xa.xingcloud.com/v4/searchprotect/%s?action=set.other.%s
%stmp%d.tmp
urlmon.dll
main.xml
explorer.exe
Global\{5F26509F-29FE-4598-8800-FA22CE9CC17F}__Mutex
IeWatchDog.dll
BrowerWatchFF.dll
BrowerWatchCH.dll
Global\GUID(6D05BFEC-4307-4649-8963-962A24345DF4)
msimg32.dll
User32.dll
WM_KEYDOWN
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYUP
0xX
keyboard
msftedit.dll
password
%s%s%s
Correct password required
%s\%s
WebBrowser
transshadow
transshadow1
dest='%d,%d,%d,%d'
dest='%d,%d,%d,%d' source='%d,%d,%d,%d'
source='%d,%d,%d,%d' dest='%d,%d,%d,%d'
M-d-d
WebBrowserUI
errorUrl
{D27CDB6E-AE6D-11CF-96B8-444553540000}
user32.dll
MSPDB110.DLL
ADVAPI32.DLL
/c ping 127.0.0.1 -n 2 > nul && del /s/q
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
%Program Files% (x86)\XTab\skin\
SupHPNot.exe
4,0,1,1716
SupHPNty.exe

PCSUService.exe_2980:




.text
`.rdata
@.data
.rsrc
@.reloc
SSSSSh
xSSSh
FTPjKS
FtPj;S
C.PjRV
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
operator
GetProcessWindowStation
127.0.0.1
C:\Projects\PCSU-SL\PCSpeedUp\Release\PCSUService.pdb
WS2_32.dll
IPHLPAPI.DLL
sqlite3_exec
sqlite3_free
sqlite3_open16
sqlite3_close
sqlite3_extended_result_codes
sqlite3.dll
CreatePipe
GetProcessHeap
KERNEL32.dll
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
ADVAPI32.dll
SHELL32.dll
OLEAUT32.dll
pdh.dll
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WINHTTP.dll
Secur32.dll
GetCPInfo
PeekNamedPipe
zcÁ
.PA_W
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
7 7$7(7,7074787<7
>#>(>7>^>
0.040(1?142
8 8$8(8,808
2 2$2(2,20242
srclient.dll
mscoree.dll
nKERNEL32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
PCSUService-Timer.log
Wevtapi.dll
ERROR: GetWindowsBoottimes(): could not load Wevtapi.dll
Subscribing for Microsoft-Windows-Diagnostics-Performance/Operational - Event/System[EventID=100]
Microsoft-Windows-Diagnostics-Performance/Operational
ntdll.dll
ERROR: WaitUntilSystemIdle(): could not load Wevtapi.dll
ERROR: InitializePerformanceCounters(): check the registry keys in: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
iexplore.exe
firefox.exe
chrome.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
RemoveExeImageHook(%s)...
DeleteValue failed: %d
DeleteKey failed: %d
registry key is not empty!
HKEY_LOCAL_MACHINE
ERROR: ProcessHelper.Start: hChildProcess != NULL
CreateOutputPipe
CreateInputPipe
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
RegistryHelper::GetValue():RegOpenKeyEx()
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
WinHttpClient
3.8.3.0
dddddd.d000
WindowsBoottimes
|userlogin|
PCSUBootTimes.log
,"LoginToIdle":
INSERT OR REPLACE INTO Boots(Idle, LoginToIdle, WinlogonToIdle, UptimeAtIdle, USBCacheActive) VALUES('
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
/update.aspx?uniqueID=
\PCSpeedUp-Silent-Update.exe
/SP- /VERYSILENT /updateMode=true /LOG=update.log /countryCode=
HKEY_CURRENT_USER\Software\Speedchecker Limited\PC Speed Up
ERROR:RegistryHelper::CreateValue(HKEY_CURRENT_USER\Software\Speedchecker Limited\PC Speed Up, UpdateChecked):
FileUploader.exe
Checking HKEY_CURRENT_USER\Software\Speedchecker Limited\PC Speed Up key for USBCacheFill value...
DELETE FROM UC_STAT WHERE file LIKE '%.sys';
DELETE FROM UC_STAT WHERE file LIKE '%.tmp' AND read_counter<1000;
DELETE FROM UC_STAT WHERE file NOT LIKE '%.exe%' AND file NOT LIKE '%.dll%' AND read_counter=1;
hXXp://VVV.pcspeeduplog.com/1/inputs/http?index=cc9534a2adc111e286841231390e9c34&sourcetype=service
PCSUService: WinHttpClient.SendHttpRequest():
PCSUService: SendHTTPRequestAsync:
PCSUSD.exe
PCSUUCC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Speedchecker Limited\PC Speed Up
PCSUService.exe
PCSUQuickScan.exe
hXXp://qslimit.pcspeedup.co/qs_limit.aspx?productID=1&uniqueID=
SendHttpRequest
PCSUSpeedTest.exe
hXXp://VVV.pcsuapi.com
hXXp://VVV.pcsuapi.net
hXXp://VVV.pcsuservice.com
hXXp://VVV.pcsuapi.info
hXXp://VVV.pcsuapi.org
hXXp://VVV.sdapi.co
hXXp://VVV.sdltdapi.com
hXXp://VVV.sdservice.co
hXXp://VVV.sdltdapi.net
/featurelimit.aspx?productID=1&uniqueID=
RegistryHelper.SetValue
RegistryHelper.DeleteValue
RegistryHelper.CreateKey
RegistryHelper.DeleteKey
SysUtils.SetRestorePoint
IOHelper.FileCopy
IOHelper.Delete
Process.Start
The Process.Start didn't receive 7 arguments.
Process.HasExited
The Process.HasExited didn't receive 2 arguments.
Process.Stop
The Process.Stop didn't receive 2 arguments.
Process.Terminate
DB.ExecuteNonQuery
The DB.ExecuteNonQueryEx didn't receive the query/sql to execute.
DB.ExecuteScalar
The DB.ExecuteScalarEx didn't receive the query/sql to execute.
DB.ExecuteReader
The DB.ExecuteReader didn't receive the query/sql to execute.
NetworkHelper.GetAllMACAddresses
Service.Start
Service.Stop
Remove.IFEO
PCSUSD.Scan
PCSUSD.Enable
PCSUSD.Disable
Process.CheckBrowsers
PCSUUCC.Scan
PCSUUCC.Refresh
PCSUUCC.Update
PCSUUCC.Clean
PCSUUCC.Fill
PCSUUCC.Install
PCSpeedUp.sys"
PCSUUCC.Uninstall
PCSUUCC.On
PCSUUCC.Off
PCSUUCC.Status
PCSUUCC.Usage
cmd /c PCSUUCC.exe /usage > CacheUsage.txt
PCSUService.SpeedTest
HTTP.Send
server_port
PCSUService.conf
service status: PID = %d, state = %s, CheckPoint = %d, WaitHint = %d
EnumDependentServices failed (err=%d)
Stop dependent service "%s"...
OpenService failed (err=%d)
ControlService failed (err=%d)
QueryServiceStatusEx failed (err=%d)
Timeout! (%d sec)
StartService(%s)...
ERROR! OpenSCManager failed! (err=%d)
ERROR! OpenService(%s) failed! (err=%d)
ERROR! StartService failed! (err=%d)
ERROR! QueryServiceStatusEx failed (err=%d)
Current State: %d
Exit Code: %d
Check Point: %d
Wait Hint: %d
StopService(%s)...
Service stop timed out. (%d sec)
ERROR! StopDependentServices failed! (err = %d)
ERROR! ControlService failed (err=%d)
Wait timed out (%d sec)
ExecuteNonQuery: sqlite3_exec:
ExecuteScalar: sqlite3_exec:
ExecuteReader: sqlite3_exec:
LocalExecuteNonQuery: sqlite3_exec:
LocalExecuteScalar: sqlite3_exec:
LocalExecuteReader: sqlite3_exec:
sqlite3_open16:
sqlite3_close:
PRAGMA foreign_keys = ON;
SELECT DISTINCT s.ID, s.ValueName, s.ValueData, l.Path, s.ValueType FROM Startups s, ScanStartupApplications ssa, Locations l WHERE (s.Action = 2) AND (s.ID = ssa.IDStartup) AND (ssa.IDLocation = l.ID) ORDER BY s.ValueType DESC;
hXXp://VVV.safedownloadapi.com
ERROR:CheckUpdateURL():ResponseContent:
%Program Files% (x86)\PC Speed Up\PCSUService.exe

opera.exe_3464:




!Require Windows
.text
`.rdata
@.data
.rsrc
PSSSSSSh
<x%u<
ttNt_Nt.Nt
:Language:%u
0xx
"%s".
Could not overwrite file "%s".
Could not create file "%s".
0xX.
7-Zip: Internal error, code 0xX.
7-Zip: Internal error, code %u.
7-Zip: Unsupported method.
Error during execution "%s".
"setup.exe"
Could not find "setup.exe".
Could not find command for "%s".
Could not delete file or folder "%s".
Could not create folder "%s".
Error in line %d of configuration data:
Could not open archive file "%s".
1.5.0 [x86]
2712 (30
1.5.0 [x86] build 2712 (December 30, 2012)
Supported methods and filters, build options:
Sorry, this program requires Microsoft Windows 2000 or later.
COMCTL32.dll
ShellExecuteExW
ShellExecuteW
SHELL32.dll
GDI32.dll
ADVAPI32.dll
GetKeyState
UnhookWindowsHookEx
SetWindowsHookExW
USER32.dll
ole32.dll
OLEAUT32.dll
CreateIoCompletionPort
KERNEL32.dll
MSVCRT.dll
_acmdln
22222222222222222222
CC%%C%ÌCCC%Ì%Ì%C%
4444444444
version="1.2.0.715"
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"/>
<requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
X%cX%c
7zSfxString%d
@7zSfxFolderd
%X - X - X - X - X
7ZSfxx.cmd
setup.exe
7ZipSfx.x
@ (%d%s)
Opera Software ASA
Copyright (c) 1999-2008 Opera Software ASA
Opera.exe
Opera

installer.exe_2828:




.text
`.rdata
@.data
@.rsrc
@.reloc
777777777
7777777
!7"77#7$%&7'()77* ,7-./017237747756
%u%9~`u
8%u*V
u SSh
tCPV
;.St4P
8.uL@
<-t~<.tz<_tv<~tr<%uB
<.t~<_tz<~tv<%uB
<-t|<_tx<.tt<!tp<~tl<*th<'td<(t`<)t\
!"#$%&'()* ,-./0
:.uNB
<*t]</tY<@tU<.tQ
Jt.Jt
<.tD<@t@
j.Yf;
_tcPVj@
.PjRW
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
cloud_print.user_settings.printers
cloud_print.submit_enabled
cloud_print.user_settings
net.max_connections_per_proxy
profile.managed_default_content_settings.cookies
profile.managed_default_content_settings.images
profile.managed_default_content_settings.javascript
profile.managed_default_content_settings.plugins
profile.managed_default_content_settings.popups
profile.managed_default_content_settings.geolocation
profile.managed_default_content_settings.notifications
profile.managed_default_content_settings.media_stream
profile.managed_cookies_allowed_for_urls
profile.managed_cookies_blocked_for_urls
profile.managed_cookies_sessiononly_for_urls
profile.managed_images_allowed_for_urls
profile.managed_images_blocked_for_urls
profile.managed_javascript_allowed_for_urls
profile.managed_javascript_blocked_for_urls
profile.managed_plugins_allowed_for_urls
profile.managed_plugins_blocked_for_urls
profile.managed_popups_allowed_for_urls
profile.managed_popups_blocked_for_urls
profile.managed_notifications_allowed_for_urls
profile.managed_notifications_blocked_for_urls
profile.managed_auto_select_certificate_for_urls
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
hotword.search_enabled_2
hotword.opt_in_popup_times_shown
hotword.audio_logging_enabled
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
feedback.performance_tracing_enabled
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.allow_cross_origin_prompt
async_dns.enabled
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.enabled
background_mode.enabled
hardware_acceleration_mode.enabled
policy.device_refresh_rate
message_center.showed_first_run_balloon
message_center.show_icon
message_center.was_forced_on_taskbar
recovery_component.version
component_updater.state
browser.attempted_to_enable_autoupdate
media_galleries.gallery_id
media_galleries.remembered_galleries
media_galleries.last_scan_time
gesture.fling_velocity_cap
gesture.long_press_time_in_seconds
gesture.max_distance_between_taps_for_double_tap
gesture.max_distance_for_two_finger_tap_in_pixels
gesture.max_seconds_between_double_click
gesture.max_separation_for_gesture_touches_in_pixels
gesture.max_swipe_deviation_ratio
gesture.max_touch_down_duration_in_seconds_for_click
gesture.max_touch_move_in_pixels_for_click
gesture.min_distance_for_pinch_scroll_in_pixels
gesture.min_flick_speed_squared
gesture.min_pinch_update_distance_in_pixels
gesture.min_rail_break_velocity
gesture.min_scroll_delta_squared
gesture.min_swipe_speed
gesture.min_touch_down_duration_in_seconds_for_click
gesture.points_buffered_for_velocity
gesture.rail_break_proportion
gesture.rail_start_proportion
gesture.scroll_prediction_seconds
gesture.semi_long_press_time_in_seconds
gesture.show_press_delay_in_ms
gesture.tab_scrub_activation_delay_in_ms
gesture.fling_acceleration_curve_coefficient_0
gesture.fling_acceleration_curve_coefficient_1
gesture.fling_acceleration_curve_coefficient_2
gesture.fling_acceleration_curve_coefficient_3
flingcurve.touchpad_alpha
flingcurve.touchpad_beta
flingcurve.touchpad_gamma
flingcurve.touchscreen_alpha
flingcurve.touchscreen_beta
flingcurve.touchscreen_gamma
gesture.fling_max_cancel_to_down_time_in_ms
gesture.fling_max_tap_gap_time_in_ms
overscroll.horizontal_threshold_complete
overscroll.vertical_threshold_complete
overscroll.minimum_threshold_start
overscroll.minimum_threshold_start_touchpad
overscroll.vertical_threshold_start
overscroll.horizontal_resist_threshold
overscroll.vertical_resist_threshold
network_profile.warnings_left
network_profile.last_warning_time
turbo.enabled
turbo.url_blacklist
turbo.client_id
apps.app_launch_for_metro_restart
apps.app_launch_for_metro_restart_profile
apps.shortcuts_have_been_created
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
profile.extensions.activity_log.num_consumers_active
profile.extensions.activity_log.watchdog_extension_active
profile.preference_hashes
profile.network_time_mapping
proxy.quick_check_enabled
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.custodian_email
profile.managed.custodian_name
profile.managed.shared_settings
profile.icon_version
session.restore_on_startup
session.restore_on_startup_migrated
profile.exited_cleanly
profile.exit_type
session.startup_urls
session.urls_to_restore_on_startup
session.startup_urls_migration_time
profile.ephemeral_mode
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.web_security_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.inspector_settings
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
safebrowsing.enabled
safebrowsing.download_feedback_enabled
safebrowsing.reporting_enabled
safebrowsing.proceed_anyway_disabled
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
default_search_provider.synced_guid
default_search_provider.enabled
default_search_provider.search_url
default_search_provider.suggest_url
default_search_provider.instant_url
default_search_provider.image_url
default_search_provider.new_tab_url
default_search_provider.search_url_post_params
default_search_provider.suggest_url_post_params
default_search_provider.instant_url_post_params
default_search_provider.image_url_post_params
default_search_provider.icon_url
default_search_provider.encodings
default_search_provider.name
default_search_provider.keyword
default_search_provider.id
default_search_provider.prepopulate_id
default_search_provider.alternate_urls
default_search_provider.search_terms_replacement_key
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
net.use_proxy_for_local_servers
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.enable_spellchecking
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
browser.enabled_labs_experiments
browser.enable_autospellcorrect
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
browser.clear_data.time_period
browser.last_clear_browsing_data_time
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.ui.dismissed_adt_promo
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
browser.check_default_browser
browser.default_browser_setting_enabled
browser.custom_chrome_frame
profile.default_content_settings
profile.content_settings.clear_on_exit_migrated
profile.content_settings.pref_version
profile.content_settings.pattern_pairs
profile.content_settings.whitelist_version
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
profile.default_zoom_level
profile.per_host_zoom_levels
autofill.data_model_default
autofill.pay_without_wallet
autofill.wallet_location_disclosure
autofill.save_data
autofill.wallet_shipping_same_as_billing
autofill.generated_card_bubble_times_shown
autofill.rac_dialog_defaults
import_bookmarks
import_history
import_home_page
import_search_engine
import_saved_passwords
profile.avatar_index
profile.name
profile.is_managed
profile.managed_user_id
profile.gaia_info_update_time
profile.gaia_info_picture_url
profile.avatar_bubble_tutorial_shown
profile.user_manager_tutorial_shown
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.enabled_sync_notifier_ids
synced_notification.enabled_remote_services
synced_notification.initialized_remote_services
synced_notification.first_run
message_center.welcome_notification_dismissed
message_center.welcome_notification_dismissed_local
message_center.welcome_notification_previously_popped_up
message_center.welcome_notification_expiration_timestamp
fullscreen.allowed
local_discovery.notifications_enabled
prefs.preference_reset_time
profile.reset_prompt_memento
gcm.channel_enabled
easy_unlock.enabled
easy_unlock.show_tutorial
easy_unlock.pairing
zerosuggest.cachedresults
ssl.rev_checking.enabled
ssl.rev_checking.required_for_local_anchors
ssl.version_min
ssl.version_max
ssl.cipher_suites.blacklist
ssl.ssl_record_splitting.disabled
user_experience_metrics.client_id2
user_experience_metrics.session_id
user_experience_metrics.low_entropy_source2
user_experience_metrics.permuted_entropy_cache
user_experience_metrics.client_id
user_experience_metrics.low_entropy_source
user_experience_metrics.reporting_enabled
user_experience_metrics.client_id_timestamp
user_experience_metrics.machine_id
user_experience_metrics.reset_metrics_ids
user_experience_metrics.initial_logs_as_protobufs
user_experience_metrics.ongoing_logs_as_protobufs
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.info_cache
profile.created_by_version
user_experience_metrics.stability.execution_phase
user_experience_metrics.stability.exited_cleanly
user_experience_metrics.stability.stats_version
user_experience_metrics.stability.stats_buildtime
user_experience_metrics.stability.session_end_completed
user_experience_metrics.stability.launch_count
user_experience_metrics.stability.crash_count
user_experience_metrics.stability.incomplete_session_end_count
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.saved_system_profile
user_experience_metrics.stability.saved_system_profile_hash
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.launch_time_sec
user_experience_metrics.stability.last_timestamp_sec
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.breakpad_registration_ok
user_experience_metrics.stability.breakpad_registration_fail
user_experience_metrics.stability.debugger_present
user_experience_metrics.stability.debugger_not_present
user_experience_metrics.stability.plugin_stats2
uninstall_metrics.installation_date2
uninstall_metrics.page_load_count
uninstall_metrics.launch_count
uninstall_metrics.uptime_sec
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
browser.window_placement_popup
task_manager.window_placement
keyword_editor.window_placement
preferences.window_placement
renderer.memory_cache.size
download.default_directory
download.extensions_to_open
download.directory_upgrade
download.torrent_enable
savefile.default_directory
savefile.type
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
selectfile.last_directory
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
content_settings_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_known_google_url
browser.last_prompted_google_url
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
relaunch.mode
extensions.disabled
plugins.disable_plugin_finder
ntp.app_page_names
ntp.collapsed_foreign_sessions
ntp.collapsed_recently_closed_tabs
ntp.collapsed_snapshot_document
ntp.collapsed_sync_promo
ntp.date_resource_server
ntp.most_visited_blacklist
ntp.promo_desktop_session_found
ntp.promo_resource_cache_update
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.tips_resource_server
ntp.webstore_enabled
devtools.adb_key
devtools.disabled
devtools.discover_usb_devices
devtools.edited_files
devtools.file_system_paths
devtools.open_docked
devtools.port_forwarding_enabled
devtools.port_forwarding_default_set
devtools.port_forwarding_config
google.services.password_hash
invalidator.client_id
invalidator.invalidation_state
invalidator.saved_invalidations
invalidation_service.use_gcm_channel
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
media.default_audio_capture_device
media.default_video_capture_Device
media.device_id_salt
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
remote_access.host_allow_client_pairing
remote_access.host_allow_gnubby_auth
remote_access.host_allow_relayed_connection
remote_access.host_udp_port_range
printing.print_preview_sticky_settings
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\installer.cc
opera::installer::Installer::EndLoop
opera::installer::Installer::Run
Settings operation invalid for autoupdate
Settings operation invalid
Can't uninstall when Opera.exe is in use
passed to StepCopyFile (max:
opera::installer::Installer::StepCopyFile
Uninstall key:
hXXp://redir.opera.com/uninstallsurvey/?version=
iexplore.exe
" | FIND /c /i ".exe"
ping -n 2 127.0.0.1
opera::installer::Installer::ScheduleNextStep
Failed to obtain installer exe file path
launchopera
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\net_installer\win32_dialog_dispatcher.cc
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\settings.cc
Operation:
launch_opera_:
opera::installer::Settings::StatusFetcher::FetchStatus
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\ui\installer_ui_controller.cc
opera::installer::InstallerUIController::Init
opera::installer::InstallerUIController::InstallationFailed
opera::installer::InstallerUIController::InstallationSucceeded
opera::installer::InstallerUIController::ShowProgressBar
opera::installer::InstallerUIController::StepProgressBar
opera::installer::InstallerUIController::Hide
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\ui\installer_window.cc
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\ui\l10n_handler.cc
Install Opera in the specified language. This language will also be used during installation.
The Operating system UI language.
Install Opera in the specified folder.
If true, install Opera for all users on the system.
If true, the installer will set up Opera to use a single profile located in the installation folder.
If true, make Opera the default browser for this user or computer.
True for Opera Stable.
If true, create a shortcut for Opera on the desktop.
If true, create a shortcut for Opera on the start menu.
If true, create a shortcut for Opera on the quick launch menu.
If true, pin Opera to the taskbar.
If true, Opera is launched once the installation is completed.
Opera installer starting
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\installer_main.cc
Opera Installer %s %s
Default value: %s
--%s : %s [Enabled by default: %s]
SOFTWARE\Opera Software
ERROR_REPORT
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
disabled-by-default-toplevel.flow
MsgLoop:
user.js
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\base\threading\thread.cc
Worker%d
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\base\threading\sequenced_worker_pool.cc
SequencedWorkerPool.ShutdownDelayTime
SequencedWorkerPool.TaskCount
SequencedWorkerPool.UnrunnableTaskCount
Chrome.MessageLoopProblem
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\base\debug\trace_event_impl.cc
[0;3%dm
Histogram.InconsistentCountHigh
Histogram.InconsistentCountLow
Histogram: %s recorded %d samples
(flags = 0x%x)
@WorkerThread-%d
PlatformFile.UnknownErrors.Windows
0123456789
kernel32.dll
(%d = %3.1f%%)
.thunks
.syzygy
\uX
CHROME_PROFILER_TIME
Unsupported encoding. JSON must be UTF-8.
Dictionary keys must be quoted.
Line: %i, column: %i, %s
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\base\prefs\json_pref_store.cc
`anonymous-namespace'::FileThreadDeserializer::ReadFileAndReport
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\common\features\feature_checker.cc
first-run-import
webui-debug-mode
Enables keyboard navigation between various focusable panes (toolbar, tab bar, web content) by means of the shortcuts F6, Shift F6, and F10.
Enables a warning before insecure content is loaded over HTTPS.
Changes mode of operation of lazy session loading so that all tabs are gradually loaded in the background.
Enable or disable additional actions for navigational toolbar buttons when used with key modifiers.
Promote certain extensions by providing a one-click installation in a sliding toolbar.
Enables import from the default browser on the first run.
Enables support for HiDPI thumbnails in StartPage and Stash. Works only on HiDPI capable devices.
Uses second generation of Turbo server for better Opera Turbo mode.
Enables WebUI debug mode for internal developers.
Enables showing detailed error information on addons portal if one is available.
Delay the onload event for a webpage until its tab is activated.
Uses the windows task Scheduler for running autoupdate.
Opera
23.0.1522.75
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\service\status.cc
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\service\transactions\change_reg_value_operation.cc
Key does not exist,
We don't have enough permissions on the key.
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\service\transactions\copy_file_operation.cc
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\service\transactions\create_folder_operation.cc
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\service\transactions\delete_file_operation.cc
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\service\transactions\delete_reg_key_operation.cc
Insufficient permissions on the key
Unable to obtain sufficient permissions on key
Failed to open key
Failed to obtain key info for
Failed to read a subkey
Attempting to delete registry key
Key does not exist. Nothing to do.
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\service\transactions\move_file_operation.cc
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\service\utils.cc
c:\buildbot\slave\w\lar6\classic-2013-4\desktop\launcher\installer\service\transactions\create_reg_key_operation.cc
Attempting to create registry key
The key already exists. No need to do anything.
Failed creating key.
CHROME_ALLOCATOR
CHROME_ALLOCATOR_2
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\tcmalloc\chromium\src\free_list.h
TCMALLOC_LARGE_ALLOC_REPORT_THRESHOLD
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\tcmalloc\chromium\src\tcmalloc.cc
WASTE: committed/used ratio of %f
class = [ %8Iu bytes ] : %8I64u objs; %5.1f MiB; %5.1f cum MiB
PageHeap: %d sizes; %6.1f MiB free; %6.1f MiB unmapped
%6u pages * %6u spans ~ %6.1f MiB; %6.1f MiB cum; unmapped: %6.1f MiB; %6.1f MiB cum
>255 large * %6u spans ~ %6.1f MiB; %6.1f MiB cum; unmapped: %6.1f MiB; %6.1f MiB cum
generic.current_allocated_bytes
generic.heap_size
tcmalloc.slack_bytes
tcmalloc.pageheap_free_bytes
tcmalloc.pageheap_unmapped_bytes
tcmalloc.max_total_thread_cache_bytes
tcmalloc.current_total_thread_cache_bytes
tcmalloc.central
tcmalloc.transfer
tcmalloc.thread
tcmalloc.page
tcmalloc.page_unmapped
tcmalloc.large
tcmalloc.large_unmapped
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\tcmalloc\chromium\src\page_heap_allocator.h
FATAL ERROR: Insufficient memory to guard internal tcmalloc data (%d bytes, object-size %d, guard-size %d)
I64x-I64x %c%c%c%c I64x x:x %-11I64d %s
This malloc implementation does not support sampling.
As of 2005/01/26, only tcmalloc supports sampling, and
heap_v2/%d
This malloc implementation does not support ReadHeapGrowthStackTraces().
As of 2005/09/27, only tcmalloc supports this, and you
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\tcmalloc\chromium\src\common.cc
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\tcmalloc\chromium\src\central_freelist.cc
ntdll.dll
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\tcmalloc\chromium\src\stack_trace_table.cc
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\tcmalloc\chromium\src\free_list.cc
enable-crash-reporter
full-memory-crash-report
hXXp://VVV.w3.org/2003/XInclude
hXXp://VVV.w3.org/2001/XInclude
Unimplemented block at %s:%d
hXXp://VVV.w3.org/2000/xmlns/
unterminated entity reference s
hXXp://VVV.w3.org/XML/1998/namespace
hXXp://
PTF://
default%d
%.20s%d
unknown encoding %s
http-equiv
%s:%d:
Entity: line %d:
element %s:
Memory allocation failed : %s
Failed to build content model regexp for %s
Found NULL content in content model of %s
Found PCDATA in content model of %s
ContentModel broken for element %s
Cannot create automata for element %s
Content model of %s is not determinist: %s
Redefinition of element %s
Element %s has too many ID attributes defined : %s
Attribute %s of %s: invalid default value
Attribute %s of element %s: already defined
Element %s has too may ID attributes defined : %s
xmlAddNotationDecl: %s already defined
ID %s already defined
NOTATION %s is not declared
ENTITY attribute %s reference an unknown entity "%s"
ENTITY attribute %s reference an entity "%s" of wrong type
ENTITIES attribute %s reference an unknown entity "%s"
ENTITIES attribute %s reference an entity "%s" of wrong type
NOTATION attribute %s reference an unknown notation "%s"
standalone: %s on %s value had to be normalized based on external subset declaration
Syntax of default value for attribute %s of %s is not valid
ID attribute %s of %s is not valid must be #IMPLIED or #REQUIRED
Element %s has %d ID attribute defined in the internal subset : %s
Element %s has %d ID attribute defined in the external subset : %s
Element %s has ID attributes defined in the internal and external subset : %s
Default value "%s" for attribute %s of %s is not among the enumerated set
Definition of %s has duplicate references of %s
Definition of %s has duplicate references of %s:%s
Definition of %s has duplicate references to %s
Definition of %s has duplicate references to %s:%s
No declaration for attribute %s of element %s
Syntax of value for attribute %s of %s is not valid
Value for attribute %s of %s is different from default "%s"
Value "%s" for attribute %s of %s is not a declared Notation
Value "%s" for attribute %s of %s is not among the enumerated notations
Value "%s" for attribute %s of %s is not among the enumerated set
Value for attribute %s of %s must be "%s"
No declaration for attribute xmlns:%s of element %s
No declaration for attribute xmlns of element %s
Syntax of value for attribute xmlns:%s of %s is not valid
Syntax of value for attribute xmlns of %s is not valid
Value for attribute xmlns:%s of %s is different from default "%s"
Value for attribute xmlns of %s is different from default "%s"
Value "%s" for attribute xmlns:%s of %s is not a declared Notation
Value "%s" for attribute xmlns of %s is not a declared Notation
Value "%s" for attribute xmlns:%s of %s is not among the enumerated notations
Value "%s" for attribute xmlns of %s is not among the enumerated notations
Value "%s" for attribute xmlns:%s of %s is not among the enumerated set
Value "%s" for attribute xmlns of %s is not among the enumerated set
Value for attribute xmlns:%s of %s must be "%s"
Value for attribute xmlns of %s must be "%s"
Element %s content does not follow the DTD, expecting %s, got %s
Element content does not follow the DTD, expecting %s, got %s
No declaration for element %s
Element %s was declared EMPTY this one has content
Element %s was declared #PCDATA but contains non text nodes
Element %s is not declared in %s list of possible children
Element %s content does not follow the DTD, Misplaced %s
Element %s content does not follow the DTD, Text not allowed
Element %s content does not follow the DTD, Expecting more child
standalone: %s declared in the external subset contains white spaces nodes
Element %s does not carry attribute %s
Element %s does not carry attribute %s:%s
Element %s required attribute %s:%s has no prefix
Element %s required attribute %s:%s has different prefix
Element %s namespace name for default namespace does not match the DTD
Element %s namespace name for %s does not match the DTD
root and DTD name do not match '%s' and '%s'
attribute %s line %d references an unknown ID "%s"
IDREF attribute %s references an unknown ID "%s"
IDREFS attribute %s references an unknown ID "%s"
xmlValidateAttributeCallback(%s): internal error
attribute %s: could not find decl for element %s
NOTATION attribute %s declared for EMPTY element %s
xmlRegisterCharEncodingHandler: Too many handler registered, see %s
ICU converter : problems with filters for '%s'
0xX 0xX 0xX 0xX
input conversion failed due to input error, bytes %s
&#%d;
output conversion failed due to conv error, bytes %s
Operation timed out
Attempt to load network entity %s
Operation canceled
Operation in progress
Not supported
Inappropriate I/O control operation
Operation not permitted
Broken pipe
creating HTTP output context
xmlIOHTTPWrite: %s
%s '%s'.
xmlIOHTTPCloseWrite: %s '%s' %s '%s'.
failed. HTTP return code:
xmlIOHTTPCloseWrite: HTTP '%s' of %d %s
'%s' %s %d
failed to load HTTP resource "%s"
failed to load HTTP resource
Unknown encoding %s
failed to load external entity "%s"
'()* ,-./0123456789:;
Attribute %s redefined
Attribute %s:%s redefined
conditional section INCLUDE or IGNORE keyword expected
Pbm popping %d NS
Excessive depth in document: %d use XML_PARSE_HUGE option
Popping input %d
%s(%d):
Pushing input %d : %.30s
xmlParseCharRef: invalid xmlChar value %d
xmlParseStringCharRef: invalid xmlChar value %d
new blanks wrapper for entity: %s
PEReference: %s
PEReference: %%%s; not found
PEReference: %s is not a parameter entity
Name %s is not XML Namespace compliant
EntityValue: '%c' forbidden except for entities references
PCDATA invalid Char value %d
xmlParseComment: invalid xmlChar value %d
colon are forbidden from PI names '%s'
Catalog PI syntax error: %s
ParsePI: PI %s space expected
ParsePI: PI %s never end ...
colon are forbidden from notation names '%s'
colon are forbidden from entities names '%s'
Invalid URI: %s
xmlParseEntityDecl: entity %s not terminated
standalone: attribute notation value token %s duplicated
standalone: attribute enumeration value token %s duplicated
xmlParseElementChildrenContentDecl : depth %d too deep, use XML_PARSE_HUGE
xmlParseElementChildrenContentDecl : '%c' expected
xmlParseElementContentDecl : %s '(' expected
Entity '%s' failed to parse
Entity '%s' not defined
Entity reference to unparsed entity %s
Attribute references external entity '%s'
'<' in entity '%s' is not allowed in attributes values
Attempt to reference the parameter entity '%s'
Internal: %%%s; is not a parameter entity
Reading %s entity content input
xmlLoadEntityContent: invalid char value %d
%%%s; is not a parameter entity
Specification mandate value for attribute %s
Malformed value for xml:lang : %s
Invalid value "%s" for xml:space : "default" or "preserve" expected
Opening and ending tag mismatch: %s line %d and %s
Failed to parse QName '%s'
Failed to parse QName '%s:'
Failed to parse QName '%s:%s:'
xmlns: '%s' is not a valid URI
xmlns: URI %s is not absolute
xmlns:%s: Empty XML namespace is not allowed
xmlns:%s: '%s' is not a valid URI
xmlns:%s: URI %s is not absolute
standalone: attribute %s on %s defaulted from external subset
Namespace prefix %s for %s on %s is not defined
Namespaced Attribute %s in '%s' redefined
Namespace prefix %s on %s is not defined
Couldn't find end of Start Tag %s line %d
Premature end of data in tag %s line %d
Unsupported encoding %s
Unsupported version '%s'
Couldn't find end of Start Tag %s
Bytes: 0xX 0xX 0xX 0xX
Char 0x%X out of allowed range
Internal error, xmlCopyCharMultiByte 0x%X out of bound
encoding not supported %s
new input from entity: %s
Cannot parse entity %s
Internal entity %s without content !
Internal parameter entity %s without content !
Predefined entity %s without content !
new input from file: %s
%s: out of memory
Entity(%s) document marked standalone but requires external subset
Failure to process entity %s
Entity(%s) already defined in the internal subset
Entity(%s) already defined in the external subset
SAX.xmlSAX2EntityDecl(%s) called while not in subset
SAX.xmlSAX2AttributeDecl(%s) called while not in subset
SAX.xmlSAX2ElementDecl(%s) called while not in subset
SAX.xmlSAX2NotationDecl(%s) externalID or PublicID missing
SAX.xmlSAX2NotationDecl(%s) called while not in subset
SAX.xmlSAX2UnparsedEntityDecl(%s) called while not in subset
invalid namespace declaration '%s'
Avoid attribute ending with ':' like '%s'
xmlns: %s not a valid URI
Empty namespace name for prefix %s
xmlns:%s: %s not a valid URI
Namespace prefix %s of attribute %s is not defined
Attribute %s in %s redefined
xml:id : attribute value %s is not an NCName
Namespace prefix %s is not defined
Namespace prefix %s was not found
hXXp://relaxng.org/ns/structure/1.0
failed to validate type %s
Type %s doesn't allow value '%s'
ID %s redefined
failed to compare type %s
Internal error: %s
Extra data in list: %s
Extra element %s in interleave
Expecting element %s, got %s
Expecting a namespace for element %s
Element %s has wrong namespace: expecting %s
Did not expect element %s there
Did not expect text in element %s content
Expecting no namespace for element %s
Expecting element %s to be empty
Expecting an element %s, got nothing
Element %s failed to validate attributes
Element %s failed to validate content
Element %s has extra content: %s
Invalid attribute %s for element %s
Datatype element %s contains no data
Datatype element %s has child elements
Value element %s has child elements
List element %s has child elements
Error validating datatype %s
Error validating value %s
Unknown error code %d
hXXp://VVV.w3.org/2001/XMLSchema
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\libxml\src\relaxng.c
callback on %s missing context
callback on %s missing define
callback on %s define is not element
hXXp://VVV.w3.org/2001/XMLSchema-instance
key identity-constraint
keyref identity-constraint
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\libxml\src\xmlschemas.c
Internal error: xmlSchemaComponentListFree, unexpected component type '%s'
:@&= $,/?;
;/?:@&= ,$
:/?_.#&;=
detected a recursion in %s
adding URL
invalid value %s for 'parse'
failed build URL
invalid value URI %s
Invalid fragment identifier in URI %s use the xpointer attribute
detected a local recursion with no xpointer in %s
mismatch in redefinition of entity %s
XPointer evaluation failed: #%s
XPointer is not a range: #%s
XPointer selects an attribute: #%s
XPointer selects a namespace: #%s
XPointer selects unexpected nodes: #%s
trying to build relative URI from %s
trying to rebuild base from %s
fragment identifier forbidden for text: %s
encoding %s not supported
%s contains invalid char
could not load %s, and no fallback was found
%s has an 'include' child
%s has multiple fallback children
%s is not the child of an 'include'
&#x%X;
onkeypress
onkeydown
onkeyup
accesskey
pluginurl
zero width non-joiner, U 200C NEW RFC 2070
zero width joiner, U 200D NEW RFC 2070
asterisk operator, U 2217 ISOtech
proportional to, U 221D ISOtech
tilde operator = varies with = similar to, U 223C ISOtech
dot operator, U 22C5 ISOamsb
&!&!*! !.!.!
0failed to compile: %s
creating execution context
http_proxy
HTTP_PROXY
HTTP/
error connecting to HTTP server
Not a valid HTTP URI
%s hXXp://%s:%d%s
%s hXXp://%s%s
%s %s
HTTP/1.0
Host: %s
Host: %s:%d
Content-Type: %s
Content-Length: %d
ftp_proxy
FTP_PROXY
ftp_proxy_user
ftp_proxy_password
allocating FTP context
USER %s
PASS anonymous@
PASS %s
SITE %s
USER anonymous@%s
USER %s@%s
FTP server asking for ACCNT on anonymous
%u,%u,%u,%u,%u,%u
PORT %d,%d,%d,%d,%d,%d
RETR %s
Free catalog entry %s
%s entry lacks '%s'
Found %s: '%s' '%s'
Found %s: '%s'
%s entry '%s' broken ?: %s
Invalid value for prefer: '%s'
Failed to parse catalog %s
%d Parsing catalog %s
File %s is not an XML Catalog
Found %s in file hash
%s not found in file hash
%s added to file hash
Detected recursion in catalog %s
Found system match %s, using %s
Using rewriting rule %s
Trying system delegate %s
Found public match %s
Trying public delegate %s
Found URI match %s
Trying URI delegate %s
Public URN ID %s expanded to NULL
Public URN ID expanded to %s
System URN ID %s expanded to NULL
System URN ID expanded to %s
URN ID %s expanded to NULL
URN ID expanded to %s
Resolve: pubID %s sysID %s
Resolve: pubID %s
Resolve: sysID %s
Resolve URI %s
libxml2.dll
Adding document catalog %s
Local Resolve: pubID %s sysID %s
Local Resolve: pubID %s
Local Resolve: sysID %s
Missing closing curly brace
Invalid operand
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\libxml\src\xpath.c
%*.*e
xmlXPathObjectCopy: unsupported type %d
Internal error at %s:%d
xmlXPathCompOpEval: variable %s bound to undefined prefix %s
xmlXPathCompOpEval: function %s bound to undefined prefix %s
xmlXPathCompOpEval: function %s not found
XPath: unknown precompiled operation %d
hXXp://VVV.w3.org/2002/08/xquery-functions
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\third_party\libxml\src\xpointer.c
unsupported scheme '%s'
MathematicalOperators
SupplementalMathematicalOperators
01050;0;0
( ) / / _ _
0!0)080:0
0 0 06070>0?0
# #!#|#|#
#"#(# #{#}#
!$*);^-/
#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!"%$%&%(%*% %-%/%1%3%5%7%9%;$=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s% !,!
windows-1255
windows-1256
windows-1251
windows-1254
windows-874
windows-932
windows-949
windows-950
windows-936
?456789:;<=
!"#$%&'()* ,-./0123
windows-%d
SOFTWARE\Microsoft\Windows\CurrentVersion\Time Zones
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\GMT
SOFTWARE\Microsoft\Windows\CurrentVersion\Time Zones\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\
Returns %d.
Returns. Status = %d.
Returns %d. Status = %d.
Returns %d. Status = %p.
ucol_getSortKey
ucol_nextSortKeyPart
keyTypeData
keyMap
Keys
SHELL32.dll
cmd.exe
%S#[k
?#%X.y
GetProcessWindowStation
operator
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
ImportantFile.TempFileFailures
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\base\files\important_file_writer.cc
Check failed: task_runner_.get().
base::ImportantFileWriter::ScheduleWrite
base::ImportantFileWriter::PostWriteTask
c:\buildbot\slave\w\lar6\classic-2013-4\chromium\src\base\memory\weak_ptr.h
c:\buildbot\slave\w\LAR6\classic-2013-4\chromium\src\out\Release\installer.exe.pdb
ShellExecuteW
ShellExecuteExW
SHFileOperationW
COMCTL32.dll
GdiplusShutdown
gdiplus.dll
Secur32.dll
MSIMG32.dll
WS2_32.dll
WINMM.dll
SHDeleteKeyW
SHLWAPI.dll
CreateIoCompletionPort
GetWindowsDirectoryW
GetProcessHeap
KERNEL32.dll
GDI32.dll
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegGetKeySecurity
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
SetWindowsHookExW
UnhookWindowsHookEx
CallMsgFilterW
MsgWaitForMultipleObjectsEx
USER32.dll
USERENV.dll
GetCPInfo
PeekNamedPipe
zcÁ
~-NxS}
.SX:l
!%%%%f
22222222222222222222
CC%%C%ÌCCC%Ì%Ì%C%
4444444444
;;;;!(^(^?
o->kaMi.fIYF
xxxxxQSSSSSSSSSSSSSSSSSSSSSSSSSSeSSSSSSSSSSSSSS%xxxxxw
wxxxxxwebbbb
!.ohh6nnh
\\\8NNN.NNNNNNNNNNNNNNNNNNNNNNN8\\\Q;
.....NN
.....NNN
.....NNNN
.....NN7
%C........
#Qg.Ktz
j".vO|
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><description>Opera Internet Browser Installer</description><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS></application></compatibility></assembly>
3(4,4044484<4@4
3 3$3(3,303
5$5(5,50545
2%2*2/2=2
0%1X1
676'7@7}7
9 9$9(9~9
3 4$4(4,404
= =$=(=,=
9!:4:@:}:
7 7$7(7,7
6!8 9$9(9,9094989
4#4-4"6/6
1!2<3~3
,8084888<8
; ;$;(;,;0;
0 0$0(0,0004080<0@0
4 4(40484@4
2 2$2(202<2
9 9$9(9,909|;
= =$=(=,=0=4=8=<=@=
? ?@?`?|?
3,303`3|3
Software\Clients\StartMenuInternet\Opera{Product}\Capabilities\UrlAssociations
https
Opera{ProductLong}
hXXp://VVV.opera.com/support
Opera Software ASA
"{InstallFolder}\Launcher.exe" /uninstall
URLInfoAbout
hXXp://VVV.opera.com
URLUpdateInfo
hXXp://VVV.opera.com/download
Software\Opera Software
Software\Classes\Opera{Product}
Opera Web Document
URL Protocol
Software\Classes\Opera{Product}\DefaultIcon
{InstallFolder}\Launcher.exe,0
Software\Classes\Opera{Product}\shell\open\command
"{InstallFolder}\Launcher.exe" -noautoupdate -- "%1"
Software\Classes\Opera{Product}\shell\open\ddeexec
Software\Classes\Opera{Product}\shell\open\ddeexec\Application
Software\Classes\Opera{Product}\shell\open\ddeexec\Topic
Software\Classes\.oex
Opera{Product}.Extension
Software\Classes\.oex\OpenWithProgIDs
Opera{Product}
Software\Classes\.htm\OpenWithProgIDs
Software\Classes\.html\OpenWithProgIDs
Software\Classes\.shtml\OpenWithProgIDs
Software\Classes\.xht\OpenWithProgIDs
Software\Classes\.xhtml\OpenWithProgIDs
Software\Classes\Applications\Opera.exe\shell\open\command
"{InstallFolder}\Launcher.exe" "%1"
Software\Microsoft\Windows\CurrentVersion\App Paths\Opera.exe
"{InstallFolder}\Launcher.exe"
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
{InstallFolder}\Launcher.exe
Opera{SPProduct}
Software\Clients\StartMenuInternet\Opera{Product}\Capabilities
Software\Clients\StartMenuInternet\Opera{Product}
Software\Clients\StartMenuInternet\Opera{Product}\DefaultIcon
Software\Clients\StartMenuInternet\Opera{Product}\InstallInfo
"{InstallFolder}\Launcher.exe" --showicons
"{InstallFolder}\Launcher.exe" --hideicons
"{InstallFolder}\Launcher.exe" --makedefaultbrowser
Software\Clients\StartMenuInternet\Opera{Product}\shell\open\command
"{InstallFolder}\Launcher.exe",0
Software\Clients\StartMenuInternet\Opera{Product}\Capabilities\FileAssociations
.html
.shtml
.xhtml
Software\Clients\StartMenuInternet\Opera{Product}\Capabilities\Startmenu
Global\Opera/Installer/
r.old
ySoftware\Microsoft\Windows\CurrentVersion\Uninstall\Opera
*.xml.*
SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo
OperaInstallerCompletedSuccessfully-
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
OperaGiveInstallPermission-
OperaGiveInstallPermission-undo-
Opera Installer
license.txt
opera_installer_dddddd.log
Ndebug.log
.\debug.log
debug_message.exe
Chrome_MessagePumpWindow_%p
Software\Microsoft\Windows\CurrentVersion\Run
Software\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
opera.exe
opera_autoupdate.exe
Opera Product
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\{Extension}\UserChoice
"{InstallFolder}\launcher.exe" -noautoupdate -- "%1"
Software\Classes\{Protocol}\shell\open\ddeexec
Software\Classes\{Protocol}\shell\open\ddeexec\Application
Software\Classes\{Protocol}\shell\open\ddeexec\Topic
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\{Protocol}\UserChoice
Software\Microsoft\Windows\
Shell\Associations\UrlAssociations\
shell32.dll
.*.lnk
OperaSoftware.OperaWebBrowser.
Opera
installer.exe
installer_prefs.json
launcher.exe
Opera Software
operaprefs_default.ini
opera_install_log.xml
k.bat
installation_status.xml
d-d-dTd:d:d
!#%*,/:;?@[]__{{}}
!#%'**,,./:;?@\\
$$  <>^^``||~~
  <>||~~
00000000
333333333333333333
333333333336
%%CollationBin
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
2.cmd
USER32.DLL
portuguese-brazilian
Opera scheduled
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\installer.exe
NeeODeur te klik op "$1" stem jy in tot Opera se <a href="tos">Diensvoorwaardes</a>
Verstek#Gebruik Opera as my verstek blaaier2Maak Yandex die verstek soekenjin in alle blaaiers
Alleenstaande installasie (USB)5Jou bestaande Opera-installasie sal opgegradeer word.aJy gaan Opera binnekort van jou stelsel af verwyder. Is jy seker jy wil die installasie verwyder?
Skrap my Opera gebruikerdata
Verwyder installasieUOpera is nog nie klaar ge
Installeer Opera met kortpaaie en registerinstellings vir alle gebruikers op die stelsel. Vereis stelseladministrateur-voorregte.
Hou Opera op datum.@'n Fout het opgeduik toe daar probeer is om Opera te installeer!B'n Fout het opgeduik toe daar probeer is om Opera te de
'n Ander instans van die Opera-installeerder werk reeds aan hierdie l
ergids installeer.ADie installasie kan nie in die gekose ligging uitgevoer word nie.(Die l
ergids $1 kon nie geskep word nie.?Onvoldoende voorregte vir installasie na die verlangde ligging.8Het misluk om administrateur-vlak uitvoertoegang te kry.%Fout tydens kopi
er na $1.`Kon nie Opera.exe de
nstalleer nie. Maak asseblief seker dat Opera nie loop nie en probeer weer.
NoRBy clicking on "$1" you are agreeing to Opera's <a href="tos">Terms of Service</a>
Use Opera as my default browser5Make Yandex the default search engine in all browsers
Stand-alone installation (USB)2Your existing Opera installation will be upgraded.VYou are about to uninstall Opera from your system. Are you sure you want to uninstall?
Delete my Opera user data
UninstallQOpera is not finished installing. Are you sure you want to quit the installation?
Installs Opera with shortcuts and registry settings for all the users on the system. Requires system administrator privileges.
Keeps Opera up to date.4An error occurred while attempting to install Opera!6An error occurred while attempting to uninstall Opera!
Another instance of the Opera installer is already working on this folder. You can either cancel the installation, try again in a few minutes, or install in a different folder.>The installation cannot be performed in the selected location.#The folder $1 could not be created.?Insufficient privileges for installing to the desired location.:Failed to obtain administrator-level execution privileges.
Error when copying file to $1.TUnable to uninstall Opera.exe. Please make sure Opera is not running, and try again.
k "$1" Opera <a href="tos">Xidm
m kimi Opera-dan istifad
vcud Opera qura
k.bSiz sisteminizd
n Opera qura
nim Opera istifad
v edinMOpera qura
Opera qura
rbaycanca'Operan
r.2Opera-n
verdi!@Opera-n
qa Opera qura
hv oldu $1.MOpera.exe l
v olunmur. Opera-n
</a> Opera
Opera
Opera
HOpera
Opera.*
i Opera
Opera.exe.
Opera.P
Opera.2
Opera!4
Opera!
Opera.
Opera'
8Opera
NOpera-
Opera-
)Opera
!,Opera
_Opera.exe
Predeterminats1Utilitza Opera com el meu navegador predeterminatJFes que Yandex sigui el motor de cerca predeterminat a tots els navegadors
d'Opera existent s'actualitzar
lar Opera del vostre sistema. Confirmeu que el voleu desinstal
lar?(Elimina les meves dades d'usuari d'Opera
laVOpera no ha finalitzat la instal
la Opera amb dreceres i par
Opera actualitzat.3S'ha produ
lar Opera.6S'ha produ
lar Opera.
lador d'Opera est
en una altra carpeta.ALa instal
seleccionada."La carpeta $1 no s'ha pogut crear.FPrivilegis insuficients per a la instal
desitjada.JNo s'han pogut obtenir els privilegis d'execuci
4Hi ha hagut un error mentre es copiava l'arxiu a $1.bNo es pot desinstal
lar Opera.exe. Assegura't que Opera no s'est
na.PChyst
i pokusu o instalaci aplikace Opera se vyskytla chyba!:P
i pokusu o odinstalaci aplikace Opera se vyskytla chyba!
toru aplikace Opera. Instalaci m
souboru do $1.bNelze odinstalovat soubor Opera.exe. Ov
-li Opera spu
"$1" accepterer du Operas <a href="tos">brugsbetingelser</a>
Brug Opera som standardbrowser3G
ngig installation (USB)9Din eksisterende Opera-installation vil blive opgraderet.XDu er ved at afinstallere Opera fra dit system. Er du sikker p
Slet mine Opera-brugerdata
AfinstallerYOpera er ikke f
Installer Opera med genveje og indstillinger i registreringsdatabasen for alle brugere p
Holder Opera opdateret.1Der opstod en fejl under installeringen af Opera!;Der opstod en fejl under fors
at afinstallere Opera!
En anden forekomst af installationsprogrammet til Opera arbejder allerede p
Mappen $1 kunne ikke oprettes.ADu har ikke tilstr
administratorniveau.$Fej under kopiering af filen til $1.QKan ikke afinstallere Opera.exe. Kontroller, at Opera ikke k
NeinSMit dem Klick auf "$1" akzeptieren Sie Operas <a href="tos">Nutzungsbedingungen</a>
Voreinstellungen#Opera als Standardbrowser verwenden8Yandex in allen Browsern zur Standardsuchmaschine machen
ndige Installation (USB)5Ihre bestehende Opera-Installation wird aktualisiert.nSie sind dabei, Opera auf Ihrem System zu deinstallieren. M
hren?!Meine Opera-Benutzerdaten l
DeinstallierenfDie Opera-Installation ist noch nicht komplett. M
Opera wird mit Verkn
lt Opera auf dem neuesten Stand.:Bei der Installation von Opera ist ein Fehler aufgetreten!<Bei der Deinstallation von Opera ist ein Fehler aufgetreten!
Eine andere Instanz des Opera Installers arbeitet bereits mit diesem Ordner. Sie k
nnen die Installation abbrechen, es in ein paar Minuten erneut versuchen oder die Installation in einem anderen Ordner vornehmen.HDie Installation kann nicht an dem ausgew
hrt werden. Der Ordner $1 konnte nicht erstellt werden.AUnzureichende Rechte f
nschten Ort.UDie f
Die Opera.exe kann nicht installieren werden. Bitte stellen Sie sicher, dass Opera nicht ausgef
Opera!B
rminos de servicio</a> de Opera
Opciones predeterminadas&Usar Opera como mi navegador preferidoQHacer que Yandex sea el motor de b
n existente de Opera ser
actualizada.REst
s a punto de desinstalar Opera de tu sistema.
Realmente deseas desinstalarlo?&Eliminar mis datos de usuario de Opera
DesinstalarPOpera no ha terminado su instalaci
Instala Opera con accesos directos y opciones de registro para todos los usuarios en el sistema. Requiere privilegios de administrador del sistema.
Mantiene Opera actualizado.=
Ha ocurrido un error inesperado al tratar de instalar Opera!@
Ha ocurrido un error inesperado al tratar de desinstalar Opera!
Hay otra instancia del instalador de Opera trabajando en esta carpeta. Puedes cancelar la instalaci
n, intentarlo de nuevo en unos pocos minutos, o instalar en una carpeta diferente.ALa instalaci
La carpeta $1 no se pudo crear.ENo hay privilegios suficientes para instalar en la ubicaci
n deseada.DFalla al obtener privilegios de ejecuci
Error al copiar el archivo a $1.nNo se pudo desinstalar Opera.exe. Por favor, aseg
rate de que Opera no est
Predeterminados Usar Opera como mi navegador predeterminadoBFijar Yandex como buscador predeterminado en todos los navegadores
noma (USB).Se actualizar
n actual de Opera.WEst
s seguro de que quieres hacerlo?$Borrar mis datos de usuario en Opera
n de Opera no ha terminado.
Instala Opera con accesos directos y valores de registro para todos los usuarios del sistema. Se necesitan privilegios de administrador del sistema.
Mantiene Opera actualizado.0Ha sucedido un error al intentar instalar Opera.3Ha sucedido un error al intentar desinstalar Opera.
Ya activa hay otra instancia del instalador de Opera en esta carpeta. Puedes cancelar la instalaci
n, probar de nuevo en unos minutos o instalar en una carpeta distinta.)No se puede instalar en el lugar elegido.$No se ha podido crear la carpeta $1.ANo hay privilegios suficientes para instalar en el lugar deseado.HNo se han podido obtener privilegios de ejecuci
Error al copiar el fichero a $1._No se puede desinstalar Opera.exe. Aseg
si Operan <a href="tos">k
Operaa oletusselaimena4M
Erillinen asennus (USB)'Nykyinen Opera-asennuksesi p
n.SOlet poistamassa Operaa j
si. Haluatko varmasti poistaa sen asennuksen? Poista omat Opera-k
Poista asennusDOperan asennus ei ole valmis. Haluatko varmasti lopettaa asennuksen?
Asentaa Operan pikakuvakkeineen ja rekisteriasetuksineen kaikille j
Operan ajan tasalla.:J
asentaa Operaa!DJ
poistaa Operan asennusta!
Toinen Opera-asentaja ty
haluttuun paikkaan asentamiseen.BJ
 Virhe kopioitaessa tiedostoa sijaintiin $1.`Opera.exe-ohjelman asennus ei onnistu. Varmista, ett
Opera ei ole k
Non]En cliquant "$1" vous acceptez les termes de l' <a href="tos">Entente de service</a> d'Opera.
faut*Utiliser Opera comme navigateur par d
Installation autonome (USB).Votre installation d'Opera sera mise
niveau.eVous
sinstaller Opera de votre syst
es d'usager Opera
sinstallerSL'installation d'Opera n'est pas termin
Installe Opera avec les raccourcis et r
Garde Opera
jour.9Une erreur s'est produite lors de l'installation d'Opera!=Une erreur s'est produite lors de la d
sinstallation d'Opera!
Une autre instance de l'installateur Opera est d
Erreur de copie dans $1.lImpossible de d
sinstaller Opera.exe. Veuillez vous assurer qu'Opera ne fonctionne pas et essayez
pendante (USB)5Votre installation actuelle d'Opera sera mise
jour.fVous
es utilisateur Opera
sinstallerXOpera n'est pas compl
Installe Opera avec des raccourcis et des r
ais$Mettre Opera
jour automatiquement.:Une erreur s'est produite pendant l'installation d'Opera
sinstallation d'Opera
Une autre instance de l'installateur d'Opera utilise d
essayer dans quelques instants ou installer Opera dans un autre dossier.<L'installation ne peut se faire
.EPrivil
 Erreur lors de la copie du fichier vers $1.aImpossible de d
sinstaller Opera.exe. Assurez-vous qu'Opera n'est pas lanc
Nee^Troch te klikken op "$1" geane jo akkoard mei Opera's <a href="tos">Betingsten fan tsjinst</a>
k Opera as myn standert bl
ker"Allinne steande ynstallaasje (USB)6Jo besteande Opera ynstallaasje sil opwurdearre wurde.MJo steane op it punt om Opera te skrassen fan jo systeem. Wolle jo it skasse?!Myn Opera br
SkrasseQOpera is net ree mei de ynstallaasje. Binne jo wis om
Ynstallearret Opera mei fluchtoetsen en register ynstellings foar alle br
Ynstallearret Opera mei fluchtoetsen en register ynstellings foar allinne de aktive br
nder oanpassing yn register of it oanmeitsjen fan fluchtoetsen.
ld Opera by de tiid.1In flater barde
nder it ynstallearjen fan Opera!,In flater barde
nder it skrassen fan Opera!
In oar eksimplaar fan de Opera ynstallearder wurket al oan dizze map.
fbrekke, of yn in pear minuten op 'e nij besykje, of yn in oare map ynstallearje.ADe ynstallaasje kin net
)Flater by it kopiearjen fan triem nei $1.\Net mooglik om Opera.exe te skrassen. W
s der wis fan dat Opera net rint en besykje nochris.
Atharraich%Chan eil slighe an st
Bun-roghainnean.Cleachd Opera mar am brabhsair bunaiteach agamECleachd Yandex mar an t-einnsean-luirg bunaiteach anns gach brabhsair
ithreach agad de dh'Opera
rachadh.tTha thu an impis Opera a dh
ir agam air Opera
laichdChan eil Opera deiseil leis an st
laichidh seo Opera le ath-ghoiridean is roghainnean cl
idhlig&Cumaidh seo Opera cho
r 's a ghabhas.DThachair mearachd fhad 's a bhathar a' feuchainn ri Opera a st
ladh!HThachair mearachd fhad 's a bhathar a' feuchainn ri Opera a dh
laichear Opera ag obair sa phasgan seo mu thr
ite a thagh thu.OCha d' fhuaradh pribhleid airson rudan a chur an gn
)Mearachd a' cur lethbhreac an fhaidhle$1.aCha ghabh Opera.exe a dh
an cinnteach nach eil Opera a' ruith is feuch ris a-rithist.
9Opera
LOpera
.4Opera
!9Opera
.mOpera.exe
tenja </a> preglednika Opera
Zadane postavke2Koristi preglednik Opera kao zadani web-preglednik8Postavi Yandex kao zadanu tra
a instalacija preglednika Opera.cZapo
eli ste deinstalaciju preglednika Opera sa svog sustava.
ke podatke u pregledniku Opera
DeinstalirajVOpera jo
instalira preglednik Opera s pre
i preglednik Opera a
uriranim.DDo
aja instalacije preglednika Opera!FDo
aja deinstalacije preglednika Opera!
ica softvera za instalaciju preglednika Opera ve
eljenu lokaciju.JPribavljanje ovlasti za izvr
ka prilikom kopiranja datoteke u $1.eNije mogu
e deinstalirati datoteku Opera.exe. Provjerite nije li Opera pokrenuta i poku
NemVA "$1" gombra kattintva elfogadja az Opera <a href="tos">felhaszn
kek Az Opera legyen az alap
s (USB)(A jelenlegi Opera-telep
k.CA var
lyes Opera-adatok t
sDAz Opera telep
Az Opera b
Az Opera naprak
nt az Opera telep
nt az Opera elt
sik Opera Telep
sakor: $1.nNem siker
tani az Opera.exe f
la, hogy az Opera nem fut,
TidakZDengan mengeklik "$1" artinya Anda setuju dengan <a href="tos">Ketentuan Layanan</a> Opera
Utama#Jadikan Opera sebagai browser utama;Jadikan Yandex sebagai mesin pencari utama di semua browser
Instalasi ke USB7Instalasi Opera yang telah Anda miliki akan diperbarui.9Anda akan menghapus Opera dari sistem, apakah Anda yakin?
Hapus data Opera saya
HapusNOpera belum selesai menginstal. Apakah Anda yakin ingin keluar dari instalasi?
Semua pengguna di komputer: Instal Opera dengan shortcut dan seting regisrty untuk semua pengguna di komputer. Membutuhkan hak akses administrator.
Pengguna sekarang: Instal Opera dengan shortcut dan seting registry hanya untuk pengguna saat ini. Tidak membutuhkan hak akses administrator.
Selalu perbarui Opera.4Ada masalah yang terjadi saat akan menginstal Opera.=Ada masalah yang terjadi saat akan menghapus instalasi Opera.
Sudah ada Opera yang terinstal di folder ini dan sedang dijalankan. Anda bisa membatalkan instalasi, mencoba beberapa menit lagi, atau menginstal di folder yang berbeda.8Instalasi tidak bisa dilakukan pada lokasi yang dipilih.
Folder $1 tidak dapat dibuat.FHak akses tidak mencukupi saat akan menginstal di lokasi yang dipilih.EGagal mendapatkan hak akses administrasi untuk menjalankan instalasi.­a masalah saat menyalin file ke $1.fGagal menghapus instalasi Opera.exe. Pastikan bahwa Opera sedang tidak berjalan dan lalu coba kembali.
NoYCliccando su "$1" confermi di accettare i <a href="tos">Termini del Servizio</a> di Opera
Installazione stand-alone (USB)5L'installazione precedente di Opera verr
aggiornata.OOpera sta per essere disinstallato dal sistema. Si
certi di voler proseguire?!Elimina i dati personali di Opera
Disinstalla\L'installazione di Opera non
certi di volerla interrompere uscendo?
Tutti gli utenti: Installa Opera creando collegamenti e impostazioni nel registro di sistema per tutti gli utenti del computer. Richiede i privilegi amministrativi.
Mantiene Opera aggiornato.;Si
verificato un errore durante l'installazione di Opera!?Si
verificato un errore durante la disinstallazione di Opera!
Un'altra istanza del programma di installazione di Opera sta gi
stato possibile creare la cartella $1.JI privilegi per installare nella destinazione scelta non sono sufficienti.HNon
'Errore durante la copia del file in $1.pNon
stato possibile disinstallare Opera.exe. Per favore, assicurati che Opera non sia in esecuzione e riprova.
*Opera
;Opera.exe
Opera <a href="tos">
4Opera
.=Opera
?$Opera
MOpera
Opera
%Opera
.?Opera
!<Opera
$1.POpera.exe
. Opera
#Opera
.6Opera.exe
. Opera
Numatytieji&Naudoti Opera kaip numatyt
Autonominis diegimas (USB)$Esama Opera
diegtis bus atnaujinta.?Opera bus pa
alinti mano Opera vartotojo duomenis
alinti:Opera nebaigta diegti. Ar tikrai norite nutraukti diegim
diegti Opera
alinti Opera
Kitas Opera diegimo programos egzempliorius jau veikia
alinti Opera.exe.
tat lietojumprogrammas Opera <a href="tos">pakalpojuma lieto
jumi7Izmantot lietojumprogrammu Opera k
lietojumprogrammas Opera instal
ta.aJ
t lietojumprogrammu Opera sav
st manus lietojumprogrammas Opera lietot
t^Lietojumprogrammas Opera instal
lietojumprogrammu Opera ar sa
Opera atjaunin
t lietojumprogrammu Opera, rad
jau darbojas cita Opera instal
da.kNevar atinstal
t Opera.exe. P
rliecinieties, vai lietojumprogramma Opera nav palaista, un m
Portabl ure
ena.MOvim
DeinstalirajVOpera nije zavr
ati ponovo za nekoliko minuta, ili instalirati u neki drugi folder.9Instalacija nije mogla biti obavljena u zadatoj lokaciji.&The folder $1 nije mogao biti kreiran.6Nema dovoljno prava za instalaciju na zadatu lokaciju.DPoku
ka pri kopiranju fajla na $1.\Deinstalacija Opera.exe nije uspjela. Provjerite da Opera nije pokrenuta i poku
TOpera
$1.YOpera.exe
Lalai/Gunakan Opera sebagai penyemak imbas lalai saya<Jadikan Yandex enjin carian lalai dalam semua penyemak imbas
Pemasangan berdiri sendiri (USB)7Pemasangan Opera anda yang sedia ada akan dinaik taraf.WAnda akan menyahpasang Opera daripada sistem anda. Adakah anda pasti mahu menyahpasang?!Padamkan data pengguna Opera saya
NyahpasangPOpera belum selesai dipasang. Adakah anda pasti mahu keluar daripada pemasangan?
Memasang Opera dengan pintasan dan tetapan daftaran untuk semua pengguna pada sistem. Memerlukan keistimewaan pentadbir.
Bahasa Melayu"Memastikan Opera sentiasa terkini.)Ralat berlaku ketika cuba memasang Opera!-Ralat berlaku ketika cuba menyahpasang Opera!
Satu lagi tika pemasang Opera sedang menggunakan Folder ini. Anda boleh sama ada membatalkan pemasangan, mencuba lagi dalam beberapa minit atau memasang dalam folder lain;Pemasangan tidak boleh dilaksanakan di lokasi yang dipilih.
!Ralat semasa menyalin fail ke $1.XTidak dapat menyahpasang Opera.exe. Sila pastikan Opera tidak dijalankan, dan cuba lagi.
"$1" godtar du Operas <a href="tos">brukervilk
Standardvalg!Bruk Opera som standard nettleser4Gj
ende installasjon (USB)7Din eksisterende Opera-installasjon vil bli oppgradert.`Du er i ferd med
avinstallere Opera fra systemet ditt. Er du sikker p
Slett mine brukerdata i Opera
AvinstallerROpera er ikke ferdig installert. Er du sikker p
Installerer Opera med snarveier og registeroppf
Holder Opera oppdatert9Det oppstod en feil under fors
installere Opera!;Det oppstod en feil under fors
avinstallere Opera!
En annen forekomst av Operas installeringsprogram arbeider allerede med denne mappen. Du kan enten avbryte installeringen, pr
Feil under filkopiering til $1.bKunne ikke avinstallere Opera.exe. Vennligst forviss deg om at Opera ikke kj
NeeODoor te klikken op "$1" ga je akkoord met Opera's <a href="tos">Voorwaarden</a>
Standaarden*Opera als mijn standaard browser gebruiken7Maak Yandex de standaard zoekmachine voor alle browsers
Standalone-installatie (USB)3Je huidige Opera-installatie zal worden bijgewerkt.`Je staat op het punt om Opera te verwijderen van je computer. Weet je het zeker dat je dit wilt?)Mijn Opera-gebruikersgegevens verwijderen
VerwijderenVOpera is niet klaar met installeren. Weet je zeker dat je de installatie wilt stoppen?
Installeert Opera met snelkoppelingen en registerinstellingen voor alle gebruikers. Vereist toegangsrechten op het systeem.
Houdt Opera bijgewerkt.6Er trad een fout op tijdens het installeren van Opera!6Er trad een fout op tijdens het verwijderen van Opera!
Een andere instantie van het Opera-installatieprogramma werkt al in deze map. Je kan de installatie annuleren, of over een paar minuten opnieuw proberen, of installeren in een andere map.@De installatie kan niet op de gewenste plaats worden uitgevoerd.Þ map $1 kan niet worden aangemaakt.HOnvoldoende bevoegdheden om te kunnen installeren op de gewenste plaats.8Kan geen uitvoeringsrechten op systeemniveau verkrijgen.&Fout bij kopieren van bestand naar $1.RKan Opera.exe niet verwijderen. Zorg dat Opera niet draait en probeer het opnieuw.
"$1" godtek du Opera sine <a href="tos">tenestevilk
rehandsval!Bruk Opera som standard nettlesar8Gjer Yandex til standard s
lvstendig installasjon (USB),Opera-installasjonen din vil bli oppgradert.^Du er i ferd med
avinstallera Opera fr
AvinstallerGOpera er ikkje ferdiginstallert. Vil du verkeleg avbryta installeringa?
installerer Opera med snarvegar og registerinnstillingar for alle brukarane p
Held Opera oppdatert.9Det oppstod ein uventa feil under installeringa av Opera.;Det oppstod ein uventa feil under avinstalleringa av Opera.
Another instance of the Opera Installer is already working on this Mappe. You Avbryt either Avbryt the Installer, Pr
!Feil ved kopiering av fil til $1.OKunne ikkje avinstallere Opera.exe. Sjekk at Opera ikkje k
3Opera
ROpera
<Opera
!=Opera
lOpera.exe
%Scie
Samodzielna aplikacja (USB)3Zainstalowana wersja Opery zostanie zaktualizowana.WNast
operacje w tym folderze. Mo
folderu $1.@Niedostateczne uprawnienia do instalacji w wybranej lokalizacji.GNie mo
d podczas kopiowania pliku do $1.cNie mo
pliku Opera.exe. Sprawd
, czy Opera nie jest uruchomiona i spr
o</a> do Opera
o*Utilizar o Opera como meu navegador padr
o atual do Opera ser
prestes a desinstalar o Opera do seu sistema. Tem certeza de que deseja desinstal
rio do Opera
o do Opera n
da. Tem certeza de que deseja encerr
Instala o Opera com atalhos e configura
Portugu
m o Opera atualizado..Ocorreu um erro durante a instala
o do Opera!1Ocorreu um erro durante a desinstala
o do Opera!
ncia do instalador Opera j
gios o suficiente para instalar no local desejado.AFalha ao obter privil
gios de execu
!Erro ao copiar o arquivo para $1.jN
vel desinstalar o Opera.exe. Verifique se o Opera n
sendo executado e tente novamente.
Predefinidas Usar o Opera como o meu browser predefinidoATornar o Yandex o motor de busca predefinido em todos os browsers
o actual do Opera ser
actualizada.XEst
prestes a desinstalar o Opera do seu sistema. Tem a certeza que deseja desinstalar?(Apagar os meus dados de utilizador Opera
DesinstalarYO Opera ainda n
o. Tem a certeza que deseja desistir da instala
Instala o Opera com atalhos e configura
nica pasta, localizada no disco ou num suporte externo, como uma pen USB, sem tocar nos registos ou criar atalhos.
portugu
m o Opera actualizado. Ocorreu um erro ao tentar instalar o Opera!.Ocorreu um erro ao tentar desinstalar o Opera!
ncia do Instalador do Opera j
o desejada.AFalha ao obter privil
"Erro ao copiar o ficheiro para $1.pN
vel desinstalar o Opera.exe. Por favor certifique-se que o Opera n
NudPrin ap
iile serviciului</a> Opera
Êlea pentru instalare nu este valid
Opera ca fiind navigatorul web implictIStabile
n toate navigatoarele web
toare (USB)-Instalarea Opera existent
.OSunte
i pe cale de a dezinstala Opera din sistem. Sigur vre
terge datele mele de utilizator Opera
EOpera nu s-a terminat de instalat. Sigur vre
Opera cu scurt
ine Opera actualizat.;A ap
rii de a instala Opera !>A ap
rii de a dezinstala Opera !
a programului de instalare Opera lucreaz
inerea privilegiilor de execu
n $1.ZImposibil de dezinstalat Opera.exe. Asigura
Opera nu ruleaz
Opera.-
nosti Opera
.CChyst
Opera bude neust
mu pre spustenie..Chyba pri kop
bor Opera.exe. Skontrolujte,
i Opera nie je spusten
KOpera
Opera!=
Operas <a href="tos">licensvillkor</a>
nd Opera som f
rvald webbl
nst i alla webbl
ende installation (USB)8Din befintliga Operainstallation kommer att uppgraderas.^Du
g att avinstallera Opera fr
r Opera
AvinstalleraWOpera har inte installerats f
Opera installeras med genv
en extern medieenhet, till exempel en USB-enhet, utan att registret p
ller Opera uppdaterat.,Ett fel uppstod d
Opera skulle installeras!.Ett fel uppstod d
Opera skulle avinstalleras!
r Opera arbetar redan med den h
gra minuter eller installera i en annan mapp..Installationen kan inte utf
Mappen $1 kunde inte skapas.FDu har inte tillr
nskad plats.BKunde inte f
.!Fel vid kopiering av fil till $1.TKunde inte avinstallera Opera.exe Se till att Opera inte k
LaOKwa kubofya kwenye "$1" unakubali Sheria na Masharti <a href="tos">ya Opera</a>
Machaguo- msingi/Tumia Opera kama kivinjari changu chaguo-msingiEFanya Yandex injini chgauo-msingi ya utafutaji katika vivinjari vyote
Usakinishaji wa kipekee (USB)5Usakinishaji wako uliopo wa Opera utapandishwa gredi.RUko karibu kusakinusha Opera kutoka kwa mfumo wako. Una uhakika unataka kusanidua?$Futa data yangu ya mtumiaji ya Opera
SakinushaKOpera haijamaliza kusakinisha. Una uhakika unataka kutoka kwa usakinishaji?
Husakinisha Opera kwa njia za mkato na mipangilio ya usajili kwa watumiaji wote kwenye mfumo. Huhitaji mapendeleo ya msimamizi wa mfumo.
Sasisha Opera.7Hitilafu imetokea wakati wa kujaribu kusakinisha Opera!7Hitilafu imetokea wakati wa kujaribu kusakinusha Opera!
Tukio jingine la kisakinishaj cha Opera tayari linafanya kazi folda hii. Unaweza kukatisha usakinishaji, ujaribu tena baada ya dakika chache, au sakinisha katika folda tofauti.8Usakinishaji hauwezi kufanywa katika eneo lililoteuliwa.
,Hitilafu wakati wa kunakili faili kwenye $1.XHaiwezi kusakinusha Opera.exe. Tafadhali, hakikisha Opera haifanyi kazi na ujaribu tena.
, Opera -
-Opera -
Opera -
YOpera
1Opera
.5Opera -
!<Opera -
Opera.exe -
-Opera
./Opera
!3Opera
.lOpera.exe
Opera!/
Opera.exe
HindikSa pamamagitan ng pag-click sa "$1" sumasang-ayon ka sa <a href="tos">Mga Tuntunin ng Serbisyo</a> ng Opera
Mga Default2Gamitin ang Opera bilang default na web browser ko>Gawing default na search engine ang Yandex sa lahat ng browser
Kasalukuyang user Stand-alone na pag-install (USB)7Ia-upgrade ang iyong kasalukuyang pag-install ng Opera.ZIa-uninstall mo na ang Opera mula sa iyong system. Sigurado ka bang nais mong i-uninstall?&Tanggalin ang aking user data sa Opera
I-uninstallXHindi pa tapos mag-install ang Opera. Sigurado ka bang nais mong itigil ang pag-install?
Ini-install ang Opera na may mga shortcut at mga setting ng rehistro para sa lahat ng user na nasa system. Kinakailangan ng mga prebilehiyo ng system administrator.
Pinapanatiling bago ang Opera.;Nagkaroon ng error habang sinusubukang i-install ang Opera!=Nagkaroon ng error habang sinusubukang i-uninstall ang Opera!
May isa pang pagkakataon ng installer ng Opera ang gumagawa na sa folder na ito. Alinman ay maaari mong kanselahin ang pag-install, subukan muli sa ilang minuto, o i-install sa magkaibang folder.5Hindi maisagawa ang pag-install sa napiling lokasyon.$Ang folder na $1 ay hindi malilikha.JWalang sapat na mga privilege para sa pag-install sa ninanais na lokasyon.@Nabigong makakuha ng administrator-level na execution privilege.
%Error kapag kinokopya ang file sa $1.lHindi nagawang i-uninstall ang Opera.exe. Mangyaring siguruhin na hindi gumagana ang Opera, at subukan muli.
zda Opera'n
lanlar Opera'y
nabilir kurulum (USB)'Mevcut Opera kurulumunuz y
kseltilecek.QOpera'y
Opera kullan
rOOpera kurulumu hen
Opera'y
ncel tutar.)Opera kurulumu s
tu!0Opera kald
Opera y
.QOpera.exe kald
yor. Opera'n
Opera.0
Opera,
.Opera-
Opera-
?Opera
#Opera-
.$Opera-
!&Opera-
$1.fOpera.exe
a Opera
ng Opera l
t Opera hi
t Opera kh
ng Opera c
tGOpera ch
t Opera c
t Opera..
t Opera!1
t Opera!
o $1.SKh
t Opera.exe. Vui l
o Opera
My Opera
5Opera
Opera.exe
ChaJNgokuchofoza "$1" uyavumelana <a href="tos">Nemigomo Yesevisi ye-Opera</a>
Okuhleliwe3Sebenzisa i-Opera njengesiphequluli sami esihleliwe@Yenza i-Yandex injini yokusesha ehleliwe kuzo zonke iziphequluli
Ukufaka okume-kodwa (USB)7Ukufaka kwakho okukhona kwe-Opera kuzokhushulwa izinga.HUsuzokhipha i-Opera kwisistimu yakho. Uneqiniso ukuuthi ufuna ukukhipha?&Susa idatha yami yomsebenzisi ye-Opera
KhiphaII-Opera ayikaqedi ukufaka. Unesiqiniseko ukuthi ufuna ukuphuma ekufakeni?
Bafaka i-Opera namasethingi ezinqamuleli nokubhalisiwe kubo bonke abasebenzisi kusistimu. Kudingeka amalungelo omqondisi wesistimu.
isiZulu%Igcina i-Opera isesikhathini samanje.2Kwenzeke iphutha ngenkathi kuzama ukufaka i-Opera!4Kwenzeke iphutha ngenkathi kuzama ukukhipha i-Opera!
Isenzakalo esinye sokufaka I-Opera Ifaka siyasebenza kakade kulesikhwama. Ungakhansela ukufaka, wazama futhi emva kwemizuzu embalwa, noma ufake kwisikhwama esihlukile..Ukufaka akukwazi ukwenzeka endaweni ekhethiwe.
Ifolda $1 ayikwazanga ukudalwa.2Amalungelo angaphelele okufaka indawo ethandekayo.;Ihluleke ukuthola ilungelo lokwenza elikwileveli-yomphathi.'Iphutha uma ikopisha ifayela kuya ku-$1]Ayikwazi ukukhipha i-Opera.exe. Sicela uqiniseke ukuthi i-Opera ayisebenzi, bese uzame futhi.
By clicking on "Accept and Upgrade" you are agreeing to Opera's <a href="tos">Terms of Service</a>
Your existing Opera installation will be upgraded.
Use Opera as my default browser
You are about to uninstall Opera from your system. Are you sure you want to uninstall?
Opera Internet Browser
Opera Software 2014






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    GoogleUpdate.exe:1756
    GoogleUpdate.exe:148
    GoogleUpdate.exe:796
    pcspeedup.exe:1492
    install.exe:3148
    PCSUService.exe:2516
    PCSUService.exe:2980
    PCSUService.exe:3384
    nsq61E2.tmp:1884
    BaofengUpdate.exe:2144
    BaofengUpdate.exe:2408
    PCSUSD.exe:3224
    XTab_v4.0.exe:1416
    ProtectService.exe:2128
    ProtectService.exe:3604
    40.0.2214.94_chrome_installer.exe:3992
    pcspeedup.tmp:2320
    VOPackage.exe:888
    cvs_webssearches.exe:2360
    setup.exe:1872
    HPNotify.exe:2968
    coregen.exe:2712
    coregen.exe:2616
    coregen.exe:3584
    coregen.exe:4048
    coregen.exe:1480
    coregen.exe:3728
    coregen.exe:3700
    coregen.exe:1664
    coregen.exe:348
    coregen.exe:2516
    cmdshell.exe:2016
    opera.exe:3464
    STab_Down_6.0.6.6.exe:688
    Skyhook.exe:2660
    regsvr32.exe:604
    regsvr32.exe:2152
    nsq61E1.tmp:1580
    Silverlight.exe:1524
    installer.exe:2828
    MsiExec.exe:3064
    PCSUSpeedTest.exe:1844
    CrashReport_v6.2.7601.963.exe:2368
    taskeng.exe:2044
    MSI91D.tmp:3216
    PCSUNotifier.exe:1280
    

    2. 

  2. Delete the original Malware file.
    3. 

  3. Delete or disinfect the following files created/modified by the Malware:
    

    %Program Files% (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.94\40.0.2214.94_chrome_installer.exe (312970 bytes)
    %Program Files% (x86)\Google\Update\Install\{23252D3F-79B7-49C3-B5DC-E661D2F46FFD}\40.0.2214.94_chrome_installer.exe (331841 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-HG8AO.tmp\pcspeedup.tmp (50 bytes)
    C:\8512126cc7c623e1b0299c23645c\install.res.dll (356 bytes)
    C:\8512126cc7c623e1b0299c23645c\Silverlight.msp (2721 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Silverlight0.log (6424 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SilverlightMSI.log (89073 bytes)
    %Program Files% (x86)\PC Speed Up\PCSUService.log (520 bytes)
    %Program Files% (x86)\PC Speed Up\PCSpeedUp.s3db-journal (27960 bytes)
    %Program Files% (x86)\PC Speed Up\PCSUService-Timer.log (99 bytes)
    %Program Files% (x86)\PC Speed Up\PCSUSpeedTest.exe (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DT06R4CE.txt (106 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\es-419\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\quick_start.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\include\tools\misc.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code6.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\tr\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\module\mostgrid.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\module\search.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\restoreprefs.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\include\tools\popup_image_helper.js (693 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\quick_start.xul (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\lib\jquery-2.1.0.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\defaults\preferences\preferences.js (379 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code3.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code2.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\scrollbar.bmp (37 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\google_trends.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\install.rdf (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\module\stat.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\bk_shadow.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\loading_light.png (139 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\last_tab.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\UninstallManager.exe (13122 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\close.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\defaults\preferences\fvd.js (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\logo.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\it-CH\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\MessageBox.xml (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\ru-MO\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\en-US\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\BFVUpdateM.dll (110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\fr\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.json (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\js.js (660 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\fr-CH\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\icon.png (628 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\pack\common.js (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\D52A.tmp (110 bytes)
    C:\Users\Public\Desktop\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\Thumbs.db (42 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\button1.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\checked.png (222 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\fr-BE\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\misc.js (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\D50A.tmp (110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\vi\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\checkbox.png (545 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\checkbox_select.png (783 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\button.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Web Data (1518 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\en\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\it\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\zh-CN\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\settings.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\pl\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\fr-LU\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\uninstallDlg2.xml (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\include\tools\urlrequestor.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.ini (480 bytes)
    %Program Files% (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml (567 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\bg1.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\zh-TW\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\bg.png (673 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\remoterequest.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome.manifest (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal (6322 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\googlelogo.png (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\aes.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\include\speed_dial.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\addonmanager.js (531 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\fr-CA\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\style.css (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code5.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\es\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\lib\jquery.autocomplete.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\unchecked.png (135 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\modules\properties.js (1 bytes)
    C:\Users\Public\Desktop\Google Chrome.lnk (2 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\min.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\lib\doT.min.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\module\hotSearch.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\loading.gif (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\pt-BR\locale.properties (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\newtab.ico (1 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\simple.css (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\pack\xagainit.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\locale\ru\locale.properties (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\Thumbs.db (27 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\js\pack\ga.js (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\index.html (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\skin\default_logo.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\loading_bg.png (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\460.json (520 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code1.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\webssearches\images\code\code4.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\1422883717_xpi\chrome\content\include\tools\about_blank_hook.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\STab_Down_6.0.6.6.exe (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\CrashReport_v6.2.7601.963.exe (430 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\460.db (298 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\wpm_v20.0.0.1714.exe (930 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\WebDataJs (45 bytes)
    C:\Windows\Tasks\PC SpeedUp Service Deactivator.job (336 bytes)
    %Program Files% (x86)\PC Speed Up\Sqlite3.dll (585 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nspFE8.tmp\System.dll (23 bytes)
    %Program Files% (x86)\XTab\web\img\googlelogo.png (7 bytes)
    %Program Files% (x86)\XTab\web\js\jquery-1.11.0.min.js (4726 bytes)
    %Program Files% (x86)\XTab\skin\btn.png (2 bytes)
    %Program Files% (x86)\XTab\install.data (68 bytes)
    %Program Files% (x86)\XTab\web\_locales\zh-CN\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\_locales\en-US\messages.json (3 bytes)
    %Program Files% (x86)\XTab\HPNotify.exe (18027 bytes)
    %Program Files% (x86)\XTab\conf (1614 bytes)
    %Program Files% (x86)\XTab\web\img\loading.gif (5 bytes)
    %Program Files% (x86)\XTab\BrowerWatchFF.dll (23 bytes)
    %Program Files% (x86)\XTab\web\_locales\es-419\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\indexIE8.html (1816 bytes)
    %Program Files% (x86)\XTab\web\js\library.js (4216 bytes)
    %Program Files% (x86)\XTab\web\_locales\pt\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\img\arrow.png (259 bytes)
    %Program Files% (x86)\XTab\web\ver.txt (5 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-BE\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\input_bk.png (2 bytes)
    %Program Files% (x86)\XTab\web\_locales\pl\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\_locales\it-IT\messages.json (4 bytes)
    %Program Files% (x86)\XTab\skin\conf_back.png (1623 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-CA\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\img\weather\0.png (1 bytes)
    %Program Files% (x86)\XTab\skin\btn_apply.png (6 bytes)
    %Program Files% (x86)\XTab\skin\conf.xml (8 bytes)
    %Program Files% (x86)\XTab\CmdShell.exe (1681 bytes)
    %Program Files% (x86)\XTab\web\indexIE.html (1 bytes)
    %Program Files% (x86)\XTab\web\_locales\ru-MO\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\js\xagainit-ie8.js (3 bytes)
    %Program Files% (x86)\XTab\skin\about_bk.png (1436 bytes)
    %Program Files% (x86)\XTab\web\_locales\es-ES\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\main.xml (4 bytes)
    %Program Files% (x86)\XTab\web\img\default_add_logo_hover.png (1 bytes)
    %Program Files% (x86)\XTab\BrowserAction.dll (33992 bytes)
    %Program Files% (x86)\XTab\skin\radio_2.png (3 bytes)
    %Program Files% (x86)\XTab\msvcr110.dll (22156 bytes)
    %Program Files% (x86)\XTab\searchProvider.xml (8 bytes)
    %Program Files% (x86)\XTab\web\_locales\it-CH\messages.json (3 bytes)
    %Program Files% (x86)\XTab\ProtectService.exe (5312 bytes)
    %Program Files% (x86)\XTab\web\js\js.js (18 bytes)
    %Program Files% (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi (14 bytes)
    %Program Files% (x86)\XTab\web\img\default_add_logo.png (1 bytes)
    %Program Files% (x86)\XTab\skin\logo.png (5 bytes)
    %Program Files% (x86)\XTab\web\js\xagainit2.0.js (3 bytes)
    %Program Files% (x86)\XTab\web\js\xagainit.js (3 bytes)
    %Program Files% (x86)\XTab\web\img\googlelogo2.png (1526 bytes)
    %Program Files% (x86)\XTab\web\main.css (19 bytes)
    %Program Files% (x86)\XTab\web\_locales\vi-VI\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\_locales\ru\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\img\icon48.png (3 bytes)
    %Program Files% (x86)\XTab\skin\close.png (3 bytes)
    %Program Files% (x86)\XTab\web\data.html (20 bytes)
    %Program Files% (x86)\XTab\web\img\logo32.ico (4 bytes)
    %Program Files% (x86)\XTab\web\img\icon128.png (9 bytes)
    %Program Files% (x86)\XTab\web\js\jquery.autocomplete.js (12 bytes)
    %Program Files% (x86)\XTab\uninstall.exe (1343 bytes)
    %Program Files% (x86)\XTab\skin\about.png (4 bytes)
    %Program Files% (x86)\XTab\BrowerWatchCH.dll (23 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-FR\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\img\icon16.png (628 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-CH\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\settings.png (5 bytes)
    %Program Files% (x86)\XTab\web\img\default_logo.png (5 bytes)
    %Program Files% (x86)\XTab\web\_locales\fr-LU\messages.json (3 bytes)
    %Program Files% (x86)\XTab\web\js\ga.js (1568 bytes)
    %Program Files% (x86)\XTab\web\js\common.js (2 bytes)
    %Program Files% (x86)\XTab\web\_locales\tr-TR\messages.json (4 bytes)
    %Program Files% (x86)\XTab\SupTab.dll (6812 bytes)
    %Program Files% (x86)\XTab\web\js\ie8.js (156 bytes)
    %Program Files% (x86)\XTab\IeWatchDog.dll (20 bytes)
    %Program Files% (x86)\XTab\web\_locales\pt-BR\messages.json (4 bytes)
    %Program Files% (x86)\XTab\web\img\google_trends.png (7 bytes)
    %Program Files% (x86)\XTab\web\_locales\zh-TW\messages.json (3 bytes)
    %Program Files% (x86)\XTab\skin\rigth_arrow.png (2 bytes)
    %Program Files% (x86)\XTab\msvcp110.dll (17526 bytes)
    %Program Files% (x86)\XTab\skin\radio_1.png (3 bytes)
    C:\Windows\Temp\CR_2B960.tmp\setup.exe (17361 bytes)
    C:\Windows\Temp\CR_2B960.tmp\CHROME.PACKED.7Z (44833 bytes)
    C:\Windows\Temp\CR_2B960.tmp\SETUP.EX_ (375 bytes)
    %Program Files% (x86)\PC Speed Up\unins000.exe (49 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\delete_me_reportInstall.txt (2 bytes)
    %Program Files% (x86)\PC Speed Up\is-9JMA2.tmp (601 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up\PC Speed Up.lnk (1 bytes)
    %Program Files% (x86)\PC Speed Up\is-3OAP5.tmp (48 bytes)
    %Program Files% (x86)\PC Speed Up\is-BLNV6.tmp (21 bytes)
    %Program Files% (x86)\PC Speed Up\is-56GOF.tmp (34 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\Sqlite3.dll (3361 bytes)
    %Program Files% (x86)\PC Speed Up\is-RDIKE.tmp (4545 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\itdownload.dll (1489 bytes)
    %Program Files% (x86)\PC Speed Up\is-BKFT4.tmp (673 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-FJAGD.tmp (28 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-C7VFJ.tmp (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\_isetup\_shfoldr.dll (47 bytes)
    %Program Files% (x86)\PC Speed Up\is-9GGR5.tmp (31891 bytes)
    %Program Files% (x86)\PC Speed Up\is-D9O99.tmp (12 bytes)
    %Program Files% (x86)\PC Speed Up\PCSULauncher.exe (81 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up\Uninstall PC Speed Up.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\_isetup\_setup64.tmp (6 bytes)
    %Program Files% (x86)\PC Speed Up\is-OGSG9.tmp (265 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\WebBrowser.dll (2763 bytes)
    %Program Files% (x86)\PC Speed Up\is-RNB5C.tmp (2321 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-MNS9G.tmp (601 bytes)
    %Program Files% (x86)\PC Speed Up\is-F4T10.tmp (2321 bytes)
    %Program Files% (x86)\PC Speed Up\is-9AA0G.tmp (7726 bytes)
    %Program Files% (x86)\PC Speed Up\is-5C99K.tmp (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-94RHR.tmp (1 bytes)
    %Program Files% (x86)\PC Speed Up\is-E3KGE.tmp (673 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\Silverlight.exe (1526871 bytes)
    %Program Files% (x86)\PC Speed Up\unins000.msg (864 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\PC Speed Up.lnk (1 bytes)
    %Program Files% (x86)\PC Speed Up\App.config (2634 bytes)
    %Program Files% (x86)\PC Speed Up\is-0M58F.tmp (844 bytes)
    %Program Files% (x86)\PC Speed Up\is-CTOSQ.tmp (2321 bytes)
    %Program Files% (x86)\PC Speed Up\is-42TCG.tmp (1425 bytes)
    %Program Files% (x86)\PC Speed Up\is-R3UPI.tmp (2105 bytes)
    %Program Files% (x86)\PC Speed Up\PCSUService.conf (605 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\PopupNotification.dll (2321 bytes)
    %Program Files% (x86)\PC Speed Up\is-QVEKN.tmp (1425 bytes)
    %Program Files% (x86)\PC Speed Up\is-1NB70.tmp (601 bytes)
    %Program Files% (x86)\PC Speed Up\unins000.dat (50292 bytes)
    %Program Files% (x86)\PC Speed Up\is-7BGE0.tmp (601 bytes)
    %Program Files% (x86)\PC Speed Up\is-MCBK5.tmp (6841 bytes)
    %Program Files% (x86)\PC Speed Up\is-83R98.tmp (3361 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-JD68F.tmp (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-JV8QJ.tmp\PCSUNotifier.exe (2449 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup Log 2015-02-02 #001.txt (536723 bytes)
    %Program Files% (x86)\PC Speed Up\PCSUSD.exe (405 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-PCOHD.tmp (4 bytes)
    %Program Files% (x86)\PC Speed Up\PCSUService.exe (438 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-2CA6P.tmp (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\is-4N5PI.tmp (53362 bytes)
    %Program Files% (x86)\PC Speed Up\uninstaller.dat (673 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgD3F1.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nslAF27.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqEA68.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqA92B.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsaEDB4.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqC7AA.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgCA79.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsf5EE3.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nslB060.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq5E85.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqCE13.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgD79A.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq61E2.tmp (7288 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfF093.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsaF333.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq5E85.tmp\IpConfig.dll (3440 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsvDC7E.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsvA6D9.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfE5E4.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsvDEA1.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqCCDA.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq5E85.tmp\WmiInspector.dll (2840 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsaAB8C.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgCF5C.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq5E85.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgADCF.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\heu39T.nss (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsvD279.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\stats[1].htm (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\VOPackage.exe (2436 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsaE354.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgD0E3.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\VOPackage\Uninstall.exe (3453 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfE1EC.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqB16A.tmp (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsvEF1C.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\count_vn[1].htm (2888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsqEBEF.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsq61E1.tmp (3656 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsbC662.tmp (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\count_vc[1].htm (5984 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\lpd#4.3.0.xpi (6360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code1.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\bg1.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\2.zip (25406 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\2[1].zip (69113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\Thumbs.db (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code2.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\close.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code4.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\conf (83 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\DataBase (26688 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\min.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\button.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\uninstallDlg2.xml (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\bg.png (5064 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\loading_light.png (139 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\BaofengUpdate.exe (2461 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\checkbox_select.png (783 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\1.zip (42934 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\loading_bg.png (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\ffsearch_toolbar!1.0.0.1025.xpi (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\unchecked.png (135 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\UninstallManager.exe (59286 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\Thumbs.db (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\scrollbar.bmp (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\checkbox.png (545 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\button1.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code5.jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\checked.png (222 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code3.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\code\code6.jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\1[1].zip (174531 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\images\bk_shadow.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\MessageBox.xml (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\460.json (520 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ko.pak (580 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\PepperFlash\manifest.json (6 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\nb.pak (521 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\libegl.dll (423 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\drive.crx (53 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\resources.pak (64 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\search.crx (54 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ta.pak (1375 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\VisualElements\smalllogo.png (21 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\libglesv2.dll (50 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\pdf.dll (58 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\kn.pak (1309 bytes)
    %Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\default_apps (4 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ms.pak (432 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\fa.pak (817 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\zh-CN.pak (465 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\lv.pak (577 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\docs.crx (12 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ar.pak (766 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\ffmpegsumo.dll (50 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\en-GB.pak (479 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\icudtl.dat (59 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\widevinecdmadapter.dll (285 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\de.pak (496 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\chrome.exe (1686 bytes)
    %Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\VisualElements (4 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\et.pak (504 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\fr.pak (611 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\el.pak (1040 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\nl.pak (555 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\nacl64.exe (50 bytes)
    %Program Files% (x86)\Google\Chrome\Application\35.0.1916.114\Locales (8 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\es-419.pak (572 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\chrome_elf.dll (268 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\external_extensions.json (5 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\en-US.pak (479 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\hi.pak (1175 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\sw.pak (481 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\sk.pak (596 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\da.pak (521 bytes)
    %Program Files% (x86)\Google\Chrome\Application\chrome.exe (17554 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\chrome_100_percent.pak (50 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\nacl_irt_x86_32.nexe (51 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\delegate_execute.exe (50 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\pt-PT.pak (568 bytes)
    C:\Windows\Temp\chrome_installer.log (7903 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\fil.pak (585 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\sl.pak (530 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\xinput1_3.dll (162 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\uk.pak (897 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\40.0.2214.94.manifest (226 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\sr.pak (868 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\VisualElementsManifest.xml (400 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\VisualElements\splash-620x300.png (22 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\gu.pak (1137 bytes)
    %Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\setup.exe (22234 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\libexif.dll (621 bytes)
    %Program Files% (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe (22234 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ml.pak (1503 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\id.pak (520 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\chrome_200_percent.pak (50 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ro.pak (585 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\bg.pak (949 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\chrome.7z (270363 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\mr.pak (1159 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\he.pak (660 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Extensions\external_extensions.json (103 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\youtube.crx (47 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\hr.pak (538 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\secondarytile.png (641 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\d3dcompiler_46.dll (52 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\pt-BR.pak (555 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\th.pak (1153 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\PepperFlash\pepflashplayer.dll (63 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\default_apps\gmail.crx (48 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\chrome_child.dll (32722 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\lt.pak (564 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\vi.pak (653 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\libpeerconnection.dll (52 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\hu.pak (604 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\es.pak (586 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\bn.pak (1211 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ja.pak (693 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\metro_driver.dll (1013 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\cs.pak (572 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\nacl_irt_x86_64.nexe (52 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\wow_helper.exe (146 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ru.pak (892 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\am.pak (792 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\it.pak (561 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\fi.pak (540 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\te.pak (1276 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\zh-TW.pak (471 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\tr.pak (570 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\sv.pak (529 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\ca.pak (577 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\VisualElements\logo.png (7 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\Locales\pl.pak (569 bytes)
    %Program Files% (x86)\Google\Chrome\Temp\source1872_19701\Chrome-bin\40.0.2214.94\chrome.dll (30950 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.Web.ni.dll (460 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.Browser.ni.dll (44168 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.Browser.dll (143 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.ni.dll (488 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\mscorlib.ni.dll (608905 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\mscorlib.dll (49 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\mscorrc.dll (4 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\coreclr.dll (291 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Net.ni.dll (71763 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Net.dll (225 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Core.ni.dll (376 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Xml.ni.dll (95615 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Xml.dll (319 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.ni.dll (130634 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.dll (520 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ServiceModel.Web.dll (73 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.ni.dll (514 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.dll (413 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.ni.dll (73547 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\system.dll (233 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Windows.dll (49 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\System.Core.dll (536 bytes)
    C:\Windows\SysWOW64\916552.html (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\rebirth[1].htm (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\zh-CN.pak (95 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\pl.pak (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_200_percent.pak (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\hr.pak (110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\zh-TW.pak (101 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\nn.pak (101 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\af.pak (108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\zu.pak (109 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\pa.pak (208 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\lt.pak (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ta.pak (1109 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\uz.pak (166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico (34 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\me.pak (108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\be.pak (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\th.pak (215 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ro.pak (117 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ja.pak (139 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\bn.pak (233 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\kk.pak (161 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\es.pak (111 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\launcher_lib.dll (10788 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\mk.pak (169 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\tl.pak (118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\te.pak (236 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\tr.pak (112 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\lv.pak (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\dictionaries.xml (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\installer.exe (26622 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\sv.pak (107 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera.dll (1410 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\osmesa.dll (24179 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\nl.pak (109 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\wow_helper.exe (1250 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\license.txt (17 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\el.pak (189 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\sr.pak (162 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\nb.pak (105 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\de.pak (118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ko.pak (118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\msvcr100.dll (6366 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\fr-CA.pak (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\hi.pak (218 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\win8_importing.dll (653 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\da.pak (108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\hu.pak (118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ru.pak (166 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_crashreporter.exe (10795 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\files_list (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\it.pak (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\sk.pak (108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\sw.pak (108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\gd.pak (124 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_100_percent.pak (1932 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ca.pak (116 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\msvcp100.dll (3298 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera.pak (1639 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\libEGL.dll (2145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\fr.pak (117 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\en-US.pak (100 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico (17 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\cs.pak (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico (17 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico (17 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\pt-PT.pak (112 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_150_percent.pak (743 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\es-419.pak (115 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_autoupdate.version (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\fi.pak (110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera.exe (389939 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\icudtl.dat (1781 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\id.pak (104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\ffmpegsumo.dll (10007 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\fy.pak (107 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico (17 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\launcher.exe (4969 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\en-GB.pak (100 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\az.pak (119 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_autoupdate.exe (32207 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\uk.pak (179 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_125_percent.pak (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ms.pak (1274 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\default_partner_content.json (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\opera_autoupdate.licenses (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\vi.pak (127 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\ar.pak (119 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\d3dcompiler_46.dll (27481 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\pt-BR.pak (112 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\libGLESv2.dll (7389 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\7ZipSfx.000\localization\bg.pak (165 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\XTab_4.0.2.1716[1].exe (182185 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Wtmp722768\tmp\XTab_v4.0.exe (31741 bytes)
    %Program Files% (x86)\PC Speed Up\wpsapi.dll (49 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\js\jquery-1.10.2.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG2432.tmp (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\cfg.txt (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\js\jquery-1.10.2.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\speedchecker-pcspeedup-1.0-default\css\style.css (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\index.html (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\speedchecker-pcspeedup-1.0-default\index.html (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\last[1].zip (4324 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\index.html (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\151.gif (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\progress-bar.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\elex-websearches-1.0-default\css\style.css (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\js\jquery-1.10.2.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-bg.png (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\opera[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\img\progress-bar.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\icon.png (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\clickmein-ltd-vuupc-winsoftware-1.0-default\uifile.zip (6532 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\base[1].zip (3460 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\VOPackage[1].exe (39044 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\index.html (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\winsoftware\opera.exe (3620574 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\progress.html (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-bg.png (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\progress[1].zip (10164 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\index.html (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-lb.png (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\progress.zip (11948 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\noconnection.html (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\cvs_webssearches[1].exe (35380 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\elex-websearches-1.0-default\uifile.zip (5572 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\pcspeedup[1].exe (770903 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\img\progress.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\img\img1.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\yuupc-single-text-en-us[1].zip (5284 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\clickmein-ltd-vuupc-winsoftware-1.0-default\VOPackage.exe (42663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\last.zip (5572 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\progress.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\js\jquery-1.10.2.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\clickmein-ltd-vuupc-winsoftware-1.0-default\css\style.css (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\loadingImage\loadingImage.bmp (55014 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\websearches-single-text-en-us[1].zip (4324 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\initWindow\css\style.css (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\elex-websearches-1.0-default\index.html (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\css\style.css (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-b.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\speedchecker-pcspeedup-1.0-default\uifile.zip (6532 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\winsoftware-flow-5-text-en-us[1].zip (5492 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\clickmein-ltd-vuupc-winsoftware-1.0-default\img\img1.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\elex-websearches-1.0-default\cvs_webssearches.exe (38756 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\clickmein-ltd-vuupc-winsoftware-1.0-default\index.html (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-rb.png (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\css\style.css (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\img\img1.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\last\css\style.css (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\speedchecker-pcspeedup-1.0-default\js\jquery-1.10.2.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\bar-rb.png (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\winsoftware\uifile.zip (6740 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\e0ed048e90a6cd1636f19b7a343cf5600.5259303163664001 (388 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\elex-websearches-1.0-default\js\jquery-1.10.2.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\exe\speedchecker-pcspeedup-1.0-default\pcspeedup.exe (821539 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\elex-websearches-1.0-default\img\img1.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\base.zip (4708 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\img1.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\speedchecker-pcspeedup-1.0-default\img\img1.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\progress\img\br-lb.png (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\pcspeedup-single-text-en-us[1].zip (5284 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\common\base\css\style.css (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DLG\ui\offers\clickmein-ltd-vuupc-winsoftware-1.0-default\js\jquery-1.10.2.min.js (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\Opera_23.0.1522.75_Setup[1].exe (3406683 bytes)
    %Program Files% (x86)\PC Speed Up\PCSUHelper.dll (286 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\0[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfDCB8.tmp (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsfDCB9.tmp\inetc.dll (44 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0E2IZ44B.txt (106 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsgB2DD.tmp (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\0[1].gif (43 bytes)
    C:\8512126cc7c623e1b0299c23645c\silverlight.7z (92550 bytes)
    C:\8512126cc7c623e1b0299c23645c\silverlight.msi (973 bytes)
    C:\8512126cc7c623e1b0299c23645c\install.exe (3165 bytes)
    C:\8512126cc7c623e1b0299c23645c\$shtdwn$.req (788 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\opera_installer_20150202153252.log (50587 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\SLMSPRBootstrap.dll (430 bytes)
    %Program Files% (x86)\Microsoft Silverlight\xapauthenticodesip.dll (20 bytes)
    C:\Windows\System32\config\SOFTWARE (138140 bytes)
    %Program Files% (x86)\PC Speed Up\Skyhook.exe (184 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F (471 bytes)
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new (848 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_54B2C1101DB5E1123A4C3B7F395E6A7A (1520 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F (1544 bytes)
    %Program Files% (x86)\PC Speed Up\Speedchecker.log (77623 bytes)
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new (848 bytes)
    C:\$Directory (3840 bytes)
    C:\Windows\System32\config\SOFTWARE.LOG1 (171366 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_54B2C1101DB5E1123A4C3B7F395E6A7A (471 bytes)
    %Program Files% (x86)\PC Speed Up\SpeedChecker.dll (90 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\02112705985226-t222x111[1].jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\31161003767245-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\cb=gapi[3].js (47729 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\lg-32lb580b-led-plana-32-polegadas_200x200-PU8f8d9_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\jquery-1.10.2.min[1].js (62266 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\lego-the-hobbit-playstation-3-blu-ray_200x200-PU7ab0e_1[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\GooglePlusSignIn[1].htm (62 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D1F03728133589A90656A87E482B21F (1160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\8K4G8DVP.txt (317 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\s[1].htm (143 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\ad_choices_i[1].png (365 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\ads[1].htm (131 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\gplus-dd4b38-20[1].png (627 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\badge[1].htm (7124 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\sony-playstation-3-super-slim-500-gb_200x200-PU72efd_1[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\lg-22mp55hq-led-21-5-polegadas_200x200-PU92528_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\02112042690211-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\subscribe_embed[1].htm (1973 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\f[3].txt (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\temp_tage_file_snap.txt (239 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\dwnld109843[1].htm (3619 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\doodle-rex[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\renovautil-chopp-10-latas_200x200-PU64f6d_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\rs=AGLTcCP_ebDLYb4SwR55tZuEKc4iwejfmg[1].js (87321 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2ET7IW0O.txt (238 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\f[1].txt (26389 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\ad_choices_en[1].png (776 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\subscribe_embed[1].htm (719 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\31151459476187-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\v12-20140904[1].css (34159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_C1CC7B8D01491F9AD3D20EAE05D4E6F4 (1448 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\core_rpc_shindig.random_shindig.sha1[1].js (43685 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\210120155725873-t194x97[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\loading[1].gif (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\31103035138032-t222x111[1].jpg (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\46RF3I26.txt (875 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\teE39sffXW8[1].png (348 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\lg-55la9650-led-plana-55-polegadas_200x200-PU8a7d0_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\f[2].txt (77412 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\req[1].js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\000000_new_ico[1].gif (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\91YXEPTR.txt (80 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\f[1].txt (9089 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\usr[1].js (37 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\__utm[1].gif (35 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\google-logo[1].png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\seagate-expansion-stbx1000100-1024-gb-externo_200x200-PU6e6ee_1[1].jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\yet_another_cleaner_bxk[1].exe (869 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\photo[1].png (2186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\10314694_546860472124387_1498031706939073205_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\container[1].htm (381 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\P5BS5OTM.txt (201 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\icon-reply[1].png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\8007231901646850404[1].gif (1160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\ca-pub-7019091094896260[1].js (108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\Vmz08BPx_fY[1].js (206494 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\02095317012015-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D (2700 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\lg-22mp55hq-led-21-5-polegadas_200x200-PU92528_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\31114811600076-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\cb=gapi[2].js (32868 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\LVx-xkvaJ0b[1].png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82414F9D7AB8999991FFEB2BC378A4EB_010D63BD4C538A33A000779ECDAA5F8F (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\10351399_732629260133160_7838800426852444414_n[1].png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\lg-32lb580b-led-plana-32-polegadas_200x200-PU8f8d9_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\aep-full-10.7.2.min[1].js (24773 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\081120130629104-t194x97[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\b1[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\31153129756217-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\31095233060003-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\tm13767[1].js (6072 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\02111132989193-t222x111[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\like_box[1].htm (3724 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_A363FA4664764D069037AD000B6F9001 (1432 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\apple-ipad-mini-4g-16-gb_200x200-PU6dd55_1[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\f[3].txt (27929 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406 (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A3V5CDSJ.txt (308 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\newlink-sa101_200x200-PU8aff8_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_F663F250E172D75637EE387588AB955D (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\ct[1].js (879 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\02104345431099-t474x237[1].jpg (2888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\31130314775122-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\4QP0YRRR.txt (92 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\www-subscribe-embed[1].js (29923 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_C1CC7B8D01491F9AD3D20EAE05D4E6F4 (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\b[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot (5891 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\f[2].txt (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\lavadora-brastemp-ative-11kg-bwl11a-photo2202269-7-d-34[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\samsung-galaxy-tab-3-7-0-sm-t210-wi-fi-8-gb_200x200-PU8261e_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\7347923224040542989[1].jpg (1138 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\cb=gapi[2].js (21632 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\api[1].js (6645 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\10801920_331776217005906_7780408014686174217_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\aerocool-arma-gamer_200x200-PU7a105_1[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\f[2].txt (77412 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\14181700895757-t100x100[1].jpg (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_8F03B38040A5D04E02E1755856D36D26 (1448 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\rta[1].js (163 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\02104524460102-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\css[1].css (186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\border_3[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\photo[1].jpg (2391 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\rs=AGLTcCMDnmkaC_FLL6HkuK20QD8kjy0bcA[1].js (159774 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\cb=gapi[1].js (89863 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\02112915295231-t222x111[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\211120145427485-t194x97[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\bubbleDropB_3[1].png (117 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\cb=gapi[5].js (71 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 (984 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\yet_another_cleaner_bxk[2].exe (1943830 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\DU1Ia251o0y[1].htm (3181 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\push[1].htm (185 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\31103021160031-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_8F03B38040A5D04E02E1755856D36D26 (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\smartphone-sony-xperia-t2-ultra-dual-d5322-desbloqueado_200x200-PU8f189_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\pixel[1].png (170 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D (2808 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_7502D4377E88FF0A4E3FF8510B7A3BF5 (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\10418869_350895541749548_8026090204925231826_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\cb=gapi[1].js (21194 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\31114408441072[1].jpg (7223 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\grand-theft-auto-v-playstation-4-blu-ray_200x200-PU91c99_1[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\rs=AGLTcCMDnmkaC_FLL6HkuK20QD8kjy0bcA[1].js (26524 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\plusone[1].js (31724 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\5386886896510532077[1].gif (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BG26ER38.txt (297 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\smartphone-lg-g2-d805-desbloqueado_200x200-PU8422a_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 (3372 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DC5M7Y4B.txt (299 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_7502D4377E88FF0A4E3FF8510B7A3BF5 (1432 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\br_nzn_baixaki_redir_970x200_5adsx4-1.0.4.min[1].js (145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_A363FA4664764D069037AD000B6F9001 (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\IXKCB7V9.txt (402 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\bubbleSprite_3[1].png (318 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\activeview[1].gif (42 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC (3296 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C7W67AD7.txt (91 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\geral-201309170947[1].js (30100 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\LG897J1A.txt (201 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\cb=gapi[1].js (5476 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\image[1].png (1244 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\www-subscribe-embed-vflMmNA9U[1].css (18511 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\10410855_1391107331164278_3392151453808676195_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\iqVGY7gYXlg[1].gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\zrt_lookup[1].htm (1406 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\ads[2].htm (14122 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\rex-default[1].png (1160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\apple-ipad-mini-4g-16-gb_200x200-PU6dd55_1[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\31112647804063-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\f[3].txt (690 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\bubbleDropR_3[1].png (116 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\sony-playstation-3-super-slim-500-gb_200x200-PU72efd_1[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\aerocool-arma-gamer_200x200-PU7a105_1[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\f[1].txt (25549 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\31141203282139[1].jpg (6824 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_6974D89D7560C032FD086BB9AE092DD4 (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_D21BD790618F258B236C997278341DE0 (1432 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D1F03728133589A90656A87E482B21F (2726 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\far-cry-4-signature-edition-playstation-4-blu-ray_200x200-PU93903_1[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\100720143007825-t194x97[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\www-subscribe-embed-card-vflZy1sp8[1].css (2135 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\smartphone-lg-g2-d805-desbloqueado_200x200-PU8422a_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_4A500E9AA7C5573906560F21D53A5861 (2380 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\postmessageRelay[1].htm (616 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\lavadora-brastemp-ative-11kg-bwl11a-photo2202269-7-d-34[1].jpg (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\02104626362107-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\1081796830-postmessagerelay[1].js (3519 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_F663F250E172D75637EE387588AB955D (1488 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\renovautil-chopp-10-latas_200x200-PU64f6d_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\hwDm6WxKVrZ[1].js (131760 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\bxklogo[1].png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82414F9D7AB8999991FFEB2BC378A4EB_010D63BD4C538A33A000779ECDAA5F8F (3360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\DU1Ia251o0y[1].htm (3421 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\jquery.min[1].js (48438 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\dc634773cd47817b[1].js (14397 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\newlink-sa101_200x200-PU8aff8_1[1].jpg (868 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\1YBPYAZH.txt (308 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\logo-rex-white[1].png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\x_button_blue2[1].png (145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\rex[1].htm (1035 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\smartphone-samsung-galaxy-core-2-duos-sm-g355m-desbloqueado_200x200-PU91c2a_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\lego-the-hobbit-playstation-3-blu-ray_200x200-PU7ab0e_1[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A7HNB4BD.txt (597 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\smartphone-sony-xperia-t2-ultra-dual-d5322-desbloqueado_200x200-PU8f189_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\imgad[1].jpg (14128 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\kcHy1CkUgqNV4AKTDGxBWDDrzFfeh6glKekObLZJg2E[1].js (8395 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\_sprites20130903[1].png (3920 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_D21BD790618F258B236C997278341DE0 (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\smartphone-samsung-galaxy-core-2-duos-sm-g355m-desbloqueado_200x200-PU91c2a_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\17277594690423083363[1].jpg (4648 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\cb=gapi[4].js (124582 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\dc[1].js (27978 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\seagate-expansion-stbx1000100-1024-gb-externo_200x200-PU6e6ee_1[1].jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\client_plusone[1].js (33026 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\02104132034096-t222x111[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\31130302560121-t222x111[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\grand-theft-auto-v-playstation-4-blu-ray_200x200-PU91c99_1[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\baixaki-970x200-v3[1].css (27102 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\sony-kdl-32r435a-led-plana-32_200x200-PU87629_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\887FDFEF9DC62EF73EB288690D5944B1_69D8D47AB1AD575C0CF624C7D137AD1B (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\rs=AGLTcCMDnmkaC_FLL6HkuK20QD8kjy0bcA[1].js (2845 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_6974D89D7560C032FD086BB9AE092DD4 (1448 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\sony-kdl-32r435a-led-plana-32_200x200-PU87629_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\2OV5E1OA\www.facebook[1].xml (26 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\f[1].txt (98920 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TOO6Y6BQ.txt (81 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\pubads_impl_56[1].js (65418 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\lg-55la9650-led-plana-55-polegadas_200x200-PU8a7d0_1[1].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\multilaser-p3108_200x200-PU4d3d4_1[1].jpg (880 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\1779953_442612662553784_1456159939853832029_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\login_button[1].htm (3214 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\f[2].txt (45928 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\br_nzn_baixaki_redir_970x200_5adsx4[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\ads[1].htm (12551 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\signin[1].htm (7568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\little-big-planet-3-playstation-3-blu-ray_200x200-PU93f15_1[2].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\31134830489132[1].jpg (5497 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\bxklogowhite[1].png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\spacer[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\DRT4YCWO\googleads.g.doubleclick[1].xml (26 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\www-hitchhiker-vfl_Nz-Tk[1].png (19593 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\02103507839002[1].jpg (7867 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\JE5RPY4Y.txt (97 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\ads[1].htm (12102 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\css[1].css (186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\02111235343196-t222x111[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\samsung-galaxy-tab-3-7-0-sm-t210-wi-fi-8-gb_200x200-PU8261e_1[2].jpg (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\req[1].js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\02104419736100-t222x111[1].jpg (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\multilaser-p3108_200x200-PU4d3d4_1[1].jpg (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROWYV75Q\rs=AGLTcCNAsMMQvLy9Kqlcfq8uCmHvnwdmOQ[1].css (85011 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\f[4].txt (13379 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\border_3[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\logo-nzn[1].png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\783GTYVS\far-cry-4-signature-edition-playstation-4-blu-ray_200x200-PU93903_1[1].jpg (584 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9UXXTK4D.txt (597 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\887FDFEF9DC62EF73EB288690D5944B1_69D8D47AB1AD575C0CF624C7D137AD1B (1952 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046C1ZNT\f[4].txt (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2VTCHR0P.txt (125 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\www-subscribe-embed-card[1].js (6657 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\all[1].js (103791 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7QBP14P\little-big-planet-3-playstation-3-blu-ray_200x200-PU93f15_1[1].jpg (584 bytes)
    %Program Files% (x86)\Microsoft Silverlight\4.0.60310.0\coregen.exe (73 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "PCSpeedUp" = "%Program Files% (x86)\PC Speed Up\PCSUNotifier.exe"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now