Trojan.Win32.IEDummy.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 6643c4004a1c6ee997467033ca03af14
SHA1: b4f2f8b00ee5f57f46e76201a01f190463a72392
SHA256: 2ee912374f2062b6bfe04a3036431f27c5c6ca485fff10a1f431292801344325
SSDeep: 12288:UTOcCf6yNUEH3m5gjKQD8LBlXxjOuf1sjk8OoI6BAbiZ:UTOpVUq3MgJD8LzXd9fp8I6iGZ
Size: 457914 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171, UPolyXv05_v6
Company: no certificate found
Created at: 2011-04-28 14:38:20
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
amisid.exe:1940
setup.exe:1752
setup.tmp:644
%original file name%.exe:228
win10phone__2827_il36975_26.exe:572
Upgrade.exe:1492
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process setup.exe:1752 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-7RV69.tmp\setup.tmp (3784 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-7RV69.tmp\setup.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-7RV69.tmp (0 bytes)
The process setup.tmp:644 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\_isetup\_shfoldr.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CW5HG8EK\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\B9DDBJCW\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BKVRWAPP\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\Upgrade.exe (8581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\itdownload.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\POEKUC06\desktop.ini (67 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\itdownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\_isetup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\Upgrade.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\_isetup\_shfoldr.dll (0 bytes)
The process %original file name%.exe:228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\7ZipSfx.000\setup.exe (3249 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\7ZipSfx.000 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\7ZipSfx.000\setup.exe (0 bytes)
The process win10phone__2827_il36975_26.exe:572 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\nsisos.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst2.tmp (16052 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\amisid.exe (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\registry.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\NSIS_AntiVmFraud.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\System.dll (11 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\dummy.htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\checks.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\amisid.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\registry.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\NSIS_AntiVmFraud.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\nsisos.dll (0 bytes)
The process Upgrade.exe:1492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\win10phone__2827_il36975_26.exe (3446 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\win10phone__2827_il36975_26.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_469984 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\data.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0 (0 bytes)
Registry activity
The process amisid.exe:1940 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"
[HKCU\Software\InternetTurbo]
"UID" = "975F29BE8C8FD0BC5E8EBA2BBF1B629F"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D 8D C7 17 66 43 0A 32 15 8F CE 3F 8B 7F 47 AD"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"
[HKLM\SOFTWARE\Microsoft\ESENT\Process\amisid\DEBUG]
"Trace Level" = ""
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\ESENT\Process\amisid\DEBUG]
"Trace Level"
The process setup.exe:1752 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BA B8 BA BE A2 C0 AC E1 9E 8F 79 C6 CF 1D 16 F4"
The process setup.tmp:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 00 DA D7 64 13 B2 CE 78 5C 5E 88 DC 36 F4 F4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process %original file name%.exe:228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\7ZipSfx.000]
"setup.exe" = "setup Setup"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"NetHood" = "%Documents and Settings%\%current user%\NetHood"
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"PrintHood" = "%Documents and Settings%\%current user%\PrintHood"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools" = "%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Templates" = "%Documents and Settings%\All Users\Templates"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Administrative Tools" = ""
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 BB 1F A9 D3 90 23 F6 CE 58 D1 98 9B 1B 40 B8"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CD Burning" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\CD Burning"
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process win10phone__2827_il36975_26.exe:572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF 8E 6E A7 22 C7 28 4D B0 F8 D0 50 5E 50 ED 39"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp\registry.dll,"
[HKCU\Software\InstallPath\Status]
"Installer" = "S"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The Trojan deletes the following registry key(s):
[HKCU\Software\InternetTurbo]
The process Upgrade.exe:1492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 75 24 5C 45 E0 D3 87 B7 3B C6 F7 4E 0B B2 0F"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0]
"win10phone__2827_il36975_26.exe" = "Buffallo Sabes daemon"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Dropped PE files
MD5 | File path |
---|---|
2b7007ed0262ca02ef69d8990815cbeb | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi3.tmp\registry.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
amisid.exe:1940
setup.exe:1752
setup.tmp:644
%original file name%.exe:228
win10phone__2827_il36975_26.exe:572
Upgrade.exe:1492 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\is-7RV69.tmp\setup.tmp (3784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\_isetup\_shfoldr.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CW5HG8EK\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\B9DDBJCW\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BKVRWAPP\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\Upgrade.exe (8581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\itdownload.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\POEKUC06\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\7ZipSfx.000\setup.exe (3249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\nsisos.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst2.tmp (16052 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\amisid.exe (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\registry.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\NSIS_AntiVmFraud.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\win10phone__2827_il36975_26.exe (3446 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: iSoft
Product Name: SFXMaker
Product Version: 1.4.1.2100
Legal Copyright: Copyright (c) 2006-2011 Iuli
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.4.1.2100
File Description: Compiled by SFXMaker
Comments:
Language: English (Canada)
Company Name: iSoftProduct Name: SFXMakerProduct Version: 1.4.1.2100Legal Copyright: Copyright (c) 2006-2011 IuliLegal Trademarks: Original Filename: Internal Name: File Version: 1.4.1.2100File Description: Compiled by SFXMakerComments: Language: English (Canada)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 71443 | 71680 | 4.58136 | a33aa34b7879bccd6f1864408fd68dcf |
.rdata | 77824 | 12526 | 12800 | 3.84029 | 007197a7f03fd570aac173835b4d4e9d |
.data | 94208 | 10540 | 2048 | 2.52269 | 9627e4496a259b33307cd6b8b9dae798 |
.rsrc | 106496 | 10928 | 11264 | 3.00613 | 3cc68279b1fe3d11cbede69391e434d9 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://upgradesoftware2017.com/freeupgradesoftNEW/8-Windows10PHONE/upgrade.exe | 188.121.41.137 |
hxxp://upgradesoftware2017.com/redirection.html | 188.121.41.137 |
hxxp://g1.panthercdn.com/counter/counter.js | |
hxxp://upgradesoftware2017.com/ | 188.121.41.137 |
hxxp://c.statcounter.com/t.php?sc_project=10738598&java=1&security=267f1d37&u1=E3A0092DF6854F4581DBD39C31C9578C&sc_random=0.40540406162741676&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1276&h=846&camefrom=&u=http://bestprosoft.xyz/redirection.html&t=&sc_snum=1&p=0&invisible=1 | |
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/style.php | 188.121.41.137 |
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/ie6style.php | 188.121.41.137 |
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/iepngfix_tilebg.js | 188.121.41.137 |
hxxp://upgradesoftware2017.com/download2.png | 188.121.41.137 |
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/images/navssbg.png | 188.121.41.137 |
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/images/footerdark.png | 188.121.41.137 |
hxxp://s32.postimg.org/ar19thbr9/maxresdefault.jpg | 141.101.120.104 |
hxxp://s32.postimg.org/cfrzikxxh/cover.png | 141.101.120.104 |
hxxp://s32.postimg.org/h1me77sx1/yumtynreh.png | 141.101.120.104 |
hxxp://s32.postimg.org/6qjerzrdn/image.png | 141.101.120.104 |
hxxp://s32.postimg.org/90gxxyluj/image.png | 141.101.120.104 |
hxxp://s32.postimg.org/83aip3acb/image.png | 141.101.120.104 |
hxxp://s32.postimg.org/b535aoift/image.png | 141.101.120.104 |
hxxp://s32.postimg.org/c2r2h7ktj/image.png | 141.101.120.104 |
hxxp://s32.postimg.org/n9s1wvzmt/image.png | 141.101.120.104 |
hxxp://s32.postimg.org/vfxec11iz/9gag.png | 141.101.120.104 |
hxxp://s32.postimg.org/w9kufim5t/cover.png | 141.101.120.104 |
hxxp://s32.postimg.org/6kki806sr/animated.gif | 141.101.120.104 |
hxxp://s32.postimg.org/apa4ybjbb/cover.png | 141.101.120.104 |
hxxp://s32.postimg.org/dw3ypq17r/vtutorial.gif | 141.101.120.104 |
hxxp://s32.postimg.org/uiliysu5l/2016_01_15_5_35_25.png | 141.101.120.104 |
hxxp://s32.postimg.org/fbk4t7kc7/digitaltvonpc.png | 141.101.120.104 |
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/iepngfix.htc | 188.121.41.137 |
hxxp://imgur.com/vQyVyP5.png | |
hxxp://upgradesoftware2017.com/wp-content/uploads/2015/09/21.png | 188.121.41.137 |
hxxp://upgradesoftware2017.com/wp-content/uploads/2015/09/cover-coperta1.png | 188.121.41.137 |
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/images/headers/header-Flare.png | 188.121.41.137 |
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/images/blank.gif | 188.121.41.137 |
hxxp://upgradesoftware2017.com/wp-content/uploads/2015/08/Cover.png | 188.121.41.137 |
hxxp://upgradesoftware2017.com/wp-content/uploads/2015/09/11.png | 188.121.41.137 |
hxxp://upgradesoftware2017.com/wp-content/uploads/2015/08/Cover1.png | 188.121.41.137 |
hxxp://s15.postimg.org/6qjerzrdn/image.png | |
hxxp://softvipdownload.com/ | |
hxxp://s23.postimg.org/83aip3acb/image.png | |
hxxp://s13.postimg.org/c2r2h7ktj/image.png | |
hxxp://bestprosoft.com/wp-content/uploads/2015/08/Cover.png | 188.121.41.137 |
hxxp://bestprosoft.com/wp-content/uploads/2015/09/21.png | 188.121.41.137 |
hxxp://softvipdownload.com/wp-content/themes/flexibility2/ie6style.php | |
hxxp://softvipdownload.com/wp-content/themes/flexibility2/images/navssbg.png | |
hxxp://softvipdownload.com/download2.png | |
hxxp://bestprosoft.com/wp-content/uploads/2015/08/Cover1.png | 188.121.41.137 |
hxxp://s23.postimg.org/90gxxyluj/image.png | |
hxxp://softvipdownload.com/wp-content/themes/flexibility2/images/blank.gif | |
hxxp://s2.postimg.org/uiliysu5l/2016_01_15_5_35_25.png | |
hxxp://bestprosoft.com/wp-content/uploads/2015/09/cover-coperta1.png | 188.121.41.137 |
hxxp://softvipdownload.com/wp-content/themes/flexibility2/images/headers/header-Flare.png | |
hxxp://www.statcounter.com/counter/counter.js | |
hxxp://s28.postimg.org/6kki806sr/animated.gif | |
hxxp://softvipdownload.com/wp-content/themes/flexibility2/images/footerdark.png | |
hxxp://bestprosoft.xyz/redirection.html | 188.121.41.137 |
hxxp://s22.postimg.org/w9kufim5t/cover.png | 141.101.120.105 |
hxxp://s21.postimg.org/apa4ybjbb/cover.png | 141.101.120.105 |
hxxp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc | |
hxxp://softvipdownload.com/wp-content/themes/flexibility2/style.php | |
hxxp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix_tilebg.js | |
hxxp://i.imgur.com/vQyVyP5.png | 23.235.43.193 |
hxxp://s13.postimg.org/fbk4t7kc7/digitaltvonpc.png | |
hxxp://s16.postimg.org/n9s1wvzmt/image.png | |
hxxp://s8.postimg.org/h1me77sx1/yumtynreh.png | 141.101.120.104 |
hxxp://bestprosoft.com/wp-content/uploads/2015/09/11.png | 188.121.41.137 |
hxxp://s18.postimg.org/b535aoift/image.png | |
hxxp://s15.postimg.org/vfxec11iz/9gag.png | |
hxxp://s2.postimg.org/dw3ypq17r/vtutorial.gif | |
www.flexibilitytheme.com | 66.147.242.185 |
s.ytimg.com | 216.58.214.206 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /cfrzikxxh/cover.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s32.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 102033
Connection: keep-alive
Set-Cookie: __cfduid=d9e30535b8876e65ed8e172e5952d31501463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Tue, 26 Apr 2016 23:00:37 GMT
ETag: "571ff315-18e91"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb581dfa372c-ARN
.PNG........IHDR...R.................pHYs...............C7iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 ">. <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/". xmlns:dc="hXXp://purl.org/dc/elements/1.1/". xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/". xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2016-04-27T01:50:03 03:00</xmp:CreateDate>. <xmp:ModifyDate>2016-04-27T01:53:19 03:00</xmp:ModifyDate>. <xmp:MetadataDate>2016-04-27T01:53:19 03:00</xmp:MetadataDate>. <dc:format>image/png</dc:format>. <photoshop:ColorMode>3</photoshop:ColorMode>. <photoshop:TextLayers>. <rdf:Bag>. <rdf:li rdf:parseType="Resource">. <photoshop:LayerName>Disable</photoshop:LayerName>.
<<< skipped >>>
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:55 GMT
Content-Length: 49
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:55 GMT..Content-Length: 49..GIF89a...................!.......,...........T..;HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT..HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT..HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT......
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:57 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:57 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:57 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:57 GMT
HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:57 GMT......
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT......
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT......
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT......
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT..
GET /b535aoift/image.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s18.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 124224
Connection: keep-alive
Set-Cookie: __cfduid=d5c33fface9e8c5c41b8131cdfc2ca52e1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Sun, 03 Apr 2016 20:37:28 GMT
ETag: "57017f08-1e540"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb582baa36f6-ARN
.PNG........IHDR.......g.............pHYs...t...t..f.x....tIME.........X.....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...y|T.}...l...}.......x.f ..&q........m......K~..M.6..5i.....S7Mpb.....`..".......h4...4..H..H.........s.....=...{...>.........0.u.DDDDDD..K.TDDDDDD..B..........R.......3..""""""2g..:?..wEDDDDDdN....B..................9.P*""""""sF.TDDDDDD..B..........R.......3............AF..x.d.n.oF../ZOAv.i..{......1..^...X.&.$B .>..A....9O&...P. ..u.Y.TDDDDDd>.?K....o....Cc3.d........[....>...?.&...../.M.........F.....}.4......<..-.|.....].(..].......<3..]...% ........OS74..x<D[.s<....... c.].[YN.,.YDDDDDD..Kl2.....Z.Fij...|..z^.....Y<....O../.0G=....Cv.K.o?...........k..}.q~{....g..*.B.......<a..HXt.w|......l......'tE.r...g..............#..9...wi9.!y..........Y..z.B.......\.....;...y..p...8..-.....;.......,.w8.R....... 2......G:.....9..V}.3|....l..c)............9._..C.?Dc.(..'....#......H..^0...""""""r..0U/<......%_.....?.?...E..K..0...zj:].v8UJEDDDDD&p36.F..?...M_..._J..5l...x.p..x.....3..........~.3<...d.'.j...O/...$...0.;.P.t..T(..........P#G...?8<...0M.......qo.q.^(.{.......Z:.tK..]................./6fq.......Q..Id..l...a.......^.@ff...%b..# .......L`.h.$:%...X..n...Lr..Y]..d...0......g6<...>....|@/.O.................b.(......q.......MM..B(5.....v_DDDDD... .....g........I.-.......~.>
<<< skipped >>>
GET /uiliysu5l/2016_01_15_5_35_25.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s2.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 162187
Connection: keep-alive
Set-Cookie: __cfduid=d8663556cce4a51711727b2234c7d1b5c1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Fri, 15 Jan 2016 03:36:04 GMT
ETag: "56986924-2798b"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb583fdd37b6-ARN
.PNG........IHDR....... .......y.....pHYs...t...t..f.x....tIME.....#$?..-....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...wx\W......2*..=r.%.c.q" .8...$...Sv.].@^..x...........!...F.(q...*..[..:.>...lI.,..,...y.<.....{F...9..x.....!..B.!..B....`..E.].!..B.!..B.qS..oLt..U...}.......*.E.!..B.!..BL ...!..B.!..B..$.$..B.!..B.q.. ..B.!..B.!.M@.@B.!..B.!..7..DW@.!..B.!..7..^x...}..'..&76...!..B.!..B\..o.q..{W....W...@E..2....X.....W..i.7.q............/"u...VA.!..B.!.....w......o../.s-...2.@.G...3......x|...7J....y}.J.].=~...aM..>.....B.!..B.qY...d..X.,.t....2.C....q:..#...........K..x.T.wQV.EY.....Zj...MB.!..B.!..W..<.....@~...../.T......(.j....}J..............]~...B.!..B.!.!..>.R...p.x.Z.FoDk..`.b..F....`F...P(../.Q..cU..B.!nH.l..d......u#.c&.k.p.{L...B...g.....6fA...I.,XA..;..J.M.Cp.b..f.7e.z....&.....f"-Z?VE.!..(......Cg..L233...Ujvi.[X{.....}o72twv..27...lY;Q.......... .......=.r.......e.[W.e.0.w.5G?../.R....!...k.%`.R h.....z.JS..H.6..cl..[3ihj...E..W.t....h5j."...........$...L......B...=...W..c.. ..B.U....gc.z..7t..`2.eAn.;...1X..w..d-..k7.3.....X....|6f.!3..n..{.....59)l..Dw.W.e.......Vs.Vu..s.6..)...........c.[....vM.do&o.E..I../....A.!.D.,.t.].&..g..O.."..*$..M8.C..,Q...8z.,%.U.65S..ByM...b..*....O.I....L.K....O.3.m.B.qU... w...@*.l.n.a....0...Ot....ed1......d.,. ........~..`]^... w.......`s.:....Y.t66{./..z.[^ .,6.....~.
<<< skipped >>>
GET /wp-content/uploads/2015/09/21.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bestprosoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache,max-age=1209600
Content-Type: image/png
Last-Modified: Wed, 28 Oct 2015 19:26:22 GMT
Accept-Ranges: bytes
ETag: "9225c87b611d11:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Length: 127295
.PNG........IHDR.......U.......3X....pHYs...t...t..f.x....tIME..........l....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx.....\W.....y...,o.....f..g.wF.....X.fC =....E(6.!=..L(v......t.l..dw..HxT...J.y..C...X@.I. .....T..'.=...=......o..A..A......0V..1....A..A..A..Y...no..gL.B....$.. .. ./.... .. .. ._."0..A..A..D`,.. .. .....A..A...... .. .. ."0..A..A..@... .. .....X..A..A...... .. ....%.s.....o...i1..6k..6..v...T...<.....c... ..A.%.[OS.)p.D...........K8..$.`.8...XA&...X...@.|.....'kL...=...Mn. ..s........o..r...'.....<.wO.i..!..5.5C.>.....y....8..=n,...'....c...Nd(fT....cw-..BT......J.._Y i|..c.3.bt"M....7..-....x<.d.g...mA..1{j.?x#O.....:M.y..:..I.b..b.f.. ..L*.....c.....cw.....2....L.}...K..".2F..x^%....Kc....f.Z1E5 ..1u....Nr~F.Y....:......L...;.....n9.,v.^.....F...e........ .F.\.d..=..0$.-..>a...|..=...i....V..K..:.~......{.E5....U%..E.c....)s..i^{nu.I.hO...QKQ)...4.'.^.u.B.....{.[..W...}..v.... /6O...}...'....f2.........8.V[.}..F5S.R..d.p{=...a. c...Z........~.F..i...j..d2.<...qn.$..l...>.b."$..zl..~w..T..U..5.;.k.g..%.I.H.j...c.2cR.".h........o>jp..../..atz.?..9....7.].W......W.(...N...<..........v..x...O......x.r.<?..~0......w..;. QB......>N..97./(],p......2..%.......=$M.v.,..b..E...u~../.I...8.....|Z.....O-..g0Hp../.tE.. .j....6.....?.3.7W..."..'...d...._....=O....H..... ...~.Ec.=....&.....8'.)....0
<<< skipped >>>
GET /wp-content/uploads/2015/08/Cover.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bestprosoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache,max-age=1209600
Content-Type: image/png
Last-Modified: Mon, 24 Aug 2015 01:21:30 GMT
Accept-Ranges: bytes
ETag: "9a0e134bded01:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:55 GMT
Content-Length: 111332
.PNG........IHDR...[..........M/.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /wp-content/uploads/2015/09/cover-coperta1.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bestprosoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache,max-age=1209600
Content-Type: image/png
Last-Modified: Wed, 28 Oct 2015 19:27:33 GMT
Accept-Ranges: bytes
ETag: "bf4a8cb1b611d11:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:57 GMT
Content-Length: 408129
.PNG........IHDR...;.........,.......pHYs...............Q7iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:dc="hXXp://purl.org/dc/elements/1.1/". xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/". xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/". xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/". xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>adobe:docid:photoshop:7dc6d6fe-6f98-11e5-a45f-8d0ceaf35f2b</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:e23bdc10-e0bc-8842-acca-88dbbfba81b4</xmpMM:InstanceID>. <xmpMM:OriginalDocumentID>F31F7DCFDC00A2B122E4DA3F0F781EDF</xmpMM:OriginalDocumentID>. <xmpMM:History>. <rdf:Seq>. <rdf:li rdf:parseType="Resource">. <stEvt:action>saved</stEvt:action>. <stEvt:instanceID>xmp.iid:7566f5d8-be32-b744-b3a6-36661031e0ff</stEvt:instanceID>. <stEvt:when>2015-09-22T13:
<<< skipped >>>
GET /wp-content/uploads/2015/09/21.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bestprosoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache,max-age=1209600
Content-Type: image/png
Last-Modified: Wed, 28 Oct 2015 19:26:22 GMT
Accept-Ranges: bytes
ETag: "9225c87b611d11:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:57 GMT
Content-Length: 127295
.PNG........IHDR.......U.......3X....pHYs...t...t..f.x....tIME..........l....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx.....\W.....y...,o.....f..g.wF.....X.fC =....E(6.!=..L(v......t.l..dw..HxT...J.y..C...X@.I. .....T..'.=...=......o..A..A......0V..1....A..A..A..Y...no..gL.B....$.. .. ./.... .. .. ._."0..A..A..D`,.. .. .....A..A...... .. .. ."0..A..A..@... .. .....X..A..A...... .. ....%.s.....o...i1..6k..6..v...T...<.....c... ..A.%.[OS.)p.D...........K8..$.`.8...XA&...X...@.|.....'kL...=...Mn. ..s........o..r...'.....<.wO.i..!..5.5C.>.....y....8..=n,...'....c...Nd(fT....cw-..BT......J.._Y i|..c.3.bt"M....7..-....x<.d.g...mA..1{j.?x#O.....:M.y..:..I.b..b.f.. ..L*.....c.....cw.....2....L.}...K..".2F..x^%....Kc....f.Z1E5 ..1u....Nr~F.Y....:......L...;.....n9.,v.^.....F...e........ .F.\.d..=..0$.-..>a...|..=...i....V..K..:.~......{.E5....U%..E.c....)s..i^{nu.I.hO...QKQ)...4.'.^.u.B.....{.[..W...}..v.... /6O...}...'....f2.........8.V[.}..F5S.R..d.p{=...a. c...Z........~.F..i...j..d2.<...qn.$..l...>.b."$..zl..~w..T..U..5.;.k.g..%.I.H.j...c.2cR.".h........o>jp..../..atz.?..9....7.].W......W.(...N...<..........v..x...O......x.r.<?..~0......w..;. QB......>N..97./(],p......2..%.......=$M.v.,..b..E...u~../.I...8.....|Z.....O-..g0Hp../.tE.. .j....6.....?.3.7W..."..'...d...._....=O....H..... ...~.Ec.=....&.....8'.)....0
<<< skipped >>>
GET /wp-content/uploads/2015/09/11.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bestprosoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache,max-age=1209600
Content-Type: image/png
Last-Modified: Wed, 28 Oct 2015 19:25:48 GMT
Accept-Ranges: bytes
ETag: "6b6e3a73b611d11:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
Content-Length: 115324
.PNG........IHDR..............#$M....pHYs...t...t..f.x....tIME......2 o ,....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...g.eW~....'.:....:...8Cr...F.J...l. ?.k.K1p..N..[.!............CrHv....a......$;..n...!.4...{.P........._...!..B.!.sI..m.)..g..!..B.!.c...9.J)..."..B.!.xL..n..B.!.....@/..B.!.sL...B.!...1..B.!..B<.$..!..B....@/..B.!.sL...B.!...1..B.!..B<.$..!..B.........r....0[Q.F.;.[l..._j.....&K.<.......>....v!.....j..OW. ......c..g..g$[....GgLT.c....V.s.....9]....9".o......O..B.!..Tt3..3.,.4....M{s..}.......p.X.......C.v.........d(7*4s.....Gk...*.J...N.L.m.....Hry....E.$.i9......e.ok._....!....`..".=7............u..<U........c'.> ..Q.2[.....8c..n......9..Y._.]J....,.A..."n3.O..UL.0....w..YS...K..Y.....hoY.S......r....y....X!c-K.9..~o.....N@......af.]*RP!.Y...]..<.=.:F..........`..9<s..2.J....z.;{.n....%..b.c.....:..Y....d......J.....y.....p...b..F....sL.M.K.?.;..>.?......$......$...02&.....:.......!..MAUu*Su....R1`...1`.C.A.bV*,.^....Q$.ws..g.u..=4..k.N..*.nU%.^.?.....2B.......z........~.7..(.hf..^[.ON.xn...[....[....'.~........1u..T.3o....!]..O>...7n.1.sn..^Y.ON.... Q.3:..g..:.....bH....Y9.......@...QJ...F.I...?......(.9..z.*.{u..^..1.q.'?.oo..?.i|7E....?8.K.y.x.Z.......a...?......o......../..b..vB.EX.....~.%.v=H.By.?....0TF.\...^._....|...4.._...3.J..e~..[......z.._...f.`{....^..M*s........8.7..3...!;iB
<<< skipped >>>
GET /wp-content/uploads/2015/08/Cover1.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bestprosoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache,max-age=1209600
Content-Type: image/png
Last-Modified: Mon, 24 Aug 2015 14:00:09 GMT
Accept-Ranges: bytes
ETag: "90f7eb2f75ded01:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
Content-Length: 110921
.PNG........IHDR...[..........M/.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /c2r2h7ktj/image.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s13.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 151746
Connection: keep-alive
Set-Cookie: __cfduid=d1c35629dbc4cd7cfe96abd7c0a8c78fb1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Sun, 03 Apr 2016 20:36:59 GMT
ETag: "57017eeb-250c2"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb582dba3714-ARN
.PNG........IHDR.......g.............pHYs...t...t..f.x....tIME...............tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...wt..}......`0.... ..$.DR..H........qb...(.$.unb.8......;q,...d..:%Jb.H...@...A........R.D...|..Z..~..g.Z.g...m....DDDDDDDV.q.. """"""...JEDDDDDd.(.........Q(.......U.P*"""""".....yU........UaH$..."""""".*.|WDDDDDDV.B..........R......Y5.."""""".j.JEDDDDDd..W{.""""""..f...f...........Nya.9.7.y..0.r...(QO..[..`.Lf.hh..#/...'.....t.o.g.R........t'cO.#..........[..Q>....u...<.Lp...._.7.p.....>....N...qb.)&._.....|;.!n..G...|..T.wEDDDDD~...B...Z.5.9..c..O..}6..x<.@./y..~./.....*.5.'...,""""""..Kj&.......Cu....b./....mE.K...{.{..G..S...O..?.?..|.f.G....|...........v...rIf9.JEDDDDD..F..O..v]...%).m......{.9/q.K .f.../.bx.?..O....-%c.E..#d...|..wqu....c=C.TDDDDDD.............>.c.<..QL.M.....{...R,..;.R......Y..UE......vF&..-..M7.......M../.R......Y"0.2....../..{.O...<..2o.2_~W........ """"""g........w..^.... .....op..Y...{._.v.:..d.i.TDDDDDd.0...N<......Z...US.q..][E.`x...f.:.....o..e.......y.u5.Mg.m.g.......P.r/. .Q....T(......Y"Lp..C.|.......2MJ....{.um.n.](.G.L.>.s.6F^.H..cLm.\...@...............G...uT.l.rv...8..i...wx......P.-....Y.TDDDDDd..F..gV>.....;.4/.L..KZ..d!.K0..?...W.<.....K..b.$G.u05......O.....V.R....w}6.......St..0{.B.!.H$...EDDDDD.9.$b.....#...e..l..).].K.L..b!...!. .i6W:)...K2..
<<< skipped >>>
GET /redirection.html HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bestprosoft.xyz
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 19 May 2016 02:00:55 GMT
Accept-Ranges: bytes
ETag: "e3f0bc4772b1d11:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:52 GMT
Content-Length: 764
<meta HTTP-EQUIV="REFRESH" content="0; url=hXXp://softvipdownload.com/">....<!-- Start of StatCounter Code for Default Guide -->..<script type="text/javascript">..var sc_project=10738598; ..var sc_invisible=1; ..var sc_security="267f1d37"; ..var scJsHost = (("https:" == document.location.protocol) ?.."hXXps://secure." : "hXXp://www.");..document.write("<sc" "ript type='text/javascript' src='" ..scJsHost .."statcounter.com/counter/counter.js'></" "script>");..</script>..<noscript><div class="statcounter"><a title="web analytics"..href="hXXp://statcounter.com/" target="_blank"><img..class="statcounter"..src="hXXp://c.statcounter.com/10738598/0/267f1d37/1/"..alt="web analytics"></a></div></noscript>..<!-- End of StatCounter Code for Default Guide -->..HTTP/1.1 200 OK..Content-Type: text/html..Last-Modified: Thu, 19 May 2016 02:00:55 GMT..Accept-Ranges: bytes..ETag: "e3f0bc4772b1d11:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:52 GMT..Content-Length: 764..<meta HTTP-EQUIV="REFRESH" content="0; url=hXXp://softvipdownload.com/">....<!-- Start of StatCounter Code for Default Guide -->..<script type="text/javascript">..var sc_project=10738598; ..var sc_invisible=1; ..var sc_security="267f1d37"; ..var scJsHost = (("https:" == document.location.protocol) ?.."hXXps://secure." : "hXXp://VVV.");..document.write("<sc" "ript type='text/javascript' src='" ..scJsHost .."statcounter.com
<<< skipped >>>
GET /freeupgradesoftNEW/8-Windows10PHONE/upgrade.exe HTTP/1.0
Host: upgradesoftware2017.com
User-Agent: InnoTools_Downloader
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Wed, 18 May 2016 22:23:59 GMT
Accept-Ranges: bytes
ETag: "c4f445f953b1d11:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:47 GMT
Connection: close
Content-Length: 814257
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.................:.......,.......<............... .{.....=.......;.......>.....Rich............PE..L......R.................R...<......H........p....@.....................................................................3...l........................................s..................................@............p..t............................text...~Q.......R.................. ..`.rdata..CO...p...P...V..............@..@.data...............................@....rsrc...............................@..@...........................................................................................................................................................................................................................................................................................................................................................................................................[B..=...QV...u...`/...E.............#...E..............E.........H....E....M...M...N@..M...M.^d........3..|$..rJ.L$..9RuA.|$..r:.y.au4.y.ru..y.!u(.y..u".y..u..I...u.j......u.j......u.j.X.....j...$..... ....P..U....4....t..E...@....E...(....u..E.....E...E.]....D$.V...F..N.;N.v_.F.SUW.l.B...t.;.v.Ph.tB.U..R.........Q...F.......D. .N...;.w...S.6.......YY..u.....Q...>_].^.[^....t$... Q.......Y..Y@...V...L$......P..F..V...^.........j..p..p..R...D$.V...F..N.;N.v`.F.SUW.l.B...t.;.v.Ph.tB.U..R.......
<<< skipped >>>
GET /n9s1wvzmt/image.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s16.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 125076
Connection: keep-alive
Set-Cookie: __cfduid=d3699b508a574ff120f176798e0eaba951463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Sun, 03 Apr 2016 20:37:45 GMT
ETag: "57017f19-1e894"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb58336216b2-ARN
.PNG........IHDR.......g.............pHYs...t...t..f.x....tIME...............tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...wt..}......`0.... ..$.DR..H........qb...(.$.unb.8......;q,...d..:%Jb.H...@...A........R.D...|..Z..~..g.Z.g...m....DDDDDDDV.q.. """"""...JEDDDDDd.(.........Q(.......U.P*"""""".....yU........UaH$..."""""".*.|WDDDDDDV.B..........R......Y5.."""""".j.JEDDDDDd..W{.""""""..f...f...........Nya.9.7.y..0.r...(QO..[..`.Lf.hh..#/...'.....t.o.g.R........t'cO.#..........[..Q>....u...<.Lp...._.7.p.....>....N...qb.)&._.....|;.!n..G...|..T.wEDDDDD~...B...Z.5.9..c..O..}6..x<.@./y..~./.....*.5.'...,""""""..Kj&.......Cu....b./....mE.K...{.{..G..S...O..?.?..|.f.G....|...........v...rIf9.JEDDDDD..F..O..v]...%).m......{.9/q.K .f.../.bx.?..O....-%c.E..#d...|..wqu....c=C.TDDDDDD.............>.c.<..QL.M.....{...R,..;.R......Y..UE......vF&..-..M7.......M../.R......Y"0.2....../..{.O...<..2o.2_~W........ """"""g........w..^.... .....op..Y...{._.v.:..d.i.TDDDDDd.0...N<......Z...US.q..][E.`x...f.:.....o..e.......y.u5.Mg.m.g.......P.r/. .Q....T(......Y"Lp..C.|.......2MJ....{.um.n.](.G.L.>.s.6F^.H..cLm.\...@...............G...uT.l.rv...8..i...wx......P.-....Y.TDDDDDd..F..gV>.....;.4/.L..KZ..d!.K0..?...W.<.....K..b.$G.u05......O.....V.R....w}6.......St..0{.B.!.H$...EDDDDD.9.$b.....#...e..l..).].K.L..b!...!. .i6W:)...K2..
<<< skipped >>>
GET /counter/counter.js HTTP/1.1
Accept: */*
Referer: hXXp://bestprosoft.xyz/redirection.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.statcounter.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:52 GMT
Server: PWS/8.1.36.0005
X-Px: ht h0-s1105.p11-fra.cdngp.net
ETag: W/"5714b418-56ec"
Cache-Control: public, max-age=43200
Content-Length: 8353
Content-Type: application/x-javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 18 Apr 2016 10:16:56 GMT
Connection: keep-alive
...........\{s.6..*.V. .dI...i..l..V.[......(....H..l9#...u.$@J..\.]..7.m.h..F../.!H.Y.?F.....T.../..Ys'......oE]*."..gY.E.n.".;\..Y.>}D...&H....9....)vv..!.Bj.G.n......4...zQ...U......."\e..St....4.0..&...0....x........h....C.l....y..,.....5"^.....i.?.a.0......8.S9.]..Wt...6.E...uY..= ,..U..b..w.. ....o.....y.}.LE...ECU..Ip?.~3....0..V.d...9....g.l.....R....XSM.l....C$.Y.l>F."y...@d.......`>..K..h.?mD.lh.e.f...e"...<k.9,.X,....y..yV.*...Q..W.~&F..-..o@.".Y.,b.x.7...l...<J........S.kFY.Q........V@.x.y..V. ..g.b.c......W.8...x.........X<6~.._.6M..b..j[.e......w7..y.*.fV.C.b.p.^.3.>.U&h..s..r...l.(FiYg..."|....'..-.kQ..=..j..x.[.VH..#.L.U.Z..U".iL..2..gQYgs.)...P....i.&."DW.....8p.C..Z.=...#g4.9..b.u.}.^<tz#...G}..O.;.......w....z'..;......z=.`......I..g0........w.!A......\%I*.S..d.._..Wj.......*...1.(:..s....D.g..[...<w..Q..........Ry........p.d.wmJ.k.q............-.z...... .pm]X.......o.E......C.&.<Z...\...y.w]..oIZB...?..?.H..Zq....... J...B....l;.r:g..6.W(Q....* }.B....V...,.6.$.*a..........M..$....(u..Jj.uv.....]U...Q.&..%H....U..( iA.a.mr?..%x..jIT.B.....T..h.G...rE...Gyl.*.P......H<.yp.S..~..M}..m....m.X....x?b.R.{...Q..:......L.<...y.V.....bgV..,._?`....\."mZr.>Py....o...(...5T.%?*.....6*.....Z.1...e..........L|...JJ...p/.v.....G.~.....h...&c.2..!...e...........T>;..x4.Md.S....9.N...s.|r...=...8..M.....N..a....h1.?.f.h....M...u...\.a..(.=....... ......gh:.............0N.[G;.4.. ..A)r..|...q....].......Nh6C.K...[...h....F.....E......\.F..:..;...3_h$%v.....b..T...Tx
<<< skipped >>>
GET /counter/counter.js HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 18 Apr 2016 10:16:56 GMT; length=22252
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.statcounter.com
Connection: Keep-Alive
Cookie: is_unique=sc10738598.1463641853.0; is_visitor_unique=1463641853328226018
HTTP/1.1 304 Not Modified
Date: Thu, 19 May 2016 07:10:54 GMT
Server: PWS/8.1.36.0005
X-Px: ht h0-s1105.p11-fra.cdngp.net
ETag: W/"5714b418-56ec"
Cache-Control: public, max-age=43200
Last-Modified: Mon, 18 Apr 2016 10:16:56 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Date: Thu, 19 May 2016 07:10:54 GMT..Server: PWS/8.1.36.0005..X-Px: ht h0-s1105.p11-fra.cdngp.net..ETag: W/"5714b418-56ec"..Cache-Control: public, max-age=43200..Last-Modified: Mon, 18 Apr 2016 10:16:56 GMT..Connection: keep-alive..
GET /90gxxyluj/image.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s23.postimg.org
Connection: Keep-Alive
<<< skipped >>>
GET /apa4ybjbb/cover.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s21.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 125430
Connection: keep-alive
Set-Cookie: __cfduid=d6e47ca385b509614cf82d0a997317c721463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Fri, 15 Jan 2016 03:34:28 GMT
ETag: "569868c4-1e9f6"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb584d760a4e-ARN
.PNG........IHDR...[..........M/.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /wp-content/themes/flexibility2/style.php HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:53 GMT
Content-Length: 22469
/*--- This is the CSS that controls the theme. It's pretty sloppy, but try running php tags through CSS Tidy and see what happens. ---*/..html {...margin: 0px;...min-height: 100%;..}..body {...margin:0px;...padding:0px;...background-color: #526074;...min-height: 100%;...}..body {...background-image: url('hXXp://softvipdownload.com/wp-content/themes/flexibility2/images/backgrounds/diaglines.png');...background-repeat: repeat; ...background-position: center top;..}..a:link, a:visited, a:active a:focus {...-moz-outline-style:none;..}..a:hover {...-moz-outline-style:none;..}..h1, h2, h3, h4 {...font-family: Georgia, Helvetica, sans-serif;..}..h2.pagetitle {...padding:8px 8px 8px 15px;...margin:0px 0px 5px 0px;...background-color:#FFFFFF;...font: normal 22px/26px Georgia;...color: #A10000;...border: solid 1px #D7CAB5;..}..img {...border:none;...margin:0;...padding:0;..}...alignleft {...margin-right:10px;...margin-bottom:10px;.. float: left;..}...alignright {...margin-bottom:10px;...margin-left:10px;.. float: right;..}...aligncenter {...display: block; ...margin-left: auto; ...margin-right: auto;.. margin-bottom:10px;..}..hr {...height: 1px;...border:0;...width: 95%;...color: #E6E6E6;...background-color: #E6E6E6;..}...postwrap blockquote {...margin:0 15px 10px 15px;...padding:10px 15px;...border: 1px solid #999999;...background: #CCCCCC;..}...postwrap blockquote blockquote {...margin-right:5px;...margin-left:0;...background: #CCCCCC;..}...postwrap blockquote p {...margin:0;...padding:0 0 5px;..}..#bgwrapper
<<< skipped >>>
GET /wp-content/themes/flexibility2/images/navssbg.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 05 Jul 2012 12:39:44 GMT
Accept-Ranges: bytes
ETag: "068ff40ab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:53 GMT
Content-Length: 288
.PNG........IHDR...d...#.....b.......sBIT....|.d.....pHYs.........B.4.....tEXtCreation Time.12/19/08.[......tEXtSoftware.Adobe FireworksO..N...|IDATh......P.......S..&..=.T X..g.od\.... 1....#H. 1....%...==./Ab...$F..Ab...$.c.cCb...$F..G=.....#H. 1....#H.?$.....#H. 1...._O..W....IEND.B`.HTTP/1.1 200 OK..Content-Type: image/png..Last-Modified: Thu, 05 Jul 2012 12:39:44 GMT..Accept-Ranges: bytes..ETag: "068ff40ab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:53 GMT..Content-Length: 288...PNG........IHDR...d...#.....b.......sBIT....|.d.....pHYs.........B.4.....tEXtCreation Time.12/19/08.[......tEXtSoftware.Adobe FireworksO..N...|IDATh......P.......S..&..=.T X..g.od\.... 1....#H. 1....%...==./Ab...$F..Ab...$.c.cCb...$F..G=.....#H. 1....#H.?$.....#H. 1...._O..W....IEND.B`.....
GET /wp-content/themes/flexibility2/iepngfix.htc HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/x-component
Last-Modified: Thu, 05 Jul 2012 12:37:07 GMT
Accept-Ranges: bytes
ETag: "801b6be3aa5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Length: 5006
<public:component>..<public:attach event="oncontentready"...onevent="IEPNGFix.process(element, 1)" />..<script type="text/javascript">..// IE5.5 PNG Alpha Fix v2.0 Alpha 2..// (c) 2004-2008 Angus Turnbull hXXp://VVV.twinhelix.com..// This is licensed under the GNU LGPL, version 2.1 or later...// For details, see: hXXp://creativecommons.org/licenses/LGPL/2.1/..if (!window.IEPNGFix) {...window.IEPNGFix = {};..}....// This must be a path to a blank image, relative to the HTML document(s)...// In production use I suggest '/images/blank.gif' or similar. That's all!..IEPNGFix.blankImg = '/wp-content/themes/flexibility2/images/blank.gif';....if (!IEPNGFix.data) {...IEPNGFix.data = {};..}....IEPNGFix.fix = function(elm, src, t) {...// Applies an image 'src' to an element 'elm' using the DirectX filter....// If 'src' is null, filter is disabled....// Disables the 'hook' to prevent infinite recursion on setting BG/src....// 't' = type, where background tile = 0, background = 1, IMG SRC = 2....var h = this.hook.enabled;...this.hook.enabled = 0;...var f = 'DXImageTransform.Microsoft.AlphaImageLoader';...src = (src || '').replace(/\(/g, '(').replace(/\)/g, ')');...if (....srHTTP/1.1 200 OK..Content-Type: text/x-component..Last-Modified: Thu, 05 Jul 2012 12:37:07 GMT..Accept-Ranges: bytes..ETag: "801b6be3aa5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:54 GMT..Content-Length: 5006..<public:component>..<public:attach event="oncontentready"...onevent="IE
<<< skipped >>>
GET /fbk4t7kc7/digitaltvonpc.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s13.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 298623
Connection: keep-alive
Set-Cookie: __cfduid=d1c35629dbc4cd7cfe96abd7c0a8c78fb1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Sun, 21 Feb 2016 05:40:55 GMT
ETag: "56c94de7-48e7f"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb583dbd3714-ARN
.PNG........IHDR... ...X......v.p....pHYs.......... ......tIME...............tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...w.......a..$..]%$.D..HdD2&....ls.......^g.........`^.s..`2&..D....(k.W.w'u.z...............gw........._?.S-.{B.B....B:.........?(....\....|<..l, `..B.,.......Be..).o~../........X..W.,=:.....W.\t...q.uW........%.6....>)@...e.1..!.Zv ...v....z....r.........'.>.._.e..R....Q7.........o.MX.....DnY.z~...\.../...k......2.g....}?...k.]....G.}...\....2.......c..k......(..JO..............l.<$>r.F.....)../...".!pp........S...J.........e..s.....i..Z.........uql{...q ]._......== ..X...'B~p.'B.k...........k.....DG.W$... ...- w9 ...h..b.#...........b...$.D.R`;6.....}\....s..m......2.\..6.O.!..D.W.)...p./....b...< .)SD".....bI...R.I......."..F..P^N.O >........M...B..u..)$F|.......!.......)$B.\...O.......s...u..~../@r..t.....;..1...6.l.._/.:J...e.k..uR..Iu}.a:8............KW{'...H..P.(..............w .<!.DI!AR..Q...........u..h.6....c......w..G...g.~y...w......\......... ..].q.pQ..=.......7l.....I3...\.x4Fe$.@:..?.....Z..6..uC?...Q*.x@...........b.SJp.......^......|...[....."c......>...3...O...`g2......e...~......c...C...N..u.a.......u...$h....Y=....N.93.0...X4..{W....T..........c.A......f..!....\.2..W.........?.c....r.L..U..-?Y..8.....}QQL...........Hg.O..:.^..._y.h...x....v..k...W..2............M
<<< skipped >>>
GET /w9kufim5t/cover.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s22.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 124855
Connection: keep-alive
Set-Cookie: __cfduid=d3699b508a574ff120f176798e0eaba951463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Fri, 15 Jan 2016 03:27:09 GMT
ETag: "5698670d-1e7b7"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb58367b16b2-ARN
.PNG........IHDR...[..........M/.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Pingback: hXXp://softvipdownload.com/xmlrpc.php
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:53 GMT
Content-Length: 52391
..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head profile="hXXp://gmpg.org/xfn/11">..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />..<meta name="distribution" content="global" />..<meta name="robots" content="follow, all" />..<meta name="language" content="en, sv" />..<title>..SoftVipDownload</title>..<meta name="generator" content="WordPress 3.2.1" />..<!-- leave this for stats please -->..<link rel="shortcut icon" href="hXXp://softvipdownload.com/wp-content/themes/flexibility2/favicon.ico" type="image/x-icon" />..<link rel="alternate" type="application/rss xml" title="RSS 2.0" href="hXXp://softvipdownload.com/?feed=rss2" />..<link rel="alternate" type="text/xml" title="RSS .92" href="hXXp://softvipdownload.com/?feed=rss" />..<link rel="alternate" type="application/atom xml" title="Atom 0.3" href="http://softvipdownload.com/?feed=atom" />..<link rel="pingback" href="hXXp://softvipdownload.com/xmlrpc.php" />...<link rel='archives' title='April 2016' href='hXXp://softvipdownload.com/?m=201604' />..<link rel='archives' title='March 2016' href='hXXp://softvipdownload.com/?m=201603' />..<link rel='archives' title='February 2016' href='hXXp://softvipdownload.com/?m=201602' />..<link rel='archives' title='December 2015' href='hXXp://softvipdownload.com/?m=
<<< skipped >>>
GET /wp-content/themes/flexibility2/ie6style.php HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:53 GMT
Content-Length: 1980
..body {background-image:none;}..#bgwrapper {background-image:none;}...topshadow {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#content {width: 910px;}..#header {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#nav {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#feature {background-image:none;}..img {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#nav li a {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#nav li a span {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#header #searchform {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#rssfeeds .img {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..h2.pagetitle {background-image:none;}...postMeta {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..div.commentcount {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..div.postdate {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#sidebar-top ul li { background-image:none; padding-left:0px;}..#sidebar-left ul li, #sidebar-right ul li {background-image:none; padding-left:0px;}..#sidebar-top div.toptitle {background: url(images/sidebar-h2-bg.png) no-repeat top left; backgroun
<<< skipped >>>
GET /wp-content/themes/flexibility2/iepngfix_tilebg.js HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 05 Jul 2012 12:37:07 GMT
Accept-Ranges: bytes
ETag: "801b6be3aa5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:53 GMT
Content-Length: 3828
// IE5.5 PNG Alpha Fix v2.0beta1: Background Tiling Support..// (c) 2008 Angus Turnbull hXXp://VVV.twinhelix.com..// This is licensed under the GNU LGPL, version 2.1 or later...// For details, see: hXXp://creativecommons.org/licenses/LGPL/2.1/..if (!window.IEPNGFix) {...window.IEPNGFix = {};..}..IEPNGFix.tileBG = function(elm, pngSrc, ready) {...// Params: A reference to a DOM element, the PNG src file pathname, and a...// hidden "ready-to-run" passed when called back after image preloading....var data = this.data[elm.uniqueID],....elmW = Math.max(elm.clientWidth, elm.scrollWidth),....elmH = Math.max(elm.clientHeight, elm.scrollHeight),....bgX = elm.currentStyle.backgroundPositionX,....bgY = elm.currentStyle.backgroundPositionY,....bgR = elm.currentStyle.backgroundRepeat;...// Cache of DIVs created per element, and image preloader/data....if (!data.tiles) {....data.tiles = {.....src: '',.....cache: [],.....img: new Image(),.....old: {}....};...}...var tiles = data.tiles,....pngW = tiles.img.width,....pngH = tiles.img.height;...if (pngSrc) {....if (!ready && pngSrc != tiles.src) {.....// New image? Preload it with a callback to detect dimensions......tiles.img.onload = function() {......this.onload = null;......IEPNGFix.tileBG(elm, pngSrc, 1);.....};.....return tiles.img.src = pngSrc;....}...} else {....// No image?....if (tiles.src) ready = 1;....pngW = pngH = 0;...}...tiles.src = pngSrc;...if (!ready && elmW == tiles.old.w && elmH == tiles.old.h &&....bgX == tiles.old.x && bgY == tiles.old.y && bgR == tiles.o
<<< skipped >>>
GET /download2.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 22 Apr 2016 22:50:37 GMT
Accept-Ranges: bytes
ETag: "8e9f3063e99cd11:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:53 GMT
Content-Length: 18827
.PNG........IHDR.......X......8......pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /wp-content/themes/flexibility2/images/footerdark.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 05 Jul 2012 12:39:42 GMT
Accept-Ranges: bytes
ETag: "03bce3fab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Length: 2804
.PNG........IHDR...............q.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe FireworksO..N....tEXtCreation Time.01/12/09V..K...PIDATx......W...s.y...y6...X..v..Ep..(.q.DAA...F!!....f01........ <,....8......X.Z................"""""""""./......z%c.1..c.1..c....kT9..c.1..c.1..ws..c.1..c.1..Yv..#..c.1..c.1...{.WL(..c.1..c.1....S.0..c.1..c.1.3#..1..c.1..cl..qg.1..c.1..c.mU.M(..c.1..c.1....w.U...0..c.1..c.16.V...E.c.1..c.1.....>5..c.1..c.1..c;.v........#..c.1..c.1.N.U}fB...c.1..c.1.v...M(..c.1..c.1...V...E.c.1..c.1.....7...]..p..c.1..c.1..i...O(..c.1..c.1...V...E.c.1..c.1.....><..c.1..c.1..c;.V.=...1..c.1..c..)...'.a.1..c.1..clg....".1..c.1..c.......?.....c.1..c.1..;.V...E.c.1..c.1......2..c.1..c.1..c;[.W'.a.1..c.1..clg..XU/V.?.1..c.1..c.1v...k..0..c.1..c.1..U}tB...c.1..c.1.vv..p8z.1..c.1..c..)..oL(..c.1..c.1...V...E.c.1..c.1......5..c.1..c.1..c;...7.....c.1..c.1...[.w&.a.1..c.1..clg....".1..c.1..c..lU..P.1..c.1..c...]..F...M.#..c.1..c.1.N.U}lB...c.1..c.1.v...O(..c.1..c.1...n....o...G.1..c.1..c..f....".1..c.1..c..lU?.P.1..c.1..c........0..c.1..c.1..k...._.c.1..c.1...b....".1..c.1..c..lU?.P.1..c.1..c...]...z.z...1..c.1..c...mU..P.1..c.1..c.....'..0..c.1..c.1..U.tB...c.1..c.1.vv..U...m.#..c.1..c.1.N.U.lB...c.1..c.1.v...&.a.1..c.1..clg.....s.1..c.1..c.M.U.|B...c.1..c.1.v.._L(..c.1..c.1...V.......#..c.1..c.1.N.U}zB...c.1..c.1.vv.R.1..c.1..c.....W..0..c.1..c.1..U.zB...c.1..c.1.vv.f....;.G.1..c.1..c..n....".1..c.1..c...Z..p..c.1..c.1..cSlU..P.1..c.1..c...]..a.1..c.1..clg....".1..c.1..c..lU_.P.1.
<<< skipped >>>
GET /wp-content/themes/flexibility2/images/headers/header-Flare.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 05 Jul 2012 12:41:49 GMT
Accept-Ranges: bytes
ETag: "80e4808bab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Length: 14984
.PNG........IHDR...............vZ....sBIT....|.d.....pHYs...........~.....tEXtCreation Time.12/11/08..00....tEXtXML:com.adobe.xmp.<?xpacket begin=" " id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c034 46.272976, Sat Jan 27 2007 22:37:37 ">. <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xap="hXXp://ns.adobe.com/xap/1.0/">. <xap:CreatorTool>Adobe Fireworks CS3</xap:CreatorTool>. <xap:CreateDate>2008-12-11T17:54:50Z</xap:CreateDate>. <xap:ModifyDate>2008-12-12T04:33:57Z</xap:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="hXXp://purl.org/dc/elements/1.1/">. <dc:format>image/png</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. . . #.t.....tEXtSoftware.Adobe FireworksO..N.. .IDATx....r.H.&S.j..s=.;.}..X..._,....Ef.t7kk..K.. ....Zk..........0z.Az.[.'S .....[.z...g.G..a...f{V......k"./.......g.[k.c,........q....j?....."....!ezH.[.U#..Zv.......6c.X........._.Y...b1.....\`g.{....*.ZoAl.",GI.*Q...[q.lC`.......E.e
<<< skipped >>>
GET /wp-content/themes/flexibility2/images/navssbg.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:44 GMT
If-None-Match: "068ff40ab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:44 GMT
Accept-Ranges: bytes
ETag: "068ff40ab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:55 GMT
....
GET /wp-content/themes/flexibility2/images/headers/header-Flare.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:41:49 GMT
If-None-Match: "80e4808bab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:41:49 GMT
Accept-Ranges: bytes
ETag: "80e4808bab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:55 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:55 GMT
Content-Length: 49
GIF89a...................!.......,...........T..;HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT..HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT..HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT......
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:56 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:57 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:57 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:57 GMT
HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:57 GMT......
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:57 GMT
HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:57 GMT......
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT......
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
....
GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT
If-None-Match: "0e9d3eab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT
Accept-Ranges: bytes
ETag: "0e9d3eab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT......
GET /wp-content/themes/flexibility2/images/footerdark.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jul 2012 12:39:42 GMT
If-None-Match: "03bce3fab5acd1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: softvipdownload.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Last-Modified: Thu, 05 Jul 2012 12:39:42 GMT
Accept-Ranges: bytes
ETag: "03bce3fab5acd1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:42 GMT..Accept-Ranges: bytes..ETag: "03bce3fab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT..
GET /h1me77sx1/yumtynreh.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s8.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 408129
Connection: keep-alive
Set-Cookie: __cfduid=d5c33fface9e8c5c41b8131cdfc2ca52e1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Sat, 02 Apr 2016 21:10:17 GMT
ETag: "57003539-63a41"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb581d5936f6-ARN
.PNG........IHDR...;.........,.......pHYs...............Q7iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:dc="hXXp://purl.org/dc/elements/1.1/". xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/". xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/". xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/". xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>adobe:docid:photoshop:7dc6d6fe-6f98-11e5-a45f-8d0ceaf35f2b</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:e23bdc10-e0bc-8842-acca-88dbbfba81b4</xmpMM:InstanceID>. <xmpMM:OriginalDocumentID>F31F7DCFDC00A2B122E4DA3F0F781EDF</xmpMM:OriginalDocumentID>. <xmpMM:History>. <rdf:Seq>. <rdf:li rdf:parseType="Resource">. <stEvt:action>saved</stEvt:action>. <stEvt:instanceID>xmp.iid:7566f5d8-be32-b744-b3a6-36661031e0ff</stEvt:instanceID>. <stEvt:when>2015-09-22T13:
<<< skipped >>>
GET /vQyVyP5.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.imgur.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Last-Modified: Mon, 16 Jun 2014 04:28:30 GMT
ETag: "572d3751fa708458ce95a2938ebbf2d5"
Content-Type: image/png
Fastly-Debug-Digest: ccd76d253dafa1222ae135695b0eb2c43c9dc949cac4764de284820c5f9edec1
cache-control: public, max-age=31536000
Content-Length: 211539
Accept-Ranges: bytes
Date: Thu, 19 May 2016 07:10:54 GMT
Age: 9094262
Connection: keep-alive
X-Served-By: cache-iad2122-IAD, cache-ams4145-AMS
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
X-Timer: S1463641854.755910,VS0,VE0
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR...^...........u.....pHYs.......... ......tIME.......>.%.....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...y.].u/...sz...64....;..Z.vl..-a..<......N."^.{..l./o}k...I..c..8...h.&..A-.......0.mF.....9U..Q...S....[h......S.k.....k.p.Y/......0...$J.(Q.D..%..i.....c.uF...........T.D..%J.(..H.....(.s....j...>.y.y....o..R*(%...R.EQ ...Dk....!.......1.*....y..(.PV.7...rH&*......}...K|H.8-].'.......K .qy[.C...p.w'7.....'c ~.....?...O.'..{..................N.._|...w....JI4..(........h4.....Bk...Zk.........8.H....\...7...%...V.-..Rz...dd..;.H...6/..`..yHC...U..l..K.....e.M...*..T.Yk.Un...%.r.W6.PJ........6..|.......?...O.'.'.........O.......N.h`.....Q!y.V.W......."U0)UHO.Z......F....]...(_...x.L\...'/.....k..]......s]xy.3...f$?/'......M..c[&............p..{w.l.g2..w..e.............=.y..,5.L...k-.,..%...`a....e.A..yyEQB....}.K.! ..y......qaL....c..LAJ.....0.y.N.......!..\..JUr......B.(.P...A...^v....<.%]Hgk....EQ6..h4j.j].Z'....N.....5.....r.,...B.`..S)..(..."...M.'.........H......g......C=..u ....Q....!8.Rs.a5.\.gV.E...2..aP....T.hy..B..F..Q.....`..d....".*-|t4....0...*.#....eT.W..!..=.I.`7zF.p...*.....\...R...U2.r8v<.L..q.B......?...O..)..."}8e.".s4..y.p.....h.y....6.,..y`.B....ui.\.6....Z....oQ......2hc.g]j.h....p.d..V...V..E.J.......d..<..P.....>'.e.g.....ad.l...1Y.....T4....Ut....{....-.....O.'...........&..v._
<<< skipped >>>
GET /dw3ypq17r/vtutorial.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s2.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/gif
Content-Length: 2809824
Connection: keep-alive
Set-Cookie: __cfduid=d30bef69fcbc2d4b23cc9bb038b33fadc1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Fri, 15 Jan 2016 03:36:07 GMT
ETag: "56986927-2adfe0"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb58344d3762-ARN
GIF89a .........................................R....1Z.B..J..k...{....){.Bc.JB.J..c......)..R.)1.)B.)Z.)..B{.RR.cZ.c...R.....!.)..B).BB.B..JZ.J..Z{.k..k..{1.........!cJ!..)..)!!9!!9{.B1!B11BBcBB{BB.BR.BZkBc.Bc.BkkBs.Bs.Bs.Bs.B{.B..B..B..B..B..B..J99JBBJ{kJ..J.cJ..Z))ZB1ZZ.Zk{Zk.Z{.Z..Z..Z..c9{cJBcZ{c.sc..c..c..c..c..c..c..k1)kB1kk{k..k..k..sRBs..{1s{B1{B{{Z{{Z.{cR{k.{..{..{..{..{..{...kc.ks.ss..s.........................B9.RJ.sZ.s............c...................)..JB.RR.k..k1.kB.kR..s.......1).9..R..R).kc.{.................sB..Z..k..{................k..k!.kk....B).k9.ss..)..{..R..k.....{.......!..J..R...{..{..R....................1.....9..k.............)..B).Z..kB.s...R..k..{..k.k...k.....{..k.......)..9...)..R.....R..k.9.........1.....{.................................!..NETSCAPE2.0.....!.......,.... ...........e...WP...... .....&.....b..FK.1yB......I('.\...../U..)...O4e...3.N..v....(OU6Q>J.t...6..|D..J.U.2U...WG)....u..=f..,..m..p......Y.k.|..4...|..].Q......,)(K. @......e.E......*.XW..L.pV..OO.i4....7..-3u...q.....o........'f...[...r...?O...u... .........9{F.......G..=.z....O.}..E.f......$......1...b. H....I[.V.L...aJ8.4.O:.E..G....|...K....h....S%^..X....`z...]<.8.Ea......IWE>&..KUM...Ru..e....L .....Y!.d.........kZ...I..."j...[N....U.A..#..Vg...D..EAg]w.5w.v..w(r.5.....W....'.y.t....hA..E....Cd....9....*t....Q..@.f.Q]5..gJ.y.(.$...PA!'.o .........V..XT/....,.t#..jU.......E..$.n....w..R_{r.Ra..f.eV>(.`wD...YH...b.)..4...#.S{.........I..z.g.lF.uf...jrw.2W(u......EJ.0.....8....9.L^.)| *.......1..
<<< skipped >>>
GET /6qjerzrdn/image.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s15.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 144221
Connection: keep-alive
Set-Cookie: __cfduid=d8663556cce4a51711727b2234c7d1b5c1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Sun, 03 Apr 2016 20:36:18 GMT
ETag: "57017ec2-2335d"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb583fde37b6-ARN
.PNG........IHDR...%.........2"._....pHYs...t...t..f.x....tIME......:b..K....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...wx\.}...).......A..I..{.E..]."[.c{c'..-..g.lr.Y{o...M..&..8...*j.z.H... @...F...3g.....$XE.......#..3....|.....e....c.8...B.!..B|..EAw,...$..!..B.!>t.P.88..c.S.?B.!..B...|3K.....5..}_..B.!...#g..e.i...mw9...Z..B.!...:H(.B.!..BL)..%..B.!.xW...e......p....d. .b.7.. ......{....GB..B.!...])hj.|.....X..=O>..H....a.C.Qq.-..........%B.!..B.w%..B...@M.._.2.p...;..A.........pK.... .G..V._...yO..B.!......Y./..xl.~T....&\.....B.....k......m2....._1.e.e.;.i.R"..B.!.x.z.x.L8..o~..y...(z.fd.a.|. .O...:d.-!..B.!..f&......?.s2....|.@.HK.....!~..v&s.uH(.B.!..B.'z0H^}=.._u..?.A...B.!....-PSsAQ{...=.........:..D.!..B....B!f<......pl.cl....;z....F..B!.}....Y..._q=2...B.!....]n......T.s...Mf|.._.*..V.mm............6.....d.c.&-%B.!..B.w.UPpAQ{....00..s...H..D...HM..B.!...q>.......U.P..R)....I&......_$z.8..n.w..`.1:..k...,D.........P"..B.!.G......z......7:6....v......:.L&9.....z.)...J~~.U9....m".(..~e...n.U9_.b;....-% B.!..BL..v....4............BIAA...?.....s.F.F...........y...5....s.F.._.1.1C.e..B.!....h....7P......s......[J...(...d....@......h.4..!..B.1Ul.ftll.w..d.-!..B.!...P"..B.!..R..B.....!.w..f:N....5T.K0.FS...0-.K..S3......~........n....%.N.6...........#M4.....eUQ5...^5C6e.....B...!.B\Q...*.G0...g.......S.t........>RE~.
<<< skipped >>>
GET /6kki806sr/animated.gif HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s28.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/gif
Content-Length: 1403309
Connection: keep-alive
Set-Cookie: __cfduid=d9e30535b8876e65ed8e172e5952d31501463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Fri, 15 Jan 2016 03:29:32 GMT
ETag: "5698679c-1569ad"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb582eb5372c-ARN
GIF89a .............................s.!..Z!..Z..).!B.)c.)..1..9Z.Bs.J..R..R..k..1..k..s....!9B!..)..)9!)ZZ)Zs)s.1.c1.J1!11)k1Bc1B.1J.1J.1ZB1s{1s.1.B1..1..1..9k.B..B!1B).B91B{ZB..B..B.9J!kJJZJZcJs.J.sRR.Rk.Rs.R..R..R..Z!JZB9ZRBZ.Bc..c.1c).c)kc9.cRccZ.cZ)ccBc{Zc.sc..c..c.sc.Zkkkks.k{{k{.k..k..sc.s{.s..{1.{..{..{...9Z.J..R1.Rc.kR.ks..9..s.11.k1..s..s..k....................9..9.......R1.s1.s.....kR.ks.s...9..k.....s..Z..{.9J..1.....s.......c..k1.......cR.cs..Z..s..{.9R..9..1..Z..Z..{....s...........k1..9.......sc..Z..s..1..Z..{........9..R..s.....R..s...................9...9.{..9k.k.......c{B..1.R.9s9....)9..R..R..Z..c.1s....9k.1s.k..J..B...).s..k..........................9..s99Z!c.B..........ZR.....9.)..)..11.J9....Zc.R...........9.....9J.Jc.c..R............................!..NETSCAPE2.0.....!.......,.... ..........HP......<.P.....2d..@D..3j.8q... C..I....(S.\I..H.0av.I.F..E.<.y.f..3b..H.......<9......J.Juj..X.f..u...MS.\y....g_&...m[..........x....Ah..$...9.p...F~....a.n#..0bf...|R....g..k..<.n.(h....&u........3P&f..r.;..A.w.v..xj... ..|.. Ft...S...\.k.......)6..H.<....._........l.aF."F..y.E.....5.{.....c...T.U...ZE. w...R.&%...'i..Y...TF..X.L.....w...c.yT`Q.i(_Yc...d<.dYS..y.h......e.Zrh....f...OL..D..X..!.... ]..[s.9..sh*...MDG..QY7a.t^W.S.}g^y...gB....B3.%...&.ad4.wS~PD*.l...S.LTY...v:.K/.TaSQ.0......."Dx..]..j...-.hL!..T.2.'.c..."...............F...k..-.d.Hf..mV....OBi..E......B.)..b..a...pf2g..i......)'.r.J.Sz.....'....6[...F.^d@.....F)...V....n.k.$.$kUv.. ..j0j|$....r. ..z.(..<.8-..\...
<<< skipped >>>
GET /vfxec11iz/9gag.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s15.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 169529
Connection: keep-alive
Set-Cookie: __cfduid=dc285e284cf77bf1808efeaaac138e9051463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Fri, 15 Jan 2016 03:28:40 GMT
ETag: "56986768-29639"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb5826b805bb-ARN
.PNG........IHDR.....................pHYs...t...t..f.x....tEXtCreation time.5..... .IDATx...wxT...............b...^...8....Y....M.K6...w......8..:..ILb.........]...K..53...C.HB..@......9.<.y...s....b...^..B.!..B.!.mM..h......B.!..B.!..){.............:t....E.!..B.!..BL"...!..B.!..BL....B.!..B.!...$.$..B.!..B.1.H.H.!..B.!..b.POv...B.!..B.1.edd.z....1...M.@B.!..B.!......7.....5#~.".8.Txl7)5.i.lg_x,...0...4..a.C.T....%m...V...B.!..B.!..7..k.\..,y..^...)........O...7T.......rv.tv........A...B. ...... ..B.!..B.!F5..F......A7[..FQ........<n.^.................Fi....v*..i.*..s.B.!..B.!..P7s.P....<.7x...P.B.....P..(...s.6..v..6........}...B.!..B.!n"}.>7S...p.x.Z.FoDk.....1(..O ....F.B.@...G.R.U.B.!....n. c.v.'.#.....\.dd.a.\a!......@..{....`..$...q*.._...v.f..W..Q_A.....3.tyP(@......B......M.`].....=...l....9lL.....|;..e..3..v.}/.a].....vg......~.....6P.}...z\......}.:.mje.......o...<7...{.......`}..<..BL..S..*.=.F..J]v.J.....V]..H/..2..o...B..*.;:.z.h5j.B......;......k*.R.*...B.[KA..r...P).. ...nS.l...S2.....|;...#.x39.:..9..=L..%c..Y7IPs......9.%:..3..n.}.A..Ev.fr^J..o....H..R...l....`.Vr^....0...H.S.!.D........q:N..9(b.............FAY5'.]..........).R..."..V.....<.......%v.\.....s.B.1..X...7w.-.....j.:...4.e.Mv.n..kyn..._a\g.M....1'.....i.......I..l.Z.-.....Z....?....B6.l....^.....dm...*wK.....{.W....(..<nY`..G.^..<..BL...@.T,z..8....p...@...B...^.Dmc.Z.... ...bs8(,)....$X.0..c.w!...l..L..^a....|.........._0.'.q[.^..kV..e0.|.[P...dfo"k[.k%.h.D..3.......rH.......2.....,]i% k/....f...uO.......
<<< skipped >>>
GET /ar19thbr9/maxresdefault.jpg HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s32.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/jpeg
Content-Length: 55279
Connection: keep-alive
Set-Cookie: __cfduid=d9c425df9f42e512da41c84a647c5975c1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Tue, 26 Apr 2016 23:00:09 GMT
ETag: "571ff2f9-d7ef"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb5816ed1694-ARN
......JFIF.............*Exif..II*.......1...............Google..............................................................................................................................................h..............................................h..........................!1...AQ."aq..#2B...356Rbrst....$SUu...........&Tc......LDe....7d...E.......................................M..........................!1.AQq."2a......4Rr..#35BSb.....$6....Ì.ET....d............?...R.....P..@(......P..@(......P..@(......P..@(....QT..P..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P..U..U..i.2Lq.o)...C. &.. ...9.w...V..<S.........#.eee%YX.e`pU..A....5........5...t.NN3M5....Q.W...@*.S.P..@(......P..U..@*..L.@).)..p..........`..0PS.U0T....SW`....Y\..........P..@(......@(......P..@(......P..@(.....U@........j.*.|.KL.......6y...A......[...)R ..aCM...*S.t_.....5.~..?.N...I.j*m..O.U.M.#....._6.^./.].WT=bLo.XG..Y..$q...U...y.R.c......R...".._..n...c.6.........h.. ..SWm...n.._.t4>K.?.......].WR.=~.sw)........*..v..^da.S~....5...Ru%.I}..4..Z$\|..>2.p....O......5?...%...P.}....{.6....tY......2;....".......U..........ao.*._.E...Q........`.7..xS.8E%....J?T...n.<.....4~.<_.?..>..-z.........AT....................R....n...1.r.e.q.!..3.}..=.>..5.v..*O2.G{.le...H.r......~.....9..M..G..H.).W.m..O...|..,.....'^h....\..5o..?.~.?........O...V...8.O..h ......~.|..|.......]M9..ow..9..XVT6..........&WI~*._~Q.G..G<...L.>g5.....oa..&..\%M..n......h_CC>G....Y.it...p.
<<< skipped >>>
GET /t.php?sc_project=10738598&java=1&security=267f1d37&u1=E3A0092DF6854F4581DBD39C31C9578C&sc_random=0.40540406162741676&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1276&h=846&camefrom=&u=http://bestprosoft.xyz/redirection.html&t=&sc_snum=1&p=0&invisible=1 HTTP/1.1
Accept: */*
Referer: hXXp://bestprosoft.xyz/redirection.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.statcounter.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:53 GMT
Server: Apache/2.2.3 (CentOS)
P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: is_unique=sc10738598.1463641853.0; expires=Tue, 18-May-2021 07:10:53 GMT; path=/; domain=.statcounter.com
Set-Cookie: is_visitor_unique=1463641853328226018; expires=Sat, 19-May-2018 07:10:53 GMT; path=/; domain=.statcounter.com
Content-Length: 49
Connection: close
Content-Type: image/gif
GIF89a...................!.......,...........T..;..
GET /83aip3acb/image.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s23.postimg.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Type: image/png
Content-Length: 116484
Connection: keep-alive
Set-Cookie: __cfduid=d8663556cce4a51711727b2234c7d1b5c1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly
Last-Modified: Sun, 03 Apr 2016 20:36:35 GMT
ETag: "57017ed3-1c704"
CF-Cache-Status: HIT
Expires: Fri, 19 May 2017 07:10:54 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a55bb583fdd37b6-ARN
.PNG........IHDR.......g.............pHYs...t...t..f.x....tIME......-.UF.....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...wt..}...[......vR.I.")Q....u,...O,;..N..'.DI.I.....ql'7v"'q.\."....^.bQ.M.$....o...3....J.....ZZK...~..Pk......~.#BDDDDDD...j.@DDDDDD...JEDDDDD.j.JEDDDDD.j.JEDDDDD.j.JEDDDDD.j....R.]........#.".R........-.........Q(........Q(........Q(........Q(..........=..........d......S...]..`.3.LbR...<.r...2{:}...,X9.F*g2..B?._~.]^;-..3gz...xg.R......sA.N.>.....................[f....@....9..[]...~...O....).. $(....i...?........(....=.j........[..L..._...B6..>.....m .p<.......O.:_~.......e.h>Kw.......s.S....|..,........\.]...[.....-.K....5..?...|........r.......K..V....7~.. ...9 ....""""""...IP..J..~6.LO....<...oq4u.#]..._v../.8t._........Ac...;..t.......k....>.a..""""""rB.|.^~;.........=..MLc....7..;.m.$..w;.R.......!.<..7|...o.p..{.^..7~.w.....Y..B.........;.....O../.a..,..o..|.C.....&S.8{.T.wEDDDDD....X..=|.?....O.._.w..?................)...i.TDDDDDd."...l..;<s.H.X..n.s/Z......0..!.^:....~....%.s%...........HK|...~...K=..wb]u!.._.-.JEDDDDDF(......|..>7...1.t..-......R.......w..<.........(= ..t...q..............w....2 .#6.J..=$...W....x.2..'3.........""""""#..V.Ts;..5d.:......8g.......C..5_.ob.c....? ....Y.~.==..^.......l...........`.}..:...{.0p.B..EQ.Z./"""""r......@/Y/...hb..%...cg/...A!C.@.p.1-.
<<< skipped >>>
HEAD /freeupgradesoftNEW/8-Windows10PHONE/upgrade.exe HTTP/1.0
Host: upgradesoftware2017.com
User-Agent: InnoTools_Downloader
HTTP/1.1 200 OK
Content-Length: 814257
Content-Type: application/octet-stream
Last-Modified: Wed, 18 May 2016 22:23:59 GMT
Accept-Ranges: bytes
ETag: "c4f445f953b1d11:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:47 GMT
Connection: close
GET /wp-content/uploads/2015/09/cover-coperta1.png HTTP/1.1
Accept: */*
Referer: hXXp://softvipdownload.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bestprosoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache,max-age=1209600
Content-Type: image/png
Last-Modified: Wed, 28 Oct 2015 19:27:33 GMT
Accept-Ranges: bytes
ETag: "bf4a8cb1b611d11:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:54 GMT
Content-Length: 408129
.PNG........IHDR...;.........,.......pHYs...............Q7iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:dc="hXXp://purl.org/dc/elements/1.1/". xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/". xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/". xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/". xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>adobe:docid:photoshop:7dc6d6fe-6f98-11e5-a45f-8d0ceaf35f2b</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:e23bdc10-e0bc-8842-acca-88dbbfba81b4</xmpMM:InstanceID>. <xmpMM:OriginalDocumentID>F31F7DCFDC00A2B122E4DA3F0F781EDF</xmpMM:OriginalDocumentID>. <xmpMM:History>. <rdf:Seq>. <rdf:li rdf:parseType="Resource">. <stEvt:action>saved</stEvt:action>. <stEvt:instanceID>xmp.iid:7566f5d8-be32-b744-b3a6-36661031e0ff</stEvt:instanceID>. <stEvt:when>2015-09-22T13:
<<< skipped >>>
GET /wp-content/uploads/2015/08/Cover.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bestprosoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache,max-age=1209600
Content-Type: image/png
Last-Modified: Mon, 24 Aug 2015 01:21:30 GMT
Accept-Ranges: bytes
ETag: "9a0e134bded01:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 May 2016 07:10:58 GMT
Content-Length: 111332
.PNG........IHDR...[..........M/.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
iexplore.exe_808:
%?9-*09,*19}*09
%?9-*09,*19}*09
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
SHDOCVW.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
IE-X-X
rsabase.dll
rsabase.dll
System\CurrentControlSet\Control\Windows
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
dw15 -x -s %u
watson.microsoft.com
watson.microsoft.com
IEWatsonURL
IEWatsonURL
%s -h %u
%s -h %u
iedw.exe
iedw.exe
Iexplore.XPExceptionFilter
Iexplore.XPExceptionFilter
jscript.DLL
jscript.DLL
mshtml.dll
mshtml.dll
mlang.dll
mlang.dll
urlmon.dll
urlmon.dll
wininet.dll
wininet.dll
shdocvw.DLL
shdocvw.DLL
browseui.DLL
browseui.DLL
comctl32.DLL
comctl32.DLL
IEXPLORE.EXE
IEXPLORE.EXE
iexplore.pdb
iexplore.pdb
ADVAPI32.dll
ADVAPI32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
IExplorer.EXE
IExplorer.EXE
IIIIIB(II<.fg>
IIIIIB(II<.fg>
7?_____ZZSSH%
7?_____ZZSSH%
)z.UUUUUUUU
)z.UUUUUUUU
,....Qym
,....Qym
````2```
````2```
{.QLQIIIKGKGKGKGKGKG
{.QLQIIIKGKGKGKGKGKG
;33;33;0
;33;33;0
8888880
8888880
8887080
8887080
browseui.dll
browseui.dll
shdocvw.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
6.00.2900.5512 (xpsp.080413-2105)
Windows
Windows
Operating System
Operating System
6.00.2900.5512
6.00.2900.5512