Trojan.Generic.11756232_077f5a78df

by malwarelabrobot on December 2nd, 2014 in Malware Descriptions.

Trojan.Generic.11756232 (AdAware), Trojan.Win32.IEDummy.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 077f5a78dfae7230b554be4ae0351ae8
SHA1: 092d07ba0b14effffa62b828eb718fc8abfdc6b0
SHA256: 031189e07905dce7492fc4c10920567fad40e5fe87b2a8da4287506b0f41de6c
SSDeep: 98304:Ym46rkrqYcn0ZScjIyJAsN48I11OJaov:YdPry9cMBVov
Size: 3714560 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2013-06-28 17:45:44
Analyzed on: WindowsXPESX SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

InstallFlashPlayer.exe:816
FP_AX_CAB_INSTALLER64.exe:192
%original file name%.exe:472
%original file name%.exe:1572
%original file name%.exe:1912

The Trojan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process InstallFlashPlayer.exe:816 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{D09AEC29-5300-4066-8249-F4C940A0F49E}\fpb.tmp (1796 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{441F25F9-D280-4A11-B8EC-82F2D2BF5CCF}\fpb.tmp (6296 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{441F25F9-D280-4A11-B8EC-82F2D2BF5CCF} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{441F25F9-D280-4A11-B8EC-82F2D2BF5CCF}\fpb.tmp (0 bytes)

The process FP_AX_CAB_INSTALLER64.exe:192 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}\InstallFlashPlayer.exe (130014 bytes)

The process %original file name%.exe:472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\%original file name%.exe (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\CET_Archive.dat (22433 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp (0 bytes)

The process %original file name%.exe:1572 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\CET_TRAINER.CETRAINER (0 bytes)

The process %original file name%.exe:1912 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\%original file name%.exe (46383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\CET_TRAINER.CETRAINER (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\lua5.1-32.dll (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\defines.lua (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\win32\dbghelp.dll (4438 bytes)

Registry activity

The process InstallFlashPlayer.exe:816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 54 A6 5D 18 5A D6 D2 95 CF C8 00 A9 BF 4F C4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "InstallFlashPlayer.exe"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Macromedia\FlashPlayer]
"ConflictingProcs"

The process FP_AX_CAB_INSTALLER64.exe:192 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}]
"InstallFlashPlayer.exe" = "Adobe® Flash® Player Installer/Uninstaller 15.0 r0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c14c4f6-74da-11e2-81b0-000c29ec7fc5}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "FP_AX_CAB_INSTALLER64.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E F1 C5 D2 E2 F4 7B 8D FE 87 9F 65 A7 54 43 DA"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:1572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 0E F1 9D EA 40 04 5C C7 27 A7 89 E2 E3 33 CD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Internet Explorer]
"iexplore.exe" = "Internet Explorer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Cheat Engine\Window Positions]
"AdvancedOptions Position" = "7E 01 00 00 FF 01 00 00 74 02 00 00 29 01 00 00"
"frmAutoInject Position" = "87 01 00 00 00 05 00 00 AF 01 00 00 4B 01 00 00"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process %original file name%.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D 60 4F 2C DA 25 9E CD AB 44 9C 40 E9 21 A9 96"

Dropped PE files

MD5 File path
9aad029c972d92be0ea8441b3e0e28b7 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
808de473370ef6b5d98ab752f245a3ca c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\cetrainers\CETB2.tmp\%original file name%.exe
d2aa9bb0e3220378c1022e8c951b73ee c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\%original file name%.exe
8abe7dd2963502fe189f42fa7cba4f74 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\lua5.1-32.dll
4003e34416ebd25e4c115d49dc15e1a7 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\win32\dbghelp.dll
685e7043dde485e5cee091c5f73ca5cf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}\InstallFlashPlayer.exe
3a34cf39fb84031f445e3c68b75fe75f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\{D09AEC29-5300-4066-8249-F4C940A0F49E}\fpb.tmp

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 36180 36352 4.54854 40b6c3ad804db9bc09242ade61fb6ea3
.rdata 40960 8468 8704 3.77319 33d023d2d6213e1f615883e5e3160e76
.data 53248 10972 4096 1.45741 3254d8738887635ac7c58c51f4e91adf
.rsrc 65536 3660208 3660288 5.52443 e8a5a12a329b0109f5967ebd5adfe1cd
.reloc 3727360 3818 4096 3.00051 65aac020a14aa9271485b36b38ac2718

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://ghs.l.google.com/
hxxp://onclickads.net/afu.php?zoneid=33507 78.140.191.70
hxxp://radiobaladaalternativa.com.br/nv-player?cor=0f87ff
hxxp://radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
hxxp://radiobaladaalternativa.com.br/nv-player/spectrum.css
hxxp://radiobaladaalternativa.com.br/nv-player/spectrum.js
hxxp://imgur.com/9i3REYS.png
hxxp://imgur.com/wjFHehL.jpg
hxxp://photos-ugc.l.googleusercontent.com/-GT2zFFUi1wY/VHsuCGmbr8I/AAAAAAAAAUk/bYb53AeddIA/s1600/Lol.png
hxxp://photos-ugc.l.googleusercontent.com/-UmdwoZ-M0zY/VHu_EXIM3EI/AAAAAAAABc4/xr11nZe6QW4/s1600/Code+Master-+A+lenda.png
hxxp://photos-ugc.l.googleusercontent.com/-1CPlBGY2nWQ/U6oUCeEP2KI/AAAAAAAAAXY/dRC6jr8YqFE/s1600/Sem+título-1.fw.png
hxxp://youtube-ui.l.google.com/embed/Gjw4NCfc3iE
hxxp://imgur.com/nZ0jgYX.png
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.8.2/jquery.js
hxxp://imgur.com/Ndvqfhb.png
hxxp://jogoscelular.net/imagem/down_post.gif
hxxp://imgur.com/ZSI3Tki.png
hxxp://imgur.com/Cv8yKZy.png
hxxp://imgur.com/VFZJ3Hh.png
hxxp://imgur.com/HpH8fyK.png
hxxp://imgur.com/0fF60fQ.png
hxxp://imgur.com/v5pV86z.png
hxxp://www.xatech.com/web_gear/chat/chat.swf 141.101.112.75
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.4.2
hxxp://radiobaladaalternativa.com.br/nv-player/player.png
hxxp://radiobaladaalternativa.com.br/nv-player/pw.png
hxxp://youtube-ui.l.google.com/subscribe_widget?p=razortutoriais
hxxp://star.c10r.facebook.com/plugins/like.php?href=hxxp://www.facebook.com/RadioBaladaAlternativa/&layout=standard&show_faces=false&width=380&action=like&colorscheme=light&height=25
hxxp://star.c10r.facebook.com/plugins/follow?href=https://www.facebook.com/mpboato&
hxxp://blogger.l.google.com/img/icon18_wrench_allbkg.png
hxxp://facebook.com/plugins/likebox.php?href=https://www.facebook.com/hackernomice?fref=ts&width=400&colorscheme=light&show_faces=true&border_color=#fff&stream=false&header=false&height=250 173.252.120.6
hxxp://www.google.com/friendconnect/script/friendconnect.js
hxxp://radiobaladaalternativa.com.br/nv-player/player.swf
hxxp://atelier802.com/adcash.php
hxxp://radiobaladaalternativa.com.br/player/server.html
hxxp://radiobaladaalternativa.com.br/nv-player/play.png
hxxp://adcash.com/script/pop_packcpm.php?k=547511d4e15672671828.4120043&h=6f3af813683bda0ded5cfd60c1f29518e0ffdd78&id=0&ban=2671828&r=162025&ref=&data=&subid=&dx===Qj&pkr===ggLfohLf4j&psr==YYmHe4hGmZw&scr==UYhFK4gOm5h
hxxp://radiobaladaalternativa.com.br/nv-player/pause.png
hxxp://radiobaladaalternativa.com.br/united.html
hxxp://xat.com/RadioBaladaAlternativaWebRadio?p=1
hxxp://adcash.com/script/pop_packcpm.php?k=547513a7ab7c7902334.1583170&h=05b735714f42cb5da4c67aa7d8d7c99a577a51d6&id=0&ban=902334&r=162025&ref=&data=&subid=&dx===wg&pkr===AjFnIiFnYg&psr==g4lJmYiIe5z&scr==84iJm4iJeJi
hxxp://imgur.com/EeZYpJp.png
hxxp://imgur.com/lDm25Zf.png
hxxp://radiobaladaalternativa.com.br/nv-player/grad.png
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.8.1/jquery.min.js
hxxp://adcash.com/script/pop_packcpm.php?k=54751305f04f52749871.4174527&h=b8e5f1c7c892ac144346de651cb9a1edd2c3a996&id=0&ban=2749871&r=162025&ref=&data=&subid=&dx===wc&pkr===Af1kHe1kXc&psr==g3Z5lXe4d2P&scr===gfx5Hc5dGe
hxxp://ajax.cloudflare.com.cdn.cloudflare.net/cdn-cgi/nexp/dok2v=919620257c/cloudflare.min.js 198.41.215.158
hxxp://adcash.com/script/pop_packcpm.php?k=547514058ef2a2671829.4120043&h=a20f551b3316025afd96efc71aab3078dc8747dd&id=0&ban=2671829&r=162025&ref=&data=&subid=&dx===A8&pkr===w/2q/+2qv8&psr==sP56rv+7TOv&scr==kP+z7f+zTu+
hxxp://xat.com/images/xatblk.gif?a
hxxp://xat.com/images/b_groups.gif
hxxp://is-test3.imageshack.netdna-cdn.com/v2/90x90q90/912/u0rlT1.png
hxxp://xat.com/images/b_news.gif
hxxp://ne1.wac.v4cdn.net/2db7wn4.jpg
hxxp://xat.com/images/b_store.gif
hxxp://xat.com/images/b_trade.gif
hxxp://xat.com/images/b_help.gif
hxxp://xat.com/images/tgrid.png
hxxp://xat.com/images/tplayer.png
hxxp://xat.com/images/tdoodle.png
hxxp://xat.com/images/ttranslate.png
hxxp://xat.com/images/tclose.png
hxxp://xat.com/images/tsmilies.png
hxxp://xat.com/images/tgames.png
hxxp://xat.com/cdn-cgi/pe/bag2?r[]=http://xat.com/cdn-cgi/nexp/dok2v=1613a3a185/cloudflare/json.js
hxxp://e526.d.akamaiedge.net/pub/shockwave/cabs/flash/swflash.cab
hxxp://a1293.d.akamai.net/pub/shockwave/cabs/flash/swflash.cab
hxxp://photos-ugc.l.googleusercontent.com/-wbOyGFuANTQ/UVF1F4ouC4I/AAAAAAAABiA/RX4jNlICbjM/s1600/aktechz-fb-lock.png
hxxp://ux.microsofttranslator.search.prod.ms.akadns.net/ajax/v3/WidgetV3.ashx?siteData=ueOIGRSKkd965FeEGM5JtQ**&ctf=True&ui=true&settings=Manual&from=pt
hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl
hxxp://e6845.ce.akamaiedge.net/evcs.crl
hxxp://e526.d.akamaiedge.net/get/flashplayer/update/current/install/install_all_win_cab_ax_sgn.z
hxxp://fpdownload.macromedia.com/get/flashplayer/update/current/install/install_all_win_cab_ax_sgn.z 173.223.66.70
hxxp://i.imgur.com/EeZYpJp.png 23.235.40.193
hxxp://www.microsofttranslator.com/ajax/v3/WidgetV3.ashx?siteData=ueOIGRSKkd965FeEGM5JtQ**&ctf=True&ui=true&settings=Manual&from=pt
hxxp://www.adcash.com/script/pop_packcpm.php?k=547513a7ab7c7902334.1583170&h=05b735714f42cb5da4c67aa7d8d7c99a577a51d6&id=0&ban=902334&r=162025&ref=&data=&subid=&dx===wg&pkr===AjFnIiFnYg&psr==g4lJmYiIe5z&scr==84iJm4iJeJi 67.227.226.196
hxxp://www.youtube.com/embed/Gjw4NCfc3iE 74.125.226.8
hxxp://img1.blogblog.com/img/icon18_wrench_allbkg.png 173.194.76.191
hxxp://www.jogoscelular.net/imagem/down_post.gif 198.154.224.192
hxxp://4.bp.blogspot.com/-wbOyGFuANTQ/UVF1F4ouC4I/AAAAAAAABiA/RX4jNlICbjM/s1600/aktechz-fb-lock.png
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.4.2 173.194.76.95
hxxp://i.imgur.com/lDm25Zf.png 23.235.40.193
hxxp://www.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff 91.121.15.121
hxxp://1.bp.blogspot.com/-1CPlBGY2nWQ/U6oUCeEP2KI/AAAAAAAAAXY/dRC6jr8YqFE/s1600/Sem+título-1.fw.png 74.125.226.10
hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab 173.223.66.70
hxxp://www.youtube.com/subscribe_widget?p=razortutoriais 74.125.226.8
hxxp://www.adcash.com/script/pop_packcpm.php?k=547511d4e15672671828.4120043&h=6f3af813683bda0ded5cfd60c1f29518e0ffdd78&id=0&ban=2671828&r=162025&ref=&data=&subid=&dx===Qj&pkr===ggLfohLf4j&psr==YYmHe4hGmZw&scr==UYhFK4gOm5h 67.227.226.196
hxxp://www.radiobaladaalternativa.com.br/united.html 91.121.15.121
hxxp://i.imgur.com/HpH8fyK.png 23.235.40.193
hxxp://ajax.cloudflare.com/cdn-cgi/nexp/dok2v=919620257c/cloudflare.min.js 198.41.215.158
hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab 184.84.243.56
hxxp://www.radiobaladaalternativa.com.br/nv-player/grad.png 91.121.15.121
hxxp://www.transformicehackers.com/ 64.233.171.121
hxxp://www.radiobaladaalternativa.com.br/nv-player?cor=0f87ff 91.121.15.121
hxxp://www.radiobaladaalternativa.com.br/nv-player/play.png 91.121.15.121
hxxp://www.facebook.com/plugins/like.php?href=hxxp://www.facebook.com/RadioBaladaAlternativa/&layout=standard&show_faces=false&width=380&action=like&colorscheme=light&height=25
hxxp://www.radiobaladaalternativa.com.br/nv-player/player.swf 91.121.15.121
hxxp://www.adcash.com/script/pop_packcpm.php?k=547514058ef2a2671829.4120043&h=a20f551b3316025afd96efc71aab3078dc8747dd&id=0&ban=2671829&r=162025&ref=&data=&subid=&dx===A8&pkr===w/2q/+2qv8&psr==sP56rv+7TOv&scr==kP+z7f+zTu+ 67.227.226.196
hxxp://i.imgur.com/Ndvqfhb.png 23.235.40.193
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js 173.194.76.95
hxxp://i43.tinypic.com/2db7wn4.jpg 93.184.216.169
hxxp://www.adcash.com/script/pop_packcpm.php?k=54751305f04f52749871.4174527&h=b8e5f1c7c892ac144346de651cb9a1edd2c3a996&id=0&ban=2749871&r=162025&ref=&data=&subid=&dx===wc&pkr===Af1kHe1kXc&psr==g3Z5lXe4d2P&scr===gfx5Hc5dGe 67.227.226.196
hxxp://www.radiobaladaalternativa.com.br/nv-player/spectrum.css 91.121.15.121
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.js 173.194.76.95
hxxp://i.imgur.com/nZ0jgYX.png 23.235.40.193
hxxp://i.imgur.com/wjFHehL.jpg 23.235.40.193
hxxp://i.imgur.com/v5pV86z.png 23.235.40.193
hxxp://i.imgur.com/0fF60fQ.png 23.235.40.193
hxxp://www.radiobaladaalternativa.com.br/nv-player/spectrum.js 91.121.15.121
hxxp://2.bp.blogspot.com/-GT2zFFUi1wY/VHsuCGmbr8I/AAAAAAAAAUk/bYb53AeddIA/s1600/Lol.png 74.125.226.10
hxxp://www.radiobaladaalternativa.com.br/nv-player/player.png 91.121.15.121
hxxp://www.radiobaladaalternativa.com.br/nv-player/pause.png 91.121.15.121
hxxp://i.imgur.com/9i3REYS.png 23.235.40.193
hxxp://imagizer.imageshack.us/v2/90x90q90/912/u0rlT1.png
hxxp://i.imgur.com/VFZJ3Hh.png 23.235.40.193
hxxp://crl.verisign.com/pca3-g5.crl 23.9.117.163
hxxp://www.radiobaladaalternativa.com.br/nv-player/pw.png 91.121.15.121
hxxp://2.bp.blogspot.com/-UmdwoZ-M0zY/VHu_EXIM3EI/AAAAAAAABc4/xr11nZe6QW4/s1600/Code+Master-+A+lenda.png 74.125.226.10
hxxp://i.imgur.com/ZSI3Tki.png 23.235.40.193
hxxp://www.radiobaladaalternativa.com.br/player/server.html 91.121.15.121
hxxp://evcs-crl.ws.symantec.com/evcs.crl
hxxp://www.facebook.com/plugins/follow?href=https://www.facebook.com/mpboato&
hxxp://i.imgur.com/Cv8yKZy.png 23.235.40.193
4t4qjto8n6vcba9cabf6v2lrng9ast6r-a-fc-opensocial.googleusercontent.com 74.125.226.42
gg.google.com 74.125.226.6
yt3.ggpht.com 74.125.226.10
www.blogger.com 173.194.76.191
encrypted-tbn1.gstatic.com 74.125.226.5
s.ytimg.com 74.125.226.5


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /imagem/down_post.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.jogoscelular.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:51 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0-fips DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 03 Jan 2012 13:24:38 GMT
Accept-Ranges: bytes
Content-Length: 12637
Cache-Control: public
Expires: Wed, 31 Dec 2014 11:47:51 GMT
Keep-Alive: timeout=2, max=102
Connection: Keep-Alive
Content-Type: image/gif
GIF89a(.h.............................................................
......................................................................
......................................................................
......................................................................
........q........~...........{.....q........v.....[..y..W........r....
.e..W..u.....n..q..T.....Z..j..f..Y.....R..n..m..b..N.....K..W..M..K..
...U..\.....M.....G..O..L..A..E..S..o..@[email protected]..{..e..?..L..=..=
[email protected]{.G..=..Q..R..Qw.C..:..8..G..9..<[email protected]..;}.;..9.
.1..B..h..?y.9..H..:..aw.8..D..-..8{.G..;..5..4..,t.7..0.....2{.7s.7.}
)../.{(.{7.z-..h.y&u.:v.N.}>.{*.v$.v&m.4.t$.s%.x0.r&.s/.s'.p&.t6.o'
g.1.v<.n'.o0.k).l#e.5.i*.m3a./.j,.g .f(.d .kH.d([.,.h5.^'.^2.Y'.T%.
V8.O$.N%.K#.L0.E#...!..NETSCAPE2.0.....!...2...,....(.h........H......
..@.@...#J.......3j...... C..I.d....8X. ...0Y.\p..E.8s..........p ....
H.*].TB...l..J....X....A...`........h..].v`...,..K.k........._...D !..
.... ^.........L.r_..*........C.........X^..5P..4. .y...%[email protected]
.A.....(......s.x.B.....k.^...._s...O.....c...}[email protected]|U.....}.
.]xN.h........]....f% }9$h...6.^..v..._.@..$.h.......,.8....x..$......
......C.@.)..@.. .<&.dA0....PF)..Fj...I6...\v...U"...-.........l...
.U....tB........|....|.._..D%@.u&....).@.(...WG.j....`[email protected])**k.:*.
...`..-|......*...f...-@V...(....^[email protected].$.....P......
..{......P..t.......C].h..^[email protected]].h.@..&|U`.I...YD,q.t.a
...gl...G..._Y@Bo.*l2N. ...y....0.,....q.W..0..'.....D...<.....
<<< skipped >>>


GET /evcs.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: evcs-crl.ws.symantec.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "dc24a8a1ed5e253345e8075644a86203:1417425046"
Last-Modified: Mon, 01 Dec 2014 09:10:46 GMT
Date: Mon, 01 Dec 2014 11:47:54 GMT
Content-Length: 2419
Connection: keep-alive
Content-Type: application/pkix-crl
0..o0..W...0...*.H........0..1.0...U....US1.0...U....Symantec Corporat
ion1.0...U....Symantec Trust Network1=0;..U...4Symantec Class 3 Extend
ed Validation Code Signing CA..141201090059Z..141208090059Z0..b0!.....
.>....{. ......131029083537Z0!...z..Q..{O..k1?....121226193726Z0!..
..A.O.;...........130918162142Z0!...a .....X..G.&.(..120920195501Z0!..
.....|..K..p.HA...131114172131Z0!...a<.N..\[k..||q...121113220113Z0
!...n.g.}=rt|.....P..130416151422Z0!.....o...uq...../...140516212339Z0
!...e..-'Y...9!......130320133514Z0!...N6..B....>.r.....13061016555
5Z0!...[[email protected]
6Z0!....=...,.....0b.*..140205010422Z0!....wE..^..LF....L..14091511031
3Z0!...CQ~...9......4F..130207225040Z0!...#..hmHZi.>.6..E..13071617
3410Z0!..!q...|@d8....Tt...140312180031Z0!..'x....Tg,...M.Sp..13111819
5156Z0!..*".....i...<R..>..130812193938Z0!.....kG&.....4...N..14
0218140428Z0!..0......SY..\.&Cp..140325141402Z0!..3&....Vjyxg..:....13
0308131012Z0!..4..`...... .......131107155859Z0!..4..!.5..<.._q.\e.
.121126224218Z0!..4...,6.]w.^T..R...141020180109Z0!..5.......q...o.AO.
.130419133226Z0!..9#.......n........121025210412Z0!..:._c...k.\..e....
.120723222250Z0!..;......Z<3.A04.:..140513212824Z0!..<Mw.f..O..6
,&.....130729223110Z0!..<.S..U..z...U.....130425024845Z0!..=..1..0/
..r. ..s..130424195525Z0!..>..nd...|.%.......130621101437Z0!..@<
[email protected]..:J.!........140314051541Z0!..D.
..-./Uc'1..=....130207213638Z0!..F<..Q-78.#..D.....130627163721
<<< skipped >>>


GET /images/b_groups.gif HTTP/1.1
Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: image/gif
Content-Length: 915
Connection: keep-alive
Last-Modified: Wed, 19 Sep 2007 08:45:17 GMT
ETag: "46f0e19d-393"
Expires: Wed, 31 Dec 2014 11:47:53 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d75518e0edf-EWR
GIF89a . [email protected]..... a...<@.....w........d...5%..O .
...g?.^^...&......PR.......l...b[.p.....Z...q# (vD<.........sK..j..
.....FJ.[ .55.....n.W..6'2.__....g..........._....M......|....&.......
.o.o.............GK.........A1G..Jtt...O...F5.;$._/.r...Q....'({......
.//.........<....B.../'Ogh....uH...>.W.T6.v..W.......././!L0.v.Z
[.9:.b4.oD..U.......,".......0........EF.KO.4(?._.}M.......!.......,..
.. . .....................R..>..>?Fi$$....-.-kFUh.?.#.#.Ty..E.@$
Y?.equu.9.J.``..mj.k...5<<556...y.A_.zyN.33.81V.5.u..-y`K.yI.LL(
(..W5u2..y..Qqa..;LhH...W....-.`LE./:.$,.c...2 ........1..Q....Pl<.
....%J..p.b...cz....$..T.$.2GG........F.(F.UhC....,B.(.....~x...%.!...
..a3P...7...!D..tQ.(...H.n*....1..:.........M.......;]J.. '.?...U..`H&
lt;.:..^h...82.Bt ...!..]......-w,. @....(..2pOl$.;..`..D-.6 j.....dP.
.A.e....k....1n,..@..#..|8....i..}..P.... ..(...K.8p..}l.C..@..!.*....
8pB......p.........O....8....<....;....


GET /images/b_store.gif HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: image/gif
Content-Length: 497
Connection: keep-alive
Last-Modified: Thu, 21 Apr 2011 11:50:34 GMT
ETag: "4db01a0a-1f1"
Expires: Wed, 31 Dec 2014 11:47:53 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d75c1910edf-EWR
GIF87a . .........0..D...SD.......{g .....Z....q...v2 ......y.....v..6
...lX.........[...uh<.x>..G>7...a..U...,.... . ....  .di.h..l
....Tt...[6....JC..... ..S>.O$..k..XC.W88. ..'.>.....-.,..... ..
.!...$..................o...g..fQ....n).=.]..............).J..........
..Q.).W......Y...`)^dgY......rL .....Pi.....?.....=.iR...]J.)......bp.
B......E...B...H...(.......B...5.zb..;..w~......Bv......8.g&.8. ....&l
t; 9Y.@J..<..p."...8.(....rH.i.0a......8.a.WL.<,R........zz.....
..J...]""8|...0`..2..#u...DB..;....


GET /images/b_help.gif HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: image/gif
Content-Length: 610
Connection: keep-alive
Last-Modified: Wed, 19 Sep 2007 08:41:28 GMT
ETag: "46f0e0b8-262"
Expires: Wed, 31 Dec 2014 11:47:53 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d75f1970edf-EWR
GIF89a . ....///...fff.........MMM......7K.w.....Yi....K].............
hw.......*?....JW.\\\...............{..VVV......:::...SSS_o.......Rc.p
~.DW...................aaa...}}}?R.2F......................<O....!.
....?.,.... . ......pH,....r.l:[email protected]..`D...e......PXp...pAK.O.
.Q(T.&).-...O..<*...;;n<..)..M..;&*..(...&. .0 K ....,..(.>.&
...J.(.)&........-..I2r>.&.......9. .3I.... .".7(!~......$%H8(&65..
.*.1.n...C.._..9H....Y..Y.p...{.l.X....Y.$R.x......$.....d9.......Q.^&
......g,[email protected]..`N)6.W hJY(B.[qb....BH4.3%..J.H`. Y..ZS x.a)..
'<.H....d."........<..`....=..@..........@..".f.X@"....S.^..u. .
;....


GET /images/tplayer.png HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: image/png
Content-Length: 2173
Connection: keep-alive
Last-Modified: Thu, 19 Jun 2008 16:31:31 GMT
ETag: "485a89e3-87d"
Expires: Wed, 31 Dec 2014 11:47:53 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d76519d0edf-EWR
.PNG........IHDR.......S........W....tIME...............pHYs.........B
.4.....gAMA......a.....IDATx..YkL.W......(.....iKAc..Z..E.....?. ..Fm.
F.........?>....m.Z...h.h...........(.......s........x....3s.{...w.
.h....H..B......v...w...^......D...).i.i...."33S......*q.....O.5.S3.C.
...../[email protected]..[.nU.o....Jv..%.~...u.PK.......p..}X...."..1.mmmq.@.
...K....V.~.z..b..1y.d...'jkk.^Iccc.nGnhh.. W.....1n.8.@",.....i..:::@
.X.x1V.^...^.?..YYY.....3gPVV&...............`..Ma.>./=,.....~....N
.8!...9"zzz..H...=[...Gtvv...4...".,.E...H..g.".. ''.....4...-..c.P^.&
D..$..~t.0.{.....k.<....l.........pk.W..{.. tuuI.e....P........t.".
}`.oww7...........Cy$...e.....>.lA...."04......W_.Q........~..--...
..UU.}...r..l..9q"J&M...T.-_...vP0..U.......hn..~.....(|.9\..W.x.:M...
./~.s'48....g....g.`[email protected]!&e@L................(>
on......9s..|.ny.......XG.B......u...V]....a==..]..v......B.%.*[email protected].
~O.<.r.--. ...w..A...]a.U.k .?u....4.Z;................ ...N..lA..;
..o.U].s]%.......I....._.VY..X$...XW.......B.......,.`B..%..0.Q.R....0
.....6!.6.6a..SO.C...d.;[email protected].'B...X...~..7..
..).....om.6'[email protected].&f....59...uH"fi.(.bx>..,..$...f..5e
.*`^..C;:%.....<..%...l[lh..I.t&#.@...\0..d......&...B4.....dA<.
.E...e...6....D.n....\mk....IIu.[h.n..v!p. .7......!I._.B'...9......v.
 ....h..j.Y.R.ZA.j..a....,....h.s`.Y...o.?...d......z)>..f..._.g...
...J..'d ..Q...6... .Hc:[email protected]
..!..S.L..%K\..;w....R.. .RVXX...R.O...=z.YD.U.V.>7.l..W...]...
<<< skipped >>>

GET /images/ttranslate.png HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:54 GMT
Content-Type: image/png
Content-Length: 2239
Connection: keep-alive
Last-Modified: Thu, 12 Mar 2009 12:18:04 GMT
ETag: "49b8fd7c-8bf"
Expires: Wed, 31 Dec 2014 11:47:54 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d76b1a00edf-EWR
.PNG........IHDR.......^.....9v......tIME.........o.....pHYs.........B
.4....^IDATx..ZklS.......;..!!%o.,.RZ...*%!Tt........IUi%.U..t....?J..
VjH.....JE..K..V...A.....4..Y%$..$1N....3b\?...v......w........S.NiH..
[email protected],.j2....|m.............?;m.Fm......7..{.
......~m..l..Z...Z.5.p2UQ..o/.LQ.{.........b._..h...~.3S......x),j&..|
.&.\...J..&...v.[..W.04..|..O.... ......Y.A1...w....].}......Z'.Z....&
lt;F.z.3.....A.jy1:.z.g.$f. Z^*..F..x.......QWW.E.....|2...`s,....jVH.
............y&..(..=>ty&C.].v...<X.! 0?.U..Q.....e..0..^.....pu%
>.M..... .....8B.....5...].=...................n.k.~.r.........$~de
;.xY5>.....w..\M9.K.5..m.h,q..Leo....i.....f...=~...~.O....i.7.....
..kN............wz.qvl......V.`*......Y..}..<.o..PL.67.b..?D...p...
.-...v.......z/..a..c.>.....A7.Ts.*.G..m....... .........Ug..y.x...
..8`.n>.?.........U .P6..\....s`J.?......h..gj0._......v.l..x.6..;.
)C.....z..P%&;F....E.%6...!......o`...rP....<.f..1..s.5|...N.....x.
../t'.0......c*.....'....fP.Y....I..t...a..#...1..P_...sh...S.. $$....
`....'G...(. 8.@.;..t.&[.w|3c.F.ch.n@g...:....gA..v.O...,.2.a..V..i.K.
J......E.....*,P.`..x..b,.(.9Kt..P....n..l/.W.....`.sYJ&..`.M.......2.
.*.%Yx....:...?>...........{7....r~.=.....G......f<.....^/^..6..
. p..e...W.y....-[[email protected],5.......rM....qm....:...w....3F_
}.....V..SSS. `z._w........>...".E. .w..jkk.......WY.Vd}...$ .H=$L.
..K..T$..hU.....T.q.F.....c...q.&.IG29.a..}...........#....(....C..(..
Sl..$.TW.M666..5L.|........p.c...rO!.!. ....u....J.YD0...I...777.{
<<< skipped >>>

GET /images/tsmilies.png HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:54 GMT
Content-Type: image/png
Content-Length: 1478
Connection: keep-alive
Last-Modified: Thu, 17 Apr 2008 11:12:48 GMT
ETag: "480730b0-5c6"
Expires: Wed, 31 Dec 2014 11:47:54 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d76e1a40edf-EWR
.PNG........IHDR.......".....E..3....tIME......0.(N ....pHYs.........B
.4....eIDATx..W{lSU...{{..-].vsl..."...e.#...t..&H .....c.#.#".l.#&`."
0..d".-F.0&..0........t.c..n?..v....._.K.......q~.T(--%.A.. .....j2.n.
l......|..cl.P..hB..(..b....*..&.........~.$..N'.......G.......v.Kx,&l
t;..j$EEE...'K..4.".....8f..I.....r...F..B...e.....j1.1.innN.q..`@EY.~
G...3..<.Cv;.#k..y...T.7....#{.(|-.z.0....3E.<.(.........0v....-
......f.PUjBs.d.5....Qz8...F........'!.O2..Ay9p.Rhb5cz[.PS...g\.(.....
...d...4..h.@[email protected]... ..U...%.Cs5.b.......5%....)..`...
.Q.JC..V0n...B`.r...pF:C......).C.1.....a"...B.,.|...TZ`L. k.<.....
v.m...Z\.......$.....Z....}.....`X.E.3..A#...D..o..0....p,.F...#....6.
_jJ.mD.%Dy.... :..H%.'[email protected]:.n3..B=e
;d*\......4...^.W3c"[email protected].>zS..A.I...p...F..-(...W.O..z.R....d.
.v.m."g.p..8.MV.t...x?^~....a{j.4....E.W$!......`$>A..x*.W.t.......
P}>....-..6....M.Vl.D..J....:t.aj...".....>..$.f.....L.-.....|..
.3Xo <.......U... ]..H...yZ....o.e....5X[..U.;`5...)#{..Y.$.Z.....%
/.|...>.iV`,...L....S..M.........g..#HqB.:A. j.tw.p.b'v.y..sL.S...6
.0.].&.0....A...vG.Th...(I...v J...P..S p.?{..J........iN.........c^(~
.o.....}....z".....bGi.:.}hlRp..>...>.8.x.I.L.qr...i............
v.1=K.......s^.....pFD....b.ff.o...).9........i...................b.M.
...Uw.J.L/. .i.........:.....!....,...]......p....#..........S..ua.3..
...u...e...px.E..m..........Q#.......o.`.r...k....v.)q.../....y.....{H
)......H....|..... ...._\...^.......IEND.B`...
<<< skipped >>>


GET /afu.php?zoneid=33507 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: onclickads.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Mon, 01 Dec 2014 11:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAGEObec95=1|CA|QC|MONTREAL|H3C 2N5|45.4971|-73.5548|-1|514/438|BROADBAND|IWEB TECHNOLOGIES INC.|HOSTING; expires=Tue, 02-Dec-2014 11:47:49 GMT; path=/
Set-Cookie: ppucnt=1; expires=Tue, 02-Dec-2014 11:47:49 GMT; path=/
Set-Cookie: OAID=55c89d1422de8bdd357220ddc71ac57c; expires=Tue, 01-Dec-2015 11:47:49 GMT; path=/
Set-Cookie: _OACCAP[55866]=1; expires=Tue, 01-Dec-2015 11:47:49 GMT; path=/
Set-Cookie: _OASCCAP[55866]=1; path=/
Set-Cookie: _OACBLOCK[55866]=1417434469; expires=Wed, 31-Dec-2014 11:47:49 GMT; path=/
Content-Encoding: gzip
ba..............K..0....4,dU.V....pe..."m....DO..#...$_f.....Yi..,H..&
low..$....%H....<)Zt9...t ......i.K.t.HN....5.R...i.VZj.JZ.N.......
..SZ..F.^$..:..D.......m.Q.g)m.Y)F~.U0.....?^..e5......0..



GET /friendconnect/script/friendconnect.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Mon, 01 Dec 2014 11:52:05 GMT
Last-Modified: Mon, 01 Dec 2014 11:42:05 GMT
Content-Type: text/javascript; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 01 Dec 2014 11:47:05 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 28395
Age: 47
Cache-Control: public, max-age=300
Alternate-Protocol: 80:quic,p=0.02
............i[.9...._az....16G...%.$d...2....Q....q.H..o.:$..0Ifg..g..
..R.*I..R.t....M.7...Q....w....S............8.&.q....,.Bf...{Y..zq1M..
..F...j....?...........X..k.i4N&A,..9WI4.B..x^.&....{.<Y.L.g...LfQ.
j..k..^.5../..]\&..N..4.[[email protected]].i......i9B$
..ZS.$'Q7....d.n...W.. %. .I4._?..X2.u1..Z.>.Z..N .H/.qw...^..?....
..;.n$.W....Q<.U`......n.......M}.(.a...JOc......g14...3....!?9....
....&.Y..Z...x.7..b..>`.*..4t...CXXs3me........ .&__i....aLk.O..M..
..4....&.................D.`.v.^..IT.R....S...9n..(..2.*z.....t....(Y.
.....x2..[.Y..G............;tn......J<..7V9..Er|3.0..8.....s..*._EK
..2.:.&..e{..<....@f....?..Cf.A].w...a..R^.X......e./.p.\.p.'.,..h.
....0.`............r.m.ww..a4....Wwng....2.........ukW...zkiy..2.Qy[K.
...4....kXKf.....`|./.\.U5...'l........Fg..1g.Q.c..bC..\...,...6......
.6.....s;.8..1.."<S.....Y.e.0.......[..?M.n<K...x.*. .R......%@.
....P.i....9.C....90...l..xl[..8SH..H.`....(.....^..n.&...}1;.....C!..
c..j....g......K.....K..G7..j.X...U.T...c9......}.....2.\f..N.....b...
....&.[..g.y......A.d.Kn.N.F...u..b.Z.).O.................jp]#."...\c.
QG...-.6.v<..KZ...K.hv....7D......i.....^.=.L2.Bo...hg...V....cl.1.
...8.G..&.Cw.^..l.......3Fy....9..0..|2K...5.1..".4/)x<.8...9...] O
im...K=7..z...#..F.h....U..xO.l.........9.....C..m].g...<...g..d
ee.R....v4....hD....h.......{...{..Mn*8..g3(c.hL.V.y.k.M.k....U...U...
[email protected].......!pn.0`..p..x<......X.tk]....X.{y.LWV&8..
r.........G.g.....>.....x.;...a5.`b.TLA.........7...1..0.X.r..B
<<< skipped >>>


GET /get/flashplayer/update/current/install/install_all_win_cab_ax_sgn.z HTTP/1.1
User-Agent: Flash Player Seed/3.0
Host: fpdownload.macromedia.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 21 Nov 2014 12:07:26 GMT
ETag: "108918e-5085d49c23b80"
Accept-Ranges: bytes
Content-Length: 17338766
Content-Encoding: x-compress
Date: Mon, 01 Dec 2014 11:47:58 GMT
Connection: keep-alive
0.......*.H...........w0....q...1.0... ......0.......*.H..............
....MZ......................@.........................................
......!..L.!This program cannot be run in DOS mode....$.......]e.G..m.
..m...m..|....m.>.....m.>.....m...l...m..|.. .m..|....m..|....m.
.V....m.......m..|....m.Rich..m.........................PE..L.....mT..
........................................@.............................
..........@..........................................P...3...........n
..................................................@...............4...
.........................text...z........................... ..`.rdata
..hi.......j..................@[email protected]....>.......$...............
[email protected]..................@[email protected]...".......$...J.
[email protected].....................................................
......................................................................
......................................................................
......................................................................
...........................................................u..V.t$..D6
.......P..u..Y.p..@...@.......^.... ..`......L$......I..H.....t.......
...t..@. A..3......t..I..DH..3..VW.|$...................;.~.2.. .B....
....LA..G....DB...NHHf..IIf;.u...u..._^...V.t$...W............w...;.~.
2..0.j....J. ........LA..F..DB...O@@f..AAf;.u...u..._^......L$.V......
....%...;.^[email protected][email protected]. [email protected]......
.F.Y...TB.......ABBOu._^.....[.....u...P..I.SVW3..tH.2.....vI...f.
<<< skipped >>>


GET /script/pop_packcpm.php?k=547511d4e15672671828.4120043&h=6f3af813683bda0ded5cfd60c1f29518e0ffdd78&id=0&ban=2671828&r=162025&ref=&data=&subid=&dx===Qj&pkr===ggLfohLf4j&psr==YYmHe4hGmZw&scr==UYhFK4gOm5h HTTP/1.1
Accept: */*
Referer: hXXp://atelier802.com/adcash.php
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.adcash.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Date: Mon, 01 Dec 2014 11:47:52 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Transfer-Encoding: chunked
X-ADCID: TNC0.00042,0.00207,9.53674,4.05311
Connection: keep-alive
X-Robots-Tag: noindex
120............U.MO.0....WD9L...&..5E.B..!....M.&./......d...d.......L
J...J.... ..UI.qw....G.....f.@..|..y...d.fI....:n.....O(:..0...oIF..=^
jl{@.wA....x.Q.....$. .j.e/.Q..2.p.A.L.....f..L...e..iM..S......-!)...
....C..&y.`l"...a...F..cu.....=... ..N2....`.......I...Q..L~B....v..-]
....k<_.d......8....<.......0......


GET /script/pop_packcpm.php?k=547513a7ab7c7902334.1583170&h=05b735714f42cb5da4c67aa7d8d7c99a577a51d6&id=0&ban=902334&r=162025&ref=&data=&subid=&dx===wg&pkr===AjFnIiFnYg&psr==g4lJmYiIe5z&scr==84iJm4iJeJi HTTP/1.1


Accept: */*
Referer: hXXp://atelier802.com/adcash.php
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.adcash.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Date: Mon, 01 Dec 2014 11:47:53 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Transfer-Encoding: chunked
X-ADCID: TNC0.00045,0.00358,9.53674,5.00679
Connection: keep-alive
X-Robots-Tag: noindex
102............U..N.0....),.Ps.K*.D~.B..!.(<.kob#...mC.xw....vg..f.
.L*..i*.\6.j4.T.x.w../o.i..z_..k..w|-..H......tC.<X..."...ub..YI. 6
..{l.8.'.Z.y......t.D...%...@w....,...c......j.............y.o..)U...1
.}....\..yd.:..%.....A.)V....D....p.[0..B%..GU^,.YqI..bci....8...V.YS.
....0......


GET /script/pop_packcpm.php?k=54751305f04f52749871.4174527&h=b8e5f1c7c892ac144346de651cb9a1edd2c3a996&id=0&ban=2749871&r=162025&ref=&data=&subid=&dx===wc&pkr===Af1kHe1kXc&psr==g3Z5lXe4d2P&scr===gfx5Hc5dGe HTTP/1.1


Accept: */*
Referer: hXXp://atelier802.com/adcash.php
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.adcash.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Date: Mon, 01 Dec 2014 11:47:53 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Transfer-Encoding: chunked
X-ADCID: TNC0.00036,0.00430,9.53674,5.96046
Connection: keep-alive
X-Robots-Tag: noindex
109............U..N.0.E.. ,/P. ).`A..P...PEa..=...%gBT..N.tQVs.Y.9.M&.
!g....eAH.."?....a......[....Q~..J...X.i.^.>..<...a.@V..........
5l..>..1.59.....9..O..{.dN..l..Ay6....f.o:.....a{4..2..$.>K..T0.
.(..y...."f*...#....)..V.5.{[email protected]..:..<.'....kH#..Jl..K....jS...
.G.....8.....sg.....0......


GET /script/pop_packcpm.php?k=547514058ef2a2671829.4120043&h=a20f551b3316025afd96efc71aab3078dc8747dd&id=0&ban=2671829&r=162025&ref=&data=&subid=&dx===A8&pkr===w/2q/+2qv8&psr==sP56rv+7TOv&scr==kP+z7f+zTu+ HTTP/1.1


Accept: */*
Referer: hXXp://atelier802.com/adcash.php
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.adcash.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Date: Mon, 01 Dec 2014 11:47:53 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Transfer-Encoding: chunked
X-ADCID: TNC0.00045,0.00178,9.53674,5.96046
Connection: keep-alive
X-Robots-Tag: noindex
[email protected],9.....=.$RD."".z...&.v..;.R..n..PO3......2.
...*s..)s..x..s.<~<.o...m..Z?....a..t...%.(Mccj.7.....g..e}....7
.c..=^.ms ....w..."!h....(...Zp..<.....N0D..z.x.|[email protected]..,
[email protected].%......G]..{...A..V2...8`.........y
#{].`...~:0V..eS\.e..6./s:.....8..r.........0..



GET /plugins/likebox.php?href=hXXps://VVV.facebook.com/hackernomice?fref=ts&width=400&colorscheme=light&show_faces=true&border_color=#fff&stream=false&header=false&height=250 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: facebook.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Location: hXXps://facebook.com/plugins/likebox.php?href=https://VVV.facebook.com/hackernomice?fref=ts&width=400&colorscheme=light&show_faces=true&border_color=#fff&stream=false&header=false&height=250
X-UA-Compatible: IE=edge,chrome=1
Content-Type: text/html; charset=utf-8
X-FB-Debug: y7uTEbeqGNaASZmr8UxtIFxZTF btO60N DkFIWTWLdulQPXaRKkSbRck1f0aO6CnHVXLyaJreXX/gIlqTgtFA==
Date: Mon, 01 Dec 2014 11:47:52 GMT
Connection: keep-alive
Content-Length: 0



GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.transformicehackers.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Mon, 01 Dec 2014 11:47:48 GMT
Date: Mon, 01 Dec 2014 11:47:48 GMT
Cache-Control: private, max-age=0
Last-Modified: Mon, 01 Dec 2014 07:29:23 GMT
ETag: "f1ab25c9-9be8-4a51-a6e8-b6719cd776d8"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 14556
Server: GSE
Alternate-Protocol: 80:quic,p=0.02,80:quic,p=0.02
...........}.v.......f&jr...U...K..VbY..N..[.......L_(...[f.y.......y.
W..T...n^$..${ .D...P.*[email protected]..;'._v. ..........).J?UwJ...].......\..q
.YFP*u^dXf...f.tyyY...]._:9*]a-e,.>.|*S4.3....5bZ^[..OcWC....lU....
Y..jvS`}....h..RE......u#P...^h......wo..........y|(.....)..]c.a..A[.m
..4...k...ok.._=#...M..r........Xc....^...F6.......zo}.....e...V..o...
J......FA...1l...._tDP...8....s.a..j...i,........t..\V.5.OP.P......'P.
80-f.....}z.WX..C...[h...../[email protected]_8..........9.w...e6...1
..u.9v...c......e........L..%.~..E;s.....2.J...>23.s7....A...%?A.v.
..f...`[.=v-........u.%......"8..".S...o.oD.|..zYY..6r.w}...q|........
......R.1...<0..A..V....6.........v.`.....G.....;.X]..v*.({.k!...O.
Y.l........ ..d.,"S..;.5...r...b......E...>G.P..A{.......:.l..l....
....A...Nj.m..&R...{v...aI8 ~^.S.Y&.......... r.[$5o..V.ozoWW.w..-....
.....^6J...#..'P..*!...t.3.&.N...........r4d.6......."Ua..J......"..R.
. 9...I...(h.,8B...CwI....X...9..S.%o.."f...@._r..9wc..?nG.'..u9.l.5.S
..f.....f..1R\A..^.......G.V,.C.`........,..<?8&......-r..........z
2..RF.2.a.Q9... ......`.(;.ZaD....N%.....x...P..;>..e..7....$..q.z.
.Kc....~...5.V(].(.........ep{R..g..Md.6...LK$.%...1L..g.6d.$.a.d ....
.f$N.e:,...F...%S.xh.....<._..................C&...9... .V....zcc.\
...Oy.n..#.Xf....=-H...-..Te.[[email protected];...Qgm.*......,.
.y.[&..........G...... [email protected]."?.N..0.&.....0.e
G..............C.n..... ...\.A/Y....U.......m.....<~.]2]#.......Z..
.-K.o..P.-.. .).....aj7..6...w.}T.;....g=n.".ÊUHE...[..X...w....
<<< skipped >>>

GET / HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 01 Dec 2014 07:29:23 GMT; length=56673
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.transformicehackers.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Expires: Mon, 01 Dec 2014 11:47:50 GMT
Date: Mon, 01 Dec 2014 11:47:50 GMT
Cache-Control: private, max-age=0
ETag: "f1ab25c9-9be8-4a51-a6e8-b6719cd776d8"
Server: GSE
Alternate-Protocol: 80:quic,p=0.02,80:quic,p=0.02



GET /2db7wn4.jpg HTTP/1.1
Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i43.tinypic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Type: image/jpeg
Date: Mon, 01 Dec 2014 11:47:53 GMT
Etag: "52141-4e6d72acd726f"
Expires: Mon, 01 Dec 2014 17:47:53 GMT
Last-Modified: Fri, 20 Sep 2013 21:15:17 GMT
Server: ECS (ewr/158B)
Via: 1.1 varnish
X-Cache: HIT
X-Varnish: 770656004
X-Varnish-Server: den2tpv65
Content-Length: 336193
......JFIF.....H.H.....2Exif..MM.*...................1.........V.2....
.....b.i.........v...........J........................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /img/icon18_wrench_allbkg.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img1.blogblog.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 26 Nov 2014 05:07:50 GMT
Date: Wed, 26 Nov 2014 18:31:23 GMT
Expires: Wed, 03 Dec 2014 18:31:23 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 475
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 407789
Alternate-Protocol: 80:quic,p=0.02
.PNG........IHDR.............a.~e....PLTE...... J.4e.............u..l.
.e..c{................................................................
.........Y}.T|....`v.`w...............................................
..............[q.............Eq....__^[email protected]
^[email protected](33.Cf....qR......"..@....*.v&.g...X.="6.Xz.$/".3.;.R\...
.Mb.((...J...R...pK.OY.0...Q......q.r3..r.v...b...j ..h.r....<._...
l.}lY........o%....b..d,l/. .........N...ig.K.....IEND.B`...



GET /9i3REYS.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 07 Sep 2014 02:58:37 GMT
ETag: "60779c8e659e53e112f0b1c33627b3c2"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 203
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:51 GMT
Age: 2193296
Connection: keep-alive
X-Served-By: cache-iad2120-IAD, cache-ord1734-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 50, 2343
X-Timer: S1417434471.098282,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR............./..8....sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.09/06/14.X.7....tEXtSoftware.Adobe Fireworks CS6
.......#IDAT8.c...?.....M.5t..QCG..5t..Al(.wh.)........IEND.B`.
....


GET /nZ0jgYX.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 07 Sep 2014 02:38:37 GMT
ETag: "5f1b328d6a7c02f94f779351d769d101"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 267
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:51 GMT
Age: 2202238
Connection: keep-alive
X-Served-By: cache-iad2146-IAD, cache-ord1734-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
X-Timer: S1417434471.167748,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR.......I......b......sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.09/06/14.X.7....tEXtSoftware.Adobe Fireworks CS6
.......cIDATx...... ...(...).n. H.A.../[email protected]
..A..A..A..A..A..A..A..A..A.....o....W......,....IEND.B`.....


GET /ZSI3Tki.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Fri, 28 Nov 2014 17:14:40 GMT
ETag: "e76bfd5f937ca3dc2b9ccd7175e0d12a"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 14273
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:51 GMT
Age: 239585
Connection: keep-alive
X-Served-By: cache-iad2128-IAD, cache-ord1734-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 1, 2
X-Timer: S1417434471.333807,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR...F.................sRGB.........gAMA......a.....pHYs
..........o.d..7VIDATx^..u|........... ).c....f.....c.......;hED...;..
...".`'......v.^PAA....q{.^.....oJ....B...In%lr.a.W.....FB....H.!F(...
b..H.!F(...b..H.!F(...b..H.!F(...b..H.!F(...b..H.!F(...b..H.....Gh...0
.B.)L..V.0.B.AL..V.0.B.AL..V.0.B.AL..V.0.Bn.*Xh..cT........._s X.(R..!
..A..#Ha$...5a.<=....1....89:........"c.)ox...L...{0.......rC..F ..
.Z.Za....kx....z,...J.<.#!._C......F.U..BQ..."4.).....Y.9....v9.z.|
...`......F..a.[&....7......\/.....iJ.DA..*./..7......j.......-..#..p_
...F..H....#h..%[email protected]...^..x........`....J.
.X.'Oo.....m.C..!|4.G...[...7,5..X........E..V9|Y!..>:<r......Rf
..d. .)._V.&)J..S..Oy...q...R=.........t4b$......U..6.|.ZU......D.Uj..
u.`..BKu....M...H...........ev)...F.G?.Ez!,..a.Z..........<..B.....
r.L..3m.$u.,s !.J1..Y.(T./.O..k.....*r...~@...#ba.F..........R0*G.....
/M..2uh....r.1 9..S.......j4O.A..{_%....F...!7.0.|D.4...'...p%..,.Q.x.
.. 6#../.y.ct^......0jja...MA-..Q.6S...|.K...m....m....`.........0....
.D..n....c.......l.yW..^/...?............u......&9...Ga$...>...[...
.].X6..BSU.,T.`..C..D..|.gY.....v~|^\W._..."X.sa.W.);.f...VV....EV..Y6
....._......<... ......OD..C.. ...X..{....o...$r..)n.:.&V...~b...=.
{XP[....^....rC..h...-...8.).T...,..>...[,H......)..9.U...Sv..ulD..
.0.8..`.......R..p. ..=wvQ...{.j..l...`..E..&...>....3.iF..>....
..NP.0....Ue......w.....uK`..2..8.#!...0....mi....d. e.d.b....... %..n
[email protected].>&.V.U0..0.T.R..c.c...1.T.x..Y.V..`.T.........D
<<< skipped >>>

GET /VFZJ3Hh.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 07 Sep 2014 03:50:30 GMT
ETag: "3f4d717b02c85d3690c7a1600834c71d"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 961
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:51 GMT
Age: 7153353
Connection: keep-alive
X-Served-By: cache-iad2133-IAD, cache-ord1734-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
X-Timer: S1417434471.420595,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR......."....._.;.....sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6
........IDATx...1h.Q.............:....vJ1Th..e.R..v.`R....t.&WA..L....
s.....KC.2y[..t...@ S..<..j...;..t.w..A.......{Q.!...{...(D....p...
n."..BD.Q..7...F!".(D.h.I$...=..........."...Uta....K].#17.....jZE....
.....:.".p...l.Z6.r... w......ay..v..[...Ut.|..z..]'...=a...K....B2...
...`..$..R.....u.@.{;....".....]1,...z./C.............M...V.N..H".x..j
.]...`.]..e$f..$3l.yv....i.`..0...l...%,o.!1;.....|...9....HW ..(Wk...
.\....W.n9k%...M..M..?.....0.d.....H/.....$3P....1.x.1.c.*~...........
.]C.D.<~.p......."0...ws^.......Su...%|.........g........$b\..e....
..5q.m....P'F.^.}:.?.~..f..m.......!x...^...l....C.Us.k.L7..c.j......3
.q..............F.!v.y..W..BX5.H/....^@!B.'..[...b.....E.mp.x.=6h.....
^....o..9.....y.?.%..'...o76...]Xk.0.....E......~.~=...s"...F{"..BD.Q.
.7...F!".(D....p...n.".m..A..@<.:.....BU.........IEND.B`....
.


GET /HpH8fyK.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 07 Sep 2014 03:50:29 GMT
ETag: "3885fbd4bf799132e48ede0a2c53a420"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 717
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:51 GMT
Age: 2022696
Connection: keep-alive
X-Served-By: cache-iad2131-IAD, cache-ord1734-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 1042, 1
X-Timer: S1417434471.504360,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR......."....._.;.....sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6
.......%IDATx...1h.a....R88H..s.p.1..b'........(q....S..g!...p".&[p...
T..[.....P..:.!\L..%.Uc...t..........<yu."...^.-?FDb......1".cD$..H
....#"1Ft.n...T.^.R(ED..{h...=.Y[.m*.Q.G.[T..^..`..g..... ...4s..b....
..B)"...*.T.A.OE.~.O.....kS...Ajn........i...RFt.....>.........U8..
.......S...0t...#...0...{.65g...V}...kp.{3_.EP.....#..knc.....G.UG..@.
.C............F.U..F..bc.e.U..?a.Zj.R.<....9...m*.1....9......W...a
.*. ..7.I..s.uV.E..r$..KU.=.\_.T...Q. ...b.;.3.....9wg..(......1......
S..I.ao..........V.G..d.N.....1"........1".cD$..H....#"1FDb...V.~Y..h.
.IDb..b..F<..Q....IEND.B`.....


GET /v5pV86z.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 07 Sep 2014 03:15:11 GMT
ETag: "a9d903784844f5a5f299884c5cce94cc"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 204556
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:51 GMT
Age: 7154129
Connection: keep-alive
X-Served-By: cache-iad2124-IAD, cache-ord1734-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 1, 4
X-Timer: S1417434471.543768,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR................)....sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6
...... .IDATx....v.....m.SDH.L.g........_._...]]u..<x.LI1..v..i.dHi
;}l..y).A..)...........W.A...)...].....p.}.....cW.y&.w......&...W.>
W..<.~.Z.........$........G...3.....u....Q.H|c.oH.....s......k.KW..
....5...){...QUUUUU...)...Q....:U.[....>[email protected].../.}
...*..W...\UUUUU....7h..~.zT......X.......fq....?.w2R.{.N6tZg....k..V.
.b}.. .....UUUUUU.W.vh~.JT}w].c^$x..L..6.N.w.9~W}... i...ZN...$.J.M...
.......0..#............*$........*......Y .k..1..]....A.v .Z9.]...k...
>.dB0..x.............L...D...(B....}.A......~Y...3Q..k..$.^s...Q.Pk
.c$(........./O....g?.....,s...^.J.....\Z..|...;X..'h&.,=.|..\UUUUU..*
$....`..z..)R.......q.....\@..8E..a0.}....y=.......!.h.pv..vplm^..Q..(
Md... .ye...1.^[.W]3........B.OL....b.;...kvZ...@Y/@[email protected]..!...B.
..I~.].-\P......&...P....R....[f03.eXf.......,.X..#f.G...\UUUUU%U!.'..
.8yE8_X.....!....k..).3.......v..C..O.Ez[..._.....9\...h.M.Fk.R>-C.
..@1......].9.r.$.....:.....UUUUU.\UH..u..%..h!J...H....@....?........
....~K.|...b.....9L.&................,..\..}..m[1....U..O(..Vh........
.^..6.P."........Qa..........?....)...N.s...z.."....../....\/.9E...5..
W|s.D..... .O8<xc7.@.\..}...?b.].e...k.......y..`[email protected]....
...@[email protected][|..5....}^UUUUU.SU........cK0..G($..np?e..W ....
[email protected].%@. ..B.GX$N..c.....e_\........B...u.-. .......-j..a.1s......
....x......my.8...t.a...i....r.iRJ..X..!e.r,.m_UUUUU.......%......
<<< skipped >>>

GET /lDm25Zf.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 07 Sep 2014 03:56:57 GMT
ETag: "0fcbf66eed6c315cad5a90fe9bd408cb"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 66029
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:53 GMT
Age: 2022668
Connection: keep-alive
X-Served-By: cache-iad2125-IAD, cache-ord1734-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
X-Timer: S1417434473.198580,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR.......v......E......sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6
...... .IDATx...y...y..;..>==.H.e. .B .`.fq.,!..6.qB.^...I.......,.
9~!7N.....x...^.,.....#[email protected]...........==...~...tW...s....|.;..>
;......................@HHHHHHHHHHHHHH.....!$$$$$$$$$$$$$$dF.F........
............BBBBBBBBBBBBBBBfDhD.......................!!!!!!!!!!.6.7..
Ug.../...r.r.z\..m.....np..o..%w......a........a.$....#7q..e..g....C.p
...M..#....M..m..F?..^....i.NR<x.g..#.-.M.)%.D.x4..........=I..*.H.
..1V...."..d^..7.#i..Ja.c.TN.J...../...j.F..S..(B.|.x. .v..,.B.....X..
...i$.=CeF.UN[.F"bP.%B.hB \Y..hn.....B....k...p.E.'.M.......l.h.'...}.
LF..U.V.^Rj....R),..V.T .R:I.5.T..B....Q.m..UreI.......I...$T-....%...
....Y.1.....=\B.0.#.p..e........]...m.Q.Xz....,. W..%.R...[5.7.X6H..w.
&....... [email protected]@..1.@yexg..}`........_$.j....6i.....
.!!!!!!!!!!..mp..=...7>K........)%mmm.X.u..-.>...W........PJ...J
$hoK....._.R.[:..T6HWK......I....l.R.T..&*..=..!.....3;6sRo.[).f.....M
2fp..4 z.Tm. [email protected]&..D.Qyz]P...N.?./S..).q...W...
. ..h..b.(6.S. .^!J)TPQ.*..$uy#..I.R:.m.....r...U..r....V.r..v.@......
....~.6.5....*...el..&.Gt,.v.-.qo.M..x..8.....@..{Gy.`.jM.7.B8..g@....
{..t%g.:R.i.v.-c ...<.!..m..Z.H.......b=c.p..#H[.......=..G:B.N.u..
0!;:......;....l3..'...G.0.R....C....i2xm...!!!!!!!!!!.......Q~...`.hb
:.aj.R.b1...n........{.BV.]....._.j.J.B..:.U.....#?]P.T.WL.r.T.PR./...
...]AJg..U..Z.i.H..X..0...?.S/.`yw......|> .X.JM......6.w&0u.b.
<<< skipped >>>


GET /pub/shockwave/cabs/flash/swflash.cab HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: fpdownload2.macromedia.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 21 Nov 2014 12:03:56 GMT
ETag: "1ef52-5085d3d3de300"
Accept-Ranges: bytes
Content-Length: 126802
Content-Type: application/vnd.ms-cab-compressed
Date: Mon, 01 Dec 2014 11:47:54 GMT
Connection: keep-alive
MSCF............D...............g.....................................
........sE.. .swflash64.inf...........sE.. .FP_AX_CAB_INSTALLER64.exe.
.5w..:..[...(.@..."S`$..o...\s.....2.0hH.$B9.VS.Z..P.....v.^RL......ml
....=.{.g.ml.......E....tp.s..7 :..........{l{F....=.......g.T..fhX...
.e.{{.....z..........&......`..........V.b..l..VY...2.A [."#m...m.<
(J.o...1..,.%..... 3.EDPV`.....y.......e.....R.*..F.:...$.;...........
.M@.!..F..=....{X..P.M.S%..I..UQK.VZ..{............J=G.O...rz...Fj..d.
.:M>......"}..BQ)....V.N6.vJ.W..e.....$6..ZWM.d.EM....l....$.}.Q=.'
.zSK...sZ6..fSvI.?.....UM_.Pw.O]...}.....Q.S.U.}w..B=.......(..;.Vg...
..#...5.{F......W..D......l.>..R........#\.v.|.6.&....=..?z.J.w.z..
c..}d.8........=}dC.?.....i. ...g.#A..i....b,..fgQD.y#R.h1...q.X....""
.....o]%?....D_..M.I.r.!4B(3-KO.G..P a..2t.kS.h........c.r....B.w.NOg.
?.*k.;.....Ca.A...$...d......2...1.s..r..!go. .M.U..N....... ...%.b\..
3...iR...zJ`..-...-?....?p....u=.(.C....0V...F..Fm.9...-..*R......i...
.........Y.i."Q...(.4..,-...Y3iO<q...1.j.P.A....@...@$.-..O."B..J..
...5....Y...&6.......Q..s....D'..0K..._.....CI.......a.]~.$WY......Kz~
.(.LL..P...A...gK..h.....kD.....r.. .W..S....=..2.kh:h....-}[...\.T.t.
...T...O.o.......[)Yt.e...G.. .....*6....Tx<j....].....e....`.c...o
@(.y.`D..}&.?%.On.Pe.=u............l.D....~*....V.......D3..xBV.?V...b
.ZV.......B.....z...\6....y.:....J...UP......Qo.}....N.Z.&B.lU........
f.....#.l....4...-..(..<.....Aq..7.JC*....]...._..Jj..=u...TPSS...'
. 6..7D..?1.e..7.......c.k./..o...#-.;?p.....1.KNM.x.T.O.j.T..Y.b.
<<< skipped >>>


GET /-1CPlBGY2nWQ/U6oUCeEP2KI/AAAAAAAAAXY/dRC6jr8YqFE/s1600/Sem+título-1.fw.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 1.bp.blogspot.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v176"
Expires: Mon, 01 Dec 2014 16:23:38 GMT
Content-Disposition: inline;filename="Sem t..tulo-1.fw.png"
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 01 Dec 2014 11:47:51 GMT
Server: fife
Content-Length: 103628
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 0
Alternate-Protocol: 80:quic,p=0.02
.PNG........IHDR...2...H.....u.y.....sBIT....|.d.....pHYs...........S.
....tEXtSoftware.Adobe Fireworks CS6.......tprVWx..VQr.6..d.....'.....
.....".B...Og......].'...>...fF.W...<[email protected]...._..>g./.8\..2
...mw..K.]:\.%..q..~..q@..}?......,..~.......:\..e=.........zH|w]&....
.@ .....@ [email protected]/...Q........"..WUhV.V.Z.0........%j.h..d.o.&
g.v..|.. .6.....#Z..z.aU..T2fZ..f.........f.../..Ey.#y./.<.:/V.Z...
.....|.m.R..E.tW....V.l.&........g..4$..E.zM. ..n.3....%Q.0..&.XW.5..Q
]...........,r..\.dL2..e2u[..i..}...u.&F..U...o..l..q,...N.......,....
....D#...o.\...&E8!......4.qW..I..7$..["......K.59a..&.....!.C.x....).
1..Y..[.ml..N5j...vf...`.J............>...u\.SJ.LZ.....G.M.l'.q.Yz!
...\.Zs$...q..u..9.......Ry...m..&&..sG..W...G.....).....0.4D..H.h. .v
$.a;3.ei..............|6G.S....:&..x......E......-...6...l7\.c ....n.m
.::.....6.}M.N.....5W....}.d...{...v....2.O...X...g.........~.?Dv.. ..
,.w..7...J......#)G.l...rn.n6....m..Z<g4D...a.!F..\......kc..?.....
..._Xq.h....V..<...[.1.7.|v...2.".o....ck:....7..BZ..gO.K..%.......
U...-..dk..fi.f..]....Q...]}.....^.....DU.g...*..X......n5=..V.)4.~E1D
.3*E*........#..y..\3V..7...).wY..)..j`..S...3O.Ir..h"Jk.......'......
.... o....z.....5t4..ky..|Xv..D.o......@ .....@ .....@ ............O..
./..........c.....-.......HmkBF.......................................
.................................)[email protected]..}.s.F.>&3.-....n...
j.W..xp'.H.....8.e.yq.......de<,..S..O.....s...f.. ...X..D......\..
8|.....{......NgF...$.._..3W..C.2...N0..7.x}..f......`V3........F.
<<< skipped >>>


GET /plugins/follow?href=https://VVV.facebook.com/mpboato& HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.facebook.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Location: hXXps://VVV.facebook.com/plugins/follow?href=https://VVV.facebook.com/mpboato&
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge,chrome=1
Content-Type: text/html; charset=utf-8
X-FB-Debug: W2jCBgvU 5Uy8UPzySQ0cYOBbjxUzLsu2/LFUj/KPdkMU1MyWd9aCOugv3wnwnOTRij7Laq2Niz5JxXcc9w5Uw==
Date: Mon, 01 Dec 2014 11:47:52 GMT
Connection: keep-alive
Content-Length: 0



GET /ajax/v3/WidgetV3.ashx?siteData=ueOIGRSKkd965FeEGM5JtQ**&ctf=True&ui=true&settings=Manual&from=pt HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.microsofttranslator.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/x-javascript; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-MS-Trans-Info: s=13934
P3P: policyref="/w3c/p3p.xml", CP="CAO CONi OTR OUR DEM ONL"
X-MS-Trans-Info: 3541.V2_Soap.GetAppIdToken.4DC53436
X-Powered-By: ASP.NET
Date: Mon, 01 Dec 2014 11:47:54 GMT
Content-Length: 42698
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"..........Z]....M.vvw./.i]5.yK_
......Z.....'W.rV]}......'..........l.:.=...N.....w>.......j.b.n...
.O.O.<>i.}.zx<..`...EW.).'/..O?-W..|...O?....\......w~..{...O
].|...W..2{..{...._d................b..^....O.....A.{.?}.......W..}<
;o.....^....;.......3....M..U=.V.|..h.5..y3....~^....-f.y....Y3....7E.
?.Z.vo...<................q.;.O.k.-...iK].....9.\.......m..E.......
...5..7[......,..ad.b.0.../.3n.....Ev....y....iZb.)~#^z........x4.'..G
.Y.....fe...|..hZ..m}..c.5k..J~...G.....yf.H....x.......y..c...:^....}
t.M.IU...4...Z..I>......f..E.<n.E..../Z.M.y].W.xU.o02...........
.......l........g.....#..yt.nY]..qY\.........U..UCo...../....z.,/?...?
..g........?..O...............].>{..L~..Uy...}...=..m.!...L?....l..
.WW.~.{.V..w...`~....2.g....8.r^..6.g..y..8...(............>=..t..#
.(-...fG....[.k;/..U0w.??...$.h.S.C.....Wc_._.$;w....s....e~....S...;.
.2....g..C>  ...e..............>.._..h.....W.R.......G..X.[..~..
>....>......F....l.T...?.}..G..,.....P.......F....2[^|4*?.......
>:...G...[.._.....F..2?..~..>b...hE..3..g.].M1).Q......w.....s..
..4...UE*.{}..>.x..GM^.&..~.}K.z..G;.yN....4..d....-|.I/~......Y..G
9.......G.......$...9...|{.T...N./[email protected]..\_...u.._g..~:*>
.............@'....g.......9.h...6....g....g...h..g.9Y.htA8.{.....).vW
T.].9..........->......3R..O..g...b4.e...-F..t......lt>......]..
..w..Q......bT.t...|..k.MF,..(.....v..O.H..F0...G...I.l.\..GS.i...
<<< skipped >>>


GET /adcash.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: atelier802.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.0
Date: Mon, 01 Dec 2014 11:47:54 GMT
Content-Length: 1228
<html>..<head>..<title>Atelier802</title>..<
;/head>..<body>..<script src='hXXp://VVV.adcash.com/script
/pop_packcpm.php?k=547511d4e15672671828.4120043&h=6f3af813683bda0ded5c
fd60c1f29518e0ffdd78&id=0&ban=2671828&r=162025&ref=&data=&subid=&dx=%3
D=Qj&pkr===ggLfohLf4j&psr==YYmHe4hGmZw&scr==UYhFK4gOm5h' typ
e='text/javascript'></script>....<script src='hXXp://VVV.a
dcash.com/script/pop_packcpm.php?k=547513a7ab7c7902334.1583170&h=05b73
5714f42cb5da4c67aa7d8d7c99a577a51d6&id=0&ban=902334&r=162025&ref=&data
=&subid=&dx===wg&pkr===AjFnIiFnYg&psr==g4lJmYiIe5z&scr==84
iJm4iJeJi' type='text/javascript'></script>....<script src
='hXXp://VVV.adcash.com/script/pop_packcpm.php?k=54751305f04f52749871.
4174527&h=b8e5f1c7c892ac144346de651cb9a1edd2c3a996&id=0&ban=2749871&r=
162025&ref=&data=&subid=&dx===wc&pkr===Af1kHe1kXc&psr==g3Z5l
Xe4d2P&scr===gfx5Hc5dGe' type='text/javascript'></script>
..<script src='hXXp://VVV.adcash.com/script/pop_packcpm.php?k=54751
4058ef2a2671829.4120043&h=a20f551b3316025afd96efc71aab3078dc8747dd&id=
0&ban=2671829&r=162025&ref=&data=&subid=&dx===A8&pkr===w/2q%
2F+2qv8&psr==sP56rv+7TOv&scr==kP+z7f+zTu+' type='text/ja
vascript'></script>..</body>..</html>..



GET /-UmdwoZ-M0zY/VHu_EXIM3EI/AAAAAAAABc4/xr11nZe6QW4/s1600/Code+Master-+A+lenda.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 2.bp.blogspot.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v5cf"
Expires: Tue, 02 Dec 2014 11:47:51 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Code Master- A lenda.png"
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 01 Dec 2014 11:47:51 GMT
Server: fife
Content-Length: 404201
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.02
.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs
..........o.d....IDATx^...................9.....m&15...-f.b.....b.B...
.,0.2H.Y2....k....U.-u..s_......U]...c.c..K...D.K.$..Hr..%;/G...$....f
..HN^...8...-...$ '[rss%'..c.YV.....Q.h[...u...q..v.?.y..v.....%_/....
.l>//O...$??_8..<'.\G..e.q?Zv..........E....9..VPT.-.g.....n/,.B
|.....)..g...>.....>...JAa!...Vl.y9..s.8Nm.|..x......Z~!..@.....
V.}.......a.x..)...K...S|gx>l.k......._....<<..r[i.R...?....^
.H.q....\..\_.....kb..........s.=..6-.w.........5.k..KK.k.}...._..z^Gi
...z.9.3...c..6n...5.>s.[?7.......y.g..v>{-.^:..k..itM.....q<
.?#7.u..xm<...y................{...{..p>.\J.Z.............8...}.
<..<.7i.>..G.....c..?.R.../..I}6...z..f...3....V.N.~.wY./f...
..............wC....].....p<...8wnc|..3....h......L.........,.!....
...........?...{ ..\.=..v......y.<..rp...}H..|w..}........?.da..cP.
..iX./Y..:..o.......}8.5d.....fx..{=...{..1........u.^...........*._..
..)-.....A.h..9.q..v..m=...q......kK.:u.mv^N..n..z>.s..4..83;O..5..
.......;.....:.y..>....W.....f............4.....V.../...^...^.. |sv
..A.,.?...}.v.......y.<..y}...........ur=_..e.c.o....-sZ..c........
.._.|6...s..z.........>.F..n......y>N..........p?n#...... \.....
....a....<....X.ll..s.6.....k...__..^[email protected].;..}.#K._....=3..~.
.%..;.;.......X...'.j|....p......ks?w..N`S..7....p.....;..4......i....
-.k.g......e.i........A..z......qC.`.}........._t.......q|..D.0......&
..8>...........<N........ksSw.............V.....=. .....8...
<<< skipped >>>


GET /nv-player?cor=0f87ff HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:49 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 405
Connection: keep-alive
Location: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
X-Cache: HIT from Backend
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>301 Moved Permanently</title>.</head
><body>.<h1>Moved Permanently</h1>.<p>The d
ocument has moved <a href="hXXp://VVV.radiobaladaalternativa.com.br
/nv-player/?cor=0f87ff">here</a>.</p>.<hr>.<ad
dress>Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Se
rver at VVV.radiobaladaalternativa.com.br Port 80</address>.<
/body></html>.....


GET /nv-player/?cor=0f87ff HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.29
X-Cache: HIT from Backend
157a..<!DOCTYPE html>.<html>.<head>.<meta http-eq
uiv="Content-Type" content="text/html; charset=utf-8" />.<title&
gt;#PlayerRadioBaladaAlternativa</title>.<style type="text/cs
s">.body {..background:  url(pw.png) top left repeat-x;..margin: 0p
x;..text-align: center;.}.body,td,th {..font-size: 10px;..color: #000;
..font-family: Tahoma, Geneva, sans-serif;.}.#aac {.position: relative
;.width: 52px;.height: 22px;.top: -70px;.left: -12px;.overflow: hidden
;.opacity:0.4;.}.#aac object {.margin-left: -20px;.margin-top: -3px;.}
.#picker {..margin:0;..padding:0;..border:0;..width:70px;..height:20px
;..border-right:20px solid green;..line-height:20px;.}.*:focus {.outli
ne:none;.}.#play-pause {.width: 40px;.height: 35px;.position: relative
;.top: -42px;.left: -67px;.cursor: pointer;.}..play {.background: url(
'play.png') center center no-repeat;.}..pause {.background: url('pause
.png') center center no-repeat;.}.#load-all img {.width:0px;.height:0p
x;.overflow:hidden;.}.</style>.<link rel='stylesheet' href='s
pectrum.css' />.<script src='spectrum.js'></script>.<
;script type="text/javascript" src="hXXp://ajax.googleapis.com/ajax/li
bs/jquery/1.6/jquery.min.js?ver=3.4.2"></script>.<script&g
t;.$(document).ready(function() {..var corp = $('#bgc').val();..var to
cando = 1;..$('#player').css('background-color', corp);..$('#play-paus
e').click(function() {...if(tocando == 1) {....PlayerStatus('Stop');..
..$('#play-pause').attr('class', 'play');....tocando = 0;... }else
<<< skipped >>>

GET /nv-player/spectrum.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:49 GMT
Content-Type: text/css
Content-Length: 14603
Last-Modified: Mon, 05 May 2014 00:17:23 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "5366d893-390b"
Expires: Wed, 31 Dec 2014 11:47:49 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
/***.Spectrum Colorpicker v1.3.4.hXXps://github.com/bgrins/spectrum.Au
thor: Brian Grinstead.License: MIT.***/...sp-container {.    position:
absolute;.    top:0;.    left:0;.    display:inline-block;.    *displa
y: inline;.    *zoom: 1;.    /* hXXps://github.com/bgrins/spectrum/iss
ues/40 */.    z-index: 9999994;.    overflow: hidden;.}..sp-container.
sp-flat {.    position: relative;.}../* Fix for * { box-sizing: border
-box; } */..sp-container,..sp-container * {.    -webkit-box-sizing: co
ntent-box;.       -moz-box-sizing: content-box;.            box-sizing
: content-box;.}../* hXXp://ansciath.tumblr.com/post/7347495869/css-as
pect-ratio */..sp-top {.  position:relative;.  width: 100%;.  display:
inline-block;.}..sp-top-inner {.   position:absolute;.   top:0;.   lef
t:0;.   bottom:0;.   right:0;.}..sp-color {.    position: absolute;.  
  top:0;.    left:0;.    bottom:0;.    right:20%;.}..sp-hue {.    posi
tion: absolute;.    top:0;.    right:0;.    bottom:0;.    left:84%;.  
  height: 100%;.}...sp-clear-enabled .sp-hue {.    top:33px;.    heigh
t: 77.5%;.}...sp-fill {.    padding-top: 80%;.}..sp-sat, .sp-val {.   
 position: absolute;.    top:0;.    left:0;.    right:0;.    bottom:0;
.}...sp-alpha-enabled .sp-top {.    margin-bottom: 18px;.}..sp-alpha-e
nabled .sp-alpha {.    display: block;.}..sp-alpha-handle {.    positi
on:absolute;.    top:-4px;.    bottom: -4px;.    width: 6px;.    left:
 50%;.    cursor: pointer;.    border: 1px solid black;.    background
: white;.    opacity: .8;.}..sp-alpha {.    display: none;.    pos
<<< skipped >>>

GET /nv-player/player.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:51 GMT
Content-Type: image/png
Content-Length: 26757
Last-Modified: Sun, 02 Nov 2014 21:10:25 GMT
Connection: keep-alive
ETag: "54569dc1-6885"
Expires: Wed, 31 Dec 2014 11:47:51 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.......1.....P.G.....sBIT....|.d.....pHYs...........S.
....tEXtSoftware.Adobe Fireworks CS6...... .IDATx...y..U.?.y.s.....;['
[email protected]......~...........2......B.........t.o...kU..~
..{;7Mw.AFq&..9O...S........=o..{@....T.1....".....64V..#.?.d..#...DG.
..p.c.h..~...p.11.o..e..l.....9../^O.y. ..!.#....zCi.u....F.;.cxC.. ..
..c......*.......1.....l,.....0.i.u.hR;...........4."..k.rww7.~...$...
..';.>....Z{.E.]...O....._.d..)..v.m_/....'..x..W...eK.....0.......
...7o.\u.UR..........8.{p41..r"..0.e.a.}.....p.....]u.U#.d....._|.E.&g
t;}.jkks..[..D"...{.m..Mk........O>....u)..6ttt.J...y....af....<
/..w..y..........zc...._.O.6...UW]u.HU..c.w.G.?.X.x.6..5.....;.X._....
..H........"3.!"............5k.`..u....v~..'Tww..w.}s:;;/..gO_>.w..
..Y.f.;...._.^.4_r.%.._~.......B............=..m.../~q........|.......
........q...I....v...b..n..6[.....V.^mE.U....1..p8.....wY........X8Fh.
...!d&"..E.6m.............,[.......={.8.\.m......)S.w....X,.ghh(hkk;..
 ....O>.w.^{..ZZZ....,...M.... ;..b.K_..Y..~......]{{._^s.5'......Z
...'....w....T.;wn........eI...... ..hq.......N..].Wg,.v-..;j.*.......
...WYf]]].....S....F....0.ehhHR....8.....w/.8_..W..r.-..$W.Z..o|....R)
.........%K..nnn^....._..y...7.x...>8|..g.....u.Yge2.]'.p...{..?.3g
.....-.?.pO}}..m.......u]..o.......!..L&C...............h..O....k..D..
F.^[email protected]^g.i..h.ltd.X..#....8.EVK^..1.%.Z(......uX.;.]MS
....r.P.....`..A...=..@[email protected].............?........U.]vn.qo..[m
...P.....[...5...].N{PF....U.K....3..s....E.s...>...V?....%...J
<<< skipped >>>

GET /player/server.html HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:51 GMT
Content-Type: text/html
Content-Length: 767
Last-Modified: Sat, 14 Jun 2014 02:15:55 GMT
Connection: keep-alive
ETag: "539bb05b-2ff"
Expires: Wed, 31 Dec 2014 11:47:51 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xml
ns="hXXp://VVV.w3.org/1999/xhtml">.<head>.<meta http-equiv
="Content-Type" content="text/html; charset=utf-8" />.<title>
Servidor Aleat..rio</title>.</head>.<body>.<p>
<a href="hXXp://VVV.radiobaladaalternativa.com.br/player/audiencia.
html">Clique Aqui para ver Audi..ncia !</a></p>.<p&g
t; </p>.<p> </p>.<p> </p>
.<p><script>..</script>.  <iframe src="hXXp://xat
.com/RadioBaladaAlternativaWebRadio?p=1" frameborder="0" scrolling="No
" height="1px" width="1px"></iframe>.  .  <iframe src="htt
p://VVV.radiobaladaalternativa.com.br/united.html" frameborder="0" scr
olling="No" height="1px" width="1px"></iframe>.</p>.<
;/body>.</html>.....


GET /nv-player/play.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:51 GMT
Content-Type: image/png
Content-Length: 1618
Last-Modified: Mon, 05 May 2014 00:17:22 GMT
Connection: keep-alive
ETag: "5366d892-652"
Expires: Wed, 31 Dec 2014 11:47:51 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...(...#......9H.....sBIT....|.d.....pHYs............Z
....tEXtCreation Time.04/18/14.07t....tEXtSoftware.Adobe Fireworks CS6
........IDATX...M..W...s...gzl.L.?.....]$.!.L.@dp.... .,.q.f.H......?.
......cft.BL....z..sn.../W.........{.=.....?[....L....s...o$.........!
I.HY...@)".P..j.l. ..d. [email protected]......'$.
..(h.J2...d.e-..ED.P......`...l S.d..KD$.*....R.(D. Y....:tQ..Cb.d]AS.
Q.KI........).;.......R.n.....\...n58..H&$S..:..7W.s.}.bU....!.....hf.
....J.\SD.../0.Z.%......U...t.j.z.%.I......\.T.....op..$M.z..K....<
..>Q..4.`.8R.["... W~\]][email protected].
,...j..{.....]........H.X. .U..h...45....".Tc0..].@....,{.n..?|.......
.....WM[j...>.zA&..Tar..].5o.!..N..y.....<x....g.>z.(.0..5.W.
0...T../..-..)0..C..{..y{......?^9}.tw}}=u...X..q'n....wv..19..E......
N.<y...g.///..z..A..jsJ-....L..25........}...<s.........=.....O.
9....2~....#.W.aF.....!........8.........[[[.b..MU...U-)...9....@..*..
..w..{.......n.....;T1..`.`@...].S..g.................].~._.i.\...d.&.
.Fv..tn.....N.7...;....?.p.B..7.H.....f.............}.......[..../..J/
..x.*<.%....|....E.....-..$.G.0??........./--. .......z.......P....
.2.|..Z! ...t:.v.Z.....n..%...ZD....@[_c/w...6.D..W.R;....T[....4-....
n....aaaI..............c^)..}.5.|..W.M.M.s.*.y.....@[..(8......z.*.mM#
.o..s../.........*.L._...._......b.o`.~ "}.3.a.RS.E.....IV:Y..bx.....I
,...bo........~c.....x..A..n...z.Rl.[Z.n6... .......mr........c.......
z..^..yP.X...3.......7.I`.T{.ZU...........Vk.^..E...t*..\[email protected]?..`.
<<< skipped >>>

GET /nv-player/pause.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:52 GMT
Content-Type: image/png
Content-Length: 334
Last-Modified: Mon, 05 May 2014 00:17:22 GMT
Connection: keep-alive
ETag: "5366d892-14e"
Expires: Wed, 31 Dec 2014 11:47:52 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...(...#......9H.....sBIT....|.d.....pHYs............Z
....tEXtCreation Time.04/18/14.07t....tEXtSoftware.Adobe Fireworks CS6
........IDATX......!..9.....7..>...........8........v.e%F......3...
|..(.D. ..Q..^..UuI)...R.c..1..9.]...!.....z...7}..#. ..QN.b.y.Z......
.O..(.Dq/8.Xh.Y.SD..3{...@(.BA.....|..F)Ts.=.....IEND.B`.....


GET /united.html HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/player/server.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:52 GMT
Content-Type: text/html
Content-Length: 670
Last-Modified: Fri, 22 Aug 2014 13:43:50 GMT
Connection: keep-alive
ETag: "53f74916-29e"
Expires: Wed, 31 Dec 2014 11:47:52 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">.
<html>.<head>.<title>Radio Balada Alternativa | A Me
lhor Web Radio do Brasil !</title>.<meta http-equiv="content-
type" content="text/html; charset=ISO-8859-1">.<meta name="autho
r" content="Geovane da Silva">.<meta name="generator" content="W
eb Page Maker">.<title>404 Not Found</title>.</head&
gt;.</style>.<style type="text/css">.#InlineFrame3.{.   bo
rder: 1px #C0C0C0 solid;.}.</style>.</head>.<body>.&
lt;h1>Not Found</h1>.<p>The requested URL /united.html 
was not found on this server.</p>.<p>Additionally, a 404 N
ot Found error was encountered while trying to use an ErrorDocument to
 handle the request.</p>......


GET /nv-player/grad.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:52 GMT
Content-Type: image/png
Content-Length: 238
Last-Modified: Mon, 05 May 2014 00:17:21 GMT
Connection: keep-alive
ETag: "5366d891-ee"
Expires: Wed, 31 Dec 2014 11:47:52 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.......1.......8.....sBIT....|.d.....pHYs...........S.
....tEXtSoftware.Adobe Fireworks [email protected]..
.....\X..p..".....XDT...,.F.N.F..r....a..-....r....<H......<y..L
...~... ........ o........IEND.B`...



GET /plugins/like.php?href=hXXp://VVV.facebook.com/RadioBaladaAlternativa/&layout=standard&show_faces=false&width=380&action=like&colorscheme=light&height=25 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.facebook.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Location: hXXps://VVV.facebook.com/plugins/like.php?href=http://VVV.facebook.com/RadioBaladaAlternativa/&layout=standard&show_faces=false&width=380&action=like&colorscheme=light&height=25
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge,chrome=1
Content-Type: text/html; charset=utf-8
X-FB-Debug: AP/hEC9LuXnrKEQDgih/fPp6FD3j9LYUTNE62rTa J1G106bkFc61nL7WC3fZrTy2JK4MDVja UB9E3DAc1HfQ==
Date: Mon, 01 Dec 2014 11:47:52 GMT
Connection: keep-alive
Content-Length: 0



GET /v2/90x90q90/912/u0rlT1.png HTTP/1.1
Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: imagizer.imageshack.us
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: image/jpeg
Content-Length: 7389
Connection: keep-alive
X-Powered-By: PHP/5.2.9
X-Original-Filesize: 49152
X-Mobile-Compressed: 0
Content-Disposition: inline; filename=30ea29da03c4af3bc6891a56b788833d
X-Varnish: 1254870703 990326892
Age: 1202014
Via: 1.1 varnish
X-Varnish-Hits: 5757
X-Varnish-IP: 38.99.79.20
X-Varnish-Port: 17001
Expires: Fri, 26 Dec 2014 19:23:02 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: imageshack.com
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
TestMode: rdcv7
Cache-Control: public
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes
.PNG........IHDR...Z...U.............iCCPicc..x.c``2ptqre.``.. ).rwR..
.R`?..............> v^~^*[email protected].(*.....(%.8......../)..3
...E..... vQH.3.}...K.....I........ ..H}:....6.....KR @.28..T.e.g.(.ZZ
Z*8..'.*.W..... x.%.....%.....B..........j..d.2.....9....bg.b..\ZT.e22
...#..#.........B....a.....T...!...>...9...O..k..... cHRM..z%......
........R....X..:....o.Z......bKGD..............pHYs.................v
pAg...Z...U...?.....IDATx...y\M[.....S.4..4..<OJH..E...$C....4. .&.
..!............rC7C..y.>.........y>..G.y...{.g...Z.!.q.k\... ./.
F.....<!...K[p@X`.Q..Iq....Q\ .W..(..Q.. .r.4.t$<g....-.....$.I.
..`.Z}F...Z....dM..4=..J.)h,....;.X...f.....Gf...s.C.."....m...ht!..{,
O.......{.O.....RN...i..S3....Q..6..._sH.a..7h.....v}..f.............c
.?..W...,." Y.H.m.....\y.......... .d.....K....i..bC....V-e3.........8
BK..\{i.[.3.....[#.4....7._.H0>...Gj.Jf..Y9.M.....6.....7........._
\.-?)Q1.H..|*/..3.......i........{...../.....4f....\n.....vn.bu?..XJH.
C...>.'.u....'S..=..../ .....t.L....\z..%.z.^~J.9.L4" M@|.6~..2:...
...b..b$..tF....]-m..@....>...?.?..8.\R)vbA.....<...4...:...../u
..N......./....a4.lBf8~.C.....5.?.:*.g.>q..{.....21$.I.s..b.......J
.N.a....g@..~.....>.3....E..........2...H.... ...c.H. ].M...oX.h~a3
...:.K.<!....U...-:(.75.b...*....B:....K.%|HX.R.7V...{j..x.C.M..6 .
...d_3.Z{F......iy$..YH....P.|J.....~........v....o..Y..t....b....Y...
...S9&9...<y'..0B.EU.($......^....S.T<...._.{...0F..[F...\|....l
!....kOi..=...U.g2c7]....2......7ei...'uO.......D.0..f.....Pxs,.V.
<<< skipped >>>


GET /ajax/libs/jquery/1.8.2/jquery.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Fri, 21 Sep 2012 18:24:20 GMT
Date: Wed, 26 Nov 2014 18:32:11 GMT
Expires: Thu, 26 Nov 2015 18:32:11 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 78932
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 407740
Alternate-Protocol: 80:quic,p=0.02
.............z.V. .[|..I..1..Sl*.:.*.....U.jYIC$$!....ZV"..}....I.... 
(9u.t.!...=...a..v'."../.ly..9}.....E.|../Sx.~w.pt.....b2...Ol:...cx./
^...j.U..........5.......I..\..gurgg.....\....."I.YR.g.2..E...Wu..^...
YZe....kh.|..M2..YQe..,......?M.l..9[%...L..pgw.{w.s?...o.;.vv......e.
.\.i.o....].;..U1............I^..........5.'.$0t.L..2;..Y1....i/.....f
.tu....-|.O.........K\5..6......tv...?..U-..Ze..../.u.}'......t~....d.
I.<...............H..:[.r..d/...,...i.....#....")......E2.3M..z|...
......n.].>p..o..........}...qT.9.W..g.Y9.:[.....:...Y....bY.e}..F.
x M*...6.\......NZ...mX.....Sh...W8=.T.i...zuQ...7?,.E../..e~...../<
;..yJ.....9..Y\[email protected]....|Q.......W.....UU...E^..U.\aO
...8K.`f...eV.......5:)F.I...$........n.,9....zz..[......3..U....o....
&og_..]...n.........W...*WK<...YV.t.sD^....... .Z..L.[.eM.q....z<
;KjD...c..wYR..0/2.3y....x....I.0dv...*...urY....'.2O..v...g.W...?....
..?{....ov.n_5~.>>...I..|1...K.&..l........K*.......K.s.oY.Y>
...U..~....Kx......9......Y.....;.8......g..K.$n...}u.E.....o.:..u....
.......>..}....6.N....a....(......].&=.^.......[}.v|.5...........k?
.~..%..S..|.>....Y..d.....?..`.xn....4.....W..A.A..8.....vY5M.|.oqu
..o...O.e}t.:|;K.'.....~.c.}U...v.W................$.W.U........B...,.
.........u..g..7....W?...?.........}3_...x....v....F._.}... nN ..>?
N...*..b.;...?..<r...d..@....:....I....5.u...;....(..c..Gb.xe6...R.
.8I..L.........'.L...2..:.tx......p..f..g$.Ya.4.9Zf.p..6.....;H.......
.-..#Z..p.c...x:..u."r..O..r.........".....Gr.MS`(....Y-........n.
<<< skipped >>>

GET /ajax/libs/jquery/1.6/jquery.min.js?ver=3.4.2 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT
Date: Mon, 01 Dec 2014 11:21:57 GMT
Expires: Mon, 01 Dec 2014 12:21:57 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 32103
X-XSS-Protection: 1; mode=block
Age: 1554
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=3600
Alternate-Protocol: 80:quic,p=0.02
............y..../....MD...j..v.%`C...-..K..aS.....H.Zr......SU(......
}...(.j=u.:K.i.l...|....U.?{..M..M...........C.p.-..2.W...i.....U./. ?
VIpo...[?.....v.:....O.*[.Q.0...j...?l.(..<.{Y>.o.........6.6_..
..su.Z...r.w.b....w..,..^..>.,........3/...M..^..$Py.......r.Y...`.
...r.....5..x..*.........p..)5.n.x.....4.. '.x.{.J.=...z.......l?..i^.
.}t..D....\d....I...C.jM.i..(\..v......:....L.Ri.......S..&..K..).x...
..xC..C_.i.i?..g^H3.z..p..{....t..aM....y.\.uk3....^.LU.L.....>..E.
Q..?:..V`.{.F........O..}......?. *....K. P..i.F.i..G.1..n..6.....hME.
|..\.....n.e...&."....&..~....*.;.{........Y...|[...n=..~....^......{.
.M..4..5.o........[?L..b..=..x..Q......O#..O.<..... .EU..6....5U%..
E.*.S5S.(.]..B-.J..f0Yo.".......v....bW..L.....6.]..nw..l=9......rUx4.
|4..........0F..|4....".s....d.(~...h1...p.l....s.....h.....\..|.....y
OQ.MtV..&Jx.k.3..g..G@Z.>.y|.g4].kq8._....G...X...6...J.c..Z...*...
.I3\E.`..........ygs~N`..R..w.3...;8......N......Eyg.5.)P..n3.V......_
.. 8.O.:./@.........;5..wAO.|.Y........{.-..*.BE..2t>*F.xL.R....A..
I.B..nZN.~.h...>.R.K:I...V...?....c....Gv....bU...<......s......
.DYz. ..4kL51..5.E..Pro...V.....k%.)^....nqN.....q.....aF.i/P.[i.1.8".
.....'..l..H...v.....h..T. Q.....<...y...<..N..y]_.&B.........&l
t;.&......_B}..t......n...s.PR5... ..J..i..%.|.-J{..gg.?..b.B}..,.Y..U
......&.x...uw...:....4HG..#0..........(..9B.....{....\*....O....D..".
.0g..8...t...dL..Q .)=...T.h:.j..^.....?...uP^.h......*!.E4%....@..]..
\.....x....w.cag.(zW.~A.....!.Q......Z5*CE.w.g!..2[.l...=..CL.D%|.
<<< skipped >>>

GET /ajax/libs/jquery/1.8.1/jquery.min.js HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Tue, 04 Sep 2012 17:57:57 GMT
Date: Wed, 26 Nov 2014 18:31:39 GMT
Expires: Thu, 26 Nov 2015 18:31:39 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33221
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 407774
Alternate-Protocol: 80:quic,p=0.02
...............F........D...1..).......5...T..l....D..Q$S..<....?z.
~.~.........U...UV.C ..;....vNn.v.o>.........On......'..Ym&..".....
....?...2......$.3w'.....].9I...x.....|w.Y..{y.N...]......SE..%.t.u...
J...o.Ne.]1..(......\e....../..<..x..y......8....;{p........|.4..~.
...7.wOv.M...r?..T...[.O..oKo../..m>.e...v....t.B....-n/.vy;.{....Y
...Y6.f...]...Y0X...f.......6..i.....w.u.=....T1u"..I........x....by..
.$..j.NO..b.|..}.!.......Q.....X...i..xV...H3.K..M.m/.......'.c.......
....r..}O.U..]m......lu.G.w.....~..y.kn@*v>....GQR...).....$., N.F.
......N'...|.g*.-....!%.}...M'..........t..TSUR.4..\.......r...|'..I.&
gt;....a.....&....8...;s=.6y2... [email protected]...<[email protected]
....d7.....z..........,v~hO..._}|.O...Ts0......:_fO...0...2...6....>
;.Vj...$._......]..}...c..1..o...5.7...j..{.;..s2%.....?.P..l...~.....
b.O.\f....).J=i..*.g.n...zq.Q3.B.a6....0...\P_..;...n..Qm..e.<.....
Hi...xc.......O....7..^...3.F..V.....m..c3o........VT.....}K.g....mo..
.f...../..W..x.X....). uaAu...Wio#.|....b.....M....{...z....v.{:..YNH.
....\.|......X..A.2OLC.5...$.-.G..zt.....Ke.7;Z\.............6..k.M..q
.p......Bn...].l>.hM..r.....4.k.....]R..e.y.#..{.........j.d>oV.
|/..GN..:i...5n..]0wl.V.@.^[email protected]~6.W0`~v....
.|..]Wo...H.Y..8.b..tK;JyYAx9...L...{[email protected]?pp..Y4..F. D......
.W...p..!..x..w..v.q.W4GNo,.L...g.s*....8=....;.mZ.. .G.aq..?.. zO.*M.
B.l.._HX5....~.Ne...G...=i2h~>m>.....x[[email protected].".0..
i..).q.D.....io.../T6....)QOA....#[email protected]&`.?.x.j.....FJ ...
<<< skipped >>>


GET /RadioBaladaAlternativaWebRadio?p=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/player/server.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473; expires=Tue, 01-Dec-15 11:47:53 GMT; path=/; domain=.xat.com; HttpOnly
Cache-Control: max-age=600,public
Server: cloudflare-nginx
CF-RAY: 191f0d7114400edf-EWR
Content-Encoding: gzip
152............|.]o.0...M..][email protected]>
:yX|..s.D/t......k..E.......kb`;....\.P...,.q.....#.([email protected]
...i.3....Y\....P....Q.|.(.\.E/.c.]o>.~......39..K..q..80.......g.^
...v..S....N......b...5g)..,.n$.qb;[email protected]]..........ZR..*....<,.
.[.G.6....S.......2E...N..y......[...T...,k.n..=_...L..a..z#..?.......
....13ff...[ys.......w@.....$uZ...cg..K.l..}..T.$!.1EjxH.........Vf.xN
,....F_........*1..tN.S.......t~qv{..Y.,...T^,.g..........X.<.i@...
..9.L0..V......._...*.X..t....)[email protected]$6TT...............zO
o.6..........*...N...o...A.:.....u.``.L...gLtlY6..:z.4.....q_..u.o...@
..^......w.~.......X...o.....^.|..EC.Z.l.l.V.G.:4gq.T..lS.........;..Z
................A...V...q.Yh..Z7....} ....V.h.^...*J..j...LX......tr.V
....}..&...e...2.,CQU...7.u...c......Z....:..5......n....Y.l.L......r.
*......TX.a5.....b.*y.........(...C.S......G.yx..h.....)w.C...s.q...Y.
.['!......#.l.....?..?.dJ......GC....."...(..g.......OW.C..I.;.b..Hg..
....F.....n.......?..............!9.%f.Z.......w..o.d.....z......@..$!
.w...{.....[.._x.......C.{wu:.s.;...S..... .^...i....&....z[..MM......
C!.........nvk<~.[.?..Y..f.0.!.m4.q...!i.(....{<Xq......q.......
.h...*...@...^.......5'|\.c\..,.7...><.|G.u;..?...........A` ...
X.<R..).D8.t.3..|3.(&...f<.. (.6.s...Y,P.x`......X..v.... G.....
..u...Vl...{L.....................[[email protected]..[].T.q....?./....m..
...e..1.J'?.^A$.6. ia.......%mY...=..o....9w..5e....A.2...<..g...G.
...9.1e......A.....g.;.(F.!1}..z...O!...6..b.<6.o7....ey....4.:
<<< skipped >>>

GET /images/xatblk.gif?a HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: image/gif
Content-Length: 1526
Connection: keep-alive
Last-Modified: Wed, 15 Aug 2007 14:15:50 GMT
ETag: "46c30a96-5f6"
Expires: Wed, 31 Dec 2014 11:47:53 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d7504e20edf-EWR
GIF89a..1.................Vj..'[email protected]]f..g.......x...P
=7"Q...../*.0..Nz.....%*..........v.ghhy....-......ZI.n..XXX....i..."j
.....r.......lHII..3....FR............p....x..2.........6fp......!....
.?.,......1......pH,....r.l:...tJ.Z...v..z...xL.k...g...v/@.g.....En./
...5......113.S>$.)9!!00!)(.~.F...7...5..#<.L..(.....9(>..?.*
......7...##;I.).....$...*..........3|B....!...=..4.4........<..$..
!..N:.N].....[.P.......1.A3.:.L.@.. [email protected]\..a0.....d`...(..h..
....d.\...hK.......D.Y:N..9....D.j......R.8... ..c.d....R.E.4K.J.Y.`Z.
...)[email protected](  ..!...h..k..<~.....e!..x....1../.....
..Hj..........> ......z........Z.H....g...q....;..x@..."...=..@r.~.
..k..Y.E...a..w.1...w..G.{\h..^.. ..x.1.Y..a.}..`..g.aG...q8..[(..V,H 
..h...O..........8.P..$ja.. 1."....M.EL.^#<......x..<@ .1:.q...R
...Hb.#...i..6....I.......'qa.....u1..e.)...i.D."..A.Q.......e.yj1Z%d.
I$.....u.]y..F.HU.H..!.T.i.X0..\r4.x&.-}.MXI\h..G.IU.E..%..n1.s.m.....
.....UL.J..e.Bt9...n..Os.V..cj..... p.K..PC"l2a.z..zLhJ..-.Nb.*t..eT.~
...C\....N........._..S.RX..-".!CQ......I...N.. ..V....bF..P.%.NH.,..C
.....Q.S]K.j .D.|...R.(.3;..,8#.....ipc..P..H..hvEP..2.=-..R.{.lG...S.
<. D...D.#.`.WD.p....w..` a3Y:.pRm.....Z..V....4.0O)..#..w...]...!.
.i.....(D2..-...^......3..p.D......&..j....>L.hn..cN...g;g]........
........X...O....K?...`....ms...#a-8......;......$a..s.%........c.6^b.
.5.o.1...5.nqh..K^..c......(@.....x..0..(J..(tO..x...d%...TD..........
#P..&`[email protected] ..........d.;.A.*.7>...h$..|...,..S|.>.
<<< skipped >>>

GET /images/b_news.gif HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: image/gif
Content-Length: 827
Connection: keep-alive
Last-Modified: Thu, 21 Apr 2011 11:11:05 GMT
ETag: "4db010c9-33b"
Expires: Wed, 31 Dec 2014 11:47:53 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d7574f10edf-EWR
GIF87a . ........~..zU:..u...BXX..,.....h...-<.`.=x.R..B..7..".....
..!../2..>_n...J....3VRPS..*..F...Pm...E*..m.....ZG1.....6..#.....G
..6.........GT&..\...]&B............4E2]p.~)4k|..,.l. }[email protected]!
...)qD...}..c~,.(We.p Hq.S6.H....%..w."%.S.2m....Y..1..... k...[c..V&.
.u7z....*,u..2D>..k...Xv...X..D..b..r..I~.r.....-...)36..Am..Wr(IX.
.$.=R:..I.....S/.9....4.s&.X...J.........Qmy.G]0..@|.3..,.... . ......
........x....7d.Lm...j>..bIh..x.....S.!z.#.a.....ZQwTo.|.0<.<
a.`a..t.D......ijX~.]JM...b.).).SO.K#.Pfv..Zb..N"?A#.;JY/r.%`...g{2...
gB. H.5...!..}.8......12j.....&....HR#[email protected])
...B.>.\pi..E.1...I..".96.$......*dXpA....gx..vB..8.b),..H../4..h..
...2d|[email protected]... .....?..e.`P)....... .... *m.....>.."...S...~...`....
..i..7...U (.[[email protected].....%.`..'B...>(@. ....a...7...H....ct.<
;.^.....M....R .;....


GET /images/b_trade.gif HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: image/gif
Content-Length: 361
Connection: keep-alive
Last-Modified: Mon, 19 Jan 2009 17:06:28 GMT
ETag: "4974b314-169"
Expires: Wed, 31 Dec 2014 11:47:53 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d75d5010edf-EWR
GIF87a . ..........^[email protected]..!...s].......
mmm......>>>...K<.......#..........?fR.,.... . ....  .di.h
..l....$.......Qt. .p..0..2X..>.hP..H......F F..Z.F.)C...B......}.N
..0.4.....Q.b}..zT......rB.(:....}.....K.)...".....f@.(.......PB......
.."..T............M..(................(...$....*......*...,....,......
..t;D......x..J.H.....C..;....


GET /images/tgrid.png HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: image/png
Content-Length: 1890
Connection: keep-alive
Last-Modified: Mon, 30 Jun 2008 13:35:24 GMT
ETag: "4868e11c-762"
Expires: Wed, 31 Dec 2014 11:47:53 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d7625190edf-EWR
.PNG........IHDR.......>.....1.......tIME.....#...I.....pHYs.......
..B.4.....IDATx..XkLSW......>,.".  .."8..1.AA.m..?..&[f.i.l_.[.f.4.
a.".3.Q...1....M...s.8..8._.eK...h...x.(........{...........S.....D...
@.V.t:]..h...1??.Z..eM.,..q.(.JIpp0IOO'...'MMM')_=m....LF6o.Ljjj..g.s.
..-[.....Rz/......}....p..2..U...`.<.".ha..a..y~`.. .gC.......>.
....X....5.......{.$......L"j.q2Rwh%}.%!..dMj.(QtQ.9Ih.u.I..4....sR]M.
.=.....H...jRYY. ..AQ..v..At=.C..........=....,]".x........'W@"...rggg
.'<8..{ .....w..P..'N..1.m\ .....p....O..!......g.t8\....t...=r..k?
..][email protected]%...t......m.a8.....0.dAx}].r.....#0H?!!E..(....DS.J..c......
........V.v....>h.fA..bYj1./.......0.F....6.X...}....0.N$..a..F..u(
.9..E0....1.I..`...q....^f.....&..>..P..#.6..N..}4BU.a.j.P..)......
...A.0.D..ut.~.lj......a...iHA...(y..&.p..L...&..X..0...8...t<.....
1qIPk5t>s......o. .N..k.P(.I..\b..F..E>._..jb4F.....!..S...x....
hV.E.H.2d...7s...._0g.BQ....8......b..m"?:-......X..-._.......D.......
R.j..a...........E".7..]..].6<.~.....`I..R.s.4......5......X.{=~..Y
...6...M.*[email protected].'][email protected]`.........PU .C...LF.Ct
...........> dM.Q....%u|y.Y"..e.Hxx......Q...|Cb....H...[L. qq.....
s....(.......L.J.....((xK.f...0.f..t"y."......G...]?.._.Z.&...6l.....P
.C..9..Z...I.........A.CA.9Qm..0...A(...v....Jq.......1C.4......M'M...
...c6ahp.--.0.u..g6(....K.....?1L.L..b.,..2........<...c..U.......@
...R[[K.......<...J.R}}=..Sn_.m......."..-..:::...7.&.@LB&. ..XJJ..
[email protected]..@.%-,,t....c..}.?........0f...L..&b~`t....A ......
<<< skipped >>>

GET /images/tdoodle.png HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:54 GMT
Content-Type: image/png
Content-Length: 1608
Connection: keep-alive
Last-Modified: Thu, 19 Jun 2008 16:31:18 GMT
ETag: "485a89d6-648"
Expires: Wed, 31 Dec 2014 11:47:54 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d7685300edf-EWR
.PNG........IHDR.......R.....N.......tIME........R......pHYs.........B
.4.....gAMA......a.....IDATx..Y[L.U..wg..@.(E..,m.V...`..^....IISH.&.P
|........T...iRZ.TA.M[|PSh.....r....ib..*.lYw..7.Yf.......r..3........
.........E..)##.Aff..yyy7.8...6*....D....?.n7gggsii)777.....q?#i.XC.4.
......!.==..r.....;[email protected]\\..S....M>Z[..n.V
...v......[...z......(7.I.~..ZYYQ*e..........K.=....2..<.7.F.<..
.=.................N_.*...TZ8.6..1...K...y......6...{..D{`........O3.9
.....x...u!..].P.iK......E./.........HK.".....v.~J.z.k.?..........1..w
..4........[[KQ..n....*x....U.u4Q...... ..b..,#o....s... .vm'W....vQHk
X..a[2..U!.'.m.;..4...=.a|.....w.. .i..[D a.?Q...........|.....k. &...
A.muN........7...S...b..|4p.... h ....WF8{....l7O.a.c..bT....t|..p..,.
.....On.y{...!...-....S..p....S..c.......O{M..........Ri.<...xT~...
C........MNN..b.~.....s..hvv. **...S......{/...8q...}.....V......Q.p..
.G..$.?.....#....Kuuu.uzz...[W..966F..._.,??_....r......].j......72...
---.................1..3...`U.677.....<...P..........U.F..-.c......
3.(.......K.......j.j.3.......,....s.zVUU..B...o. ..k....%.d...5....&g
t;q.D$....K...c C.U..VM.E...t....=...........H...fj[.....5UVVF<@e.;
U..!..H,...*9.....*)).W...e.......'......Y-`...t..)q........G .qws2K..
[email protected].....,....6}....r.jR1..".R.....]..ly./.A2<.p&;vvX=."..0..H.'..
).Y..q.20<.-S.Mn...0...|[email protected]$....L[[[[email protected]
.....7.... ..h~7.......z .Py"..p.........V%k...'Y..WS.(....b..O.....Y.
....M....G.0d.. ..&5.):...... R=S...b.&....b..z...J...#..Cb.t.....
<<< skipped >>>

GET /images/tclose.png HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:54 GMT
Content-Type: image/png
Content-Length: 793
Connection: keep-alive
Last-Modified: Fri, 18 Jan 2008 13:03:46 GMT
ETag: "4790a3b2-319"
Expires: Wed, 31 Dec 2014 11:47:54 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d76b5380edf-EWR
.PNG........IHDR.......".....E..3....tIME.........O.....pHYs.........B
.4.....IDATx..W;H.Q......C0N%...AZ... .H.I&..b..N....[.1..{......1 ...
%.R......%H.u0.xz..B[.....B..$.=?.w.y.HKKK..$K...A...7....Vk...V.}.._0
...h4W.*..L&...........E^..5A.U....xhoo.-?.);.....S2...oI..q...i.d2...
.-%......p8.$...rJ8...R.\H*...(....QQ.!..h..9....Oo/.WW.R...J....`0x .
.YTSS.7..h....5............V...a.......r....B........y.`..s\.D........
.`tt...a..ll.##2...LM..8..Sv....>..]]...PU.lm.CC........,,..]_.....
B......_Y.<;.TV.==W...*..r..fyz..fs.'P.....b.t..z..~y)*...T|....NQT
T...@S....}...p:e;.%qtT<...M..........-........$.t..x..VHr.A5...g..
....$.-.]">.e:."--p.\.f.9.......\.._'&..F..8.8>.F......<.....
...L....^/}.F."..t<N.wwi||.t:..'...(:[email protected]
,.9...\..z....]#.............}......IEND.B`.....


GET /images/tgames.png HTTP/1.1


Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:54 GMT
Content-Type: image/png
Content-Length: 2056
Connection: keep-alive
Last-Modified: Thu, 19 Jun 2008 16:31:02 GMT
ETag: "485a89c6-808"
Expires: Wed, 31 Dec 2014 11:47:54 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d76e5410edf-EWR
.PNG........IHDR.......O.............tIME...............pHYs.........B
.4.....gAMA......a.....IDATx..YilTU...{..C[[email protected] ......D-.
..5.%h..&..Pc.....4FV.HA.B.&B..(... ...2...[.83.y.f*.'.......{.w.yJee%
C..g.4...ptedd\........f.i....%3L&..UUe...l..Yl......a7.....hC.4.b..V]
]}........,.K..........TZZ..\..._ A.N.s...0.5..l...y..b5......zO:....%
>..,....C.P.......2j....8|.0ZZZ.1E......=i......=....p..9Y}...{a...
M...f..^.1.......|N.8...........WV............V...........\p.T.8..R.O.
...%..F._[[[N.......<.?..._...t.:...U........4.,. .&.hZ........x2..
.6N...C]{....?.....#'...`:.{...691n...K.;....!~......=........;()@....
...!...........\[email protected]?r....KV..P,..T.x1s.......A1q........BV4..{.p..
}.|;..4.V|..O...EN..........c.[0y........O.......'...nn76....k7.{.....
..u.j...|.^l"...^.g....kSQ8A.....&.R.l....jGQ...we~...r.^q....~j .....
..a>1......|..3....?..n'...D....5_#......Z..Am.....A ....c>...@.
..5......c.]..P.C.^...z8}V..Q...w.......h..B.......;.-8...!..y.?, ..g.
..rQd*.jc..r....t*W...yP...H......zt.<.....n...;....`..sp.=....~...
..v..X...E.b........B.....o..LG.z7.......'..Y.[[email protected].%
nu3.M.R.H.!a..zt....w/..^..hGg.gL@u.[0.g...v`........w{....Vd.f.}.x.@/
..W......#$.D..O..4k..b...0.b.lN6....0C.G..13.H.........A..Y......g..s
{{;..?...0.-Y......u...{..>.._.,.C" .....2Y.`. //gzD...............
....5k0v.X.h....:QYYYb....U{..m..&..........R.K...i......VD.$"..'OFVVV
....3..e...N@j!..ysP.....s<.W...-.s....3.>a ...Q.....0?.;w.V.\..
...;kjj.....n..$~..PA.........WG.9.o$..1.......'.....'...{.S.6h.Ak
<<< skipped >>>

GET /cdn-cgi/pe/bag2?r[]=http://xat.com/cdn-cgi/nexp/dok2v=1613a3a185/cloudflare/json.js HTTP/1.1


Accept: */*
PE-Token: 2cdef2412bbefb190871571e72650911b62ad89d-1417434473-1800
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xat.com
Connection: Keep-Alive
Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:54 GMT
Content-Type: multipart/mixed; boundary="-kVd8c3a-gAYFu==ahSw"
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare-nginx
CF-RAY: 191f0d7745530edf-EWR
Content-Encoding: gzip
65...............u..K-*....R0.3..r.. I. ...,H.R.-.).,H,*....HM.VH./.KI
,..U...K.H6N.Mw.t ..M...W............c.....&..........51....uN..-..R.(
))....H,.K...ON..MN...K.(.O..6*.5434N4N4.0.O../MI.I,J..*....*.........
.14.....\.XRZl.`d.t6.......22...;.(1.8-.H.5/9?%3/.J!)3..`^.........18.
..k.M..uL..................14....;'&g................1a..B............
.....^.........16...ks-*./.RHK.)N..........c9..l....0.._.{@H...d'._.r.
........|w.)...e..._...`..v'..Ff...Ly.92<.g ..&.*M>.....V.../&gi
....[h#.........p:.}].........cu`.z.".3~.. z.z..".D.h....-.."!..i.X...
.k...U.O1.H.!...|.<=.v...pXW.*G.^U............be3...Y...8..y.j...5!
.Z..1tc.`..>...J...B.lc.n..9......I2.#[email protected]#q. 'e.....?
~.Q.......r10mV,f.I.t....Jf .6..........g..P ..t.p...Xv..A.N..]...$.B.
...f..|d.y_u.....D.`........`....O0.d....9J./P....e.Y;..*..<o.=s.].
d{%..l... ...mU..\$f...%N..e.{V=..%.^r*?\._U"/.....x.......U7...N....R
...V.j...z.~..a,..E<4o.L^p..NR.i.?.I7..q.....v.J.u......c64=6.C..06
..u...3.Nw.*DT...d2X..EG.>..V......X....x..9..j.).].#?..6.;:.......
..]..41.q..X.....|p,.T.)..w9....0..M./...q....X..`.^....(..E.l..f....r
..U.........qs(....UJt.Y..-U.|$.>`?.g.nT..m;N`.i5Qr..[u........[...
.$........7d.!...Q.&...]M..9. g....r.HrmK....IOR......x4...eo..."...S.
y ..R...6^...-.d..nKQ......\[email protected]..$...D.......#F...o.bX....
..... ...y.....U.;.H@..].........T.._l3x...%.9R.U.U.e.%.~f3kf.f.n!....
..N=V...cE...7Sk.....fLQ0...<M..M.......b....".05Pr........b.....3O
XeQ.;)..M..D.y..X.G..rT^s..v.OF...`Z...Y....%...&..2^@...f.s.....%
<<< skipped >>>


GET /-GT2zFFUi1wY/VHsuCGmbr8I/AAAAAAAAAUk/bYb53AeddIA/s1600/Lol.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 2.bp.blogspot.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v14a"
Expires: Mon, 01 Dec 2014 16:15:39 GMT
Content-Disposition: inline;filename="Lol.png"
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 01 Dec 2014 11:47:51 GMT
Server: fife
Content-Length: 87426
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 0
Alternate-Protocol: 80:quic,p=0.02
.PNG........IHDR...7.................sRGB.........gAMA......a.....pHYs
..........o.d....IDATx^....].....w...13.$[....u........L.Y...,.....e.L
.....s.}..o....w..-'.].3...c..h.^......U.....;..l..l..f.v..U..l..l..f.
.o..&..-..-......9.^.6..-..-.E..O......l..l.j...S...g.-..-..Z4x..-x..p
..l......?u.^.6..-..-.E..O......v..9y..|?.86.9.-..._o.s..A....E..O....
....n..b6.i.Y.N..............f[.....m..m.z...h....E...5..C..X.^.].m...
a.UL*c.JH.m....l..J.yw.$.......m...g.!...7.0..........Rn] ......ZEeZ..
...}.d..'e.df...i3.B..zn.\...g..-=3........L.F..t..#..^.........N...2.
.]....w.'..9.....}.......h..3..........&...jA.P.....b.6dM6.~Jva....IZ.
J....\.....f....3....%....;.......3^ot.e..,.n.w....h..Y.^.]..??.ap...B
T.E.l...eT.........n.>...mY...FB,..-.."..</..f.4..?..S..[.r.[P..
Y. *..Y.......1.T..........SmQ..E.X..5.a.A...".):..<Q.........E;...
.9...'.<....Y}.WX....n.\xSF7(a.........x&.a.R.J..~).U.e...b.`..d.".
E.IF.3."...R.....E..?.n?.....h.....~...k...k.a.`...g.)#.f.[.ry.G.F..P1
.n?..Vv,s..i.-......s.s..n.j....._.h...[......%.f......}......2.....S.
h.`.u?....g....Eq...75.Z.\.p.~.............2..y.$.|%./r..IMJ.......6e.
.......O..2 0.Y:..<[email protected]........!.=...1w...f..f[f..........V.N
......\...,...H..........u..Z.....G...X.}.....)=#.dH........{..9t..l.}
.E..O....Wp..b..X9..;.....G.....F.......P..owRJ.-......!..Y.....m...].
...#......z~..B.M.f......?u.^.]..H..n%.kd.....3|/Q.pv..O..2Gq).9U.....
.-k.2.(.-t...~0PB.f..G.d...=...._6..h...S....5..o.%M:L.....b.Z.X..y...
..-.n..m....~0...<..l.......-..-....%..[.e[....l.e[.e..H..[.e[.
<<< skipped >>>


GET /pub/shockwave/cabs/flash/swflash.cab HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: fpdownload.macromedia.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: hXXp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Date: Mon, 01 Dec 2014 11:47:54 GMT
Connection: keep-alive



GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"
Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT
Date: Mon, 01 Dec 2014 11:47:54 GMT
Content-Length: 533
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For aut
horized use only1E0C..U...<VeriSign Class 3 Public Primary Certific
ation Authority - G5..140922000000Z..141231235959Z0...*.H.............
O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.
Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-
..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.
t....LV.uD....B..z...~I .6..aR[..(..q..............



GET /-wbOyGFuANTQ/UVF1F4ouC4I/AAAAAAAABiA/RX4jNlICbjM/s1600/aktechz-fb-lock.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 4.bp.blogspot.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
ETag: "v621"
Expires: Sun, 30 Nov 2014 19:43:04 GMT
Content-Disposition: inline;filename="aktechz-fb-lock.png"
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 01 Dec 2014 11:03:51 GMT
Server: fife
Content-Length: 149
X-XSS-Protection: 1; mode=block
Age: 2643
Cache-Control: public, max-age=86400, no-transform
Alternate-Protocol: 80:quic,p=0.02
.PNG........IHDR...............6....\IDAT(.c...?.!.....<.....a.d...
..x../..}..~@.?....?Ab..@....~.$...6...pEH.../..(...PD..D..1../.M....R
....IEND.B`...



GET /cdn-cgi/nexp/dok2v=919620257c/cloudflare.min.js HTTP/1.1
Accept: */*
Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.cloudflare.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:53 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=da431ea9a7ab0bd86c595dadc44461fb01417434473; expires=Tue, 01-Dec-15 11:47:53 GMT; path=/; domain=.cloudflare.com; HttpOnly
Last-Modified: Tue, 14 Oct 2014 06:18:24 GMT
Expires: Tue, 01 Dec 2015 11:47:53 GMT
Cache-Control: public, max-age=31536000
Server: cloudflare-nginx
CF-RAY: 191f0d737c9301ed-EWR
Content-Encoding: gzip
1ac............\QMs.0...W(>I...%. f.......fz.. ....e.,.....9....F..
.oWW. ...}~.H...mb....<`N..'..r.'[...m..../......[. .R.....#..1}Q..
T.Y/....l...:~&.!.;$.w..Q..d"..h.}...H....V1..~)g .g..l(...y....K.I...
5$A,3.e..;s..... N..J.z.... .k......7...R.xzO..s...-Uh.C.....q.)r.{...
........6G.E,u.{.......R........(............Q...5..`.....~.ex.T1^....
.qN[......1\nb6...^.>;.x...$..r....{99.....(.......,.. ZbD.........
.v!4W....;...]..........195d...[iw.8.. [email protected].....==...l..`.6
Y*....j.........[......d..:DD....=-...`.L._...-s6..oRp.6......... ....
5Zd....>.9.M........y..$..T..D2.6........"Sm.Fh.......J4.2..H.....k
8..N......f.E...`.|/..&.#.{.hp0J.X...J.d.I.... .SYW.7Io.,......L..0z..
<...ATs/...FY......2.2../[email protected]..\...([email protected]....
.<b.`a.da.wx.^..NS#.M..8=...a*.....Bz.,.....K....$.../.l..%...!R...
....L....1..%q...2Y.1..ZO#[email protected]....|.%.V....j
..uX.R...),..O....Z.....A....:&.#` a...-.X..T...E.....kq..V..Z..G....X
.(..b.>..WQ....N....:.....0.q..C......-..8F=x.%............V....Ff.
.`.)*I..a...f..>..R-!.<2..,.!*.X.. .....B34..._.M.IMc.;.....(Vy'
|.B..r}..{......"Mc.#.I^...B... Lh.U"...j?.|$...H.......z .)..l.fY.&w.
Mx......<..c............&.4........_7.m.7........"..-.B...J. ..8...
..3S...{..V>...w`'..C.gs?X.z.....m4.RH.l.yzp..H~zi....}..N..].O....
.ZN@>.CA......a!.c...r.y....hL..Y......./...........c..l........h_.
....HB\z..].....5)...#.m.NJa...F...xKK-@.....}V...|K6....P..B......A7.
WW.......)T1...%*..Bb........].%...%...U.^.........D....#R.%8....m
<<< skipped >>>


GET /nv-player/spectrum.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:50 GMT
Content-Type: application/javascript
Content-Length: 71243
Last-Modified: Mon, 05 May 2014 00:17:24 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "5366d894-1164b"
Expires: Wed, 31 Dec 2014 11:47:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
// Spectrum Colorpicker v1.3.4.// hXXps://github.com/bgrins/spectrum./
/ Author: Brian Grinstead.// License: MIT..(function (window, $, undef
ined) {.    var defaultOpts = {..        // Callbacks.        beforeSh
ow: noop,.        move: noop,.        change: noop,.        show: noop
,.        hide: noop,..        // Options.        color: false,.      
  flat: false,.        showInput: false,.        allowEmpty: false,.  
      showButtons: true,.        clickoutFiresChange: false,.        s
howInitial: false,.        showPalette: false,.        showPaletteOnly
: false,.        showSelectionPalette: true,.        localStorageKey: 
false,.        appendTo: "body",.        maxSelectionSize: 7,.        
cancelText: "cancel",.        chooseText: "choose",.        clearText:
 "Clear Color Selection",.        preferredFormat: false,.        clas
sName: "", // Deprecated - use containerClassName and replacerClassNam
e instead..        containerClassName: "",.        replacerClassName: 
"",.        showAlpha: false,.        theme: "sp-light",.        palet
te: [["#ffffff", "#000000", "#ff0000", "#ff8000", "#ffff00", "#008000"
, "#0000ff", "#4b0082", "#9400d3"]],.        selectionPalette: [],.   
     disabled: false.    },.    spectrums = [],.    IE = !!/msie/i.exe
c( window.navigator.userAgent ),.    rgbaSupport = (function() {.     
   function contains( str, substr ) {.            return !!~(''   str)
.indexOf(substr);.        }..        var elem = document.createElement
('div');.        var style = elem.style;.        style.cssText = '
<<< skipped >>>

GET /nv-player/pw.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:51 GMT
Content-Type: text/html
Content-Length: 613
Connection: keep-alive
<frameset rows="0,*" border="0">.<frame src="UntitledFrame-1"
 name="header" scrolling="no" noresize target="main">.<frame nam
e="main" src="hXXp://VVV.radiobaladaalternativa.com.br/erros/404.html"
>.<noframes>.<body>. .</body>.</noframes>.&
lt;/frameset>.<!-- .                                            
                                                                      
                                                                      
                                                                      
                                                                      
                            .--> .....


GET /nv-player/player.swf HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.radiobaladaalternativa.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx admin
Date: Mon, 01 Dec 2014 11:47:51 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 162099
Last-Modified: Mon, 05 May 2014 00:17:23 GMT
Connection: keep-alive
ETag: "5366d893-27933"
Expires: Wed, 31 Dec 2014 11:47:51 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
[email protected]........!.....
[email protected][email protected]
[email protected][email protected].......
[email protected][email protected]...........@[email protected]
ectBorder....._.D....X.C.....................3.C..s..r.@....._.D....X.
C.................3...5hp.|.s..r.ND8..........................$.......
......this......tabHandler.R...........@.......`.>..>.........ff
[email protected].........&.....bo
[email protected].............&.....tabCapture.....
[email protected][email protected].......@.
[email protected]..................
[email protected].............&......@label.@..........
....;[email protected].#...p..(..<...........(...
... <.P.x......X.7..Y........./..z......h..>..q................@
.......W.O.. P.6......d........#.zI....&.X.>.U................@....
..._. .9..X.. .k....d........#*.JT.{=..............................@..
.....g..?.#.`...."....d........#2.A......?0.h..........C...7..........
[email protected]&!........?............c........?....
.........8.......?...mc_wave_1...................?...mc_wave_2........
[email protected].....#Pw.....#P.............***.
.-..............p...6.[[email protected].....#...
***............^...;.| ...... ...........@.....!..............@...
<<< skipped >>>


GET /wjFHehL.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Fri, 19 Sep 2014 21:00:59 GMT
ETag: "ea4ad3b1f73f64d9f7a10665ed592880"
Content-Type: image/jpeg
cache-control: public, max-age=31536000
Content-Length: 34404
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:51 GMT
Age: 5108613
Connection: keep-alive
X-Served-By: cache-iad2124-IAD, cache-ord1724-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 61, 254
X-Timer: S1417434471.099414,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
......JFIF.............@ICC_PROFILE......0ADBE....mntrRGB XYZ ........
....acspAPPL....none...........................-ADBE..................
..............................cprt.......2desc...0...kwtpt........bkpt
........rTRC........gTRC........bTRC........rXYZ........gXYZ........bX
YZ........text....Copyright 1999 Adobe Systems Incorporated...desc....
....Adobe RGB (1998)..................................................
..............................XYZ .......Q........XYZ ................
curv.........3..curv.........3..curv.........3..XYZ ..........O.....XY
Z ......4....,....XYZ ......&1.../[email protected]............
........................................................C.............
..........................................................Z...........
.....................................\.............................!.1
.."A..2356Qa.#47BRbq.$8ce..CDSUd....%&Tfr....9EHVs....................
.......................R.........................!.1.."2AQa.q..#3BR...
4br......56C.$cs.....D..~Fdt................?.6.]&..).....daU....9@J
^.b`r....\D..At.E...;l*"}.q.....uY...Y...*.1....4G..k..-k.v.....H#....
..o.-........b.QN.[.....B2.[:^....#&..8z.._1....0P1.. ......1D..../...
.(.duD.e......(..t<.YH.#2......U%Wf..G.)....... b`...".........C...
.....c.1........R.. K....|q&..X..y-.T...rR:...N%.....;.8.3|...\co.9...
b(..?!..`.n.t..[.m....D.....7>x..k.....w'.5....Vo..\H..5I.3uE..;D.]
.....9d.aD<...^......e...e.m.T..]-..Lc....t....g..i..W.eSe..Af.....
7...iog.#.2.R..}.L.<...L.2.H.1.."R4....C.....d.Q*N.c..%P.0...4.
<<< skipped >>>

GET /Ndvqfhb.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 07 Sep 2014 03:04:59 GMT
ETag: "5a1c947ba04becba8a69d6a850d43d9e"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 1527
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:51 GMT
Age: 1986225
Connection: keep-alive
X-Served-By: cache-iad2125-IAD, cache-ord1724-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 1, 3
X-Timer: S1417434471.284806,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR.......Z.............sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6
.......OIDATx...?h.g...oJ...R..%.D..E........S/kC......[JJ55[.....P\H.
_'[email protected].\.Z6H..5.*.....).d).Y".......w.....3.f.).8...}........b...1
.`...0AL.. &.L...&........b...1.`...0AL.. &.L...&........b...1.`...0AL
.. &.L...&........b...1.`...0AL.. &.L...&........b...1.`...0AL.. &.T..
..*.....}...|.....AE...X..vk}......Q...EL&.] (q..2.Ee..J.<..!...S;r
.~PQz...fg^........i... .^..TU....}..%}=..Wl]..".Z..z....u......Y.o6.L
& ..%oy.oH..[rry.k..vk..W......\^..b.o.As..7.....^y..N.....k.i0..>_
Tf.(I.6.%...Ak.k{G....I........m...-'.Wvck.9.:..CLNYi....g....n.....CJ
..u......x&7.Wi.v...o. ...knvF..1.A..... ..Y'..r..Kj......(.[.\{..Bw ^
.........-..........B.......19........8.........dA.XDnjA.K...F..9y.K.c
qy.n.;.....................uMN6.d.B..d.5....C.[..0.7'..h..M..=...n....
....rS..6..i=.......M.^y.......g{>..=;`..9....r...4.........J."..?.
...k.aanvF....?........{g.8..19e.XD...U....BY}...8P....mGxe;..h84.9...
A^....aa.0..pH......8.c@/ns&.M-.....o.9.............T;.U...&/G.mnw...[
...0.1..F2.Qi...........m{..*/.q9r.X^1O.W&..~&...P...$...-/).......8..
..su~.9.....~S4...>..){{Q.o~Q.RX..........52..u.]o......s.2.......]
g.....rryI. ..:=.....u#vA.....?.u...i6..i......4q1.....7F5..zc_..A....
 ..c...5....nWF9.a....%......y....&xf...1.`...0AL.. &.L...&........b..
.1.`...0AL.. &.L...&........b...1.`...0AL.. &.L...&........b...1.`...0
AL.. &.L...&........b...1.`...0AL.. &.L...&.......}K...k.....IEND.
<<< skipped >>>

GET /Cv8yKZy.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Fri, 28 Nov 2014 17:16:34 GMT
ETag: "d5f0c4c69cafeedee83ac50acf486b85"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 117423
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:51 GMT
Age: 239475
Connection: keep-alive
X-Served-By: cache-iad2140-IAD, cache-ord1724-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 1, 2
X-Timer: S1417434471.369129,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR...^.................sRGB.........gAMA......a.....pHYs
..........o.d....IDATx^...x.g...0.v......3[...L-h1333[.-.2..l...q.....
..Y<...;....p..}..jU.[.L&.g._.u_U]]U].............f[.`......`a.....
..f0t....E!....;..T...2Gl.\..&_.'l.m..(...........c`...|5...<a..!..
.G].vl.wCy{....@VU#...................b<&.....(l...7Z.`p.....c...|c
Rh<...\Gy...z'......vTw.#$)_L3q.......}.,.E....B.....%.s...\.1..4*;
.....&v~0.......mo.l.....q.....!!X.....H,[email protected]|".,.........eQ...
]....X...mN.s..!X.#.p....!O......:4..DRI.:v...g4...h;. &..5]S...G.....
I.O).6{_..3r...S..].....#.P..F.....5D`N..1s..ls...#gZ.a...`8......`.C"
....o....t.gN...C'o.[.UH..~..."....@\...D7..j{......?)P4..[.........oF
...G\^$.o@Ra ......0.g...c........U]1........e.!*....^...(.....\[..9..
......I.... X.n...&.7..x..!V..p@C....#`[email protected]...\a...X..
.!.<...>000...........G.....7.l..X/..nK.....U8......Xy..Sa...%..
....(..0.>....d6(H.~..\..NA1Z....C#....."...[.<.Dk.....<....\
T...n.'..,w.q&....q.h..BdZ..f.......]L.l.....H..DPB&.B...o.....'...T.o
..d.7.\Oj..;y..>.....c@...&.Z....Bl./.9I=8.......'..C..,)..q.X.....
....`..',<....k......,I..;9....p..;.......l.......$.Mnab..v...U....
.u....._e1j{.1.......4...q.(o.EFY;.JZ...~4$]..48.*.x.-nA0...&.........
.... .w....!.W...........K...}....9lu..lqR!=......v......H..B.^s...G.L
$j/.#....>[email protected];.#:Y...\.'..w4..a[P.^..R.....V.....d..#
(..........$#.".BQ..gP..r*.an..k..Z.#l\.......*x......5.....E}w>...
QX.... .U'..c...m...l.Dx....!.a$..a.....#Y}......._..v.^....`..R..
<<< skipped >>>

GET /0fF60fQ.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 07 Sep 2014 03:04:58 GMT
ETag: "cff4f48184734aedd36500dd4c0f9682"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 2023
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:51 GMT
Age: 7154129
Connection: keep-alive
X-Served-By: cache-iad2120-IAD, cache-ord1724-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 952, 1
X-Timer: S1417434471.505467,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR.......Z......4!.....sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6
.......?IDATx...1h.g...'......(K.......\2.CE.5.NY..R-.n..N..:..t..t)..
...D...=tX7..'K..V..r.t5..Y|.W}.......I...H.. y....>........ ._....
..e"... !......l..HH`[email protected]..$$... !......l..HH`..@B..
...............6..$$... !......l..HH`[email protected]..$$... !..
....l..HH`[email protected]..$$... !......l..HH`..@B........?..p'
......n. .7:.iG..o......x..............q...3....[G...D...c0..R....vt.^
..\...... .....wc}s..<;s..w.V6...._.....J?Z.._..&.~(...X{.......w..
........x7.wVc4....v.6...G.X....(......;.X:.....5J'..Z~...b4...!.C....
.GZ../D{....VDD4..Ge.8.O.......M....B... ...)N...p'Z..c4......}..s}...
......p....H...2...Q[x5:_l.x.z....9..........7....N.o..gQ*...l..#.q...
...X:....h...i.'....v..z...~............h........Q:Y...w.5Z..L..h.....
(..Q[x5j............^.&.....;.t.2W<tV9...........>..j...(...bv.x
4..GDDc.|t.....'_...K..i,....L...7..F}....h]Y..,G.{.X..Fe........y.N..
.3..T,...*s.,...F...h....g5Yk...x1?j.Y..'...^...x!.`.$.Z....f....B:k_E
DD..v.......v.....I..v.......$...I........9.d.'i....;"...p'*s.X..F....
...X....-.G.Voj........Z>... ........B>[email protected].
....D....,.d.}....X.......^v..X..o.{<E~.?v.n. *s...;..D........F...
.9.....Q..Z.3'...~..........h^..?......q..1...........6@"....>..Y..
...r~W....ylF<...J....%>.....^.?...Y.i.....xz..9...N...3.(W....h
O...x..w.q._..z)....Ga........(..f.{..h.Y....5j.g..'{.>[email protected].
<<< skipped >>>

GET /EeZYpJp.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 07 Sep 2014 03:56:53 GMT
ETag: "cd941d641087462929a51636ecda8b68"
Content-Type: image/png
cache-control: public, max-age=31536000
Content-Length: 266
Accept-Ranges: bytes
Date: Mon, 01 Dec 2014 11:47:53 GMT
Age: 2174474
Connection: keep-alive
X-Served-By: cache-iad2130-IAD, cache-ord1724-ORD
X-Cache: HIT, HIT
X-Cache-Hits: 1, 2
X-Timer: S1417434473.197692,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR.......v.......S.....sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6
.......bIDATh......0....Q.......(S&..........x.....q.?...N.._.........
........................@a..^.@......#..z.......IEND.B`...



GET /embed/Gjw4NCfc3iE HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.youtube.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Date: Mon, 01 Dec 2014 11:47:51 GMT
Server: gwiseguy/2.0
X-Content-Type-Options: nosniff
P3P: CP="This is not a P3P policy! See hXXp://support.google.com/accounts/bin/answer.py?answer=151657&hl=en for more info."
Content-Length: 0
Expires: Tue, 27 Apr 1971 19:44:06 EST
Location: hXXps://VVV.youtube.com/embed/Gjw4NCfc3iE
X-XSS-Protection: 1; mode=block; report=hXXps://VVV.google.com/appserve/security-bugs/log/youtube
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Alternate-Protocol: 80:quic,p=0.02
Set-Cookie: VISITOR_INFO1_LIVE=mZvidSZsQkU; expires=Sat, 01-Aug-2015 23:40:51 GMT; path=/; domain=.youtube.com
Set-Cookie: VISITOR_INFO1_LIVE=mZvidSZsQkU; expires=Sat, 01-Aug-2015 23:40:51 GMT; path=/; domain=.youtube.com
Set-Cookie: YSC=Z5e8luE5E2Y; path=/; domain=.youtube.com; HttpOnly
....


GET /subscribe_widget?p=razortutoriais HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.transformicehackers.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.youtube.com
Connection: Keep-Alive
Cookie: VISITOR_INFO1_LIVE=mZvidSZsQkU; YSC=Z5e8luE5E2Y; GPS=1; PREF=f1=50000000


HTTP/1.1 301 Moved Permanently
Date: Mon, 01 Dec 2014 11:47:52 GMT
Server: gwiseguy/2.0
X-Content-Type-Options: nosniff
Location: hXXps://VVV.youtube.com/subscribe_widget?p=razortutoriais
Content-Length: 0
Cache-Control: no-cache
X-XSS-Protection: 1; mode=block; report=hXXps://VVV.google.com/appserve/security-bugs/log/youtube
Content-Type: text/html; charset=utf-8
Expires: Tue, 27 Apr 1971 19:44:06 EST
Alternate-Protocol: 80:quic,p=0.02



GET /web_gear/chat/chat.swf HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.xatech.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2014 11:47:51 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 777
Connection: keep-alive
Set-Cookie: __cfduid=d837745ccecaa7ed3e99f39a0bd3371301417434471; expires=Tue, 01-Dec-15 11:47:51 GMT; path=/; domain=.xatech.com; HttpOnly
Last-Modified: Mon, 03 Nov 2014 12:40:03 GMT
ETag: "545777a3-309"
Expires: Mon, 01 Dec 2014 12:17:51 GMT
Cache-Control: public, max-age=1800
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 191f0d695ac506af-EWR
CWS.....x.US]n.F..Y..II.$......$NQ$...~(.....2T..R./B....@".je%oy..z..
.A.#...>..Co..%[email protected]......@..^..a....>.....R.
........7.....%.wi:.n.N.xR...4j...t.....Y,8......d?....Vk>.7....Q.O
'.9.^.p7k-.[~...'vs:...h...Mzz/u..i.t..%N.>.D,.w..u...M.1..C)..<
<.{]..R./.<.<k=....7.."N.......2>I.x;..Ae.....` .S....m...
pa.............i"x"..u.0-/c..d.Z...m...z.....\0.x*.xV.:.,K.eX.y....~.{
'.t!......be.q(.Z..g......ZW6.......i|.o.&.X.3..P7..4V...m.%d..1.T..H5
.Y.....VH.A..a..5.u.....7.o.n....&.C$u..~Ax..>.....=...P>.Z....4
SL.PW.4.e4..B....J..\L.C......a*.....M......c.d....o.... .....2..WC...
y.........o........^<.._V.........G..................<.....=....
.."}X .ZA...GutV..U..E.=\....<,;.L..fx3.K..N..L....9.J..x]."-..X)kR
...1y.{..a.e.....=.m...#E.......=X5..[.D.w...4..{..







The Trojan connects to the servers at the folowing location(s):







%original file name%.exe_472:




.text
`.rdata
@.data
.rsrc
@.reloc
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
USER32.DLL
-ORIGIN:"%s"
CET_Archive.dat
%s\%s
"%s" %s
Failure loading the trainer. Your tempfolder must allow execution. (Check your anti virus)
SHLWAPI.dll
KERNEL32.dll
USER32.dll
ADVAPI32.dll
GetCPInfo
GetConsoleOutputCP
c:\%original file name%.exe
/:c.hT
ZI%CI
%Foa5^
&%d)K
.UzC*
%CsbI.
H! #%d
$uc%u
.zM'C
6%U^0
7.Hw?o
A%C`2
~5`&9 ,[:7
N%u05 R
.yiCe}
gl%d%
.qh)F_p
T:.Vv
(K.VL
E|D.go
%%S.d[
%xXPZ
U0.Dq
.{odOdCMg.wI
H$.QU
F&RUdP
.og:d@o
8/L%c
O%c )c
#%umP
%f!xW
7-X5}
u@,%F
L)URlO
D0%UI
Nø0
.XwcX
S.SS.
'%FvQ
.MB<g'
5;n.bu
$'%xi9"
`%d]Pl
i-x}n
o%UQ$
kd'.Xa
%F">JJ
S.gR-K
R\.tU[*re
I.nr[
`-.um
.hXX#n
)m.Kv
d>.nC4
Y.Br^
<}'%u
5J.ps#
lexe`
N.oeg
Q%Fte4
zaR.OJ
iM%Cr]
JSSh0
.RzIID/
.qLl%y:
Ae.Ed
O_%U=K5
.VslZ
%7.BZ
0.aB<2
{.Mksn
S.cQm2
fx.tZ
CmDQB#H
9E.iw
R%uXO
vA.Kx
.SCam
dv7%xz
.NU#n[3
(K.Me
.bxSd
 @zJp%C
%x0Xs
5.xQV
A.Jfa
.EeR-
Q9"%CT
%Xb O7
;`.CJy)
I%s0r
.mE@5
4S%7S 7SG
%FYr7
=.AYJ4
.qY'0
%f=UQ
( .VD
V]quW%C
.UWO^
cmdy
L%U_`'t
"#T.Cl
-2)*1 1 33  
b.UrQ
hL.XoX
VuXK%X
u`a}0;p%s!
IV.Ma
,'A%X
5O!_%c
-O.Nv
l=C%s
X.tev
.eWQW
.gN T
h4q%x
;I[`)%C
k .KH
@%UVe
P.EIQ
.bq%)E
:~.No
W.YRY
\Lx|.Cw
S{.zY.
i,.oN_]
.cY4{
r.ruvi
Ftp&5JT
*Vb%F
Sqlo
þ*o
#TGg.VK
tm.NW
%0SiSPN
QK.gB
#%xjQ
S.JTl
m%XQk
9!;8!;8!;
.rPga2
Ol.Jeog
"-j}J
GN.Ul6k
hUW.gM
f.Yrh
Ì^(
o%2%f
.kE6;K
}4i
.BSu4
# *-T}
T.UHG
/|(|,|*|)|
/-(-,-*-.-)--- -/
/](],]*].])]-] ]/
û%N
Â%K
%xB$d
Q9UP%UQ
UB%UJ
S"%S*
S%US-
9.EN4
H0Xx,x"x*x&x.x!x)x%x-x#x x'x/
/} }(}$},}"}*}&}.}!})}%}-}#} }'}/
.yW<F
.BW!Y
.bW1Y
.RW)Y
.rW9Y
.JW%Y
.jW5Y
.ZW-Y
.zW=Y
Û%L
%xB$dB%tRM
7>81$141,1<1"121*1:1&161.1>1!
T%UK5R
B1I5K5[%U)Tj
q$.II
,W.SnRfT9
}=}-}%}9}#}
-icz6}>
g.fL9K
?| |0|8|$|,|2|*|:|&|6|.|>|!|1|)|9|5|-|=|#|3|;|'|7|/|?
%UJHI)-i
/~$~<~2~*~:~6~>~!~1~)~9~%~5~=~ ~;~'~7~/
?~0~(~8~$~,~2~*~:~6~.~!~1~)~9
%xB DB&4B'
.SI*EE
.lw5Cy0
;.8.:.9.;
;^8^:^9^;
;>8>:>9>;
;~8~:~9~;
%CrJ.iDrK
%x2x*x:x&x6x.x>x!x1x)x9x%x5x-x=x#x3x x;x'x7x/x?
%|2|*|:|&|6|.|>|!|1|)|9|%|5|-|=|#|3| |;|'|7|/|?
%~2~*~:~&~6~.~>~!~1~)~9~%~5~-~=~#~3~ ~;~'~7~/~?
TH*%U
'] ]$]"]&]!]%]#]'
%-&-!-%-#-'
%C)P*$
OF{%d
u-s}A\G
/~ ~(~$~,~#
#/ /"/!9
!<" ""!*
5F#%SZ
|*~&~.~!~)~%~-~#
/>(>!>%>->/
90 0*0&0)0%
)? ?(?%?-?#? 
>.-.=.#.7
.51595=5 5;
&-6-#-'-7
:#*#.#3#7#/
727671757377
;&8&:&9&;|
;[8[:[9[;
;;8;:;9=
ua.AY%]
&1$:4:,:<:":2
?< <0<(<8<$<4<,<<<"<2<*<:<&<6<.<><!<1<)
N).gW
?&?3?/??
.OWoWO
kNn.inm
;(;,;";!;%;-
18(8,8<8
%COC/B
c%S`,
W.NZt
.iIpr
#8R.nY%S
eaC>%x
%DZ 5
~2.EB
%C g@r
.GM c
%FQKuT(
_.KsU
&<.Ze
71.HC
jx!-a}
I.HV}
%uG$=
NQ~%D
.xNOdO\
.RuIz
.chSf
5h0%cH
A:.FW
?W.zt
9Q$ %C;EM[O
.p%d"D
):.tn
.Or]6
b/.IgQ
OUK%xpK
td%c@
{.IRYb
!@%cNJF
aX.ybkV
f.pc6
%c(:;j
7%uscB77R
1V%X1w6
%>dSH%ft
&.iv'
4i.jk
Q7.qc
D5%6um
aS.oC{|
KS%xp)
<ih.ly
.umlI
.Bm9r
Q.bX{
0w.sOe
*%dz&Y
X8*Ga.rb
x.Xx!
<u.Uv
`.data
.idata
t.Ht2Ht6Ht:Ht>
F&{00000000-0000-0000-C000-000000000046}
3This binary has no widestrings support compiled in.
6This binary has no unicodestrings support compiled in.
&{3FEEC8E1-E400-4A24-BCAC-1F01476439B1}
&{663C603C-3F3C-4CC5-823C-AC8079F979E5}
&{BC7376EA-199C-4C2A-8684-F4805F0691CA}
.Owner
cheatengine-i386.exe
cheatengine-x86_64.exe
CET_TRAINER.CETRAINER
CET_TRAINER.CETRAINER"
Ancestor class for "%s" not found.
rtlconsts.sancestornotfound
Cannot assign a %s to a %s.
rtlconsts.sassignerror
Class "%s" not found
rtlconsts.sclassnotfound
Duplicate name: A component named "%s" already exists
rtlconsts.sduplicatename
rtlconsts.sduplicatestring
rtlconsts.semptystreamillegalreader
rtlconsts.semptystreamillegalwriter
No variant support for properties. Please use the variants unit in your project and recompile
rtlconsts.serrnovariantsupport
"%s" is not an observer
rtlconsts.serrnotobserver
Unable to create file "%s"
rtlconsts.sfcreateerror
Unable to open file "%s"
rtlconsts.sfopenerror
rtlconsts.sinvalidimage
"%s" is not a valid component name
rtlconsts.sinvalidname
rtlconsts.sinvalidpropertypath
rtlconsts.sinvalidpropertyvalue
List capacity (%d) exceeded.
rtlconsts.slistcapacityerror
List count (%d) out of bounds.
rtlconsts.slistcounterror
List index (%d) out of bounds
rtlconsts.slistindexerror
rtlconsts.smemorystreamerror
Error reading %s%s%s: %s
rtlconsts.spropertyexception
rtlconsts.sreaderror
rtlconsts.sreadonlyproperty
Resource "%s" not found
rtlconsts.sresnotfound
%s.Seek not implemented
rtlconsts.sseeknotimplemented
Operation not allowed on sorted list
rtlconsts.ssortedlisterror
Invalid stream operation %s.Seek
rtlconsts.sstreaminvalidseek
Reading from %s is not supported
rtlconsts.sstreamnoreading
Writing to %s is not supported
rtlconsts.sstreamnowriting
Unknown property: "%s"
rtlconsts.sunknownproperty
Unknown property type %d
rtlconsts.sunknownpropertytype
Unsupported property variant type %d
rtlconsts.sunsupportedpropertyvarianttype
rtlconsts.swriteerror
ENoThreadSupport
ENoWideStringSupport
=?&{7B108C52-1D8F-4CDB-9CDF-57E071193D3F}$TMultiReadExclusiveWriteSynchronizer
BasicEventWaitFor failed in TMultiReadExclusiveWriteSynchronizer.Beginread
ENoThreadSupportt
sysconst.sabstracterror
sysconst.saccessdenied
sysconst.saccessviolation
Missing argument in format "%s"
sysconst.sargumentmissing
%s (%s, line %d)
sysconst.sasserterror
sysconst.sassertionfailed
sysconst.sbuserror
sysconst.scannotcreateemptydir
sysconst.scontrolc
sysconst.sdiskfull
sysconst.sdispatcherror
sysconst.sdivbyzero
sysconst.sendoffile
External exception %x
sysconst.sexternalexception
sysconst.sfilenotassigned
sysconst.sfilenotfound
sysconst.sfilenotopen
sysconst.sfilenotopenforinput
sysconst.sfilenotopenforoutput
sysconst.sinvalidfilename
sysconst.sintoverflow
Interface not supported
sysconst.sintfcasterror
Invalid argument index in format "%s"
sysconst.sinvalidargindex
sysconst.sinvalidcast
sysconst.sinvaliddrive
sysconst.sinvalidfilehandle
Invalid format specifier : "%s"
sysconst.sinvalidformat
sysconst.sinvalidinput
Invalid floating point operation
sysconst.sinvalidop
Invalid pointer operation
sysconst.sinvalidpointer
sysconst.sinvalidvarcast
Invalid variant operation
sysconst.sinvalidvarop
Threads not supported. Recompile program with thread driver.
sysconst.snothreadsupport
sysconst.smissingwstringmanager
sysconst.ssigquit
System error, (OS Code %d):
sysconst.soserror
sysconst.soutofmemory
sysconst.soverflow
sysconst.sprivilege
sysconst.srangeerror
sysconst.ssafecallexception
sysconst.siconverror
sysconst.stoomanyopenfiles
sysconst.sunknownruntimeerror
sysconst.sunderflow
An operating system call failed.
sysconst.sunkoserror
sysconst.svararraybounds
sysconst.svararraycreate
sysconst.svarnotarray
zstream.sseek_failed
zbase.sneed_dict
zbase.sstream_end
zbase.sfile_error
zbase.sstream_error
zbase.sdata_error
zbase.smem_error
zbase.sbuf_error
zbase.sversion_error
1.1.2
FPC 2.6.2 [2013/03/17] for i386 - Win32
GetProcessHeap
GetWindowsDirectoryA
kernel32.dll
oleaut32.dll
user32.dll
version="1.0.0.0"
<requestedExecutionLevel level="requireAdministrator"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
%hXXp://VVV.globalsign.net/repository/03
"hXXp://crl.globalsign.net/root.crl0
&hXXps://VVV.globalsign.com/repository/03
 hXXp://crl.globalsign.net/Timestamping1.crl0
%hXXp://VVV.globalsign.net/repository/0
[email protected]
&hXXps://VVV.globalsign.com/repository/0
-hXXp://crl.globalsign.com/gs/gscodesigng2.crl0
4hXXp://secure.globalsign.com/cacert/gscodesigng2.crt04
(hXXp://ocsp2.globalsign.com/gscodesigng20
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
6$6(6,606
7 7@7\7`7
2$2,242<2
mscoree.dll
KERNEL32.DLL

iexplore.exe_132:




%?9-*09,*19}*09
.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
SHLWAPI.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
rsabase.dll
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
watson.microsoft.com
IEWatsonURL
%s -h %u
iedw.exe
Iexplore.XPExceptionFilter
jscript.DLL
mshtml.dll
mlang.dll
urlmon.dll
wininet.dll
shdocvw.DLL
browseui.DLL
comctl32.DLL
IEXPLORE.EXE
iexplore.pdb
ADVAPI32.dll
MsgWaitForMultipleObjects
IExplorer.EXE
IIIIIB(II<.Fg
7?_____ZZSSH%
)z.UUUUUUUU
,....Qym
````2```
{.QLQIIIKGKGKGKGKGKG
;33;33;0
8888880
8887080
browseui.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
Windows
Operating System
6.00.2900.5512

FP_AX_CAB_INSTALLER64.exe_192:




.text
`.rdata
@.data
.rsrc
@.reloc
SSj%S
SSSSh0
HHt.Ht%Ht
PSSj%S
tOHt.Ht
tGHt.Ht&
&Macromedia Flash Certificate Authority1
[email protected]
E.YY&~g
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
CertFreeCertificateContext
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertCreateCertificateContext
CryptGetMessageCertificates
atl.dll
1.0.5, 10-Dec-2007
(VVV.memtest86.com). At the time of writing it is free (GPLd).
bzip2/libbzip2: internal error number %d.
This is a bug in bzip2/libbzip2, %s.
Please report it to me at: [email protected]. If this happened
component, you should also report this bug to the author(s)
of that program. Please make an effort to report this bug;
timely and accurate bug reports eventually lead to higher
combined CRCs: stored = 0xx, computed = 0xx
{0xx, 0xx}
codes %d
code lengths %d,
selectors %d,
bytes: mapping %d,
pass %d: size is %d, grp uses are
initial group %d, [%d .. %d], has %d syms (%4.1f%%)
Y@ %d in block, %d after MTF & 1-2 coding, %d 2 syms in use
final combined CRC = 0xx
block %d: crc = 0xx, combined CRC = 0xx, size = %d
[%d: huff mtf
m unresolved strings
depth m has
%d pointers, %d sorted, %d scanned
qsort [0x%x, 0x%x] done %d this %d
%d work, %d block, ratio %5.2f
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
operator
GetProcessWindowStation
USER32.DLL
Morpheme.pdb
OLEACC.dll
PSAPI.DLL
KERNEL32.dll
GetKeyState
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
ShellExecuteW
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
GetConsoleOutputCP
GetProcessHeap
GetCPInfo
Morpheme.exe
zcÁ
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
stdole2.tlbWWW(
?jp_msgFormatVersionWW
_:p_msgDataWWW
p_expectedMsgFormatW
I:p_urlWWW
.zp_dwStateWWW
p_sourceURLW
p_refURL,
urlW
Created by MIDL version 7.00.0500 at Wed Nov 19 14:08:56 2014
B.Ors
.NBQB~
3%3,33393
>">)>.>5>:>
apphelp.dll
devrtl.dll
pcacli.dll
secur32.dll
propsys.dll
kernel32.dll
advapi32.dll
psapi.dll
crypt32.dll
msasn1.dll
uxtheme.dll
dbghelp.dll
oleaccrc.dll
oleacc.dll
ieframe.dll
profapi.dll
userenv.dll
mscms.dll
d3d8thk.dll
d3d9.dll
powrprof.dll
dsound.dll
winmm.dll
ntmarta.dll
dwmapi.dll
version.dll
CodeSignRootCert
\System32\Macromed\Flash\FlashPlayerUpdateService.exe
Shell32.dll
Advapi32.dll
FlashInstall.log
mms.cfg
.json
_pepper.exe
utilExeFilenameBasePEP
_Plugin.exe
utilExeFilenameBasePL
_ActiveX.exe
utilExeFilenameBaseAX
InstallFlashPlayer.exe
{FEC7EF28-53E7-4f06-8F56-FA6D670C8D3C}
HTTP/1.0
Wininet.dll
fpb.tmp
FlashPlayerUpdateService.exe
hXXp://fpdownload.macromedia.com/get/flashplayer/update/current/install/install_all_win_
hXXp://fpdownload2.macromedia.com/pub/flashplayer/update/current/sau/15/install/
hXXp://fpdownload2.macromedia.com/pub/flashplayer/update/current/aih/aih_sgn.z
M/15.0.0.239
Msimg32.dll
window key up
mscoree.dll
KERNEL32.DLL
=This installer is not compatible with your operating system.
.Programme d
compatibile con il sistema operativo.
.Programa de instalaci
n no se admite en su sistema operativo.
.Installatieprogramma van Adobe Flash Player ^
r inte kompatibelt med operativsystemet.
.Installationsprogram f
vel com o sistema operacional.
m opera
;Ten instalator nie jest zgodny z tym systemem operacyjnym.
15,0,0,239
FlashUtil.exe

InstallFlashPlayer.exe_816:




.text
`.rdata
@.data
.rsrc
@.reloc
SSj%S
SSSSh0
HHt.Ht%Ht
PSSj%S
tOHt.Ht
tGHt.Ht&
&Macromedia Flash Certificate Authority1
[email protected]
E.YY&~g
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
CertFreeCertificateContext
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertCreateCertificateContext
CryptGetMessageCertificates
atl.dll
1.0.5, 10-Dec-2007
(VVV.memtest86.com). At the time of writing it is free (GPLd).
bzip2/libbzip2: internal error number %d.
This is a bug in bzip2/libbzip2, %s.
Please report it to me at: [email protected]. If this happened
component, you should also report this bug to the author(s)
of that program. Please make an effort to report this bug;
timely and accurate bug reports eventually lead to higher
combined CRCs: stored = 0xx, computed = 0xx
{0xx, 0xx}
codes %d
code lengths %d,
selectors %d,
bytes: mapping %d,
pass %d: size is %d, grp uses are
initial group %d, [%d .. %d], has %d syms (%4.1f%%)
Y@ %d in block, %d after MTF & 1-2 coding, %d 2 syms in use
final combined CRC = 0xx
block %d: crc = 0xx, combined CRC = 0xx, size = %d
[%d: huff mtf
m unresolved strings
depth m has
%d pointers, %d sorted, %d scanned
qsort [0x%x, 0x%x] done %d this %d
%d work, %d block, ratio %5.2f
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
operator
GetProcessWindowStation
USER32.DLL
Morpheme.pdb
OLEACC.dll
PSAPI.DLL
KERNEL32.dll
GetKeyState
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
ShellExecuteW
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
GetConsoleOutputCP
GetProcessHeap
GetCPInfo
Morpheme.exe
zcÁ
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}\InstallFlashPlayer.exe
B.Ors
.NBQB~
stdole2.tlbWWW(
?jp_msgFormatVersionWW
_:p_msgDataWWW
p_expectedMsgFormatW
I:p_urlWWW
.zp_dwStateWWW
p_sourceURLW
p_refURL,
urlW
Created by MIDL version 7.00.0500 at Wed Nov 19 14:08:56 2014
5555555555555555555
.>.>.>.>.
6(6(6(6(
P;.xno
fJ.Fh
XFQ.BN
o.gGp
.rnG8
pg"b.dE
$(EK%Sq3
T^.Fu
o!.zg
&9n%S(
keyN
h.tgg
m.kty
|%F!!Slk
mX.fO
~1.hT
.AZK6'
%fkWj1i
%u0$Q
%Xjeo
9e?B.SH
urLXun
.qV*g8
Q8!5|%u
Jd.CM
pk.Su
$%uOC
L~ExEy
:s.bh
,.Qwi
%Cv~/
.ktjl
OA!%c
Sqv.CE
=.idE
hn.hm}
.FRBqT
FY%x 
R%C[Eb
2.cdZF
 .kYS,,
%Fu(b
0D*%DhL
%DsWGq
.cDgF
p%CRq
?.pb'I
hg.RP
0%Uey
P;.Gx_
~-ZG}
0 sy%xd6
7.oyz-
*Z.fj'
!.XztV>
7v]%s
.TD!s
2H-ONTuj}
.Uno33O
u.TfX
v.mZh
ú7t
H%.DS7a.=
ÞJBB
8Y.ywb
%U`>k
w.Iu/
V.ltN
$WN%s
X=.dI
ugY-,.yXy
xd2.hL
N[4R%S
zT.dm
o.ZVA
pI%C{
m"'WeB
z%ugY?`
sl.ZV 
1.HvV7
.dyWr &G
.CeKG
?>%fxs
:>.eC
p:.Uf
.mYuT2l
.TRHa
.SHrv9
9Om3%C
%u&^7>
7g%s"
L%UJkV
Eq.lC-
[#&3PS%u
J.Do3
.Vb<U
{.Fn~
tw!r%Dz*
!s%uN
W{Ú
CpF%X
_,.nH
.zG//
B~*.*
.kR[@C
(.UTa
I:S.qXUo
.Fw:Q
?.qk&
^t{.NJ
8N.FtKG
j.Fmv UI
m%.cJ
x`%Ct
TzY{%S
p%Fw|
um.tt{`
d.UHcz
.eLHfZ
×@#
Z*H%sP?
Q%X~`
t%-j}]
iE.sgO
Gh%dN
7~.Ud
E.TK`
o.qM(
a-%u`W
R%x=*|U6/i
-A1I}
\s3.aS
fkSSH
r%xnO
h-jxduy}S|
h<sIXp%fu0C.
%UsH/G
!8] .4/*
mb;F%d]
.rOPO
-o}*:s?
.gN'K<
.MZrm
%uzqz
W%Dh3l
nXEe%C
J;'.JCg
4?.qm!
<uP5rw%c
2m$%d
 .ki0
iN%ux
O.ovxHW
%F@/V
.wMaI
c%f,BsR&D
`aM%s
m*.oFnO,
x0{.ikdyE
{o>%UR)
w%dhd
Bo%S~>"1W
n.lo)
v.aRXuy|kf
Th %x
?t.mw!p
.xT);
.wbY=&
D/Q.kM
JS.aD
.hTx&
}.At]
L.lM&
WB.rH
tË^0FT/!
UX.Mj
4`^.eN
5%.bO
.zoQD
o`S%d
{W.tJ
.bjl 
M<%X$q
c.arB
p|.wp.
Q*V\%S
/L%c!^o4
.uXpKG`
`vt.kY4-P-H
J).orQb}&
g).ww|
.MO*f\
%fW`g
2d%fq&
4@'%D@aw;T
;.DuIX
NtCP
%xn9J
l\.Pi
qCÏg
[uURl
u!'?%uh
I.oW=/z
=h.LW1
-./@\'[5
0Kz%u
.rCHh
.bb9;
(%S548
T-.Yk
.mL7;
yg.Va
j]%uY
%u>Wx
!]$ôy
),=3$^_$
pv.NP
A.hn*
.rpeQW
gV%D(
%cx*s.b
.QcVk"
n-.cxS]3v(
D2.WQ
"D8'%D
)w60%cIqr$}
'y?%C
mkG%DQ
]`%dv
f.dj&
 {3h%D\@
.iQl]
$l.Nnb
yg%U*9[
$Ë=K
VJ\\%S
j'.mr
.Ck ]
]gd.Od
.niC#
N.Wk7
Ks`%u
a_~%c
pS.Vc
P.pl:J/%
dZk%F
 qM.eF9
.LV*C
<V.Fu
.Vr$H
u2%XMH
SEt;[F&]Ï
5=.gK(
.vYt6
8n.dL
B".lT
 .GkA9
R#.lx
O3%s8Ab
[email protected]
eFv.prW
zd.VxQ
:.dKs
x].hS
1/@[%D
.CIs{
dOb.Rbkw6K$
&.LghK
&<.ttu~
%1x%]U
F.qm1!nQ
Os}}.Ue
%Xv0{
%xg&8
.zDa;j
(%d_R
r%fsX
fs.aq
hz.QB
;hZA×aN
zP.eQ9~
1).lX
ft'#%u
4_m%s
\%xD[
9(u|O
oa%Dw
/\Q.zG
n.AIf
%SIM[
5M%CL=S?
\.dCMIS
;eXe7
f)%d`
5.TJ|
yo-5}y
<|<%U;
(.FZI
m%c?;
T.WQ5
BpNby!..klU
c%UGe
tFtp
r7þ
%UBF_
:;~.dD
8r&*%C
630%U{8_
.Zq]|7).
.Lj]i
.snp2YV
0@%u*
.VG(<x
.apt}
.otx(
;-.wY.fK</\
t.TFj
<%.f~VT
2.rtb
(IkYZ%c`
Wl.dG"-Aqp
.mBrU1
.DYU"
ruF:/%F
O =.vk
<~<.cY
)7%X4%
K.zR'
&.Keex
/PD
.adOc
f%X@Qj@
H.vEf
B%u*n
%u<Ny'
.jd[$,
j.vd6
%uSb!
`,f.CB&E
@7sQl
ZCMD
I7E%C'u
6);.bq
S!%UE
.yy=3
%.Cxg
r1m.ql
;"h.MY
.ikbu[
.iZ}%
ph.Sh
3p.ZE
zi_H%x
hGC.iI{
}%s$!
fN%SO
MyE%F
S(g0%u_@c
m_.Cz/
*.TbC
^%X<i
'>.vyFV['
~d5%u
z.jyN
g.fc. 
iD.Oy
Q>:%c
%Fp0J
.Sk(0
$F%F@<<
rK.LIr
.mmtMy8
b&.Id
 h.By
}/%S_
xd1gL%D
.wnLf
A{H%D
U.Rls
Q.NDW
%U8-f
x.Es1
ck8%D
.Vs=U
,Q'@.zS
n&%C_
.sr=F
#.RWpV!
n.OL?Zc
3HF%dS_
A{Q:
%Sd=&'
c%c=WB9
.lj^9
H`[4S.DRa
Ch.Wk
*ýM
JAR%sg'
.iMcy4p
y.ub)
[R.mjP
R!.mb!
?"b.Wx
.KSs@
eJ7.mdE&
.zIAC
j.kh,
_.LR"
^R%q>.GS
.syY".
{X L-LH}J
ü)n
cX.TA
\~.Ec
{=b_KeY3_
~.iKu
_/.kO
o3i%Xk
.kBlz
v}C.Qs
.DL;'
N%S#l
d.rn(
~&.Lo]
%f/h]
1??3%S
t9 .Vk
N>.UM
.OjP;B
6c.lk\%NL
-# .Vl
.amkp
c..rM
& .Cv&
,.czHT
d?B)-o}
.OX{*
.Fono
%?5%S%v
DB].jVR
.vo.e}#E
.Fk")N
.lh{@v
5 Î
W%cq5l
ra%xf*
û1N
( Z|E"T%S
W.Be ^C<
["x{.KZX
N.wr/
.wb4f
`F5 %uO!LD3m
j%.mf
.Gff[@
%U=5"
imk.RSQ{
c%D{2
}%9UJ
lZF%C
Ykey
@W.ii
.BW;Q
HWDo%XT
w%U[`9Ky>
P.&x%X
A.ZfN
T-qE}
a.aTzs
sS
"@%xX
/%s.:u
_~.BS*4
J}L%s,
5NK!%s
%XK`F
R]%8S
Gm.SJ
1vl.xIKM
.rhHj
9,C-%F[xw
1.qW|
O.GR]FA
X&g.Mt
Q.RPF
%cr6 
Q.glf
.jt81
..Ho'S
.zY[nx
U%X/_
.IYy\
FE.Hi
%D%o/
.ZWuz
#Ì,{v^
A_.PV
#.auN3n
5*6%sJ
.%D=T
.yIuC
j%DTFWu_
9Ht%SOMIN8
SA%XA
h".yi
.SB#*"FnU
.yg8|Q
.oZ47\
V.aaH9
.HHp)" 1
}Ër"blOd5
lL47yf
eZ%w%u
.zz7Y^
.HiAa
Z}%Uu
=,.wY
W%cxvrH
/T|e-m}
c<f.OEz
suuDP1
#.Mg]Y
.uk)Y
SO %Ul
w.lAS_j
}b%X=
.FN0Y
^Z.do
a!P4"%F
;Bf%U
.^%u>F
x.B.WU
ÏQkmO
j h%d
s%xu<
(o*.mA
YI.AjxJn
%Dq.6
z%u=7
.Vo@*
Pv.Za
@R{p.oy
7.ZC%
re%xT
.FETlFDk
C%xBrE
2ú@
hf.Fx
û,xR>T
.RAJMDEm
r8UDSH5<O%f
Xj%xe
.LoI]
".OLv
%X_l2
Ou.oS
W8n .wv
S?.tX
P*.Ok
{=:X.Qr
"^n.El
Dr5%s?
.tWaz
.nj*N
.Vx5-m
-s}^0;5|
.XKHS
q-L5}
lHG.cd
a.JtXh
zS%X?
Uw.ErBN
RC.Yb
.Zed#
.Do@FRm
.Fa*S``$
`f.UU
s.XRt
.wFEZM!
5%fyv
.Cyf]
:qT%f
(37%u
%d:_t
Vg.kNH
(.VgW
(h.Nd
ML![c%ST
q$l
bUrL
AKr6#%d
Bo.Xy
9%UloC
-F}4Yb
%c w#8
N,-n}
cN0%x,
Vp%c{g
6GJ%c
5H.aB
0).WP
E .ged&%]g
.KGR.Z
_.ywREI
EdX>%Dx
7\l%x
.HX?u
m %c~
"j%cy
CY>%s4
%Cy|\V
Yxn.Fz
ð<~
F&.MnJ
8.shH[
'_.hF|J
Fm.mA
.sQ7l
)%S\%
Ü1c
Pef%D~
.CFn~1ZX
/)cVjTr)c'.Bx
.AlMK
Yh.JQH4
M.ElQ
T_%5S
,tFlT
1Ca.af
?%u2z
B>%Uhr
ED\.PfZ
.dA$>
.uLGQ!
ah.Dk
.Ivnewfz,
2e.DP
uz%dJ
L%c#@
]SO.QA
$.sAh
`*.WH
w{A%F
JL%XR
G.YG=
R.Xn_G
4%2S@
$a.Gp
=P%snO
w4.G-2}[
QX.yt
s*.Nv
w,fB%stAj
6k~%x
TUDP-C
%.Ao~
/5.NSc3n$P6t
S-[%C
}D.no
"GMSG
.Nz_<
"OZ%X75
.TNtv
#NDPd.mP
.sJtq
n.ru-
.SSWb
eCc.Bz
~%FM]
X.srM?
,b.ze
h=Z%d
na.WX
]#.jD
\ia%d
%C&xz
gp.aM
Z$7%u
G^.XdgU
*O.ew
d.Ooj
.szjAu
.ood<
*@".Hu
<8l8%u
]\v%f
.%Fu-
pBF%X
%.kg7
Ä(2:
2K.nB!3
m!.pa
av=%d
*p.sn
4.Re\r
.Hgs\
.QS12
.LwXu*
G.Ô
*EY.tq
 H0%F
nkEy
v.qTm"
.hP05
u{f
.Tgh5
Qx.nt
R.HbA&
]{%x-F
%fLWN
.WzDI
B\L8.vUK
g:.KcKo
.mkf,%
%#/%D
!R  %U1
.fi~a)&}
x.pK.#Y
G%ui4
.Hvc&
\.YiZ#O
LjFB%s
Vg%%F
8.sCRH
TmK%f
).Xk|h$
%D.~'
y6g8.xjK
c%sZ1B
%fZmI
.Mq5z
7VÅ>
.Bcq=M
LP%UV
g~.PI
S%frK
).Sze
rAÓ
H"'%x
.Rbwf
CMD]Tsrsa
\y.oI
QW%CR
o-&1%d
.ct5%
Y1.iC
GR.ByK;2$
eek=.vfE
.eB)a
0FF%X
.laCIR
.oF}V
5%JS%2xa3
7.cC66y
6.wFF
B<.em
M\S%U
%SI.*
gV/%F
wKey
.yu qZ
.hN7y
N .Fj
.zABB
.YT8i
UP^.nR
<{
.lw)%
.wO!|W
.fdnSG
.PP4R
1%Sz7
mJ%fp;H
>B%S]
.fCZDCL8
.VOhzqG#
[.JZK84
x%d#.M@
=N%XF
JHDt~R2w%2s
.QfOYg
%c&h}@P
zksql
.tf]B&
GmZ.nk
.CFFu'
`z.tw
^Mh:O.WGCZr
]ee
r*e-3}
.naA04
s{%3U
.Emmz
`.NE(T^
}fTp`&
{=z.Md
Bk.NV
?_G.GFr
ieXE
3vq%u
Ftpt
P.qw7B
.YJ}#
%dZxR
.NW!t
%fN8@
I9.Uo?
.dx3? 
pN.kz
.mMZS
mb%S5
k0T%S
U32.U.iq
.RRwe$
%xRYuL
\gz}DCf..dF
Q&.jO
uO6%u
xy[.fHz
m~h.KCW
y`,%s
.rxh|
.6.Zb
L.PuG<
k.yjV
,rT%X
.LX(W
%s9>e
b.XjHr
!Nl.pHU
<Ec-%l\.Ma
[email protected]
`.wWc
Xy.yJ@
5.yJj
U.QE'
.Qy%A
S(".ov
vTcp
Y.WYN9
g%X!G
.Ia\$n
.Sf3 
0.qb"(q
@%Dhv-
jN%sz
.GbxT
3JS.Uo}
-AxD}R
..Vj\
*.xn*
.Pgvy
Rh~r.so
.CKVA
U<5Wk3.hW
þC.
`.cA{X
AW.po
8}X.kQ0a
 .Ypk/
A%Sln
uDPHX
-%sFVX
-eHO}
j.DXk
)%S1^
pD%x{
.tfZT&
{.pJV
OkyH.zn
g@Mg-kO}
Ff%U0
%dW[g
.fW.qf
j%d/B
.XKyP
.IDYvK
&%fNr
.rgBS# ?C
.DR CC
I.WL6
g.gh.
mL.Rs
9.WoG
.ve=\
.CPXlX
.HU]2T
a:.vY
tGMSGz1
..RV&
eu.dE
s$\0%C
,j,<%s
b7.jaAt
9%9u"
r.fzD
;.Vr8^9
U,.He
S.NbM
.janQ
.mC`;
r|1%F
"T.Ha
3%SuR
y8:m%d'
.KMI#=
!Qo%D
uDph
%xh#;)%
{6|X/.qqu
") %C
q%dsr"
>*.Lf
 P%.c
>.kVd
fG.fd
UH%-P}
%u c)
S.jGK
.PX|!
}O.vc
,S%CO
%uR]2Z
v*cRt
<*,!$_9:
.py;G
2e.Hq
9%Cr r$P
o.yUv
Fv#tE~%F
SSH$e
.pKb}
..hx/
T:%u`[hBw
GeXE2Cx28
!x.xM
d]`.lu
K%5S^
_%xN|Qs
I8.rq
7.Ba$
#w.fC
Yr.ME<
.CZMgBv^
%5Xc}|OCH
%u&}F
 Yp%S
.bZ[.
.QQ}J
y%%Uw?(
%dhoC
HM%cR
fL%Ux
>b.zwa
0o.wU
.Klsf
.ZoeX
C.ZGd
n%x"H
(.qkA
yyr.bg
99W.IS
.IJ'_:
h.fFL
zdBB%x
8.lB&
poRTBc
2zÚ
.HB66f"gU*
k%S7M
.nF|sq
T_!%u
* .TuU
].spxl
K.zul:
<M.MQ
G.PuwJ
(.RX*
.He=(
Z %uxYM
.lc=]
3C,
8b.UA
tiO%C
.xDDr
[.lzu
C.gLI/
.Urov5
P''U.Ow
;%FvS
F].cw,
%X`m`
x-B}=cj
rmV-v}
8 .Vb@
X.LDH
 .KGB
d%Dl0
%SMYF
6[.sw
ZO.KnN
*U%cr
m\.eF
NB.ZT8
eZ>%C
C,PU.UZ@
*K.sbT
.I%SW`
~ od%f
6~.gU
%D!Z=
=z/%CQ]X
}@.Re'
2%uIf
>q%fPe"3|
h%D}F
.KaKd
.vG1@
l.xNZ
l.sZ0
.sOD/h
.QDw!
.ud-rf
!Zc.elT=&
) w.na
l%sfd
Xzi[%f{.
%D.]1
r%U<~
T:8%s=l
.VQPQ
4~D1.hK~2
%R<.EY
7b(%uA
[%d&!
4f.tpt .J
2)]%F
.dMj!
.WTTr
ÅiZ
l.Tsm
$.LXH
i.gVC
0#.ijS
%sNN@
 .bWZ
X$ü
,8.Jk
.cbMt{C
:.uz-
DUe.ir
hftP?
.YL_Y
%dyn2}
.|.jl
AEKatd%u
n.DmH
3%SdE
nO.Xr
24.ho
S.qz0)mHe
at.Fv
$c1.IZL
3i%C\
q%d~^
cW.lWj
SI.YT
%u'?%
P.ER)
\ÌQ[
r.Ra?
$|%ft>
gp.po
.bgf(
ki!X%Sy
.WkQ4
<@q
lftP
%fqw-|
%u4Lk
"2_.Mj
^U %dIdT
.Mbce
FGb.qV
S4D%s9
 W9%C
>~;%S
_%U_r
%ÞX
-WH
6.jXU
Q=.mr
@%XW:
%fr0f
V N%D
.sq{R
l?:q.ZZ
-3}RO~q
"%ut'B#\x
.hh5b
5te"|l.mU
a*i%D
7m.AF
.jm!~
XO.fi
.bIL3
.YN0^
h-S5}~
|.Fg`R<
90'W%F@
%U]=f3
.nat0y
.Ab1M
5.Sl{
9Rc"3.xq?J
?%C{gz
.IZmE
%D#!M
%fU T[*
.gm-o
ec.ah
Xb a.jQ
!dm.wq
8,u%f
.Un6I
.RAQo
%fLjg
9$.GT}L
%d'VY
.APDg
s}.vWI
.nn_#
bg.gq
 .Isj
<AS.SN
.EZdPsc-
.yvzT
hA?%x
#D.AW
a2.ll1'a
%.EGN
=Cy%f
IB%s}o
f{%.ij
BcRT
.PQ,aOX
.gABs
U&.Rq
x.XX#H
}WtCp
.yP/6
JûBh
2.dUm<
.dDL^
osL%X
t'.wB
B;[%c
t%Cp'6
z.dEMH
.YSCn
a<pgk-s}
cf.Jm
.Hn;3r
%xTrN
!.DEs<k
T'.TG[
SQl9P
%fS#/
w:‘di
f^.qa
`v%DrRn
.jBz%
$en%f
D.mV!
Ul.qRYP
/'/.iB
%sHu}
NI %X
-O.RE
Z.sJ'4_
uI%cJ
s}{,<%F
L??.zU
H`.pv
w%Cmo
< r%d
:><%U
.dLfl
.vXBy"Vo
%xbq,
w-=.md
ylÚ
.QDgx
b)ME.pw^
q%3uyUB
Y.fES
.Lg/w
cmd6R
R.ZY"
%x!x:
S%u0p
?.WN,B^t9
T.gNf
,;d
y.wJC~}?
}!1%u
%CQ,]
ðl O
$-%ux,w
dUDPg
AU}.XF
7{.Ap
/.HtY
w@%x%
<.uwo
o.hPC
aA:%d
~'%.C
.ASsS
9U.Uy
="7)" /.
.Kw\PK gL
.uEst
.RDGH
1.TX[~B4
!6W%f
|.Xv;
|J.fo
.Wm~~
C8.mr
.eEX_
s%X[b
W$%Uf
*L!%X
|.kqz
9|Ì
D.dG8
-.Lj8
-HU}gb6(l
.PI`n
q:\_B
?.rr<
<.SuA
%X-!?
%DHL)
=60.fv
t.GEV
!.guS
Yb(W.VO
}.vC{]zJ
.BDp@
iuas.iG
&!%C$
Q:\h#9>
Ã/75
.lkqE
7e%Sw'
)!œ
,.NOd
%%SQ2!X 
UDPv?5
.GZor<
?O%XGX
~l.Kt
jZ.aE
$R.af
.dLF7L
S.Hq*
.dy"x
!D.Fa
CsW.uu
%X!C@
|[N>..TC
 l.aw
{%u7{
.GhE.u
.uvK#L
R%UhV
.mRFE
C%2Sf
4&.Ke
XyK%SE
 $.uT
|v.ipzc
|L.Eg
\.kjA
Q%x4z
XWEb@
%C|{L
?F%Sr
.Fz Ws
On.ZK>
p.fSr
kd;%C
y-Hx}
Ú l
v.DP@
U H%C
%1Xl__f
`?q.AE
f.Dqf
f.IjO
9`.da
.P6.AGA#F
`.rZz
z:\1,
Ji%DUo
.irSN
N.jB$
4.lH`jj
:m;Q.hV
.Cub]
.0h4V%8s
)#h.Fn
v.iD1P
L0%Xd
V.aW{
I0.jX
DÛ4
-@`%C
\.LKN
%u:XT2
%S<\\
O:\}xff
.pdJ$
.^,.ji
f%X.G
.wc'$
/YP\%X
 :%x"]
.CrRX
B.bz$
%F>Yw
l%urz
tCpe
33)B.RN
~ .uX
%uHxs
-.WTZ=
%d/HvMu
-f},Zd'
f%UIn
.cxhz
R.Kk\
7t;Z%F
S:\m'(
]O.Ag
..xSw
F.Bku
s.TVh
.NtV$^
z.DO[
g:\oe
Xd=.xfZ
bd%Dho
j.VI&
"pdkp.rd
.qB v
lurl.11 O
,.ma>
KT@
H.JbJ
a4%dl
|.fm|}l
.wkD{
Z.rl%
|a.Sq
p.UB`'}
3.Qm;
>:%u8xd
.cHw<
I9.Ah
d-D%u
.Scw`
]{p.vnw
$x5%s
/~%3U
r:U.FV
.oS $
auDpZ
Yxc#weB
di.oe
.rUp`
%6s$j
T%fhr
|UY%UX
yB.VT
u8.ICG
S.xeo
D.GFBH
.hBdL
%y.mM_
9>d.Xh
D.CsS
/[.yv\
iZ&c.hI/
" .Qi
j%c[m
S2.oY
4 U%X
%u)Wo9
"%Up#
>~.nL
zSiQ.RTm}
.fD5g
lk.MDB
umSg
.LX*9*
/U.Fn6dh5Nh
[email protected]
hmSG
.AxU;
92.zB
j.QgG
e.ybo
 %sGa
X.vD,a1o
<assemblyIdentity version="15.0.0.239" processorArchitecture="x86" name="Adobe.FlashPlayer.Installer" type="win32"></assemblyIdentity>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
3%3,33393
>">)>.>5>:>
apphelp.dll
devrtl.dll
pcacli.dll
secur32.dll
propsys.dll
kernel32.dll
advapi32.dll
psapi.dll
crypt32.dll
msasn1.dll
uxtheme.dll
dbghelp.dll
oleaccrc.dll
oleacc.dll
ieframe.dll
profapi.dll
userenv.dll
mscms.dll
d3d8thk.dll
d3d9.dll
powrprof.dll
dsound.dll
winmm.dll
ntmarta.dll
dwmapi.dll
version.dll
CodeSignRootCert
\System32\Macromed\Flash\FlashPlayerUpdateService.exe
Shell32.dll
Advapi32.dll
FlashInstall.log
mms.cfg
.json
_pepper.exe
utilExeFilenameBasePEP
_Plugin.exe
utilExeFilenameBasePL
_ActiveX.exe
utilExeFilenameBaseAX
InstallFlashPlayer.exe
{FEC7EF28-53E7-4f06-8F56-FA6D670C8D3C}
HTTP/1.0
Wininet.dll
fpb.tmp
FlashPlayerUpdateService.exe
hXXp://fpdownload.macromedia.com/get/flashplayer/update/current/install/install_all_win_
hXXp://fpdownload2.macromedia.com/pub/flashplayer/update/current/sau/15/install/
hXXp://fpdownload2.macromedia.com/pub/flashplayer/update/current/aih/aih_sgn.z
M/15.0.0.239
Msimg32.dll
window key up
mscoree.dll
KERNEL32.DLL
.Installationsprogram f
.Installatieprogramma van Adobe Flash Player ^
r inte kompatibelt med operativsystemet.
m opera
=This installer is not compatible with your operating system.
.Programme d
compatibile con il sistema operativo.
;Ten instalator nie jest zgodny z tym systemem operacyjnym.
vel com o sistema operacional.
.Programa de instalaci
n no se admite en su sistema operativo.
15,0,0,239
FlashUtil.exe






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    InstallFlashPlayer.exe:816
    FP_AX_CAB_INSTALLER64.exe:192
    %original file name%.exe:472
    %original file name%.exe:1572
    %original file name%.exe:1912
    

    2. 

  2. Delete the original Trojan file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan:
    

    %Documents and Settings%\%current user%\Local Settings\Temp\{D09AEC29-5300-4066-8249-F4C940A0F49E}\fpb.tmp (1796 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{441F25F9-D280-4A11-B8EC-82F2D2BF5CCF}\fpb.tmp (6296 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}\InstallFlashPlayer.exe (130014 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\%original file name%.exe (200 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\CET_Archive.dat (22433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\%original file name%.exe (46383 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\CET_TRAINER.CETRAINER (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\lua5.1-32.dll (563 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\defines.lua (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\win32\dbghelp.dll (4438 bytes)
    

    4. 

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now