MD5: 97cd61564b9acc6f54524025b2b89656
SHA1: 2a1939f6d39cc7eff2cf9126dcc6a79e1603901d
SHA256: 396ef3870bb7243454ea2bd470e341c722f03e8e1fc7f03ea65d549b4becc184
SSDeep: 12288:XUaAUeqZXM39PjQ77BEI4FGSWy1d7gQNPCR qmkZAw5jw8 2vBY86:XRA0S2BPK1d7gKCR q8iq
Size: 548352 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: ASPackv212, UPolyXv05_v6
Company: no certificate found
Created at: 2016-01-14 13:06:08
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:1200

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1200 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\MSINET.OCX (132 bytes)
%System%\MSCOMCTL.OCX (5442 bytes)
%System%\drivers\etc\hosts (1 bytes)

The Trojan deletes the following file(s):

%System%\drivers\etc\hosts (0 bytes)

Registry activity

The process %original file name%.exe:1200 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A 8B 87 10 20 BB 8E 13 60 6D D5 5C 02 67 C1 B5"

Dropped PE files

HOSTS file anomalies

The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 1132 bytes in size. The following strings are added to the hosts file listed below:

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: i3Vieweri3Viewer
Product Version: 539.520.0169
Legal Copyright:
Legal Trademarks:
Original Filename: OmmmirrrCron VVerrrsion Nnnew w.exe
Internal Name: OmmmirrrCron VVerrrsion Nnnew w
File Version: 539.520.0169
File Description:
Comments:
Language: English (United States)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://ghs.l.google.com/
hxxp://bootstrapcdn.jdorfman.netdna-cdn.com/font-awesome/4.3.0/css/font-awesome.min.css
hxxp://bootstrapcdn.jdorfman.netdna-cdn.com/font-awesome/4.3.0/fonts/fontawesome-webfont.eot?
hxxp://googleapis.l.google.com/ajax/libs/jquery/2.1.1/jquery.min.js
hxxp://go.oclaserver.com/apu.php?zoneid=374354	78.140.191.72
hxxp://onclickads.net/apu.php?zoneid=374354	78.140.191.69
hxxp://scr.kliksaya.com/js-ad.php?zid=180694	216.185.100.67
hxxp://blogger.l.google.com/img/icon18_wrench_allbkg.png
hxxp://scr.kliksaya.com/ba/180694/pekalongan-kommuniti.com	216.185.100.67
hxxp://scr.kliksaya.com/js-ad.php?zid=180696	216.185.100.67
hxxp://ghs.l.google.com/feeds/posts/summary?alt=json-in-script&callback=pageNavi&max-results=99999
hxxp://scr.kliksaya.com/upload/ban/71/GBR071192.gif	216.185.100.67
hxxp://scr.kliksaya.com/ad/180696/pekalongan-kommuniti.com	216.185.100.67
hxxp://star-mini.c10r.facebook.com/plugins/like.php?href=https://www.facebook.com/pekalongankommunitycom&width&layout=button_count&action=like&show_faces=false&share=false&height=21&appId=798935126842574
hxxp://scr.kliksaya.com/js-ad.php?zid=180695	216.185.100.67
hxxp://photos-ugc.l.googleusercontent.com/-JbKcdfpLIpY/VGPWTO9Us7I/AAAAAAAAA9g/WT3xvYm_J28/s1600/btp.png
hxxp://scr.kliksaya.com/ba/180695/pekalongan-kommuniti.com	216.185.100.67
hxxp://scr.kliksaya.com/upload/ban/69/GBR069736.gif	216.185.100.67
hxxp://www.pekalongan-kommuniti.com/feeds/posts/summary?alt=json-in-script&callback=pageNavi&max-results=99999
hxxp://img1.blogblog.com/img/icon18_wrench_allbkg.png	216.58.214.201
hxxp://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css	94.31.29.154
hxxp://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/fonts/fontawesome-webfont.eot?	94.31.29.154
hxxp://www.pekalongan-kommuniti.com/
hxxp://www.facebook.com/plugins/like.php?href=https://www.facebook.com/pekalongankommunitycom&width&layout=button_count&action=like&show_faces=false&share=false&height=21&appId=798935126842574	31.13.91.36
hxxp://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js	216.58.214.234
hxxp://4.bp.blogspot.com/-JbKcdfpLIpY/VGPWTO9Us7I/AAAAAAAAA9g/WT3xvYm_J28/s1600/btp.png	216.58.209.193
1.bp.blogspot.com	216.58.214.225
2.bp.blogspot.com	216.58.214.225
apis.google.com	173.194.113.206

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /plugins/like.php?href=https://VVV.facebook.com/pekalongankommunitycom&width&layout=button_count&action=like&show_faces=false&share=false&height=21&appId=798935126842574 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.facebook.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Location: hXXps://VVV.facebook.com/plugins/like.php?href=https://VVV.facebook.com/pekalongankommunitycom&width&layout=button_count&action=like&show_faces=false&share=false&height=21&appId=798935126842574

X-Content-Type-Options: nosniff

X-UA-Compatible: IE=edge,chrome=1

Content-Type: text/html

X-FB-Debug: 8QmIdtEcJ7LM8X7wm xNxbULyq7iv7pMxv4WkHcBSXHpzupj7/mbxXvFFfJlpLqTzqFoSLcSh6vmkbJOVl9W3w==

Date: Mon, 14 Mar 2016 00:10:47 GMT

Connection: keep-alive

Content-Length: 0
HTTP/1.1 302 Found..Location: hXXps://VVV.facebook.com/plugins/like.ph
p?href=https://VVV.facebook.com/pekalongankommunitycom&width&l
ayout=button_count&action=like&show_faces=false&share=false&height=21&
appId=798935126842574..X-Content-Type-Options: nosniff..X-UA-Compatibl
e: IE=edge,chrome=1..Content-Type: text/html..X-FB-Debug: 8QmIdtEcJ7LM
8X7wm xNxbULyq7iv7pMxv4WkHcBSXHpzupj7/mbxXvFFfJlpLqTzqFoSLcSh6vmkbJOVl
9W3w==..Date: Mon, 14 Mar 2016 00:10:47 GMT..Connection: keep-alive..C
ontent-Length: 0..

GET /apu.php?zoneid=374354 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: onclickads.net

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 14 Mar 2016 00:10:45 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Pragma: no-cache

Cache-Control: private, max-age=0, no-cache

Expires: Mon, 26 Jul 1997 05:00:00 GMT

P3P: CP="CUR ADM OUR NOR STA NID"

Set-Cookie: OAGEOa2766=3|UA|63|KHARKIV|BROADBAND|PITLINE LTD||15610|25314|?|0; expires=Tue, 15-Mar-2016 00:10:45 GMT; path=/

Set-Cookie: OAID=8770713aa2f1b7964f5b45c9faba2d43; expires=Tue, 14-Mar-2017 00:10:45 GMT; path=/

Set-Cookie: pbk2=060d21c7f650c26cec773819499e8a116261694003787196926; expires=Mon, 14-Mar-2016 00:15:45 GMT

Content-Encoding: gzip
13d8.............{k_.J....).(&m.. D....h..V....&. A .@@..?..*.......;/
.....Z...*......./...3T........... ........B....~.Z[S.....d..O....n5.w
q)....,.[[.....*...A[.z...v.r..J#............Rm...gL..e...l.8...h....8
/>d..@..?..E..S#x...U..ZcM.g...a Q..C.....h...V......YE..-.H....p.0
..r?F`[|...<5......VA.F.\q.K..,.cDTLU?[. ..!.......7.I1.h7 ...dHLk7
^..,Y..Y5...C]..MMc_62i..`9e7o....T7..\>..7.rFO..eW.......hiEI...."
.f..?..fA...iF7....j..fj.RV..#e.(..e}'...b'..|EQ.F.!]Kj6m..3.^>./..
...........?.....^.Y;zz.....BZ.m6...&..93.....E.s@@......l...\....;..v
.J.Y.V.2.#..N....>..=K.eU]S...]|.-...C5WH ..F:8...\hH?..a....{=.)..
Y5.#....t.(.ki..0.&.a....._Lfa:...3.......-a.NYa.3e5..6......i.;..f...
....#.g....p..m6.Ki'..2.B.`q&...}.d.J..2...g5|R....#..dIc.&...?P..I...
.f.C....H.]....i...>=.M.xCrY...:,.gM..!.hB...5..I...<..FqLF...Vq
..*H.Y.uW.A..;PB.Q=bVN.[..w.NX.6/X..iHxW............5$y.hHYI.........A
wZ.t0...0.HW7.9!p&.yT.,.".f;..[m.([[...5.w......G.jkjm.%^..^XzlH[.....
.Y[......N.Cu$.Y[.jk....n........1g4r.....}MC.....n...9C..U.../.n.w.*.
.y.z....~0....n}o..N.Z..7..G.......#/.....t..&...$.G..D...9..9<R..~
............=.....hH...>.9.2a3..2..p..t....^..{.......?...H...>.
..0.t...E.ak...q_.ri...!....V.....g...2L.......!..G.VV.&.U...a..X.X..u
@..N.xrN..`8.;=.7lH$8.9.f........A.%..!....c1.......I.g7...u..I...KC..
...G....~.....^.B....6.[...u..../.:3.=....}..#.k}..7=B....-.....eKm...
......W/..=...6..@6..~sD.>..G.5....s..>..4...`D.u.......}^7...5i
2F~..6(...n..wg....Cf..6}...e>.....W.5.4.xaYh.=.9..B8=....`'XxA
<<< skipped >>>

GET /img/icon18_wrench_allbkg.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img1.blogblog.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Date: Fri, 11 Mar 2016 12:51:10 GMT

Expires: Fri, 18 Mar 2016 12:51:10 GMT

Last-Modified: Thu, 10 Mar 2016 16:48:44 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 475

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=604800

Age: 213576
.PNG........IHDR.............a.~e....PLTE...... J.4e.............u..l.
.e..c{................................................................
.........Y}.T|....`v.`w...............................................
..............[q.............Eq....__^[email protected]
^[email protected](33.Cf....qR......"..@....*.v&.g...X.="6.Xz.$/".3.;.R\...
.Mb.((...J...R...pK.OY.0...Q......q.r3..r.v...b...j ..h.r....<._...
l.}lY........o%....b..d,l/. .........N...ig.K.....IEND.B`.HTTP/1.1 200
 OK..Content-Type: image/png..Date: Fri, 11 Mar 2016 12:51:10 GMT..Exp
ires: Fri, 18 Mar 2016 12:51:10 GMT..Last-Modified: Thu, 10 Mar 2016 1
6:48:44 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Le
ngth: 475..X-XSS-Protection: 1; mode=block..Cache-Control: public, max
-age=604800..Age: 213576...PNG........IHDR.............a.~e....PLTE...
... J.4e.............u..l..e..c{......................................
...................................Y}.T|....`v.`w.....................
........................................[q.............Eq....__^......
[email protected]^[email protected](33.Cf....qR......"..@....*.v&.
g...X.="6.Xz.$/".3.;.R\....Mb.((...J...R...pK.OY.0...Q......q.r3..r.v.
..b...j ..h.r....<._...l.}lY........o%....b..d,l/. .........N...ig.
K.....IEND.B`...
<<< skipped >>>

GET /-JbKcdfpLIpY/VGPWTO9Us7I/AAAAAAAAA9g/WT3xvYm_J28/s1600/btp.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 4.bp.blogspot.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

ETag: "v3d9"

Expires: Mon, 14 Mar 2016 15:39:42 GMT

Content-Disposition: inline;filename="btp.png"

Content-Type: image/png

X-Content-Type-Options: nosniff

Date: Sun, 13 Mar 2016 23:44:39 GMT

Server: fife

Content-Length: 182

X-XSS-Protection: 1; mode=block

Age: 1569

Cache-Control: public, max-age=86400, no-transform
.PNG........IHDR............. 1.....}IDAT8...... ..aFp.G`.F....Q...E.b
...%}#_ =R.....=[.#..d....8...-.G..T.T .........A.{,..Q97R.l.....e....
.0.4H.";........./....A?.....O....IEND.B`.HTTP/1.1 200 OK..Access-Cont
rol-Allow-Origin: *..ETag: "v3d9"..Expires: Mon, 14 Mar 2016 15:39:42 
GMT..Content-Disposition: inline;filename="btp.png"..Content-Type: ima
ge/png..X-Content-Type-Options: nosniff..Date: Sun, 13 Mar 2016 23:44:
39 GMT..Server: fife..Content-Length: 182..X-XSS-Protection: 1; mode=b
lock..Age: 1569..Cache-Control: public, max-age=86400, no-transform...
PNG........IHDR............. 1.....}IDAT8...... ..aFp.G`.F....Q...E.b.
..%}#_ =R.....=[.#..d....8...-.G..T.T .........A.{,..Q97R.l.....e.....
0.4H.";........./....A?.....O....IEND.B`...

GET /upload/ban/69/GBR069736.gif HTTP/1.1

Accept: */*

Referer: hXXp://scr.kliksaya.com/ba/180695/pekalongan-kommuniti.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:49 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

Last-Modified: Tue, 21 Apr 2015 05:55:02 GMT

ETag: "22c1bd5-4441-51435affdc57b"

Accept-Ranges: bytes

Content-Length: 17473

Connection: close

Content-Type: image/gif
GIF89a,...............................................................
......................................................................
......................................................................
.............................................c........................
...........c...............c...........c....................~.......|w
.....o....4..~............n.....i.....t...xec..^..Z....{\...xd\..Z..4.
.Z..Y..X..}}}U..X..W..V..V..4..~yqQ~.U~..eMty{.ePT{.zvp.pkMz.sssJw.Pw.
Pu..[AWr.Et..c..ZE.c.No.kkk.`PAp..O56l.pe\;l.Hi..]O7i.[bktZl.L53e.Ab.0
_.8Y.UTT.I;.c.WSMfOA.9#.c.HQ`.-.^I:OKG.9$.4.,CbR9,444 5R.4..(N&''.'<
;! .c.c...=.....c..4....c..4..........................................
......................................................................
..............!..NETSCAPE2.0.....!.......,....,..........H......*\....
..#J.H.....3j...... C.l....L(S.\.....0c..I....8s..i.. [email protected]....?....!
..b..J.J....X.j......`....5..h.,.].....p..-. S..$b!...P......L...... ^
......#3>......3k.......x..t.Y,.... .).#J.c..M.....s...........-..0
%i..Y.......3...I0...y*&..CA.<9..N......._/...-l.w.O.>}-..w.....
....[#.0#.B.,..#.4....F(...Vh...f....v.....`..].a.....".th.".Z....*.'.
.&^GI..|.....Q." .i..H&...LF(.|tt.F.ZLie.X....n.B..^x.. X^...R..F.]...
.....B...c.x....|..B0c....o.Q..g.z& V....^.d. ..ji..........B..)....j*
%"Z....Z.j.........B....:..cp..#>*..$..k...&....6....F ...Vk...>
.d...................-...qk.1 KI4.:.........../$$@..)..B...W..*.0..&.P
.A....0..#.0*......:BoB..k..(........!...K.4...,....*...F....F0...
<<< skipped >>>

GET /ad/180696/pekalongan-kommuniti.com HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:47 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

X-Powered-By: PHP/5.4.30

Content-Length: 1416

Connection: close

Content-Type: text/html
<html><head><style type="text/css">..ot{border:#FFFF
FF 1px solid;background-color:#FFFFFF;height:58;width:466;overflow:hid
den;}..at,.at A:link,.at A:visited{font-family:Verdana, Geneva, sans-s
erif;font-size:10pt;overflow:hidden;margin:0 auto;font-weight:bold;col
or:#7700FF;text-decoration:underline;}..ab,.ab A:link,.ab A:visited{ov
erflow:hidden;margin:0 auto;text-align:left;font-family:Verdana, Genev
a, sans-serif;font-size:10pt;text-decoration:none;color:#000000;}..ab 
A:hover{text-decoration: underline;}.</style></head><bo
dy bgcolor="#FFFFFF">.<div class="ot">.<table width="468" 
cellspacing="0" cellpadding="2"  style="height:60;">.<tr><
td width="50%" valign="top" align="left" height="35"><div class=
"at"><a href="hXXp://click.kliksaya.com/click.php?aid=2841007&zi
d=180696" target="_blank">PELANGSING TERDAFTAR BPOM</a></d
iv><div class="ab"><a href="hXXp://click.kliksaya.com/clic
k.php?aid=2841007&zid=180696" target="_blank">AMAN, MEMILIKI IZIN B
POM. PESAN SEKARANG DISKON 40%! KLIK DISINI !</a></div><
;/td><td width="50%" valign="top" align="left" height="35">&l
t;div class="at"><a href="hXXp://click.kliksaya.com/click.php?ai
d=2844505&zid=180696" target="_blank">Gaji 30 Jt/Bln, Mau?</a>
;</div><div class="ab"><a href="hXXp://click.kliksaya.c
om/click.php?aid=2844505&zid=180696" target="_blank">Kok bisa..? Ha
nya modal 100ribu bisa dapat 20juta dari facebook ?</a></
<<< skipped >>>

GET /font-awesome/4.3.0/css/font-awesome.min.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: maxcdn.bootstrapcdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:44 GMT

Content-Type: text/css

Content-Length: 23739

Connection: keep-alive

Last-Modified: Thu, 22 Jan 2015 19:53:38 GMT

ETag: "04425bbdc6243fc6e54bf8984fe50330"

Server: NetDNA-cache/2.2

Expires: Thu, 09 Mar 2017 00:10:44 GMT

Cache-Control: max-age=31104000

Vary: Accept-Encoding

Access-Control-Allow-Origin: *

X-Hello-Human: You should work for us! Email: jdorfman [email protected] or @MaxCDNDeveloper on Twitter

X-Cache: HIT

Accept-Ranges: bytes
/*!. *  Font Awesome 4.3.0 by @davegandy - hXXp://fontawesome.io - @fo
ntawesome. *  License - hXXp://fontawesome.io/license (Font: SIL OFL 1
.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url(
'../fonts/fontawesome-webfont.eot?v=4.3.0');src:url('../fonts/fontawes
ome-webfont.eot?#iefix&v=4.3.0') format('embedded-opentype'),url('../f
onts/fontawesome-webfont.woff2?v=4.3.0') format('woff2'),url('../fonts
/fontawesome-webfont.woff?v=4.3.0') format('woff'),url('../fonts/fonta
wesome-webfont.ttf?v=4.3.0') format('truetype'),url('../fonts/fontawes
ome-webfont.svg?v=4.3.0#fontawesomeregular') format('svg');font-weight
:normal;font-style:normal}.fa{display:inline-block;font:normal normal 
normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webki
t-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;transfo
rm:translate(0, 0)}.fa-lg{font-size:1.33333333em;line-height:.75em;ver
tical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font
-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571429em;text-align:ce
nter}.fa-ul{padding-left:0;margin-left:2.14285714em;list-style-type:no
ne}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.142
85714em;width:2.14285714em;top:.14285714em;text-align:center}.fa-li.fa
-lg{left:-1.85714286em}.fa-border{padding:.2em .25em .15em;border:soli
d .08em #eee;border-radius:.1em}.pull-right{float:right}.pull-left{flo
at:left}.fa.pull-left{margin-right:.3em}.fa.pull-right{margin-left:.3e
m}.fa-spin{-webkit-animation:fa-spin 2s infinite linear;animation:
<<< skipped >>>

GET /font-awesome/4.3.0/fonts/fontawesome-webfont.eot? HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: maxcdn.bootstrapcdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:44 GMT

Content-Type: application/vnd.ms-fontobject

Content-Length: 60767

Connection: keep-alive

Last-Modified: Thu, 22 Jan 2015 19:53:40 GMT

ETag: "f7c2b4b747b1a225eb8dee034134a1b0"

Server: NetDNA-cache/2.2

Expires: Thu, 09 Mar 2017 00:10:44 GMT

Cache-Control: max-age=31104000

Vary: Accept-Encoding

Access-Control-Allow-Origin: *

X-Hello-Human: You should work for us! Email: jdorfman [email protected] or @MaxCDNDeveloper on Twitter

X-Cache: HIT

Accept-Ranges: bytes
_...y.............................LP.........................P........
..............F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.
n. .4...3...0. .2.0.1.5...&.F.o.n.t.A.w.e.s.o.m.e. .R.e.g.u.l.a.r.....
BSGP...................T..q..u..*.......Y.D.M.F..x...>..........)Y.
.....h..D....pj....f.i..)..U.'.&a..;`.*.../.....V...B.....OV..r.n.:..{
$2D....:.&...m..d ..CeH.\../o.......U.M....X.`?....?.A....C...@..'.(g~
......%(.Jl.&zw.....W#.mw".].At.....k.......p....E....[..=.gM.........
........go..W.R.q...`{.ZwUF.........o ..D.p)A8.....$..M.#.>..?.....
.. d.No2..L.......<.t.....B..T..a....<...`.......e.SO.....cI[.p.
.E1R*.fMd.....>..2V.........z7..&. .....f.&#.V.(8....aR.....x.Z\R.e
..$.Vw.......K......gs.......*.... ..dI......6......)...rj..:Z."1.'...
<....'.Q/....8..).B..5..tgk.AM.)...|~...."....2.... h...(.&.c..sw..
.(....h.Dg.k...w..zm%.f....//5.%....}....k.......... ...@....[#.D)..J&
lt;..?YAT.......o.s%....Z...G).5....#R'...#...).... R.....Z.z... ._...
.K&%'5.....(b.....Y..i_......|B.>U.......<q2i.....Q....7.....<
;2.._.y\n..9..u w.'!.p.5...q..u [email protected]..'d...5.,.Y_.M.i.....
[email protected]....`Oqi...b...5..p......E1....x..............F?.....
fS...n.>m"fE...u..n=.y..`LA&C.2].W&o.2pKDRI...3L...px..$.P ...p.P..
......$..........,a2T..X.!......av.....q.v,KZ...E..r?Z....m."..#&?.>
;.i]G^....Y....E&.(m>..?.hp..X..G.e^J...9[|...}...b..b..........P|q
.......ka<..j$.....t5LG....i..#....h..W.kR..T.2...Of.e......b\~...f
Ah..L..La.......!...P~e...0.l [email protected].
<<< skipped >>>

GET /ba/180695/pekalongan-kommuniti.com HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:48 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

X-Powered-By: PHP/5.4.30

Content-Length: 474

Connection: close

Content-Type: text/html
<html><head><style type="text/css">..ot {border: #00
0000 1px solid;font-size:10pt;font-family:Arial;position:relative; wid
th:298px; height:248px; overflow:hidden;}.</style></head>&
lt;body bgcolor="#FFFFFF">.<div class="ot"><a href="http:/
/click.kliksaya.com/click.php?aid=2844347&zid=180695" target="_blank"&
gt;<img style="position:absolute; top:-1px; left:-1px;" alt="Dapatk
an voucher Rp 5 jt!" src="hXXp://scr.kliksaya.com/upload/ban/69/GBR069
736.gif"></a></div></body>.</html>...

GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Date: Fri, 11 Mar 2016 12:25:04 GMT

Expires: Sat, 11 Mar 2017 12:25:04 GMT

Last-Modified: Fri, 16 Oct 2015 18:27:31 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 29497

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000

Age: 215141
............{..../....CD.....);.;.1..d.N$.........$f.....y.|.[...F..%.
.{.:q4......z............w...n.l......^.....?3._...Y. VKu..2.R..[...6.
.y...m~....Z..e.r~....[%.y...h.~..&g.Uv7..../...z..m...(.f..n./w..jn..
.l(x,&~.,..f....2.?.j.Ym|O.b.....|{............./.`..ww......B..{4.|R,
..k....C..w.b..#..o..h4VY.v..!..U.Z..NM.r}...)]P...w.5.....f....nS,...
nf........:.......;........eT....&b..,..b.o.j.].2..^......../z...v..b.
.T.|.=.P....?.........P.......k...x...a...ew.Y.V...Q '\(...ns..V.p...&
lt;.K.S.|9........l...j...n...>...3.w..0C...[Q<.].C.....t..q(..a
.2...]..T...&4.E...\.....T\B..7....x........[s.....t.6.[...%%....M..*m
.}.b...0.....e.....T/.g...*...z=..{..2.mQ...lw.*.o......,r..2.m..; ...
.w|,g...|...^F.v;.L.#^.t<.GcT..N....~....#...Dm.%....Gm.<ut...E.
...v".q..i.C.....T.&...D.z...v.,.........V.0.:KV.y./K.9m...hZ.l. .t.u.
[email protected].. @..... H..(....3mEQ.....A
....b)s.gh8...7:=......i....v.2..)V2.....-...Gf..k.d.4|.*.............
..t....C}lx...y..f.../. .n..<Ns....aI..T..!...a..r.:.8..Ht...j.v..P
.]..M..G..48.#W..&..f...Or2....vL5.]9.P....."m..U.A.....x.._.W1.'..6|.
,ES.5......qw....t .)..W.V?..=.n...oU............U..g_-....=c.2p@W....
._..S.H.7.;.....x.w..<..F..D@..|......U...z...{J./....3.)..B.2.}^GM
E..B..MOA..NJ.y7.....j.c...6..kzI...H..wg.........y.'A.....K.D..X.... 
L.m..4^.s..M3..].V...^[email protected].~..xO.g...x..7...<.>i8Oq.a...
F=.(.A..hK...RK.........2....2._..x...&Bk.!. .).9.s.k|...../N.%...s...
....28...P.!`[email protected]..~4......5b&X...)U...[w[......HR.
<<< skipped >>>

GET /ad/180696/pekalongan-kommuniti.com HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:47 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

X-Powered-By: PHP/5.4.30

Content-Length: 1426

Connection: close

Content-Type: text/html
<html><head><style type="text/css">..ot{border:#FFFF
FF 1px solid;background-color:#FFFFFF;height:58;width:466;overflow:hid
den;}..at,.at A:link,.at A:visited{font-family:Verdana, Geneva, sans-s
erif;font-size:10pt;overflow:hidden;margin:0 auto;font-weight:bold;col
or:#7700FF;text-decoration:underline;}..ab,.ab A:link,.ab A:visited{ov
erflow:hidden;margin:0 auto;text-align:left;font-family:Verdana, Genev
a, sans-serif;font-size:10pt;text-decoration:none;color:#000000;}..ab 
A:hover{text-decoration: underline;}.</style></head><bo
dy bgcolor="#FFFFFF">.<div class="ot">.<table width="468" 
cellspacing="0" cellpadding="2"  style="height:60;">.<tr><
td width="50%" valign="top" align="left" height="35"><div class=
"at"><a href="hXXp://click.kliksaya.com/click.php?aid=2843594&zi
d=180696" target="_blank">Berat Badan TURUN 27 KG!</a></di
v><div class="ab"><a href="hXXp://click.kliksaya.com/click
.php?aid=2843594&zid=180696" target="_blank">Pelangsing Savannah, K
LIK DISINI & LIHAT SENDIRI BUKTINYA! DISKON 40%</a></div&
gt;</td><td width="50%" valign="top" align="left" height="35"
><div class="at"><a href="hXXp://click.kliksaya.com/click.
php?aid=2843595&zid=180696" target="_blank">PERUT KEMPES Dalam 3 HA
RI</a></div><div class="ab"><a href="hXXp://click
.kliksaya.com/click.php?aid=2843595&zid=180696" target="_blank">PEL
ANGSING SAVANNAH BEKERJA CEPAT! NOW DISKON 40%, 2Kotak 340rb!</
<<< skipped >>>

GET /upload/ban/71/GBR071192.gif HTTP/1.1

Accept: */*

Referer: hXXp://scr.kliksaya.com/ba/180694/pekalongan-kommuniti.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:47 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

Last-Modified: Fri, 17 Jul 2015 23:55:01 GMT

ETag: "22c229e-4e43-51b1aea8c38f2"

Accept-Ranges: bytes

Content-Length: 20035

Connection: close

Content-Type: image/gif
GIF89a..Z....I:6...........|...TMJR............vj.f[z...........].. i.
............TA<..x......r.....o.....V...........z.................(
((..........]v......5(&........................|||jhh.kb.|q...........
..............................................>54:..z\S"........wVL
.............{h......e..;.....N....w....qh...Q..vif...b...........&...
.....eG?...a............^S.................._WU......}a[..............
|fQK.{x%......z....................IW...............-" ......>/-l..
............9..qOE..r..........n_..................Xmu....nb.........#
48I.......q.........|...........*.....x...............................
.............4..l..`..$. ... ..D..L.. ..r..\..Au.f..<..T........&..
6.-qpp...............`^_..................cjncu|.pl...................
.....~.................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket b
egin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="a
dobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-
14:56:27        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02
/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="
hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/
1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM
:OriginalDocumentID="xmp.did:4A2B67A3D829E511BBF9B8BBAE51001B" xmpMM:D
ocumentID="xmp.did:1B175D7F29F111E5B7E7BF44C7ABCF93" xmpMM:InstanceID=
"xmp.iid:1B175D7E29F111E5B7E7BF44C7ABCF93" xmp:CreatorTool="Adobe Phot
oshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="x
<<< skipped >>>

GET /js-ad.php?zid=180694 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:46 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

X-Powered-By: PHP/5.4.30

Content-Length: 243

Connection: close

Content-Type: text/html
document.write('<ifr' 'ame src=' '"hXXp://scr.kliksaya.com/ba/18069
4/pekalongan-kommuniti.com"' ' marginwidth="0" marginheight="0" width=
' '"728"' ' height=' '"90"' ' border="0" frameborder="0" style="border
:none;" scrolling="no"></iframe>');...

GET /apu.php?zoneid=374354 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: go.oclaserver.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Mon, 14 Mar 2016 00:10:45 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://onclickads.net/apu.php?zoneid=374354
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>..HTTP/1.1 302 Moved Temporarily..Serv
er: nginx..Date: Mon, 14 Mar 2016 00:10:45 GMT..Content-Type: text/htm
l..Content-Length: 154..Connection: keep-alive..Location: hXXp://oncli
ckads.net/apu.php?zoneid=374354..<html>..<head><title&g
t;302 Found</title></head>..<body bgcolor="white">..
<center><h1>302 Found</h1></center>..<hr>
;<center>nginx</center>..</body>..</html>....

GET /ad/180696/pekalongan-kommuniti.com HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:48 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

X-Powered-By: PHP/5.4.30

Content-Length: 1426

Connection: close

Content-Type: text/html
<html><head><style type="text/css">..ot{border:#FFFF
FF 1px solid;background-color:#FFFFFF;height:58;width:466;overflow:hid
den;}..at,.at A:link,.at A:visited{font-family:Verdana, Geneva, sans-s
erif;font-size:10pt;overflow:hidden;margin:0 auto;font-weight:bold;col
or:#7700FF;text-decoration:underline;}..ab,.ab A:link,.ab A:visited{ov
erflow:hidden;margin:0 auto;text-align:left;font-family:Verdana, Genev
a, sans-serif;font-size:10pt;text-decoration:none;color:#000000;}..ab 
A:hover{text-decoration: underline;}.</style></head><bo
dy bgcolor="#FFFFFF">.<div class="ot">.<table width="468" 
cellspacing="0" cellpadding="2"  style="height:60;">.<tr><
td width="50%" valign="top" align="left" height="35"><div class=
"at"><a href="hXXp://click.kliksaya.com/click.php?aid=2843594&zi
d=180696" target="_blank">Berat Badan TURUN 27 KG!</a></di
v><div class="ab"><a href="hXXp://click.kliksaya.com/click
.php?aid=2843594&zid=180696" target="_blank">Pelangsing Savannah, K
LIK DISINI & LIHAT SENDIRI BUKTINYA! DISKON 40%</a></div&
gt;</td><td width="50%" valign="top" align="left" height="35"
><div class="at"><a href="hXXp://click.kliksaya.com/click.
php?aid=2843595&zid=180696" target="_blank">PERUT KEMPES Dalam 3 HA
RI</a></div><div class="ab"><a href="hXXp://click
.kliksaya.com/click.php?aid=2843595&zid=180696" target="_blank">PEL
ANGSING SAVANNAH BEKERJA CEPAT! NOW DISKON 40%, 2Kotak 340rb!</
<<< skipped >>>

GET /js-ad.php?zid=180695 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:48 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

X-Powered-By: PHP/5.4.30

Content-Length: 244

Connection: close

Content-Type: text/html
document.write('<ifr' 'ame src=' '"hXXp://scr.kliksaya.com/ba/18069
5/pekalongan-kommuniti.com"' ' marginwidth="0" marginheight="0" width=
' '"300"' ' height=' '"250"' ' border="0" frameborder="0" style="borde
r:none;" scrolling="no"></iframe>');...

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.pekalongan-kommuniti.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Expires: Mon, 14 Mar 2016 00:10:44 GMT

Date: Mon, 14 Mar 2016 00:10:44 GMT

Cache-Control: private, max-age=0

Last-Modified: Sun, 13 Mar 2016 11:10:39 GMT

ETag: "9970212a-58b1-40da-8533-66ee46ce08f1"

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 20424

Server: GSE
............y.........`..J:.F....O......NN......D."....[.... ...,.i.=.
...I,..`0.0...t.v....Cm.L..../._...1%&....h..x>.z.y0,o..Q.....t..k.
..^~D.......S....`.3..e.2{)Y..X.....iO..JSH...r..M...][.f.z...q....j..
..2$.....0.VgtBl...g.N.sh......sg...zy...a..2.................v....!.t
..[..ig.g4'#.'.3.*....2.**..:....Xa....V.mi...{.........u.$w~T.8...2..
JJ K .9....b.vfyT.8.o..7.....r....5....(..lw4.[.Q.z$PR..E........oN.B.
......d....!..L.%..mPE1..D....H..Y.L....^~../.......SK...uG60..Z.dI#v.
..a...T...JS.Y..3{... .........k.....B..2.................T..uca...0..
1.H.......S][sh0........Y.....rM`q#.[AI.s..)....a....0....O#....(ic7..
V4...S..'.q]..l.S.|J|...`8.....%...4.. ....Fch...3...5.....4..?u......
.o. pg.wL.........;2v]V....M..C/..d!..!......P..0...@....<..1D4..,G
H..E.{t.........".b.<.y......c.Z..0@.;.Y1.MG$.  .Q.*.Z@ ...2J......
[email protected].!...h........V.V.R.he...........##V
A.N7o..5...~..z..?...gg*..R..O..vv.V{.S...V.?I.N.....*..Dj..F..{0.....
@.. .q...3zE&..x.h..^.^...a..x`e....5-..A.z..ho..3..E....g."}..0uL..0.
.i....xW...U......J{.l....l..H._...i.N......._..........V..F.V5|?.\.[.
bD\..w ...r-.^.`..j...].Y......af.....b....s.z.W...Q`.F.....z.].I...r0
w@NsL#...m.wN....:..cdl...x.0...A..l.:.z...].4.j.._.....;..^'...@/7k&)
o...r.Mi.m...P..r*Zf/?..R.'.S..i..Y7......|.|..N.6...6.M.TJ..~..m..;6.
.P...< ^.C.$.5.B,.J.....3d.^.`...N..kv~V...%xr..k.=...;...}..CPf]/c
[email protected][email protected]{..|..N.gu...v ..<....B.wA[.............i...j
.J.g.4A8.4...&..N......<.6..g...;.)E... ..m....^[email protected].{..]
<<< skipped >>>

GET /feeds/posts/summary?alt=json-in-script&callback=pageNavi&max-results=99999 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.pekalongan-kommuniti.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Encoding: gzip

ETag: W/"9970212a-58b1-40da-8533-66ee46ce08f1"

Date: Mon, 14 Mar 2016 00:10:46 GMT

Content-Type: text/javascript; charset=UTF-8

Server: blogger-renderd

Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1

Vary: Accept-Encoding

Expires: Mon, 14 Mar 2016 00:10:47 GMT

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Last-Modified: Sun, 13 Mar 2016 11:10:39 GMT

Content-Length: 19460

X-Frame-Options: SAMEORIGIN
............{S".......g............A./....?'.. W......'.........E[g..n
..E..>...\yxx....T..n.\...a.Y.,.......Z....._...q.......A..o.o....P
.j....~.._o.n.....L....g.Y|[email protected]=.|....z?_/.....e...z.....^=4.
16.1........W..f.>..9.....8.......,.../-V....z2g....0.?^=......Z=z.
..4....S...Z.Z..Kx..Q/.....6/..&j.......x......F...!..1!.'.0.....k:..'
..'@[email protected]........_.....%G........V......|.Y..37h
.'.G.r.c.v.\)w....v_=.....I{...AM......o..N..s.N.;.7.............xZY..
...^.T$..A.U/O.l....k.~}........A..........j.6..w..r.ypQ....v....z..r.
.x/.':.[/]...........>..{...#s\.x....[.L.7...c^.Q..c...3..^...p.]N.
.....f^.5y..'{<|4..puyb...1....x....P.>._.i.WV.~..g.4.w.......z.
.i...._.;._..A?.....Q{8y...X........d....?[.jL}.Ws.#RcN..f.vW....iem..
..5..O*.J\]..p01.G...O'.......o|.y..J..s3)G.......1..S.o...B.0..JD.`.R
(.1^..vw.....>.....r..j........8..k...*}....k..M...F.............i.
.m...L..Qu.7&..|.2NJ....V.....g./.S....e#....Kj.P.bUu)Z.. .<l..o..6
...HM...^>(....=.W.~.._....h..u]>p...`R..X3ju9!.r.q.Iy4Q.^..x..C
..zo..=.......T.p......<n.H.!5..$."............-..<..b..../.....
.)T....7............(...\....u..;..w..GK}....rppS.......e...zwP..}p=mW
;j....-tX75..{.?.oZ..[kf9^K....f...=...#......A..q...../....n..i.6m...
....=....r.35..Aaj...*RN...n.;=.t..^.......A.>...m...~.O...W:......
.........#uW881.D..W}*i...... V].I 8...eugy<t.....3......<...xh.
pb=c....<.....U..y.8.x...a.........q...Gt...................3.j&...
K....9....T.....  ..V...vz....K.o.w.P.....p....*......>*.....}.
<<< skipped >>>

GET /ad/180696/pekalongan-kommuniti.com HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:47 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

X-Powered-By: PHP/5.4.30

Content-Length: 1426

Connection: close

Content-Type: text/html
<html><head><style type="text/css">..ot{border:#FFFF
FF 1px solid;background-color:#FFFFFF;height:58;width:466;overflow:hid
den;}..at,.at A:link,.at A:visited{font-family:Verdana, Geneva, sans-s
erif;font-size:10pt;overflow:hidden;margin:0 auto;font-weight:bold;col
or:#7700FF;text-decoration:underline;}..ab,.ab A:link,.ab A:visited{ov
erflow:hidden;margin:0 auto;text-align:left;font-family:Verdana, Genev
a, sans-serif;font-size:10pt;text-decoration:none;color:#000000;}..ab 
A:hover{text-decoration: underline;}.</style></head><bo
dy bgcolor="#FFFFFF">.<div class="ot">.<table width="468" 
cellspacing="0" cellpadding="2"  style="height:60;">.<tr><
td width="50%" valign="top" align="left" height="35"><div class=
"at"><a href="hXXp://click.kliksaya.com/click.php?aid=2843594&zi
d=180696" target="_blank">Berat Badan TURUN 27 KG!</a></di
v><div class="ab"><a href="hXXp://click.kliksaya.com/click
.php?aid=2843594&zid=180696" target="_blank">Pelangsing Savannah, K
LIK DISINI & LIHAT SENDIRI BUKTINYA! DISKON 40%</a></div&
gt;</td><td width="50%" valign="top" align="left" height="35"
><div class="at"><a href="hXXp://click.kliksaya.com/click.
php?aid=2843595&zid=180696" target="_blank">PERUT KEMPES Dalam 3 HA
RI</a></div><div class="ab"><a href="hXXp://click
.kliksaya.com/click.php?aid=2843595&zid=180696" target="_blank">PEL
ANGSING SAVANNAH BEKERJA CEPAT! NOW DISKON 40%, 2Kotak 340rb!</
<<< skipped >>>

GET /ba/180694/pekalongan-kommuniti.com HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:46 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

X-Powered-By: PHP/5.4.30

Content-Length: 459

Connection: close

Content-Type: text/html
<html><head><style type="text/css">..ot {border: #00
0000 1px solid;font-size:10pt;font-family:Arial;position:relative; wid
th:726px; height:88px; overflow:hidden;}.</style></head>&l
t;body bgcolor="#FFFFFF">.<div class="ot"><a href="hXXp://
click.kliksaya.com/click.php?aid=2839566&zid=180694" target="_blank"&g
t;<img style="position:absolute; top:-1px; left:-1px;" alt="Konsep 
Baru" src="hXXp://scr.kliksaya.com/upload/ban/71/GBR071192.gif"><
;/a></div></body>.</html>...

GET /js-ad.php?zid=180696 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.pekalongan-kommuniti.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: scr.kliksaya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 14 Mar 2016 00:10:46 GMT

Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.30

X-Powered-By: PHP/5.4.30

Content-Length: 243

Connection: close

Content-Type: text/html
document.write('<ifr' 'ame src=' '"hXXp://scr.kliksaya.com/ad/18069
6/pekalongan-kommuniti.com"' ' marginwidth="0" marginheight="0" width=
' '"468"' ' height=' '"60"' ' border="0" frameborder="0" style="border
:none;" scrolling="no"></iframe>');...

The Trojan connects to the servers at the folowing location(s):

.text

`.data

.rsrc

.aspack

.adata

MSCOMCTL.OCX

MSComctlLib.ProgressBar

MSINET.OCX

InetCtlsObjects.Inet

shell32.dll

ShellExecuteA

VBA6.DLL

kernel32.dll

COMDLG32.DLL

$%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB

cmdDownload

%System%\MSINET.oca

%System%\MSCOMCTL.oca

7566786

<***@888FEEELSSSShEB

strURL

MSVBVM60.DLL

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# 127.0.0.1 localhost

127.0.0.0 hXXp://VVV.vista-tigabelas.blogspot.co.id/

127.0.0.0 hXXps://VVV.vista-tigabelas.blogspot.co.id/

127.0.0.0 hXXps://VVV.vista-tigabelas.blogspot.com/

127.0.0.0 vista-tigabelas.blogspot.com

127.0.0.0 VVV.vista-tigabelas.blogspot.co.id

127.0.0.0 VVV.vista-tigabelas.blogspot.com

.reloc

cmctl198.chm

HHtnHt.HHt

]'%7X'

%X'Y3

%X'QP

%X'h;

%X'RVP3

$X'9%X'

%X'~%X'

_'~%X'

%X'u8h

X'v%X'

%X'>/Y'

t.Ht#H

%c'Sf

%X'RWP

Panel%d

Tab%d

HHt7Ht.HH

X'SSh

ColumnHeader(%d)

X'SSSh

ListImage%d

Button%d

%X'hB

commctrl_DragListMsg

*@]'8@]'

hhctrl.ocx

CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32

Ht.Ht

X'SShO

FTPV

MSCOMCTL.ocx

Z'ButtonMenu%d

_']

%X'B~`'W~`'t~`'

%X'yj`'

~`'#~`'-~`'

%X'Lu`'

}`'2~`',

{`'SHELL32.DLL

user32.dll

winmm.dll

msvb_lib_hotkey

%X'Wu

%X'VW

FTPQ

FtPQ

u.WWhG

}.hw'

%X'u(j

SSSh|3c'

%X'u2

Lc'

tVSSh

KERNEL32.dll

USER32.dll

ole32.dll

ADVAPI32.dll

OLEAUT32.dll

comdlg32.dll

GDI32.dll

GetProcessHeap

GetWindowsDirectoryA

GetCPInfo

GetKeyState

SetWindowsHookExA

UnhookWindowsHookEx

GetAsyncKeyState

MapVirtualKeyA

CreateDialogIndirectParamA

VkKeyScanA

EnumChildWindows

GetKeyNameTextA

SetKeyboardState

GetKeyboardState

GetKeyboardLayout

CallMsgFilterA

RegCreateKeyA

RegCloseKey

RegCreateKeyExA

RegOpenKeyExA

RegDeleteKeyA

RegEnumKeyExA

RegOpenKeyA

SetViewportOrgEx

SetViewportExtEx

GetViewportExtEx

c'OLEAUT32.DLL

%s%s.DLL

%u\%s.dll

OLEAUT32.DLL

Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

{lX-X-X-XX-XXXXXX}

CLSID\%s

%s Object

%s.%s.%ld

%s.%s

%s.%s\CurVer

%s\InprocServer

VERSION.DLL

%ld - %s

imm32.dll

%d.%d.%d.%d

%s %s

%%0Ý

0xX

windows

Software\Microsoft\Windows\CurrentVersion\Explorer\NoFirstClickActivate

MSWHEEL_ROLLMSG

MSH_SCROLL_LINES_MSG

AppEvents\Schemes\Apps\.Default\%s\.current

OLE32.DLL

stdole2.tlbWWW|B

.IImagesW

x}pbFormatSupportedWWW

ccSetNotSupportedAtRuntimeWW

0NmccSetNotSupportedWWW

0UÌGetNotSupportedWWW

CccNonUniqueKeyWW

OccInvalidKey

.aKeyDownW

KeyCodeW

KeyPress

#KeyAscii4

MKeyUpWWW4

pvKeyWWW

KeyW

dzpbstrKey

PSubkeyWW

0 %sbrInset

.lvwManualWWW

0yUlvwReportWWW

SortKeyW

psKeyWWW

c5ReportIconWW

.ophImageListW

Microsoft Windows Common Controls 6.0 (SP6)WWW

MSCOMCTL.OCXWW

cmctl198.chmWW

Constants for the OLEDragMode property (but not the DragMode or OLEDropMode properties).WWX

Constants for the OLEDropMode property (but not the DragMode or OLEDragMode properties).WWC

State transition constants for the DragOver and OLEDragOver events.WWW

Clipboard format constants.WWW3

Drop effect constants for OLE drag and drop events.WWW

TabWidthStyle constants.WW

TabStyle constants.WWW

Placement constants.WW

Returns a reference to a collection of Tab objects in the TabStrip control.WWWK

An individual object, analogous to a page, contained in a TabStrip control.WWW

Toolbar Button Style constants.WWW

Toolbar Value constants.WW

Toolbar Style constants.WW!

Displays a hierarchical list of Node objects, each of which consists of a label and an optional bitmap.WWW

Determines the placement of the background picture.WWW

Displays a collection of ListItems such as files or folders.WW%

An item in a ListView control that contains the index of icons associated with it, text, and an array of strings representing subitems that are displayed in Report view.W!

Contains a collection of ListImage objects, each of which can be referred to by its index or keyWW&

A bitmap or icon of any size that can be used in other controls.WW

A calibrated control with a slider for setting or selecting values.WWW"

An object that represents an entry in the listbox portion of the combobox control.

Constants for the Style property of a ComboBox control.WWW

Clears all data and formats in a DataObject object.WWW>

Determines if a specified clipboard format is supported by the DataObject object.WE

Adds a supported format and possibly its data to a DataObject object.W7

A collection of filenames used by the vbCFFiles format.WWWn

Returns the number of filenames in the Files collection of a DataObject object (vbCFFiles format only).WWWW

Adds a filename to the Files collection of a DataObject object (vbCFFiles format only).WWWc

Clears all filenames stored in the Files collection of a DataObject object (vbCFFiles format only).WWW\

Removes a filename from the Files collection of a DataObject object (vbCFFiles format only).WW

Accepts no OLE drag/drop operations.WW9

Source control dragged into target.WWW%

Text (.txt file).W

Bitmap (.bmp file).WWW

Metafile (.wmf file).W

Enhanced metafile (.emf file).*

Filename list (Microsoft Windows Explorer)

Rich Text Format (.rtf file).W<

No OLE drag/drop operation has taken place/would take place.WW@

A mask to indicate that a copy has taken place/would take place.WW@

A mask to indicate that a move has taken place/would take place.WWI

Expected at least one argument.WWW1

Non-intrinsic OLE drag and drop formats used with SetData require Byte array data. GetData may return more bytes than were given to SetData.WN

Key is not unique in collectionWWW

Invalid keyWWW$

Returns/sets a value that determines whether a form or control can respond to user-generated events.WW

Sets a custom mouse icon.WZ

Returns/sets the style appearance (tab or button) of a TabStrip control.WWd

Returns/sets a fixed height of a TabStrip control, but only if the TabWidthStyle is set to tabFixed.WWK

Returns/sets the width and justification of all tabs in a TabStrip control.WWW?

Returns the top coordinate of the internal area of the control.WWW@

Returns the left coordinate of the internal area of the control.WW7

Returns the height of the internal area of the control.WWW6

Returns/Sets whether this control can act as an OLE drop target.WW/

Forces a complete repaint of a form or control.WWWC

Starts an OLE drag/drop event with the given control as the source.WWWU

Returns/sets a value that determines whether the tab under the cursor is highlighted.Wk

Returns/sets a value that determines whether multiple tabs can be selected while holding down the CTRL key.WWW\

Returns/sets a value that indicates on which side of the control the tabs will be displayed.WW

Returns/sets a value that determines whether separators are drawn between buttons on a tabstrip that has the tabButton or tabFlatButton styles.WWW@

Returns/sets a value that determines the minimum width of a tab.WWb

Occurs when the user presses and then releases a mouse button over an object.WA

Occurs when the user presses a key while an object has the focus.W6

Occurs when the user presses and releases an ANSI key.B

Occurs when the user releases a key while an object has the focus.L

Occurs when the user presses the mouse button while an object has the focus.WW%

Occurs when the user moves the mouse.WM

Generated when a Tab object is clicked, or the tab's Value setting has been changed. Used to check parameters before actually generating a Click event.WWW

Returns a specific member of a Collection object either by position or by key.,

Removes a specific member from a collection.WW$

Removes all objects in a collection.WW'

Adds a Tab object to a Tabs collection.WWWS

Returns/sets the text displayed in an object's title bar or below an object's icon.WWW.

Returns/sets the index of an object in a collection. Read-only at run time.WWW<

Returns/sets the unique string of an object in a collection.WWF

Returns/sets the width of an object.WW%

Returns/sets the height of an object.Wg

Returns/sets the distance between the internal top edge of an object and the top edge of its container.WWWi

Returns/sets the distance between the internal left edge of an object and the left edge of its container.WO

Returns/sets a value which determines if a ListItem or Node object is selected.WWW?

Returns/sets the index or key of a ListImage object to be used.WWWD

Returns/sets a value that indicates whether the Tab is highlighted..WW

Returns/sets whether or not controls, Forms or an MDIForm are painted at run time with 3-D effects.WWWI

Returns/sets a value which determines if users can customize the Toolbar.WH

Returns a reference to a Toolbar control's collection of Button objects.WW

Returns/sets the ImageList control to be used for storing normal images.WW*

Help context of topic to be displayed when inquiring help from Toolbar Customize dialog.WWG

Help file to be used when inquiring help from Toolbar Customize dialog.WWWZ

Saves a Toolbar configuration in an initialization (.ini) file.WWWa

Restores a toolbar, created with a Toolbar control, to its original state after being customized.Wp

Returns/sets the ImageList control to be used for storing images displayed when a button is in a disabled state.WWh

Returns/sets the ImageList control to be used for storing images displayed when a button is highlighted.WW>

Returns/sets a value that determines whether button text is displayed below or to the right of the button image.WWD

Occurs when the user clicks on a Button object in a Toolbar control.WWn

Occurs when you press and release a mouse button and then press and release it again over an object.WWA

Occurs when the user selects an item from a button dropdown menu.WT

Occurs when the user clicks the dropdown arrow on a button with Style = tbrDropdown.WW[

Adds a Button object to a Buttons collection and returns a reference to the created object.WWWL

Returns/sets a value that determines whether an object is visible or hidden.WW$

Returns/sets the value of an object.WW

Returns/sets the description displayed when the user clicks a Button object during a customization operation.WJ

Adds a ButtonMenu object to a ButtonMenus collection and returns a reference to the created object.WWWE

Returns/sets the text displayed in the ButtonMenu item.WWW

Returns/sets the text displayed when a StatusBar control's Style property is set to Simple.WWW<

Similar to the standard Click event, but the PanelClick event occurs when a user presses and then releases a mouse button over any of the StatusBar control's Panel objects.WW

Similar to the standard DblClick Event, the PanelDblClick occurs when a user presses and then releases a mouse button twice over a StatusBar control's Panel object.WWX

Adds a Panel object to a Panels collection and returns a reference to the created Panel.WW

Returns/sets a control's maximum value.WWW'

Returns/sets a control's minimum value.WWW3

Returns or sets a control's current Value property.WWW,

Returns/sets the border style for an object.WWf

Returns a reference to a Node or ListItem object and highlights the object with the system highlight color.WWW[

Returns/sets a value that determines if a user can edit the label of a ListItem or Node object.WWW?

Returns/sets the style of lines displayed between Node objects.WWW4

Returns a reference to a collection of Node objects.WWV

Indicates whether the elements of a control are automatically sorted alphabetically.WW

Returns a reference to the ListItem object or Node object located at the coordinates of x and y. Used with drag and drop operations.WWW

Returns the number of Node objects that fit in the internal area of a TreeView control.WWW>

Begins a label editing operation on a ListItem or Node object.g

Returns/sets a value which determines if the control displays a checkbox next to each item in the tree.WWW

Returns/sets a value which determines if the entire row of the selected item is highlighted and clicking anywhere on an item's row causes it to be selected.WWd

Returns/sets a value which determines if items are highlighted as the mousepointer passes over them.WWy

Returns/sets a value which determines if selecting a new item in the tree expands that item and collapses the previously selected item.WWW`

Occurs when a user attempts to edit the label of the currently selected ListItem or Node object.WWV

Occurs when a Node object is clicked.WE

Occurs when Checkboxes = True and a Node object is checked/unchecked.WW

Adds a Node object to a Nodes collection and returns a reference to the created object.WWWL

Returns a specific item of a Collection object either by position or by key.WW8

Returns a reference to the first child of a Node object.WW4

Returns the number of child nodes a Node object has.WWB

Returns/sets the Index or Key of an image in an ImageList control used when the Node is expanded.WB

Returns a reference to the last Node object in a hierarchy level.WA

Returns/sets a reference to the parent of a Node object.WWE

Returns a reference to the previous Node object in a hierarchy level.WB

Returns/sets the Index or Key of an image in an ImageList control which is displayed when a Node object is selected.WW3

Returns/sets the text to be displayed in a control.WWWY

Creates a composite image from an icon and a caption for use in drag and drop operations.W^

Returns/sets the background color used to display text for a Node object.Wf

Aligns background picture to the upper left.WW-

Aligns background picture to the lower left.WW-

Aligns background picture to the center.WW2

Report

Returns/sets how the icons in a ListView control's Icon or SmallIcon view are arranged.WWW<

Returns a reference to a collection of ColumnHeader objects.WWZ

Returns/sets whether or not a ListView control's column headers are hidden in Report view.[

Returns or sets a value that determines if labels are wrapped when the ListView is in Icon view.WW

Returns/sets a value indicating whether a user can make multiple selections in the ListView control and how the multiple selections can be made.WWF

Returns/sets the current sort key.Z

Finds an item in the list and returns a reference to that item.WWWC

Retrieves a reference of the first item visible in the client area.WWW?

Returns/sets whether a user can reorder columns in report view.WWWg

Returns/sets a value which determines if the control displays a checkbox next to each item in the list.WWW0

Returns/sets whether the scrollbars appear flat.WWB

Returns/sets whether hover selection is enabled.WW4

Returns/sets the background picture for the control.WW#

Returns/sets the picture alignment.WWWE

Returns/sets the ImageList control to be used for ColumnHeader icons.Wp

Occurs when a ColumnHeader object in a ListView control is clicked.WWW4

Returns/sets the state of a ListView control Object item.WE

Returns/sets the index of an icon in an associated ImageList control.WK

Returns/sets the index of an small icon in an associated ImageList control.WWWC

Returns/sets an array of strings representing the ListIitem's data.WWWD

Returns/sets a collection of ListSubItems belonging to the ListItem.WWM

Returns/sets a value that determines where an object is displayed on a form.WW]

Returns current position of column.WWW1

Returns the number of SubItems in the collection.WH

Adds a ListSubItem object to a ListSubItems collection only at run time.WW?

Returns/sets the text to display text for a ListSubItem object.WWWP

Returns/sets the foreground color used to display text for a ListSubItem object.WWm

Returns/sets the subitem's report view iconWWW

Returns/sets the width of ListImage objects in an ImageList control.WWd

Returns/sets a value which determines the color to be transparent in ImageList graphical operations.WW_

Returns/sets a value which determines if the ImageList control will use the MaskColor property.WWWQ

Returns a handle to an ImageList control.Wg

Creates a composite third image out of two ListImage objects and returns a reference to the new object.WWWa

Returns/sets the increment value when the PageDown or PageUp key is pressed.WWM

Returns/sets the increment value when the left or right arrow key is pressed.W,

Returns/sets the maximum value of a control.WW,

Returns/sets the minimum value of a control.WWI

Returns/sets the orientation of a Slider control, horizontal or vertical.WE

Returns/sets the value where a selection starts.WW'

Returns/sets the length of a selection.WWW4

Returns/sets where ticks appear on a Slider control.WWN

Sets the SelLength to 0.WW8

Returns the number of visible ticks on a Slider control.WWR

Returns a specific member of a Collection object either by position or by keyWO

Index into ImageList control where the normal image for this item can be found.WWWU

Number of spaces to indent the text for the item. Each indent is equal to 10 pixels.WA

Returns/sets a value which determines if a ComboItem is selected.WQ

Removes the item at the given index from the collection.WW[

ComboBox control style that allows typing in a text box or selection from a drop-down list.WWWj

Only allows selection from the drop-down list in a ComboBox control.WW-

Returns/sets the background color of an object.WWW\

Returns/sets a value that determines whether an object can respond to user-generated events.WWQ

Returns a handle to the control.WWj

Returns/sets a value indicating whether the contents in an Image Combo control can be edited.Ws

Returns/sets a value indicating the type of mouse pointer displayed when the mouse is over the control at run time.WWW8

Returns a reference to the currently selected ComboItem.WW/

Returns/sets the number of characters selected.WWWw

Returns/sets the starting point of text selected; indicates the position of the insertion point if no text is selected.WWW

Returns/sets the string containing the currently selected text; consists of a zero-length string if no characters are selected.WWW5

(Windows NT Only) Returns/sets a value that determines whether the edit box uses the slash ('/'), backslash ('') and period ('.') characters as word delimiters.WWS

Retrieves a reference of the first item visible in the list portion of the control.WWW'

Forces a complete repaint of a control.WWW3

Occurs when the contents of a control have changed.WWWF

Occurs when the list portion of the Image Combo is about to drop down.

>(>/>4>9>

= =$=(=,=0=4=8=<=@=

2 2$2(2,2024282

="=(=/=6=

7%7,737:7]7

2 2C2[2

8%8X8d8

1,2

4!4%4)4-414

0*0007021?1

6y7f7v7

< <$<(<,<

0 0$0(0,000

5 5-5}5

4!4%4)4-434

9":3:?;|;

;';6;?;};

6|7f7

;'<0<_<&=6=

ocx\mscomctl.dbg

2Terms of use at hXXps://VVV.verisign.com/rpa (c)011'0%

$hXXp://ocsp.verisign.com/ocsp/status0

hXXps://VVV.verisign.com/rpa0

9hXXp://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl0

hXXp://VVV.microsoft.com/vbasic 0

Internet Control URL Property Page

INET98.CHM

FTp/L#

rL#.OL#

hXXp://

PTF://

hXXps://

Microsoft URL Control - 6.01.9782

SSShp&M#

WININET.dll

InternetCreateUrlA

InternetCrackUrlA

InternetOpenUrlA

HttpSendRequestA

HttpOpenRequestA

HttpQueryInfoA

FtpFindFirstFileA

FtpRemoveDirectoryA

FtpGetCurrentDirectoryA

FtpCreateDirectoryA

FtpSetCurrentDirectoryA

FtpRenameFileA

FtpPutFileA

FtpGetFileA

FtpDeleteFileA

MsgWaitForMultipleObjects

OL#%s%s.DLL

stdole2.tlbWWW

0?NicFTPWWW

icHTTPWW

icHTTPSW,

icUrlOpenFailedW

icBadUrl

0NSicNoExecuteW

`icFtpCommandFailedWW

qicUnsupportedTypeWWW

icUnsupportedCommand

0-gicInvalidOperationWW

icExecutingW

0jHicInvalidForFtpW

hicInvalidURL

icIncorrectPasswordW

icLoginFailureWW

icInetInvalidOperationWW

[icOperationCancelled

00XicSecCertDateInvalid

0.(icSecCertCnInvalidWW

0WwicHttpToHttpsOnRedir

icHttpsToHttpOnRedir

.icPostIsNonSecureWWW

BicClientAuthCertNeededWW

icHttpsHttpSubmitRedirWW

icFtpTransferInProgressW

icFtpDropped

icFtpNoPassiveModeWW

ficHttpHeaderNotFound

icHttpDownlevelServerWWW

icHttpInvalidServerResponseW

icHttpInvalidHeaderW

icHttpInvalidQueryRequestWWW

icHttpHeaderAlreadyExistsWWW

0`>icHttpRedirectFailed

0~ icHttpCookieNeedsConfirmationWWW

7icHttpCookieDeclined

0DSicHttpRedirectNeedsConfirmationW

icSecInvalidCert

icSecCertRevoked

}|RemotePortWW

StillExecutingWW

URLW

Password

OpenURLW

yOperationWWW

~_URLX

MSINet.Ocx

FTPWWW

HTTPWW

Secure HTTPWWW

Unable to open URL

URL is malformedWW&

Protocol not supported for this method

You must execute an operation before retrieving dataWW

FTP command failed

Not a valid or supported commandWW

Invalid operation argument

Still executing last requestWW,

This call is not valid for an FTP connectionWW

Invalid URLWWW

Incorrect password

Login failureW

Invalid operationW

Operation cancelledWWW

Security certificate date invalidW#

Security certificate number invalidWWW

HTTP to HTTPS on redirectW

HTTPS to HTTP on redirectW

Client authorization certificate neededWWW

HTTPS HTTP submit redirWWW

FTP - Transfer in progress

FTP - Connection droppedWW

FTP - no passive modeW

HTTP - Header not foundWWW

HTTP - Downlevel serverWWW

HTTP - Invalid server response

HTTP - Invalid HeaderW

HTTP - Invalid query requestWW

HTTP - Header already existsWW

HTTP - Redirect failed

HTTP - cookie needs confirmationWW

HTTP - cookie declined"

HTTP - redirect needs confirmation

Invalid certWW

Cert revokedWW

Protocol to use for this URLWW

Returns/Sets the internet port to be used on the remote computerWW5

Returns/Sets the URL used by this controlW*

Password to use for authentication;

Open a URL&

Method used to cancel the request currently being executed

2 2>2`2~2

ocx\msinet.dbg

Thawte Certification1

hXXp://ocsp.verisign.com0

0hXXp://crl.verisign.com/ThawteTimestampingCA.crl0

"hXXp://crl.verisign.com/tss-ca.crl0

hXXp://msdn.microsoft.com/vbasic0

The procedure entry point %s could not be located in the dynamic link library %s

The ordinal %u could not be located in the dynamic link library %s

msvbvm60.dll

@*\AD:\`a````\InjectMN2\pekalongan.vbp

9368265E-85FE-11d1-8BE3-0000F8754DA1

78E1BDD1-9941-11cf-9756-00AA00C00908

Can't find LoadLibrary API from kernel32.dll

C:\windows\tj4u

C:\windows\tj4u\

hXXp://cdn.pekalongan-kummunity.com/files/j1400.zip

C:\windows\

c:\windows\system32\drivers\etc\hosts

c:\Windows\system32\MSINET.OCX

c:\Windows\system32\MSCOMCTL.OCX

hXXp://VVV.pekalongan-kommuniti.com

Scripting.FileSystemObject

ED4B87C4-9F76-11d1-8BF7-0000F8754DA1

57CBF9E0-6AA7-11cf-8ADB-00AA00C00905

DB4C0D00-400B-101B-A3C9-08002B2F49FB

ImageKey

SortKey

Key is not unique in collection

Invalid key;The first column in a ListView control must be left aligned$This item's control has been deleted&Control's collection has been modified

Windows Common Controls ActiveX Control DLL

6.01.9545

is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation

&Key:

Sort&Key:

 Microsoft Windows Common Controls 6.0 (SP6)

Common Controls Property Page<Displays a collection of individually sizable column headers"Event interface for Header ControlMReturns/sets a value that determines whether a user can reorder header items.cReturns/sets whether or not controls, Forms or an MDIForm are painted at run time with 3-D effects.

3DQA collection whose elements represent each contained control in a parent control.-Returns the number of members in a collectionMReturns a specific member of a Collection object either by position or by key`Contains a collection of ListImage objects, each of which can be referred to by its index or key

OLEStartDrag event3Occurs when the contents of a control have changed.MOccurs when the user presses and then releases a mouse button over an object.oOccurs when the user presses and releases a mouse button and then presses and releases it again over an object.FOccurs when the list portion of the Image Combo is about to drop down.AOccurs when the user presses a key while an object has the focus.BOccurs when the user releases a key while an object has the focus.6Occurs when the user presses and releases an ANSI key.

VerticalfReturns/sets a value that determines whether the Progress Bar is displayed vertically or horizontally.yReturns/sets a value that determines whether the control displays progress with a standard segmented bar or a smooth bar.

FReturns/sets the string displayed when a cursor hovers over an object.XConstants for the OLEDragMode property (but not the DragMode or OLEDropMode properties).BOLE drag/drop will be initialized only under programmatic control.jOLE drag/drop will be initialized when the user drags 'out' of the control, or under programmatic control.XConstants for the OLEDropMode property (but not the DragMode or OLEDragMode properties).$Accepts no OLE drag/drop operations.9Accepts an OLE drag/drop under programmatic control only.CState transition constants for the DragOver and OLEDragOver events.#Source control dragged into target.%Source control dragged out of target.

Text (.txt file).

Bitmap (.bmp file).

Metafile (.wmf file).

Enhanced metafile (.emf file).*Filename list (Microsoft Windows Explorer)

Rich Text Format (.rtf file).3Drop effect constants for OLE drag and drop events.<No OLE drag/drop operation has taken place/would take place.@A mask to indicate that a copy has taken place/would take place.@A mask to indicate that a move has taken place/would take place.

Returns/Sets whether this control can act as an OLE drag/drop source, and whether this process is started automatically or under programmatic control.@Returns/Sets whether this control can act as an OLE drop target.3Clears all data and formats in a DataObject object.>Retrieves data of a specified format from a DataObject object.QDetermines if a specified clipboard format is supported by the DataObject object.EAdds a supported format and possibly its data to a DataObject object.7A collection of filenames used by the vbCFFiles format.nReturns a specific filename by index from the Files collection of a DataObject object (vbCFFiles format only).gReturns the number of filenames in the Files collection of a DataObject object (vbCFFiles format only).WAdds a filename to the Files collection of a DataObject object (vbCFFiles format only).cClears all filenames stored in the Files collection of a DataObject object (vbCFFiles format only).\Removes a filename from the Files collection of a DataObject object (vbCFFiles format only).

.Object variable or With block variable not set

.Object doesn't support this property or method

Non-intrinsic OLE drag and drop formats used with SetData require Byte array data. GetData may return more bytes than were given to SetData.NRequested data was not supplied to the DataObject during the OLESetData event.

Focus.Returns/sets the height of a ListImage object.DReturns/sets the width of ListImage objects in an ImageList control.dReturns/sets a value which determines the color to be transparent in ImageList graphical operations.QReturns a reference to a collection of ListImage objects in an ImageList control.)Returns a handle to an ImageList control.QReturns/sets the background color used to display text and graphics in an object.gCreates a composite third image out of two ListImage objects and returns a reference to the new object.@A bitmap or icon of any size that can be used in other controls..Returns the number of objects in a collection.aAdds a ListImage object to a ListImages collection and returns a reference to the created object.$Removes all objects in a collection.NReturns a specific member of a Collection object either by position or by key.,Removes a specific member from a collection.@A bitmap or icon of any size that can be used in other controls.KReturns/sets the index of an object in a collection. Read-only at run time.

<Returns/sets the unique string of an object in a collection..Stores any extra data needed for your program.

Microsoft ProgressBar Control'Returns/sets a control's maximum value.'Returns/sets a control's minimum value.MReturns/sets the type of mouse pointer displayed when over part of an object.

Sets a custom mouse icon.3Returns or sets a control's current Value property.cReturns/sets whether or not controls, Forms or an MDIForm are painted at run time with 3-D effects.,Returns/sets the border style for an object.dReturns/sets a value that determines whether a form or control can respond to user-generated events.&Returns a handle to a form or control.

ButtonsKReturns a reference to a collection of Tab objects in the TabStrip control.dReturns/sets a value that determines whether a form or control can respond to user-generated events.

Below/RightRReturns/sets the string displayed in the ToolTip as the slider's position changes.nReturns/sets a value that determines where the tooltip displaying the Slider's changing position is displayed.

OppositeUReturns/sets a value that determines whether the tab under the cursor is highlighted.kReturns/sets a value that determines whether multiple tabs can be selected while holding down the CTRL key.\Returns/sets a value that indicates on which side of the control the tabs will be displayed.

ZReturns/sets a value indicating whether the control can display more than one row of tabs.HReturns/sets the style appearance (tab or button) of a TabStrip control.dReturns/sets a fixed height of a TabStrip control, but only if the TabWidthStyle is set to tabFixed.KReturns/sets the width and justification of all tabs in a TabStrip control.?Returns the top coordinate of the internal area of the control.@Returns the left coordinate of the internal area of the control.7Returns the height of the internal area of the control.6Returns the width of the internal area of the control.MReturns/sets the type of mouse pointer displayed when over part of an object..Returns/sets the ImageList control to be used.dReturns/sets a fixed height of a TabStrip control, but only if the TabWidthStyle is set to tabFixed.!Enables/disables the Tooltip text

Returns/sets the selected Tab/Forces a complete repaint of a form or control.MOccurs when the user presses and then releases a mouse button over an object.AOccurs when the user presses a key while an object has the focus.

Returns/sets a value that determines whether separators are drawn between buttons on a tabstrip that has the tabButton or tabFlatButton styles.@Returns/sets a value that determines the minimum width of a tab.bReturns/sets a value that determines how remaining tabs are positioned when a new tab is selected.&Deselects all currently selected tabs.DReturns/sets a value that indicates whether the Tab is highlighted..gReturns/sets a value which determines if the control displays a checkbox next to each item in the tree.

Returns/sets a value which determines if the entire row of the selected item is highlighted and clicking anywhere on an item's row causes it to be selected.dReturns/sets a value which determines if items are highlighted as the mousepointer passes over them.yReturns/sets a value which determines if the TreeView displays scrollbars and allows scrolling (vertical and horizontal).

Returns/sets a value which determines if selecting a new item in the tree expands that item and collapses the previously selected item.IReturns/sets the background color used to display text for a Node object.fReturns/sets a value that determines whether the text for a Node object is displayed with a bold font.FReturns/sets a value that determines whether a Node object is checked.IReturns/sets the foreground color used to display text for a Node object.vWhen set to True, the plus sign is displayed for a parent node regardless of whether or not the node has any children.

Toolbar Style constants.6Occurs when the user presses and releases an ANSI key.BOccurs when the user releases a key while an object has the focus.LOccurs when the user presses the mouse button while an object has the focus.%Occurs when the user moves the mouse.MOccurs when the user releases the mouse button while an object has the focus.

StatusBar Tabs collection.Returns the number of objects in a collection.NReturns a specific member of a Collection object either by position or by key.,Removes a specific member from a collection.$Removes all objects in a collection.'Adds a Tab object to a Tabs collection.KAn individual object, analogous to a page, contained in a TabStrip control.SReturns/sets the text displayed in an object's title bar or below an object's icon..Stores any extra data needed for your program.KReturns/sets the index of an object in a collection. Read-only at run time.<Returns/sets the unique string of an object in a collection.FReturns/sets the string displayed when a cursor hovers over an object.$Returns/sets the width of an object.%Returns/sets the height of an object.gReturns/sets the distance between the internal top edge of an object and the top edge of its container.iReturns/sets the distance between the internal left edge of an object and the left edge of its container.OReturns/sets a value which determines if a ListItem or Node object is selected.?Returns/sets the index or key of a ListImage object to be used.

Toolbar Value constants.7Returns/sets the text displayed in the ButtonMenu item.AOccurs when the user selects an item from a button dropdown menu.pReturns/sets the ImageList control to be used for storing images displayed when a button is in a disabled state.hReturns/sets the ImageList control to be used for storing images displayed when a button is highlighted.

RightpReturns/sets a value that determines whether button text is displayed below or to the right of the button image.1Returns the number of SubItems in the collection.HAdds a ListSubItem object to a ListSubItems collection only at run time.$Removes all objects in a collection.LReturns a specific item of a Collection object either by position or by key.,Removes a specific member from a collection.#Returns current position of column. Returns/sets the subitem's report view icon

ToolBar Buttons.Returns the number of objects in a collection.NReturns a specific member of a Collection object either by position or by key.,Removes a specific member from a collection.$Removes all objects in a collection.[Adds a Button object to a Buttons collection and returns a reference to the created object.

ToolBar ButtonSReturns/sets the text displayed in an object's title bar or below an object's icon..Stores any extra data needed for your program.dReturns/sets a value that determines whether a form or control can respond to user-generated events.KReturns/sets the index of an object in a collection. Read-only at run time.<Returns/sets the unique string of an object in a collection.FReturns/sets the string displayed when a cursor hovers over an object.LReturns/sets a value that determines whether an object is visible or hidden.

Transparent>Returns/sets a value that determines how the Toolbar is drawn.JReturns a reference to a Button object's collection of ButtonMenu objects.

ToolBar ButtonMenus.Returns the number of objects in a collection.NReturns a specific member of a Collection object either by position or by key.,Removes a specific member from a collection.$Removes all objects in a collection.cAdds a ButtonMenu object to a ButtonMenus collection and returns a reference to the created object.

ToolBar ButtonMenudReturns/sets a value that determines whether a form or control can respond to user-generated events.KReturns/sets the index of an object in a collection. Read-only at run time.<Returns/sets the unique string of an object in a collection.EReturns/sets a reference to the parent Button of a ButtonMenu object..Stores any extra data needed for your program.

$Returns/sets the width of an object.%Returns/sets the height of an object.gReturns/sets the distance between the internal top edge of an object and the top edge of its container.iReturns/sets the distance between the internal left edge of an object and the left edge of its container.$Returns/sets the value of an object.

Returns/sets the button stylemReturns/sets the description displayed when the user clicks a Button object during a customization operation.?Returns/sets the index or key of a ListImage object to be used.?Returns/sets the index or key of a ListImage object to be used.cReturns/sets whether or not controls, Forms or an MDIForm are painted at run time with 3-D effects.IReturns/sets a value which determines if users can customize the Toolbar.HReturns a reference to a Toolbar control's collection of Button objects.dReturns/sets a value that determines whether a form or control can respond to user-generated events.&Returns a handle to a form or control.

Sets a custom mouse icon.MReturns/sets the type of mouse pointer displayed when over part of an object.

KReturns/sets the index of an object in a collection. Read-only at run time.<Returns/sets the unique string of an object in a collection..Stores any extra data needed for your program.LReturns/sets a value that determines whether an object is visible or hidden.TOccurs when the user clicks the dropdown arrow on a button with Style = tbrDropdown.DReturns/sets a collection of ListSubItems belonging to the ListItem.4Returns an array of column indexes in display order.EOccurs when Checkboxes = True and a Node object is checked/unchecked.pReturns/sets a value that determines if the text background is transparent or uses the ListView background color

ToolBar Controls Collection/Forces a complete repaint of a form or control.ZInvokes the Customize Toolbar dialog box when the user double-clicks on a Toolbar control.?Saves a Toolbar configuration in an initialization (.ini) file.aRestores a toolbar, created with a Toolbar control, to its original state after being customized.DOccurs when the user clicks on a Button object in a Toolbar control.nGenerated after the end user customizes a Toolbar control's appearance using the Customize Toolbar dialog box.MOccurs when the user presses and then releases a mouse button over an object.LOccurs when the user presses the mouse button while an object has the focus.%Occurs when the user moves the mouse.MOccurs when the user releases the mouse button while an object has the focus.dOccurs when you press and release a mouse button and then press and release it again over an object.CA calibrated control with a slider for setting or selecting values.

No TicksLReturns/sets the increment value when the PageDown or PageUp key is pressed.MReturns/sets the increment value when the left or right arrow key is pressed.,Returns/sets the maximum value of a control.,Returns/sets the minimum value of a control.IReturns/sets the orientation of a Slider control, horizontal or vertical.

EReturns/sets whether or not a Slider control can have a select range.0Returns/sets the value where a selection starts.'Returns/sets the length of a selection.4Returns/sets where ticks appear on a Slider control.NReturns/sets the ratio of ticks on a Slider control; 1tick every n increments.$Returns/sets the value of an object.

Sets a custom mouse icon.MReturns/sets the type of mouse pointer displayed when over part of an object.dReturns/sets a value that determines whether a form or control can respond to user-generated events.&Returns a handle to a form or control.,Returns/sets the border style for an object./Forces a complete repaint of a form or control.

Sets the SelLength to 0.8Hidden method that can be used to invoke the Click event8Returns the number of visible ticks on a Slider control.MOccurs when the user presses and then releases a mouse button over an object.AOccurs when the user presses a key while an object has the focus.6Occurs when the user presses and releases an ANSI key.BOccurs when the user releases a key while an object has the focus.LOccurs when the user presses the mouse button while an object has the focus.%Occurs when the user moves the mouse.MOccurs when the user releases the mouse button while an object has the focus.

Slider scroll event6Indicates that the contents of a control have changed.gDisplays a hierarchical list of Node objects, each of which consists of a label and an optional bitmap.

.Returns/sets the ImageList control to be used.AReturns/sets the width of the indentation for a TreeView control._Returns/sets a value that determines if a user can edit the label of a ListItem or Node object.?Returns/sets the style of lines displayed between Node objects.MReturns/sets the type of mouse pointer displayed when over part of an object.

Sets a custom mouse icon.4Returns a reference to a collection of Node objects.VReturns/sets the delimiter string used for the path returned by the FullPath property.OReturns/sets a value which determines if a ListItem or Node object is selected.TIndicates whether the elements of a control are automatically sorted alphabetically.gDisplays a hierarchical list of Node objects, each of which consists of a label and an optional bitmap.cReturns/sets whether or not controls, Forms or an MDIForm are painted at run time with 3-D effects.,Returns/sets the border style for an object.dReturns/sets a value that determines whether a form or control can respond to user-generated events.

Returns a reference to the ListItem object or Node object located at the coordinates of x and y. Used with drag and drop operations.WReturns the number of Node objects that fit in the internal area of a TreeView control.>Begins a label editing operation on a ListItem or Node object./Forces a complete repaint of a form or control.`Occurs when a user attempts to edit the label of the currently selected ListItem or Node object.VOccurs after a user edits the label of the currently selected Node or ListItem object.BGenerated when any Node object in a TreeView control is collapsed.jOccurs when a Node object in a TreeView control is expanded; that is, when its child nodes become visible.%Occurs when a Node object is clicked.AOccurs when the user presses a key while an object has the focus.BOccurs when the user releases a key while an object has the focus.6Occurs when the user presses and releases an ANSI key.LOccurs when the user presses the mouse button while an object has the focus.%Occurs when the user moves the mouse.MOccurs when the user releases the mouse button while an object has the focus.MOccurs when the user presses and then releases a mouse button over an object.

Treeview Nodes collection.Returns the number of objects in a collection.WAdds a Node object to a Nodes collection and returns a reference to the created object.$Removes all objects in a collection.LReturns a specific item of a Collection object either by position or by key.,Removes a specific member from a collection.AAn object in a TreeView control that can contain images and text.8Returns a reference to the first child of a Node object.4Returns the number of child nodes a Node object has.BReturns/sets a value which specifies if a Node object is expanded.aReturns/sets the Index or Key of an image in an ImageList control used when the Node is expanded.BReturns a reference to the first Node object in a hierarchy level.2Returns the fully qualified name of a Node object.?Returns/sets the index or key of a ListImage object to be used.KReturns/sets the index of an object in a collection. Read-only at run time.<Returns/sets the unique string of an object in a collection.AReturns a reference to the last Node object in a hierarchy level.AReturns a reference to the next Node object in a hierarchy level.8Returns/sets a reference to the parent of a Node object.EReturns a reference to the previous Node object in a hierarchy level.BReturns a reference to the root Node object of a TreeView control.OReturns/sets a value which determines if a ListItem or Node object is selected.tReturns/sets the Index or Key of an image in an ImageList control which is displayed when a Node object is selected.TIndicates whether the elements of a control are automatically sorted alphabetically..Stores any extra data needed for your program.3Returns/sets the text to be displayed in a control.LReturns/sets a value that determines whether an object is visible or hidden.YCreates a composite image from an icon and a caption for use in drag and drop operations.^Ensures a ListItem or Node object is visible, scrolling or expanding the control if necessary.<Displays a collection of ListItems such as files or folders.

PartialWReturns/sets how the icons in a ListView control's Icon or SmallIcon view are arranged.<Returns a reference to a collection of ColumnHeader objects.kReturns a reference to a Node or ListItem object and highlights the object with the system highlight color.ZReturns/sets whether or not a ListView control's column headers are hidden in Report view.[Determines whether the selected item will display as selected when the ListView loses focusRReturns/sets the images associated with the Icon properties of a ListView control.NReturns a reference to a collection of ListItem objects in a ListView control._Returns/sets a value that determines if a user can edit the label of a ListItem or Node object.`Returns or sets a value that determines if labels are wrapped when the ListView is in Icon view.

Returns/sets a value indicating whether a user can make multiple selections in the ListView control and how the multiple selections can be made.FReturns a reference to the currently selected ListItem or Node object.VReturns/sets the images associated with the SmallIcons property of a ListView control.TIndicates whether the elements of a control are automatically sorted alphabetically."Returns/sets the current sort key.ZReturns/sets whether or not the ListItems will be sorted in ascending or descending order.6Returns/sets the current view of the ListView control.cReturns/sets whether or not controls, Forms or an MDIForm are painted at run time with 3-D effects.QReturns/sets the background color used to display text and graphics in an object.,Returns/sets the border style for an object.dReturns/sets a value that determines whether a form or control can respond to user-generated events.

QReturns/sets the background color used to display text and graphics in an object.&Returns a handle to a form or control.?Finds an item in the list and returns a reference to that item.CRetrieves a reference of the first item visible in the client area.

Returns a reference to the ListItem object or Node object located at the coordinates of x and y. Used with drag and drop operations.>Begins a label editing operation on a ListItem or Node object./Forces a complete repaint of a form or control.`Occurs when a user attempts to edit the label of the currently selected ListItem or Node object.VOccurs after a user edits the label of the currently selected Node or ListItem object.COccurs when a ColumnHeader object in a ListView control is clicked.4Occurs when a ListItem object is clicked or selectedAOccurs when the user presses a key while an object has the focus.BOccurs when the user releases a key while an object has the focus.6Occurs when the user presses and releases an ANSI key.LOccurs when the user presses the mouse button while an object has the focus.%Occurs when the user moves the mouse.

MOccurs when the user releases the mouse button while an object has the focus.MOccurs when the user presses and then releases a mouse button over an object.dOccurs when you press and release a mouse button and then press and release it again over an object.

ListView Item collection.Returns the number of objects in a collection.BAdds a ListItem object to a ListItems collection only at run time.$Removes all objects in a collection.LReturns a specific item of a Collection object either by position or by key.,Removes a specific member from a collection.

An item in a ListView control that contains the index of icons associated with it, text, and an array of strings representing subitems that are displayed in Report view.9Returns/sets the state of a ListView control Object item.%Returns/sets the height of an object.EReturns/sets the index of an icon in an associated ImageList control.KReturns/sets the index of an object in a collection. Read-only at run time.<Returns/sets the unique string of an object in a collection.iReturns/sets the distance between the internal left edge of an object and the left edge of its container.OReturns/sets a value which determines if a ListItem or Node object is selected.KReturns/sets the index of an small icon in an associated ImageList control..Stores any extra data needed for your program.3Returns/sets the text to be displayed in a control.gReturns/sets the distance between the internal top edge of an object and the top edge of its container.$Returns/sets the width of an object.CReturns/sets an array of strings representing the ListIitem's data.YCreates a composite image from an icon and a caption for use in drag and drop operations.^Ensures a ListItem or Node object is visible, scrolling or expanding the control if necessary.!ListView Column Header collection.Returns the number of objects in a collection.ZAdds a ColumnHeader object to a ColumnHeaders collection at both design time and run time.$Removes all objects in a collection.NReturns a specific member of a Collection object either by position or by key.,Removes a specific member from a collection.

LReturns/sets a value that determines where an object is displayed on a form.KReturns/sets the index of an object in a collection. Read-only at run time.<Returns/sets the unique string of an object in a collection.iReturns/sets the distance between the internal left edge of an object and the left edge of its container.]Returns the index of the subitem associated with a ColumnHeader object in a ListView control..Stores any extra data needed for your program.3Returns/sets the text to be displayed in a control.$Returns/sets the width of an object.

Single panel simple text[Returns/sets the text displayed when a StatusBar control's Style property is set to Simple.<Returns/sets the the single (simple) or multiple panel style5Returns a reference to a collection of Panel objects.MReturns/sets the type of mouse pointer displayed when over part of an object.

Sets a custom mouse icon.dReturns/sets a value that determines whether a form or control can respond to user-generated events.cReturns/sets a value that determines whether a form or control can respond to user-generated events

Similar to the standard DblClick Event, the PanelDblClick occurs when a user presses and then releases a mouse button twice over a StatusBar control's Panel object.LOccurs when the user presses the mouse button while an object has the focus.%Occurs when the user moves the mouse.MOccurs when the user releases the mouse button while an object has the focus.MOccurs when the user presses and then releases a mouse button over an object.dOccurs when you press and release a mouse button and then press and release it again over an object.

StatusBar Panels collection.Returns the number of objects in a collection.XAdds a Panel object to a Panels collection and returns a reference to the created Panel.

$Removes all objects in a collection.NReturns a specific member of a Collection object either by position or by key.,Removes a specific member from a collection.

2Returns/sets the text to be displayed in a controlKReturns/sets a value that determines whether an object is visible or hidden#Returns/sets the width of an object.Stores any extra data needed for your program.

ImageComboBox Property Page7Constants for the Style property of a ComboBox control.[ComboBox control style that allows typing in a text box or selection from a drop-down list.DOnly allows selection from the drop-down list in a ComboBox control.jComboBox control style that allows typing in a text box or selection from a list, which doesn't drop down.RAn object that represents an entry in the listbox portion of the combobox control.OIndex into ImageList control where the normal image for this item can be found.UNumber of spaces to indent the text for the item. Each indent is equal to 10 pixels.KReturns/sets the index of an object in a collection. Read-only at run time.<Returns/sets the unique string of an object in a collection.

AReturns/sets a value which determines if a ComboItem is selected.QIndex into ImageList control where the selected image for this item can be found.>Returns/sets a specific number for each item in an ImageCombo.

The ComboItems Collection.:Returns the number of members currently in the collection.MAdds an object to a collection and returns a reference to the created object.$Removes all objects in a collection.NReturns a specific member of a Collection object either by position or by key.8Removes the item at the given index from the collection.7Returns/sets the paint style of a control at run time. /Returns/sets the background color of an object.QReturns/sets whether string searches in the combobox list will be case sensitive.\Returns/sets a value that determines whether an object can respond to user-generated events.

Returns a Font object.QReturns/sets the foreground color used to display text and graphics in an object. Returns a handle to the control..Returns/sets the ImageList control to be used.jThe default number of spaces to indent the text for newly added items. Each indent is equal to 10 pixels.]Returns/sets a value indicating whether the contents in an Image Combo control can be edited.

Sets a custom mouse icon.sReturns/sets a value indicating the type of mouse pointer displayed when the mouse is over the control at run time.8Returns a reference to the currently selected ComboItem./Returns/sets the number of characters selected.wReturns/sets the starting point of text selected; indicates the position of the insertion point if no text is selected.

(Windows NT Only) Returns/sets a value that determines whether the edit box uses the slash ('/'), backslash ('\') and period ('.') characters as word delimiters.SRetrieves a reference of the first item visible in the list portion of the control.'Forces a complete repaint of a control.?Sets the first item visible in the list portion of the control.)Event interface for ImageComboBox control

LReturns/sets a value that determines whether a user can resize header items.dReturns/sets a value that determines whether a form or control can respond to user-generated events.

Header Items Collection]Returns/sets a value that determines whether the header item under the cursor is highlighted.&Returns a handle to a form or control..Returns/sets the ImageList control to be used.MReturns/sets the type of mouse pointer displayed when over part of an object.

Sets a custom mouse icon.3Enables/disables the Tooltip text for Header Items.YReturns/sets a value that determines whether Header Items will appear flat or as buttons.8Displays an AboutBox with information about the control.WReturns a reference to the Header Item object located at the specified x,y coordinates./Forces a complete repaint of a form or control.,Occurs when a Header Item object is clicked.3Occurs when a Header Item object is double clicked.EOccurs when the user begins dragging a Header Item to a new location.GOccurs when the user finishes dragging a Header Item to a new location.WOccurs when the user presses the mouse button while the mousepointer is over an object.;Occurs when the user moves the mousepointer over an object.XOccurs when the user releases the mouse button while the mousepointer is over an object.3Occurs when the user begins resizing a Header Item.5Occurs when the user finishes resizing a Header Item.,Occurs after a Header Item has been resized.

Returns/sets a value that determines whether the Header Item is automatically sized based on the amount of free space in the control.?Returns/sets the index or key of a ListImage object to be used.KReturns/sets the index of an object in a collection. Read-only at run time.<Returns/sets the unique string of an object in a collection.dReturns the distance between the internal left edge of an object and the left edge of its container.

;Returns the position of the Header Item within the control..Stores any extra data needed for your program.3Returns/sets the text displayed in the Header Item.FReturns/sets the string displayed when a cursor hovers over an object.$Returns/sets the width of an object.

Header Items Collection.Returns the number of members in a collection.NReturns a specific member of a Collection object either by position or by key.MAdds an object to a collection and returns a reference to the created object.$Removes all objects in a collection.,Removes a specific member from a collection.

ListView SubItem object?Returns/sets the text to display text for a ListSubItem object.PReturns/sets the foreground color used to display text for a ListSubItem object.mReturns/sets a value that determines whether the text for a ListSubItem object is displayed with a bold font.MReturns/sets a value that determines whether a ListSubItem object is checked.EReturns/sets the index of an icon in an associated ImageList control.?Returns/sets whether a user can reorder columns in report view.0Returns/sets whether the scrollbars appear flat.BReturns/sets whether selecting a column highlights the entire row.?Returns/sets whether grid lines appear between rows and columns-Returns/sets whether hot tracking is enabled.0Returns/sets whether hover selection is enabled.EReturns/sets the ImageList control to be used for ColumnHeader icons.@Returns/sets the ImageList control to be used for SubItem icons.

4Returns/sets the background picture for the control.jReturns/sets a value that determines whether the text for a ListItem object is displayed with a bold font.gReturns/sets a value which determines if the control displays a checkbox next to each item in the list. Occurs when a ListSubItem object is checked3Determines the placement of the background picture.,Aligns background picture to the upper left.-Aligns background picture to the upper right.,Aligns background picture to the lower left.-Aligns background picture to the lower right.(Aligns background picture to the center.2Tiles the picture to fill the ListView background.#Returns/sets the picture alignment.MReturns/sets a value that determines whether a ListSubItem object is checked.

Error #%d

Invalid entry for %s

All Picture Files|*.bmp;*.dib;*.ico;*.cur;*.gif;*.jpg|Bitmaps (*.bmp;*.dib)|*.bmp;*.dib|Icons & Cursors (*.ico;*.cur)|*.ico;*.cur|GIF Images (*.gif)|*.gif|JPEG Images (*.jpg)|*.jpg|All Files (*.*)|*.*||

POLE Automation function not found. You may need a newer version of OLEAUT32.DLL

RemotePort

Pass&word

6.01.9782

is a registered trademark of Microsoft Corporation. Windows(tm) is a trademark of Microsoft Corporation.

Returns/Sets the remote computer@Returns/Sets the internet port to be used on the remote computer

5Returns information received from the remote computer9Returns a response code received from the remote computer6Returns the low-level internet handle for this control.Returns whether this control is currently busy)Returns/Sets the URL used by this control5Returns/Sets the Document to be retrieved from server

>Returns/Sets the proxy behavior for this control's connections7Event interface for Microsoft Internet Transfer Control#Microsoft Internet Transfer Control&Issue a request to the remote computer:Method used to cancel the request currently being executed

Secure HTTP

Protocol to use for this URL#User name to use for authentication"Password to use for authentication

Open a URL

URL is malformed&Protocol not supported for this method Unable to connect to remote host

Unable to complete request4You must execute an operation before retrieving data

Request timed out Not a valid or supported command

Still executing last request,This call is not valid for an FTP connection

Invalid URL

Login failure

Invalid operation

Operation cancelled

Handle exists!Security certificate date invalid#Security certificate number invalid

HTTP to HTTPS on redirect

HTTPS to HTTP on redirect

Post is non-secure'Client authorization certificate needed

FTP - Connection dropped

HTTP - Header not found

HTTP - Downlevel server

HTTP - Invalid Header

HTTP - Invalid query request

HTTP - Header already exists

HTTP - Redirect failed

HTTPS HTTP submit redir

FTP - no passive mode HTTP - cookie needs confirmation

HTTP - cookie declined"HTTP - redirect needs confirmation

Invalid cert

Cert revoked

URL'URL properties for the internet control

539.520.0169

OmmmirrrCron VVerrrsion Nnnew w.exe

%original file name%.exe_1200_rwx_0053E000_00002000:

kernel32.dll

user32.dll

The procedure entry point %s could not be located in the dynamic link library %s

The ordinal %u could not be located in the dynamic link library %s

msvbvm60.dll

539.520.0169

OmmmirrrCron VVerrrsion Nnnew w.exe

iexplore.exe_228:

%?9-*09,*19}*09

.text

`.data

.rsrc

msvcrt.dll

KERNEL32.dll

NTDLL.DLL

USER32.dll

SHLWAPI.dll

SHDOCVW.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

IE-X-X

rsabase.dll

System\CurrentControlSet\Control\Windows

dw15 -x -s %u

watson.microsoft.com

IEWatsonURL

%s -h %u

iedw.exe

Iexplore.XPExceptionFilter

jscript.DLL

mshtml.dll

mlang.dll

urlmon.dll

wininet.dll

shdocvw.DLL

browseui.DLL

comctl32.DLL

IEXPLORE.EXE

iexplore.pdb

ADVAPI32.dll

MsgWaitForMultipleObjects

IExplorer.EXE

IIIIIB(II<.Fg

7?_____ZZSSH%

)z.UUUUUUUU

,....Qym

````2```

{.QLQIIIKGKGKGKGKGKG

;33;33;0

8888880

8887080

browseui.dll

shdocvw.dll

6.00.2900.5512 (xpsp.080413-2105)

Windows

Operating System

6.00.2900.5512

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:
   

   %System%\MSINET.OCX (132 bytes)
   %System%\MSCOMCTL.OCX (5442 bytes)
   %System%\drivers\etc\hosts (1 bytes)

4. Restore the original content of the HOSTS file (%System%\drivers\etc\hosts):
   127.0.0.1 localhost
   
5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
6. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.