Trojan.Win32.IEDummy_6643c4004a

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

amisid.exe:1940
setup.exe:1752
setup.tmp:644
%original file name%.exe:228
win10phone__2827_il36975_26.exe:572
Upgrade.exe:1492

The Trojan injects its code into the following process(es):No processes have been created.

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process setup.exe:1752 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-7RV69.tmp\setup.tmp (3784 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-7RV69.tmp\setup.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-7RV69.tmp (0 bytes)

The process setup.tmp:644 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\_isetup\_shfoldr.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CW5HG8EK\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\B9DDBJCW\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BKVRWAPP\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\Upgrade.exe (8581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\itdownload.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\POEKUC06\desktop.ini (67 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\itdownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\_isetup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\Upgrade.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\_isetup\_shfoldr.dll (0 bytes)

The process %original file name%.exe:228 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\7ZipSfx.000\setup.exe (3249 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\7ZipSfx.000 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\7ZipSfx.000\setup.exe (0 bytes)

The process win10phone__2827_il36975_26.exe:572 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\nsisos.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst2.tmp (16052 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\amisid.exe (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\registry.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\NSIS_AntiVmFraud.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\System.dll (11 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\dummy.htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\checks.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\amisid.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\registry.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\NSIS_AntiVmFraud.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\nsisos.dll (0 bytes)

The process Upgrade.exe:1492 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\win10phone__2827_il36975_26.exe (3446 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\win10phone__2827_il36975_26.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_469984 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\data.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0 (0 bytes)

Registry activity

The process amisid.exe:1940 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"
"CategoryCount" = "16"

[HKCU\Software\InternetTurbo]
"UID" = "975F29BE8C8FD0BC5E8EBA2BBF1B629F"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D 8D C7 17 66 43 0A 32 15 8F CE 3F 8B 7F 47 AD"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\amisid\DEBUG]
"Trace Level" = ""

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\amisid\DEBUG]
"Trace Level"

The process setup.exe:1752 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BA B8 BA BE A2 C0 AC E1 9E 8F 79 C6 CF 1D 16 F4"

The process setup.tmp:644 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 00 DA D7 64 13 B2 CE 78 5C 5E 88 DC 36 F4 F4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:228 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\7ZipSfx.000]
"setup.exe" = "setup Setup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"NetHood" = "%Documents and Settings%\%current user%\NetHood"
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"PrintHood" = "%Documents and Settings%\%current user%\PrintHood"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools" = "%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Administrative Tools" = ""
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 BB 1F A9 D3 90 23 F6 CE 58 D1 98 9B 1B 40 B8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CD Burning" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\CD Burning"
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process win10phone__2827_il36975_26.exe:572 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF 8E 6E A7 22 C7 28 4D B0 F8 D0 50 5E 50 ED 39"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi3.tmp\registry.dll,"

[HKCU\Software\InstallPath\Status]
"Installer" = "S"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The Trojan deletes the following registry key(s):

[HKCU\Software\InternetTurbo]

The process Upgrade.exe:1492 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 75 24 5C 45 E0 D3 87 B7 3B C6 F7 4E 0B B2 0F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0]
"win10phone__2827_il36975_26.exe" = "Buffallo Sabes daemon"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Dropped PE files

MD5	File path
2b7007ed0262ca02ef69d8990815cbeb	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi3.tmp\registry.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):

   amisid.exe:1940
   setup.exe:1752
   setup.tmp:644
   %original file name%.exe:228
   win10phone__2827_il36975_26.exe:572
   Upgrade.exe:1492

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:

   %Documents and Settings%\%current user%\Local Settings\Temp\is-7RV69.tmp\setup.tmp (3784 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\_isetup\_shfoldr.dll (23 bytes)
   %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CW5HG8EK\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\B9DDBJCW\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\BKVRWAPP\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\Upgrade.exe (8581 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-21BKS.tmp\itdownload.dll (1281 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\POEKUC06\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\7ZipSfx.000\setup.exe (3249 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\nsisos.dll (5 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nst2.tmp (16052 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\amisid.exe (1856 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\registry.dll (784 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\NSIS_AntiVmFraud.dll (3312 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsi3.tmp\System.dll (11 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\win10phone__2827_il36975_26.exe (3446 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: iSoft
Product Name: SFXMaker
Product Version: 1.4.1.2100
Legal Copyright: Copyright (c) 2006-2011 Iuli
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.4.1.2100
File Description: Compiled by SFXMaker
Comments:
Language: English (Canada)

Company Name: iSoftProduct Name: SFXMakerProduct Version: 1.4.1.2100Legal Copyright: Copyright (c) 2006-2011 IuliLegal Trademarks: Original Filename: Internal Name: File Version: 1.4.1.2100File Description: Compiled by SFXMakerComments: Language: English (Canada)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	71443	71680	4.58136	a33aa34b7879bccd6f1864408fd68dcf
.rdata	77824	12526	12800	3.84029	007197a7f03fd570aac173835b4d4e9d
.data	94208	10540	2048	2.52269	9627e4496a259b33307cd6b8b9dae798
.rsrc	106496	10928	11264	3.00613	3cc68279b1fe3d11cbede69391e434d9

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://upgradesoftware2017.com/freeupgradesoftNEW/8-Windows10PHONE/upgrade.exe	188.121.41.137
hxxp://upgradesoftware2017.com/redirection.html	188.121.41.137
hxxp://g1.panthercdn.com/counter/counter.js
hxxp://upgradesoftware2017.com/	188.121.41.137
hxxp://c.statcounter.com/t.php?sc_project=10738598&java=1&security=267f1d37&u1=E3A0092DF6854F4581DBD39C31C9578C&sc_random=0.40540406162741676&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1276&h=846&camefrom=&u=http://bestprosoft.xyz/redirection.html&t=&sc_snum=1&p=0&invisible=1
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/style.php	188.121.41.137
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/ie6style.php	188.121.41.137
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/iepngfix_tilebg.js	188.121.41.137
hxxp://upgradesoftware2017.com/download2.png	188.121.41.137
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/images/navssbg.png	188.121.41.137
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/images/footerdark.png	188.121.41.137
hxxp://s32.postimg.org/ar19thbr9/maxresdefault.jpg	141.101.120.104
hxxp://s32.postimg.org/cfrzikxxh/cover.png	141.101.120.104
hxxp://s32.postimg.org/h1me77sx1/yumtynreh.png	141.101.120.104
hxxp://s32.postimg.org/6qjerzrdn/image.png	141.101.120.104
hxxp://s32.postimg.org/90gxxyluj/image.png	141.101.120.104
hxxp://s32.postimg.org/83aip3acb/image.png	141.101.120.104
hxxp://s32.postimg.org/b535aoift/image.png	141.101.120.104
hxxp://s32.postimg.org/c2r2h7ktj/image.png	141.101.120.104
hxxp://s32.postimg.org/n9s1wvzmt/image.png	141.101.120.104
hxxp://s32.postimg.org/vfxec11iz/9gag.png	141.101.120.104
hxxp://s32.postimg.org/w9kufim5t/cover.png	141.101.120.104
hxxp://s32.postimg.org/6kki806sr/animated.gif	141.101.120.104
hxxp://s32.postimg.org/apa4ybjbb/cover.png	141.101.120.104
hxxp://s32.postimg.org/dw3ypq17r/vtutorial.gif	141.101.120.104
hxxp://s32.postimg.org/uiliysu5l/2016_01_15_5_35_25.png	141.101.120.104
hxxp://s32.postimg.org/fbk4t7kc7/digitaltvonpc.png	141.101.120.104
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/iepngfix.htc	188.121.41.137
hxxp://imgur.com/vQyVyP5.png
hxxp://upgradesoftware2017.com/wp-content/uploads/2015/09/21.png	188.121.41.137
hxxp://upgradesoftware2017.com/wp-content/uploads/2015/09/cover-coperta1.png	188.121.41.137
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/images/headers/header-Flare.png	188.121.41.137
hxxp://upgradesoftware2017.com/wp-content/themes/flexibility2/images/blank.gif	188.121.41.137
hxxp://upgradesoftware2017.com/wp-content/uploads/2015/08/Cover.png	188.121.41.137
hxxp://upgradesoftware2017.com/wp-content/uploads/2015/09/11.png	188.121.41.137
hxxp://upgradesoftware2017.com/wp-content/uploads/2015/08/Cover1.png	188.121.41.137
hxxp://s15.postimg.org/6qjerzrdn/image.png
hxxp://softvipdownload.com/
hxxp://s23.postimg.org/83aip3acb/image.png
hxxp://s13.postimg.org/c2r2h7ktj/image.png
hxxp://bestprosoft.com/wp-content/uploads/2015/08/Cover.png	188.121.41.137
hxxp://bestprosoft.com/wp-content/uploads/2015/09/21.png	188.121.41.137
hxxp://softvipdownload.com/wp-content/themes/flexibility2/ie6style.php
hxxp://softvipdownload.com/wp-content/themes/flexibility2/images/navssbg.png
hxxp://softvipdownload.com/download2.png
hxxp://bestprosoft.com/wp-content/uploads/2015/08/Cover1.png	188.121.41.137
hxxp://s23.postimg.org/90gxxyluj/image.png
hxxp://softvipdownload.com/wp-content/themes/flexibility2/images/blank.gif
hxxp://s2.postimg.org/uiliysu5l/2016_01_15_5_35_25.png
hxxp://bestprosoft.com/wp-content/uploads/2015/09/cover-coperta1.png	188.121.41.137
hxxp://softvipdownload.com/wp-content/themes/flexibility2/images/headers/header-Flare.png
hxxp://www.statcounter.com/counter/counter.js
hxxp://s28.postimg.org/6kki806sr/animated.gif
hxxp://softvipdownload.com/wp-content/themes/flexibility2/images/footerdark.png
hxxp://bestprosoft.xyz/redirection.html	188.121.41.137
hxxp://s22.postimg.org/w9kufim5t/cover.png	141.101.120.105
hxxp://s21.postimg.org/apa4ybjbb/cover.png	141.101.120.105
hxxp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc
hxxp://softvipdownload.com/wp-content/themes/flexibility2/style.php
hxxp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix_tilebg.js
hxxp://i.imgur.com/vQyVyP5.png	23.235.43.193
hxxp://s13.postimg.org/fbk4t7kc7/digitaltvonpc.png
hxxp://s16.postimg.org/n9s1wvzmt/image.png
hxxp://s8.postimg.org/h1me77sx1/yumtynreh.png	141.101.120.104
hxxp://bestprosoft.com/wp-content/uploads/2015/09/11.png	188.121.41.137
hxxp://s18.postimg.org/b535aoift/image.png
hxxp://s15.postimg.org/vfxec11iz/9gag.png
hxxp://s2.postimg.org/dw3ypq17r/vtutorial.gif
www.flexibilitytheme.com	66.147.242.185
s.ytimg.com	216.58.214.206

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /cfrzikxxh/cover.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s32.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 102033

Connection: keep-alive

Set-Cookie: __cfduid=d9e30535b8876e65ed8e172e5952d31501463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Tue, 26 Apr 2016 23:00:37 GMT

ETag: "571ff315-18e91"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb581dfa372c-ARN

.PNG........IHDR...R.................pHYs...............C7iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 ">. <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/". xmlns:dc="hXXp://purl.org/dc/elements/1.1/". xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/". xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2016-04-27T01:50:03 03:00</xmp:CreateDate>. <xmp:ModifyDate>2016-04-27T01:53:19 03:00</xmp:ModifyDate>. <xmp:MetadataDate>2016-04-27T01:53:19 03:00</xmp:MetadataDate>. <dc:format>image/png</dc:format>. <photoshop:ColorMode>3</photoshop:ColorMode>. <photoshop:TextLayers>. <rdf:Bag>. <rdf:li rdf:parseType="Resource">. <photoshop:LayerName>Disable</photoshop:LayerName>.

<<< skipped >>>

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:55 GMT

Content-Length: 49

GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:55 GMT..Content-Length: 49..GIF89a...................!.......,...........T..;HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT..HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT..HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT......

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:57 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:57 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:57 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:57 GMT

HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:57 GMT......

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT......

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT......

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT......

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT..

GET /b535aoift/image.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s18.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 124224

Connection: keep-alive

Set-Cookie: __cfduid=d5c33fface9e8c5c41b8131cdfc2ca52e1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Sun, 03 Apr 2016 20:37:28 GMT

ETag: "57017f08-1e540"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb582baa36f6-ARN

.PNG........IHDR.......g.............pHYs...t...t..f.x....tIME.........X.....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...y|T.}...l...}.......x.f ..&q........m......K~..M.6..5i.....S7Mpb.....`..".......h4...4..H..H.........s.....=...{...>.........0.u.DDDDDD..K.TDDDDDD..B..........R.......3..""""""2g..:?..wEDDDDDdN....B..................9.P*""""""sF.TDDDDDD..B..........R.......3............AF..x.d.n.oF../ZOAv.i..{......1..^...X.&.$B .>..A....9O&...P. ..u.Y.TDDDDDd>.?K....o....Cc3.d........[....>...?.&...../.M.........F.....}.4......<..-.|.....].(..].......<3..]...% ........OS74..x<D[.s<....... c.].[YN.,.YDDDDDD..Kl2.....Z.Fij...|..z^.....Y<....O../.0G=....Cv.K.o?...........k..}.q~{....g..*.B.......<a..HXt.w|......l......'tE.r...g..............#..9...wi9.!y..........Y..z.B.......\.....;...y..p...8..-.....;.......,.w8.R....... 2......G:.....9..V}.3|....l..c)............9._..C.?Dc.(..'....#......H..^0...""""""r..0U/<......%_.....?.?...E..K..0...zj:].v8UJEDDDDD&p36.F..?...M_..._J..5l...x.p..x.....3..........~.3<...d.'.j...O/...$...0.;.P.t..T(..........P#G...?8<...0M.......qo.q.^(.{.......Z:.tK..]................./6fq.......Q..Id..l...a.......^.@ff...%b..# .......L`.h.$:%...X..n...Lr..Y]..d...0......g6<...>....|@/.O.................b.(......q.......MM..B(5.....v_DDDDD... .....g........I.-.......~.>

<<< skipped >>>

GET /uiliysu5l/2016_01_15_5_35_25.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s2.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 162187

Connection: keep-alive

Set-Cookie: __cfduid=d8663556cce4a51711727b2234c7d1b5c1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Fri, 15 Jan 2016 03:36:04 GMT

ETag: "56986924-2798b"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb583fdd37b6-ARN

.PNG........IHDR....... .......y.....pHYs...t...t..f.x....tIME.....#$?..-....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...wx\W......2*..=r.%.c.q" .8...$...Sv.].@^..x...........!...F.(q...*..[..:.>...lI.,..,...y.<.....{F...9..x.....!..B.!..B....`..E.].!..B.!..B.qS..oLt..U...}.......*.E.!..B.!..BL ...!..B.!..B..$.$..B.!..B.q.. ..B.!..B.!.M@.@B.!..B.!..7..DW@.!..B.!..7..^x...}..'..&76...!..B.!..B\..o.q..{W....W...@E..2....X.....W..i.7.q............/"u...VA.!..B.!.....w......o../.s-...2.@.G...3......x|...7J....y}.J.].=~...aM..>.....B.!..B.qY...d..X.,.t....2.C....q:..#...........K..x.T.wQV.EY.....Zj...MB.!..B.!..W..<.....@~...../.T......(.j....}J..............]~...B.!..B.!.!..>.R...p.x.Z.FoDk..`.b..F....`F...P(../.Q..cU..B.!nH.l..d......u#.c&.k.p.{L...B...g.....6fA...I.,XA..;..J.M.Cp.b..f.7e.z....&.....f"-Z?VE.!..(......Cg..L233...Ujvi.[X{.....}o72twv..27...lY;Q.......... .......=.r.......e.[W.e.0.w.5G?../.R....!...k.%`.R h.....z.JS..H.6..cl..[3ihj...E..W.t....h5j."...........$...L......B...=...W..c.. ..B.U....gc.z..7t..`2.eAn.;...1X..w..d-..k7.3.....X....|6f.!3..n..{.....59)l..Dw.W.e.......Vs.Vu..s.6..)...........c.[....vM.do&o.E..I../....A.!.D.,.t.].&..g..O.."..*$..M8.C..,Q...8z.,%.U.65S..ByM...b..*....O.I....L.K....O.3.m.B.qU... w...@*.l.n.a....0...Ot....ed1......d.,. ........~..`]^... w.......`s.:....Y.t66{./..z.[^ .,6.....~.

<<< skipped >>>

GET /wp-content/uploads/2015/09/21.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bestprosoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache,max-age=1209600

Content-Type: image/png

Last-Modified: Wed, 28 Oct 2015 19:26:22 GMT

Accept-Ranges: bytes

ETag: "9225c87b611d11:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Length: 127295

.PNG........IHDR.......U.......3X....pHYs...t...t..f.x....tIME..........l....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx.....\W.....y...,o.....f..g.wF.....X.fC =....E(6.!=..L(v......t.l..dw..HxT...J.y..C...X@.I. .....T..'.=...=......o..A..A......0V..1....A..A..A..Y...no..gL.B....$.. .. ./.... .. .. ._."0..A..A..D`,.. .. .....A..A...... .. .. ."0..A..A..@... .. .....X..A..A...... .. ....%.s.....o...i1..6k..6..v...T...<.....c... ..A.%.[OS.)p.D...........K8..$.`.8...XA&...X...@.|.....'kL...=...Mn. ..s........o..r...'.....<.wO.i..!..5.5C.>.....y....8..=n,...'....c...Nd(fT....cw-..BT......J.._Y i|..c.3.bt"M....7..-....x<.d.g...mA..1{j.?x#O.....:M.y..:..I.b..b.f.. ..L*.....c.....cw.....2....L.}...K..".2F..x^%....Kc....f.Z1E5 ..1u....Nr~F.Y....:......L...;.....n9.,v.^.....F...e........ .F.\.d..=..0$.-..>a...|..=...i....V..K..:.~......{.E5....U%..E.c....)s..i^{nu.I.hO...QKQ)...4.'.^.u.B.....{.[..W...}..v.... /6O...}...'....f2.........8.V[.}..F5S.R..d.p{=...a. c...Z........~.F..i...j..d2.<...qn.$..l...>.b."$..zl..~w..T..U..5.;.k.g..%.I.H.j...c.2cR.".h........o>jp..../..atz.?..9....7.].W......W.(...N...<..........v..x...O......x.r.<?..~0......w..;. QB......>N..97./(],p......2..%.......=$M.v.,..b..E...u~../.I...8.....|Z.....O-..g0Hp../.tE.. .j....6.....?.3.7W..."..'...d...._....=O....H..... ...~.Ec.=....&.....8'.)....0

<<< skipped >>>

GET /wp-content/uploads/2015/08/Cover.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bestprosoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache,max-age=1209600

Content-Type: image/png

Last-Modified: Mon, 24 Aug 2015 01:21:30 GMT

Accept-Ranges: bytes

ETag: "9a0e134bded01:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:55 GMT

Content-Length: 111332

.PNG........IHDR...[..........M/.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......

<<< skipped >>>

GET /wp-content/uploads/2015/09/cover-coperta1.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bestprosoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache,max-age=1209600

Content-Type: image/png

Last-Modified: Wed, 28 Oct 2015 19:27:33 GMT

Accept-Ranges: bytes

ETag: "bf4a8cb1b611d11:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:57 GMT

Content-Length: 408129

.PNG........IHDR...;.........,.......pHYs...............Q7iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:dc="hXXp://purl.org/dc/elements/1.1/". xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/". xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/". xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/". xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>adobe:docid:photoshop:7dc6d6fe-6f98-11e5-a45f-8d0ceaf35f2b</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:e23bdc10-e0bc-8842-acca-88dbbfba81b4</xmpMM:InstanceID>. <xmpMM:OriginalDocumentID>F31F7DCFDC00A2B122E4DA3F0F781EDF</xmpMM:OriginalDocumentID>. <xmpMM:History>. <rdf:Seq>. <rdf:li rdf:parseType="Resource">. <stEvt:action>saved</stEvt:action>. <stEvt:instanceID>xmp.iid:7566f5d8-be32-b744-b3a6-36661031e0ff</stEvt:instanceID>. <stEvt:when>2015-09-22T13:

<<< skipped >>>

GET /wp-content/uploads/2015/09/21.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bestprosoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache,max-age=1209600

Content-Type: image/png

Last-Modified: Wed, 28 Oct 2015 19:26:22 GMT

Accept-Ranges: bytes

ETag: "9225c87b611d11:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:57 GMT

Content-Length: 127295

.PNG........IHDR.......U.......3X....pHYs...t...t..f.x....tIME..........l....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx.....\W.....y...,o.....f..g.wF.....X.fC =....E(6.!=..L(v......t.l..dw..HxT...J.y..C...X@.I. .....T..'.=...=......o..A..A......0V..1....A..A..A..Y...no..gL.B....$.. .. ./.... .. .. ._."0..A..A..D`,.. .. .....A..A...... .. .. ."0..A..A..@... .. .....X..A..A...... .. ....%.s.....o...i1..6k..6..v...T...<.....c... ..A.%.[OS.)p.D...........K8..$.`.8...XA&...X...@.|.....'kL...=...Mn. ..s........o..r...'.....<.wO.i..!..5.5C.>.....y....8..=n,...'....c...Nd(fT....cw-..BT......J.._Y i|..c.3.bt"M....7..-....x<.d.g...mA..1{j.?x#O.....:M.y..:..I.b..b.f.. ..L*.....c.....cw.....2....L.}...K..".2F..x^%....Kc....f.Z1E5 ..1u....Nr~F.Y....:......L...;.....n9.,v.^.....F...e........ .F.\.d..=..0$.-..>a...|..=...i....V..K..:.~......{.E5....U%..E.c....)s..i^{nu.I.hO...QKQ)...4.'.^.u.B.....{.[..W...}..v.... /6O...}...'....f2.........8.V[.}..F5S.R..d.p{=...a. c...Z........~.F..i...j..d2.<...qn.$..l...>.b."$..zl..~w..T..U..5.;.k.g..%.I.H.j...c.2cR.".h........o>jp..../..atz.?..9....7.].W......W.(...N...<..........v..x...O......x.r.<?..~0......w..;. QB......>N..97./(],p......2..%.......=$M.v.,..b..E...u~../.I...8.....|Z.....O-..g0Hp../.tE.. .j....6.....?.3.7W..."..'...d...._....=O....H..... ...~.Ec.=....&.....8'.)....0

<<< skipped >>>

GET /wp-content/uploads/2015/09/11.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bestprosoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache,max-age=1209600

Content-Type: image/png

Last-Modified: Wed, 28 Oct 2015 19:25:48 GMT

Accept-Ranges: bytes

ETag: "6b6e3a73b611d11:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

Content-Length: 115324

.PNG........IHDR..............#$M....pHYs...t...t..f.x....tIME......2 o ,....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...g.eW~....'.:....:...8Cr...F.J...l. ?.k.K1p..N..[.!............CrHv....a......$;..n...!.4...{.P........._...!..B.!.sI..m.)..g..!..B.!.c...9.J)..."..B.!.xL..n..B.!.....@/..B.!.sL...B.!...1..B.!..B<.$..!..B....@/..B.!.sL...B.!...1..B.!..B<.$..!..B.........r....0[Q.F.;.[l..._j.....&K.<.......>....v!.....j..OW. ......c..g..g$[....GgLT.c....V.s.....9]....9".o......O..B.!..Tt3..3.,.4....M{s..}.......p.X.......C.v.........d(7*4s.....Gk...*.J...N.L.m.....Hry....E.$.i9......e.ok._....!....`..".=7............u..<U........c'.> ..Q.2[.....8c..n......9..Y._.]J....,.A..."n3.O..UL.0....w..YS...K..Y.....hoY.S......r....y....X!c-K.9..~o.....N@......af.]*RP!.Y...]..<.=.:F..........`..9<s..2.J....z.;{.n....%..b.c.....:..Y....d......J.....y.....p...b..F....sL.M.K.?.;..>.?......$......$...02&.....:.......!..MAUu*Su....R1`...1`.C.A.bV*,.^....Q$.ws..g.u..=4..k.N..*.nU%.^.?.....2B.......z........~.7..(.hf..^[.ON.xn...[....[....'.~........1u..T.3o....!]..O>...7n.1.sn..^Y.ON.... Q.3:..g..:.....bH....Y9.......@...QJ...F.I...?......(.9..z.*.{u..^..1.q.'?.oo..?.i|7E....?8.K.y.x.Z.......a...?......o......../..b..vB.EX.....~.%.v=H.By.?....0TF.\...^._....|...4.._...3.J..e~..[......z.._...f.`{....^..M*s........8.7..3...!;iB

<<< skipped >>>

GET /wp-content/uploads/2015/08/Cover1.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bestprosoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache,max-age=1209600

Content-Type: image/png

Last-Modified: Mon, 24 Aug 2015 14:00:09 GMT

Accept-Ranges: bytes

ETag: "90f7eb2f75ded01:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

Content-Length: 110921

.PNG........IHDR...[..........M/.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......

<<< skipped >>>

GET /c2r2h7ktj/image.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s13.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 151746

Connection: keep-alive

Set-Cookie: __cfduid=d1c35629dbc4cd7cfe96abd7c0a8c78fb1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Sun, 03 Apr 2016 20:36:59 GMT

ETag: "57017eeb-250c2"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb582dba3714-ARN

.PNG........IHDR.......g.............pHYs...t...t..f.x....tIME...............tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...wt..}......`0.... ..$.DR..H........qb...(.$.unb.8......;q,...d..:%Jb.H...@...A........R.D...|..Z..~..g.Z.g...m....DDDDDDDV.q.. """"""...JEDDDDDd.(.........Q(.......U.P*"""""".....yU........UaH$..."""""".*.|WDDDDDDV.B..........R......Y5.."""""".j.JEDDDDDd..W{.""""""..f...f...........Nya.9.7.y..0.r...(QO..[..`.Lf.hh..#/...'.....t.o.g.R........t'cO.#..........[..Q>....u...<.Lp...._.7.p.....>....N...qb.)&._.....|;.!n..G...|..T.wEDDDDD~...B...Z.5.9..c..O..}6..x<.@./y..~./.....*.5.'...,""""""..Kj&.......Cu....b./....mE.K...{.{..G..S...O..?.?..|.f.G....|...........v...rIf9.JEDDDDD..F..O..v]...%).m......{.9/q.K .f.../.bx.?..O....-%c.E..#d...|..wqu....c=C.TDDDDDD.............>.c.<..QL.M.....{...R,..;.R......Y..UE......vF&..-..M7.......M../.R......Y"0.2....../..{.O...<..2o.2_~W........ """"""g........w..^.... .....op..Y...{._.v.:..d.i.TDDDDDd.0...N<......Z...US.q..][E.`x...f.:.....o..e.......y.u5.Mg.m.g.......P.r/. .Q....T(......Y"Lp..C.|.......2MJ....{.um.n.](.G.L.>.s.6F^.H..cLm.\...@...............G...uT.l.rv...8..i...wx......P.-....Y.TDDDDDd..F..gV>.....;.4/.L..KZ..d!.K0..?...W.<.....K..b.$G.u05......O.....V.R....w}6.......St..0{.B.!.H$...EDDDDD.9.$b.....#...e..l..).].K.L..b!...!. .i6W:)...K2..

<<< skipped >>>

GET /redirection.html HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bestprosoft.xyz

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Last-Modified: Thu, 19 May 2016 02:00:55 GMT

Accept-Ranges: bytes

ETag: "e3f0bc4772b1d11:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:52 GMT

Content-Length: 764

<meta HTTP-EQUIV="REFRESH" content="0; url=hXXp://softvipdownload.com/">....<!-- Start of StatCounter Code for Default Guide -->..<script type="text/javascript">..var sc_project=10738598; ..var sc_invisible=1; ..var sc_security="267f1d37"; ..var scJsHost = (("https:" == document.location.protocol) ?.."hXXps://secure." : "hXXp://www.");..document.write("<sc" "ript type='text/javascript' src='" ..scJsHost .."statcounter.com/counter/counter.js'></" "script>");..</script>..<noscript><div class="statcounter"><a title="web analytics"..href="hXXp://statcounter.com/" target="_blank"><img..class="statcounter"..src="hXXp://c.statcounter.com/10738598/0/267f1d37/1/"..alt="web analytics"></a></div></noscript>..<!-- End of StatCounter Code for Default Guide -->..HTTP/1.1 200 OK..Content-Type: text/html..Last-Modified: Thu, 19 May 2016 02:00:55 GMT..Accept-Ranges: bytes..ETag: "e3f0bc4772b1d11:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:52 GMT..Content-Length: 764..<meta HTTP-EQUIV="REFRESH" content="0; url=hXXp://softvipdownload.com/">....<!-- Start of StatCounter Code for Default Guide -->..<script type="text/javascript">..var sc_project=10738598; ..var sc_invisible=1; ..var sc_security="267f1d37"; ..var scJsHost = (("https:" == document.location.protocol) ?.."hXXps://secure." : "hXXp://VVV.");..document.write("<sc" "ript type='text/javascript' src='" ..scJsHost .."statcounter.com

<<< skipped >>>

GET /freeupgradesoftNEW/8-Windows10PHONE/upgrade.exe HTTP/1.0

Host: upgradesoftware2017.com

User-Agent: InnoTools_Downloader

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Last-Modified: Wed, 18 May 2016 22:23:59 GMT

Accept-Ranges: bytes

ETag: "c4f445f953b1d11:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:47 GMT

Connection: close

Content-Length: 814257

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.................:.......,.......<............... .{.....=.......;.......>.....Rich............PE..L......R.................R...<......H........p....@.....................................................................3...l........................................s..................................@............p..t............................text...~Q.......R.................. ..`.rdata..CO...p...P...V..............@..@.data...............................@....rsrc...............................@..@...........................................................................................................................................................................................................................................................................................................................................................................................................[B..=...QV...u...`/...E.............#...E..............E.........H....E....M...M...N@..M...M.^d........3..|$..rJ.L$..9RuA.|$..r:.y.au4.y.ru..y.!u(.y..u".y..u..I...u.j......u.j......u.j.X.....j...$..... ....P..U....4....t..E...@....E...(....u..E.....E...E.]....D$.V...F..N.;N.v_.F.SUW.l.B...t.;.v.Ph.tB.U..R.........Q...F.......D. .N...;.w...S.6.......YY..u.....Q...>_].^.[^....t$... Q.......Y..Y@...V...L$......P..F..V...^.........j..p..p..R...D$.V...F..N.;N.v`.F.SUW.l.B...t.;.v.Ph.tB.U..R.......

<<< skipped >>>

GET /n9s1wvzmt/image.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s16.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 125076

Connection: keep-alive

Set-Cookie: __cfduid=d3699b508a574ff120f176798e0eaba951463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Sun, 03 Apr 2016 20:37:45 GMT

ETag: "57017f19-1e894"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb58336216b2-ARN

.PNG........IHDR.......g.............pHYs...t...t..f.x....tIME...............tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...wt..}......`0.... ..$.DR..H........qb...(.$.unb.8......;q,...d..:%Jb.H...@...A........R.D...|..Z..~..g.Z.g...m....DDDDDDDV.q.. """"""...JEDDDDDd.(.........Q(.......U.P*"""""".....yU........UaH$..."""""".*.|WDDDDDDV.B..........R......Y5.."""""".j.JEDDDDDd..W{.""""""..f...f...........Nya.9.7.y..0.r...(QO..[..`.Lf.hh..#/...'.....t.o.g.R........t'cO.#..........[..Q>....u...<.Lp...._.7.p.....>....N...qb.)&._.....|;.!n..G...|..T.wEDDDDD~...B...Z.5.9..c..O..}6..x<.@./y..~./.....*.5.'...,""""""..Kj&.......Cu....b./....mE.K...{.{..G..S...O..?.?..|.f.G....|...........v...rIf9.JEDDDDD..F..O..v]...%).m......{.9/q.K .f.../.bx.?..O....-%c.E..#d...|..wqu....c=C.TDDDDDD.............>.c.<..QL.M.....{...R,..;.R......Y..UE......vF&..-..M7.......M../.R......Y"0.2....../..{.O...<..2o.2_~W........ """"""g........w..^.... .....op..Y...{._.v.:..d.i.TDDDDDd.0...N<......Z...US.q..][E.`x...f.:.....o..e.......y.u5.Mg.m.g.......P.r/. .Q....T(......Y"Lp..C.|.......2MJ....{.um.n.](.G.L.>.s.6F^.H..cLm.\...@...............G...uT.l.rv...8..i...wx......P.-....Y.TDDDDDd..F..gV>.....;.4/.L..KZ..d!.K0..?...W.<.....K..b.$G.u05......O.....V.R....w}6.......St..0{.B.!.H$...EDDDDD.9.$b.....#...e..l..).].K.L..b!...!. .i6W:)...K2..

<<< skipped >>>

GET /counter/counter.js HTTP/1.1

Accept: */*

Referer: hXXp://bestprosoft.xyz/redirection.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.statcounter.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:52 GMT

Server: PWS/8.1.36.0005

X-Px: ht h0-s1105.p11-fra.cdngp.net

ETag: W/"5714b418-56ec"

Cache-Control: public, max-age=43200

Content-Length: 8353

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Mon, 18 Apr 2016 10:16:56 GMT

Connection: keep-alive

...........\{s.6..*.V. .dI...i..l..V.[......(....H..l9#...u.$@J..\.]..7.m.h..F../.!H.Y.?F.....T.../..Ys'......oE]*."..gY.E.n.".;\..Y.>}D...&H....9....)vv..!.Bj.G.n......4...zQ...U......."\e..St....4.0..&...0....x........h....C.l....y..,.....5"^.....i.?.a.0......8.S9.]..Wt...6.E...uY..= ,..U..b..w.. ....o.....y.}.LE...ECU..Ip?.~3....0..V.d...9....g.l.....R....XSM.l....C$.Y.l>F."y...@d.......`>..K..h.?mD.lh.e.f...e"...<k.9,.X,....y..yV.*...Q..W.~&F..-..o@.".Y.,b.x.7...l...<J........S.kFY.Q........V@.x.y..V. ..g.b.c......W.8...x.........X<6~.._.6M..b..j[.e......w7..y.*.fV.C.b.p.^.3.>.U&h..s..r...l.(FiYg..."|....'..-.kQ..=..j..x.[.VH..#.L.U.Z..U".iL..2..gQYgs.)...P....i.&."DW.....8p.C..Z.=...#g4.9..b.u.}.^<tz#...G}..O.;.......w....z'..;......z=.`......I..g0........w.!A......\%I*.S..d.._..Wj.......*...1.(:..s....D.g..[...<w..Q..........Ry........p.d.wmJ.k.q............-.z...... .pm]X.......o.E......C.&.<Z...\...y.w]..oIZB...?..?.H..Zq....... J...B....l;.r:g..6.W(Q....* }.B....V...,.6.$.*a..........M..$....(u..Jj.uv.....]U...Q.&..%H....U..( iA.a.mr?..%x..jIT.B.....T..h.G...rE...Gyl.*.P......H<.yp.S..~..M}..m....m.X....x?b.R.{...Q..:......L.<...y.V.....bgV..,._?`....\."mZr.>Py....o...(...5T.%?*.....6*.....Z.1...e..........L|...JJ...p/.v.....G.~.....h...&c.2..!...e...........T>;..x4.Md.S....9.N...s.|r...=...8..M.....N..a....h1.?.f.h....M...u...\.a..(.=....... ......gh:.............0N.[G;.4.. ..A)r..|...q....].......Nh6C.K...[...h....F.....E......\.F..:..;...3_h$%v.....b..T...Tx

<<< skipped >>>

GET /counter/counter.js HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Mon, 18 Apr 2016 10:16:56 GMT; length=22252

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.statcounter.com

Connection: Keep-Alive

Cookie: is_unique=sc10738598.1463641853.0; is_visitor_unique=1463641853328226018

HTTP/1.1 304 Not Modified

Date: Thu, 19 May 2016 07:10:54 GMT

Server: PWS/8.1.36.0005

X-Px: ht h0-s1105.p11-fra.cdngp.net

ETag: W/"5714b418-56ec"

Cache-Control: public, max-age=43200

Last-Modified: Mon, 18 Apr 2016 10:16:56 GMT

Connection: keep-alive

HTTP/1.1 304 Not Modified..Date: Thu, 19 May 2016 07:10:54 GMT..Server: PWS/8.1.36.0005..X-Px: ht h0-s1105.p11-fra.cdngp.net..ETag: W/"5714b418-56ec"..Cache-Control: public, max-age=43200..Last-Modified: Mon, 18 Apr 2016 10:16:56 GMT..Connection: keep-alive..

GET /90gxxyluj/image.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s23.postimg.org

Connection: Keep-Alive

<<< skipped >>>

GET /apa4ybjbb/cover.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s21.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 125430

Connection: keep-alive

Set-Cookie: __cfduid=d6e47ca385b509614cf82d0a997317c721463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Fri, 15 Jan 2016 03:34:28 GMT

ETag: "569868c4-1e9f6"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb584d760a4e-ARN

.PNG........IHDR...[..........M/.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......

<<< skipped >>>

GET /wp-content/themes/flexibility2/style.php HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:53 GMT

Content-Length: 22469

/*--- This is the CSS that controls the theme. It's pretty sloppy, but try running php tags through CSS Tidy and see what happens. ---*/..html {...margin: 0px;...min-height: 100%;..}..body {...margin:0px;...padding:0px;...background-color: #526074;...min-height: 100%;...}..body {...background-image: url('hXXp://softvipdownload.com/wp-content/themes/flexibility2/images/backgrounds/diaglines.png');...background-repeat: repeat; ...background-position: center top;..}..a:link, a:visited, a:active a:focus {...-moz-outline-style:none;..}..a:hover {...-moz-outline-style:none;..}..h1, h2, h3, h4 {...font-family: Georgia, Helvetica, sans-serif;..}..h2.pagetitle {...padding:8px 8px 8px 15px;...margin:0px 0px 5px 0px;...background-color:#FFFFFF;...font: normal 22px/26px Georgia;...color: #A10000;...border: solid 1px #D7CAB5;..}..img {...border:none;...margin:0;...padding:0;..}...alignleft {...margin-right:10px;...margin-bottom:10px;.. float: left;..}...alignright {...margin-bottom:10px;...margin-left:10px;.. float: right;..}...aligncenter {...display: block; ...margin-left: auto; ...margin-right: auto;.. margin-bottom:10px;..}..hr {...height: 1px;...border:0;...width: 95%;...color: #E6E6E6;...background-color: #E6E6E6;..}...postwrap blockquote {...margin:0 15px 10px 15px;...padding:10px 15px;...border: 1px solid #999999;...background: #CCCCCC;..}...postwrap blockquote blockquote {...margin-right:5px;...margin-left:0;...background: #CCCCCC;..}...postwrap blockquote p {...margin:0;...padding:0 0 5px;..}..#bgwrapper

<<< skipped >>>

GET /wp-content/themes/flexibility2/images/navssbg.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Thu, 05 Jul 2012 12:39:44 GMT

Accept-Ranges: bytes

ETag: "068ff40ab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:53 GMT

Content-Length: 288

.PNG........IHDR...d...#.....b.......sBIT....|.d.....pHYs.........B.4.....tEXtCreation Time.12/19/08.[......tEXtSoftware.Adobe FireworksO..N...|IDATh......P.......S..&..=.T X..g.od\.... 1....#H. 1....%...==./Ab...$F..Ab...$.c.cCb...$F..G=.....#H. 1....#H.?$.....#H. 1...._O..W....IEND.B`.HTTP/1.1 200 OK..Content-Type: image/png..Last-Modified: Thu, 05 Jul 2012 12:39:44 GMT..Accept-Ranges: bytes..ETag: "068ff40ab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:53 GMT..Content-Length: 288...PNG........IHDR...d...#.....b.......sBIT....|.d.....pHYs.........B.4.....tEXtCreation Time.12/19/08.[......tEXtSoftware.Adobe FireworksO..N...|IDATh......P.......S..&..=.T X..g.od\.... 1....#H. 1....%...==./Ab...$F..Ab...$.c.cCb...$F..G=.....#H. 1....#H.?$.....#H. 1...._O..W....IEND.B`.....

GET /wp-content/themes/flexibility2/iepngfix.htc HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/x-component

Last-Modified: Thu, 05 Jul 2012 12:37:07 GMT

Accept-Ranges: bytes

ETag: "801b6be3aa5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Length: 5006

<public:component>..<public:attach event="oncontentready"...onevent="IEPNGFix.process(element, 1)" />..<script type="text/javascript">..// IE5.5 PNG Alpha Fix v2.0 Alpha 2..// (c) 2004-2008 Angus Turnbull hXXp://VVV.twinhelix.com..// This is licensed under the GNU LGPL, version 2.1 or later...// For details, see: hXXp://creativecommons.org/licenses/LGPL/2.1/..if (!window.IEPNGFix) {...window.IEPNGFix = {};..}....// This must be a path to a blank image, relative to the HTML document(s)...// In production use I suggest '/images/blank.gif' or similar. That's all!..IEPNGFix.blankImg = '/wp-content/themes/flexibility2/images/blank.gif';....if (!IEPNGFix.data) {...IEPNGFix.data = {};..}....IEPNGFix.fix = function(elm, src, t) {...// Applies an image 'src' to an element 'elm' using the DirectX filter....// If 'src' is null, filter is disabled....// Disables the 'hook' to prevent infinite recursion on setting BG/src....// 't' = type, where background tile = 0, background = 1, IMG SRC = 2....var h = this.hook.enabled;...this.hook.enabled = 0;...var f = 'DXImageTransform.Microsoft.AlphaImageLoader';...src = (src || '').replace(/\(/g, '(').replace(/\)/g, ')');...if (....srHTTP/1.1 200 OK..Content-Type: text/x-component..Last-Modified: Thu, 05 Jul 2012 12:37:07 GMT..Accept-Ranges: bytes..ETag: "801b6be3aa5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:54 GMT..Content-Length: 5006..<public:component>..<public:attach event="oncontentready"...onevent="IE

<<< skipped >>>

GET /fbk4t7kc7/digitaltvonpc.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s13.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 298623

Connection: keep-alive

Set-Cookie: __cfduid=d1c35629dbc4cd7cfe96abd7c0a8c78fb1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Sun, 21 Feb 2016 05:40:55 GMT

ETag: "56c94de7-48e7f"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb583dbd3714-ARN

.PNG........IHDR... ...X......v.p....pHYs.......... ......tIME...............tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...w.......a..$..]%$.D..HdD2&....ls.......^g.........`^.s..`2&..D....(k.W.w'u.z...............gw........._?.S-.{B.B....B:.........?(....\....|<..l, `..B.,.......Be..).o~../........X..W.,=:.....W.\t...q.uW........%.6....>)@...e.1..!.Zv ...v....z....r.........'.>.._.e..R....Q7.........o.MX.....DnY.z~...\.../...k......2.g....}?...k.]....G.}...\....2.......c..k......(..JO..............l.<$>r.F.....)../...".!pp........S...J.........e..s.....i..Z.........uql{...q ]._......== ..X...'B~p.'B.k...........k.....DG.W$... ...- w9 ...h..b.#...........b...$.D.R`;6.....}\....s..m......2.\..6.O.!..D.W.)...p./....b...< .)SD".....bI...R.I......."..F..P^N.O >........M...B..u..)$F|.......!.......)$B.\...O.......s...u..~../@r..t.....;..1...6.l.._/.:J...e.k..uR..Iu}.a:8............KW{'...H..P.(..............w .<!.DI!AR..Q...........u..h.6....c......w..G...g.~y...w......\......... ..].q.pQ..=.......7l.....I3...\.x4Fe$.@:..?.....Z..6..uC?...Q*.x@...........b.SJp.......^......|...[....."c......>...3...O...`g2......e...~......c...C...N..u.a.......u...$h....Y=....N.93.0...X4..{W....T..........c.A......f..!....\.2..W.........?.c....r.L..U..-?Y..8.....}QQL...........Hg.O..:.^..._y.h...x....v..k...W..2............M

<<< skipped >>>

GET /w9kufim5t/cover.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s22.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 124855

Connection: keep-alive

Set-Cookie: __cfduid=d3699b508a574ff120f176798e0eaba951463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Fri, 15 Jan 2016 03:27:09 GMT

ETag: "5698670d-1e7b7"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb58367b16b2-ARN

.PNG........IHDR...[..........M/.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......

<<< skipped >>>

GET / HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Server: Microsoft-IIS/7.0

X-Pingback: hXXp://softvipdownload.com/xmlrpc.php

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:53 GMT

Content-Length: 52391

..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head profile="hXXp://gmpg.org/xfn/11">..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />..<meta name="distribution" content="global" />..<meta name="robots" content="follow, all" />..<meta name="language" content="en, sv" />..<title>..SoftVipDownload</title>..<meta name="generator" content="WordPress 3.2.1" />..<!-- leave this for stats please -->..<link rel="shortcut icon" href="hXXp://softvipdownload.com/wp-content/themes/flexibility2/favicon.ico" type="image/x-icon" />..<link rel="alternate" type="application/rss xml" title="RSS 2.0" href="hXXp://softvipdownload.com/?feed=rss2" />..<link rel="alternate" type="text/xml" title="RSS .92" href="hXXp://softvipdownload.com/?feed=rss" />..<link rel="alternate" type="application/atom xml" title="Atom 0.3" href="http://softvipdownload.com/?feed=atom" />..<link rel="pingback" href="hXXp://softvipdownload.com/xmlrpc.php" />...<link rel='archives' title='April 2016' href='hXXp://softvipdownload.com/?m=201604' />..<link rel='archives' title='March 2016' href='hXXp://softvipdownload.com/?m=201603' />..<link rel='archives' title='February 2016' href='hXXp://softvipdownload.com/?m=201602' />..<link rel='archives' title='December 2015' href='hXXp://softvipdownload.com/?m=

<<< skipped >>>

GET /wp-content/themes/flexibility2/ie6style.php HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:53 GMT

Content-Length: 1980

..body {background-image:none;}..#bgwrapper {background-image:none;}...topshadow {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#content {width: 910px;}..#header {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#nav {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#feature {background-image:none;}..img {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#nav li a {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#nav li a span {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#header #searchform {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#rssfeeds .img {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..h2.pagetitle {background-image:none;}...postMeta {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..div.commentcount {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..div.postdate {behavior: url(hXXp://softvipdownload.com/wp-content/themes/flexibility2/iepngfix.htc);}..#sidebar-top ul li { background-image:none; padding-left:0px;}..#sidebar-left ul li, #sidebar-right ul li {background-image:none; padding-left:0px;}..#sidebar-top div.toptitle {background: url(images/sidebar-h2-bg.png) no-repeat top left; backgroun

<<< skipped >>>

GET /wp-content/themes/flexibility2/iepngfix_tilebg.js HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Last-Modified: Thu, 05 Jul 2012 12:37:07 GMT

Accept-Ranges: bytes

ETag: "801b6be3aa5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:53 GMT

Content-Length: 3828

// IE5.5 PNG Alpha Fix v2.0beta1: Background Tiling Support..// (c) 2008 Angus Turnbull hXXp://VVV.twinhelix.com..// This is licensed under the GNU LGPL, version 2.1 or later...// For details, see: hXXp://creativecommons.org/licenses/LGPL/2.1/..if (!window.IEPNGFix) {...window.IEPNGFix = {};..}..IEPNGFix.tileBG = function(elm, pngSrc, ready) {...// Params: A reference to a DOM element, the PNG src file pathname, and a...// hidden "ready-to-run" passed when called back after image preloading....var data = this.data[elm.uniqueID],....elmW = Math.max(elm.clientWidth, elm.scrollWidth),....elmH = Math.max(elm.clientHeight, elm.scrollHeight),....bgX = elm.currentStyle.backgroundPositionX,....bgY = elm.currentStyle.backgroundPositionY,....bgR = elm.currentStyle.backgroundRepeat;...// Cache of DIVs created per element, and image preloader/data....if (!data.tiles) {....data.tiles = {.....src: '',.....cache: [],.....img: new Image(),.....old: {}....};...}...var tiles = data.tiles,....pngW = tiles.img.width,....pngH = tiles.img.height;...if (pngSrc) {....if (!ready && pngSrc != tiles.src) {.....// New image? Preload it with a callback to detect dimensions......tiles.img.onload = function() {......this.onload = null;......IEPNGFix.tileBG(elm, pngSrc, 1);.....};.....return tiles.img.src = pngSrc;....}...} else {....// No image?....if (tiles.src) ready = 1;....pngW = pngH = 0;...}...tiles.src = pngSrc;...if (!ready && elmW == tiles.old.w && elmH == tiles.old.h &&....bgX == tiles.old.x && bgY == tiles.old.y && bgR == tiles.o

<<< skipped >>>

GET /download2.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Fri, 22 Apr 2016 22:50:37 GMT

Accept-Ranges: bytes

ETag: "8e9f3063e99cd11:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:53 GMT

Content-Length: 18827

.PNG........IHDR.......X......8......pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......

<<< skipped >>>

GET /wp-content/themes/flexibility2/images/footerdark.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Thu, 05 Jul 2012 12:39:42 GMT

Accept-Ranges: bytes

ETag: "03bce3fab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Length: 2804

.PNG........IHDR...............q.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe FireworksO..N....tEXtCreation Time.01/12/09V..K...PIDATx......W...s.y...y6...X..v..Ep..(.q.DAA...F!!....f01........ <,....8......X.Z................"""""""""./......z%c.1..c.1..c....kT9..c.1..c.1..ws..c.1..c.1..Yv..#..c.1..c.1...{.WL(..c.1..c.1....S.0..c.1..c.1.3#..1..c.1..cl..qg.1..c.1..c.mU.M(..c.1..c.1....w.U...0..c.1..c.16.V...E.c.1..c.1.....>5..c.1..c.1..c;.v........#..c.1..c.1.N.U}fB...c.1..c.1.v...M(..c.1..c.1...V...E.c.1..c.1.....7...]..p..c.1..c.1..i...O(..c.1..c.1...V...E.c.1..c.1.....><..c.1..c.1..c;.V.=...1..c.1..c..)...'.a.1..c.1..clg....".1..c.1..c.......?.....c.1..c.1..;.V...E.c.1..c.1......2..c.1..c.1..c;[.W'.a.1..c.1..clg..XU/V.?.1..c.1..c.1v...k..0..c.1..c.1..U}tB...c.1..c.1.vv..p8z.1..c.1..c..)..oL(..c.1..c.1...V...E.c.1..c.1......5..c.1..c.1..c;...7.....c.1..c.1...[.w&.a.1..c.1..clg....".1..c.1..c..lU..P.1..c.1..c...]..F...M.#..c.1..c.1.N.U}lB...c.1..c.1.v...O(..c.1..c.1...n....o...G.1..c.1..c..f....".1..c.1..c..lU?.P.1..c.1..c........0..c.1..c.1..k...._.c.1..c.1...b....".1..c.1..c..lU?.P.1..c.1..c...]...z.z...1..c.1..c...mU..P.1..c.1..c.....'..0..c.1..c.1..U.tB...c.1..c.1.vv..U...m.#..c.1..c.1.N.U.lB...c.1..c.1.v...&.a.1..c.1..clg.....s.1..c.1..c.M.U.|B...c.1..c.1.v.._L(..c.1..c.1...V.......#..c.1..c.1.N.U}zB...c.1..c.1.vv.R.1..c.1..c.....W..0..c.1..c.1..U.zB...c.1..c.1.vv.f....;.G.1..c.1..c..n....".1..c.1..c...Z..p..c.1..c.1..cSlU..P.1..c.1..c...]..a.1..c.1..clg....".1..c.1..c..lU_.P.1.

<<< skipped >>>

GET /wp-content/themes/flexibility2/images/headers/header-Flare.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Thu, 05 Jul 2012 12:41:49 GMT

Accept-Ranges: bytes

ETag: "80e4808bab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Length: 14984

.PNG........IHDR...............vZ....sBIT....|.d.....pHYs...........~.....tEXtCreation Time.12/11/08..00....tEXtXML:com.adobe.xmp.<?xpacket begin=" " id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c034 46.272976, Sat Jan 27 2007 22:37:37 ">. <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xap="hXXp://ns.adobe.com/xap/1.0/">. <xap:CreatorTool>Adobe Fireworks CS3</xap:CreatorTool>. <xap:CreateDate>2008-12-11T17:54:50Z</xap:CreateDate>. <xap:ModifyDate>2008-12-12T04:33:57Z</xap:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="hXXp://purl.org/dc/elements/1.1/">. <dc:format>image/png</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. . . #.t.....tEXtSoftware.Adobe FireworksO..N.. .IDATx....r.H.&S.j..s=.;.}..X..._,....Ef.t7kk..K.. ....Zk..........0z.Az.[.'S .....[.z...g.G..a...f{V......k"./.......g.[k.c,........q....j?....."....!ezH.[.U#..Zv.......6c.X........._.Y...b1.....\`g.{....*.ZoAl.",GI.*Q...[q.lC`.......E.e

<<< skipped >>>

GET /wp-content/themes/flexibility2/images/navssbg.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:44 GMT

If-None-Match: "068ff40ab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:44 GMT

Accept-Ranges: bytes

ETag: "068ff40ab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:55 GMT

....

GET /wp-content/themes/flexibility2/images/headers/header-Flare.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:41:49 GMT

If-None-Match: "80e4808bab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:41:49 GMT

Accept-Ranges: bytes

ETag: "80e4808bab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:55 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:55 GMT

Content-Length: 49

GIF89a...................!.......,...........T..;HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT..HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT..HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:56 GMT......

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:56 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:57 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:57 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:57 GMT

HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:57 GMT......

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:57 GMT

HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:57 GMT......

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT......

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

....

GET /wp-content/themes/flexibility2/images/blank.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:40 GMT

If-None-Match: "0e9d3eab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT

Accept-Ranges: bytes

ETag: "0e9d3eab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:40 GMT..Accept-Ranges: bytes..ETag: "0e9d3eab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT......

GET /wp-content/themes/flexibility2/images/footerdark.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 05 Jul 2012 12:39:42 GMT

If-None-Match: "03bce3fab5acd1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: softvipdownload.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Last-Modified: Thu, 05 Jul 2012 12:39:42 GMT

Accept-Ranges: bytes

ETag: "03bce3fab5acd1:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

HTTP/1.1 304 Not Modified..Last-Modified: Thu, 05 Jul 2012 12:39:42 GMT..Accept-Ranges: bytes..ETag: "03bce3fab5acd1:0"..Server: Microsoft-IIS/7.0..X-Powered-By: ASP.NET..Date: Thu, 19 May 2016 07:10:58 GMT..

GET /h1me77sx1/yumtynreh.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s8.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 408129

Connection: keep-alive

Set-Cookie: __cfduid=d5c33fface9e8c5c41b8131cdfc2ca52e1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Sat, 02 Apr 2016 21:10:17 GMT

ETag: "57003539-63a41"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb581d5936f6-ARN

.PNG........IHDR...;.........,.......pHYs...............Q7iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:dc="hXXp://purl.org/dc/elements/1.1/". xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/". xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/". xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/". xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>adobe:docid:photoshop:7dc6d6fe-6f98-11e5-a45f-8d0ceaf35f2b</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:e23bdc10-e0bc-8842-acca-88dbbfba81b4</xmpMM:InstanceID>. <xmpMM:OriginalDocumentID>F31F7DCFDC00A2B122E4DA3F0F781EDF</xmpMM:OriginalDocumentID>. <xmpMM:History>. <rdf:Seq>. <rdf:li rdf:parseType="Resource">. <stEvt:action>saved</stEvt:action>. <stEvt:instanceID>xmp.iid:7566f5d8-be32-b744-b3a6-36661031e0ff</stEvt:instanceID>. <stEvt:when>2015-09-22T13:

<<< skipped >>>

GET /vQyVyP5.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Mon, 16 Jun 2014 04:28:30 GMT

ETag: "572d3751fa708458ce95a2938ebbf2d5"

Content-Type: image/png

Fastly-Debug-Digest: ccd76d253dafa1222ae135695b0eb2c43c9dc949cac4764de284820c5f9edec1

cache-control: public, max-age=31536000

Content-Length: 211539

Accept-Ranges: bytes

Date: Thu, 19 May 2016 07:10:54 GMT

Age: 9094262

Connection: keep-alive

X-Served-By: cache-iad2122-IAD, cache-ams4145-AMS

X-Cache: HIT, HIT

X-Cache-Hits: 1, 1

X-Timer: S1463641854.755910,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR...^...........u.....pHYs.......... ......tIME.......>.%.....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...y.].u/...sz...64....;..Z.vl..-a..<......N."^.{..l./o}k...I..c..8...h.&..A-.......0.mF.....9U..Q...S....[h......S.k.....k.p.Y/......0...$J.(Q.D..%..i.....c.uF...........T.D..%J.(..H.....(.s....j...>.y.y....o..R*(%...R.EQ ...Dk....!.......1.*....y..(.PV.7...rH&*......}...K|H.8-].'.......K .qy[.C...p.w'7.....'c ~.....?...O.'..{..................N.._|...w....JI4..(........h4.....Bk...Zk.........8.H....\...7...%...V.-..Rz...dd..;.H...6/..`..yHC...U..l..K.....e.M...*..T.Yk.Un...%.r.W6.PJ........6..|.......?...O.'.'.........O.......N.h`.....Q!y.V.W......."U0)UHO.Z......F....]...(_...x.L\...'/.....k..]......s]xy.3...f$?/'......M..c[&............p..{w.l.g2..w..e.............=.y..,5.L...k-.,..%...`a....e.A..yyEQB....}.K.! ..y......qaL....c..LAJ.....0.y.N.......!..\..JUr......B.(.P...A...^v....<.%]Hgk....EQ6..h4j.j].Z'....N.....5.....r.,...B.`..S)..(..."...M.'.........H......g......C=..u ....Q....!8.Rs.a5.\.gV.E...2..aP....T.hy..B..F..Q.....`..d....".*-|t4....0...*.#....eT.W..!..=.I.`7zF.p...*.....\...R...U2.r8v<.L..q.B......?...O..)..."}8e.".s4..y.p.....h.y....6.,..y`.B....ui.\.6....Z....oQ......2hc.g]j.h....p.d..V...V..E.J.......d..<..P.....>'.e.g.....ad.l...1Y.....T4....Ut....{....-.....O.'...........&..v._

<<< skipped >>>

GET /dw3ypq17r/vtutorial.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s2.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/gif

Content-Length: 2809824

Connection: keep-alive

Set-Cookie: __cfduid=d30bef69fcbc2d4b23cc9bb038b33fadc1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Fri, 15 Jan 2016 03:36:07 GMT

ETag: "56986927-2adfe0"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb58344d3762-ARN

GIF89a .........................................R....1Z.B..J..k...{....){.Bc.JB.J..c......)..R.)1.)B.)Z.)..B{.RR.cZ.c...R.....!.)..B).BB.B..JZ.J..Z{.k..k..{1.........!cJ!..)..)!!9!!9{.B1!B11BBcBB{BB.BR.BZkBc.Bc.BkkBs.Bs.Bs.Bs.B{.B..B..B..B..B..B..J99JBBJ{kJ..J.cJ..Z))ZB1ZZ.Zk{Zk.Z{.Z..Z..Z..c9{cJBcZ{c.sc..c..c..c..c..c..c..k1)kB1kk{k..k..k..sRBs..{1s{B1{B{{Z{{Z.{cR{k.{..{..{..{..{..{...kc.ks.ss..s.........................B9.RJ.sZ.s............c...................)..JB.RR.k..k1.kB.kR..s.......1).9..R..R).kc.{.................sB..Z..k..{................k..k!.kk....B).k9.ss..)..{..R..k.....{.......!..J..R...{..{..R....................1.....9..k.............)..B).Z..kB.s...R..k..{..k.k...k.....{..k.......)..9...)..R.....R..k.9.........1.....{.................................!..NETSCAPE2.0.....!.......,.... ...........e...WP...... .....&.....b..FK.1yB......I('.\...../U..)...O4e...3.N..v....(OU6Q>J.t...6..|D..J.U.2U...WG)....u..=f..,..m..p......Y.k.|..4...|..].Q......,)(K. @......e.E......*.XW..L.pV..OO.i4....7..-3u...q.....o........'f...[...r...?O...u... .........9{F.......G..=.z....O.}..E.f......$......1...b. H....I[.V.L...aJ8.4.O:.E..G....|...K....h....S%^..X....`z...]<.8.Ea......IWE>&..KUM...Ru..e....L .....Y!.d.........kZ...I..."j...[N....U.A..#..Vg...D..EAg]w.5w.v..w(r.5.....W....'.y.t....hA..E....Cd....9....*t....Q..@.f.Q]5..gJ.y.(.$...PA!'.o .........V..XT/....,.t#..jU.......E..$.n....w..R_{r.Ra..f.eV>(.`wD...YH...b.)..4...#.S{.........I..z.g.lF.uf...jrw.2W(u......EJ.0.....8....9.L^.)| *.......1..

<<< skipped >>>

GET /6qjerzrdn/image.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s15.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 144221

Connection: keep-alive

Set-Cookie: __cfduid=d8663556cce4a51711727b2234c7d1b5c1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Sun, 03 Apr 2016 20:36:18 GMT

ETag: "57017ec2-2335d"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb583fde37b6-ARN

.PNG........IHDR...%.........2"._....pHYs...t...t..f.x....tIME......:b..K....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...wx\.}...).......A..I..{.E..]."[.c{c'..-..g.lr.Y{o...M..&..8...*j.z.H... @...F...3g.....$XE.......#..3....|.....e....c.8...B.!..B|..EAw,...$..!..B.!>t.P.88..c.S.?B.!..B...|3K.....5..}_..B.!...#g..e.i...mw9...Z..B.!...:H(.B.!..BL)..%..B.!.xW...e......p....d. .b.7.. ......{....GB..B.!...])hj.|.....X..=O>..H....a.C.Qq.-..........%B.!..B.w%..B...@M.._.2.p...;..A.........pK.... .G..V._...yO..B.!......Y./..xl.~T....&\.....B.....k......m2....._1.e.e.;.i.R"..B.!.x.z.x.L8..o~..y...(z.fd.a.|. .O...:d.-!..B.!..f&......?.s2....|.@.HK.....!~..v&s.uH(.B.!..B.'z0H^}=.._u..?.A...B.!....-PSsAQ{...=.........:..D.!..B....B!f<......pl.cl....;z....F..B!.}....Y..._q=2...B.!....]n......T.s...Mf|.._.*..V.mm............6.....d.c.&-%B.!..B.w.UPpAQ{....00..s...H..D...HM..B.!...q>.......U.P..R)....I&......_$z.8..n.w..`.1:..k...,D.........P"..B.!.G......z......7:6....v......:.L&9.....z.)...J~~.U9....m".(..~e...n.U9_.b;....-% B.!..BL..v....4............BIAA...?.....s.F.F...........y...5....s.F.._.1.1C.e..B.!....h....7P......s......[J...(...d....@......h.4..!..B.1Ul.ftll.w..d.-!..B.!...P"..B.!..R..B.....!.w..f:N....5T.K0.FS...0-.K..S3......~........n....%.N.6...........#M4.....eUQ5...^5C6e.....B...!.B\Q...*.G0...g.......S.t........>RE~.

<<< skipped >>>

GET /6kki806sr/animated.gif HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s28.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/gif

Content-Length: 1403309

Connection: keep-alive

Set-Cookie: __cfduid=d9e30535b8876e65ed8e172e5952d31501463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Fri, 15 Jan 2016 03:29:32 GMT

ETag: "5698679c-1569ad"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb582eb5372c-ARN

GIF89a .............................s.!..Z!..Z..).!B.)c.)..1..9Z.Bs.J..R..R..k..1..k..s....!9B!..)..)9!)ZZ)Zs)s.1.c1.J1!11)k1Bc1B.1J.1J.1ZB1s{1s.1.B1..1..1..9k.B..B!1B).B91B{ZB..B..B.9J!kJJZJZcJs.J.sRR.Rk.Rs.R..R..R..Z!JZB9ZRBZ.Bc..c.1c).c)kc9.cRccZ.cZ)ccBc{Zc.sc..c..c.sc.Zkkkks.k{{k{.k..k..sc.s{.s..{1.{..{..{...9Z.J..R1.Rc.kR.ks..9..s.11.k1..s..s..k....................9..9.......R1.s1.s.....kR.ks.s...9..k.....s..Z..{.9J..1.....s.......c..k1.......cR.cs..Z..s..{.9R..9..1..Z..Z..{....s...........k1..9.......sc..Z..s..1..Z..{........9..R..s.....R..s...................9...9.{..9k.k.......c{B..1.R.9s9....)9..R..R..Z..c.1s....9k.1s.k..J..B...).s..k..........................9..s99Z!c.B..........ZR.....9.)..)..11.J9....Zc.R...........9.....9J.Jc.c..R............................!..NETSCAPE2.0.....!.......,.... ..........HP......<.P.....2d..@D..3j.8q... C..I....(S.\I..H.0av.I.F..E.<.y.f..3b..H.......<9......J.Juj..X.f..u...MS.\y....g_&...m[..........x....Ah..$...9.p...F~....a.n#..0bf...|R....g..k..<.n.(h....&u........3P&f..r.;..A.w.v..xj... ..|.. Ft...S...\.k.......)6..H.<....._........l.aF."F..y.E.....5.{.....c...T.U...ZE. w...R.&%...'i..Y...TF..X.L.....w...c.yT`Q.i(_Yc...d<.dYS..y.h......e.Zrh....f...OL..D..X..!.... ]..[s.9..sh*...MDG..QY7a.t^W.S.}g^y...gB....B3.%...&.ad4.wS~PD*.l...S.LTY...v:.K/.TaSQ.0......."Dx..]..j...-.hL!..T.2.'.c..."...............F...k..-.d.Hf..mV....OBi..E......B.)..b..a...pf2g..i......)'.r.J.Sz.....'....6[...F.^d@.....F)...V....n.k.$.$kUv.. ..j0j|$....r. ..z.(..<.8-..\...

<<< skipped >>>

GET /vfxec11iz/9gag.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s15.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 169529

Connection: keep-alive

Set-Cookie: __cfduid=dc285e284cf77bf1808efeaaac138e9051463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Fri, 15 Jan 2016 03:28:40 GMT

ETag: "56986768-29639"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb5826b805bb-ARN

.PNG........IHDR.....................pHYs...t...t..f.x....tEXtCreation time.5..... .IDATx...wxT...............b...^...8....Y....M.K6...w......8..:..ILb.........]...K..53...C.HB..@......9.<.y...s....b...^..B.!..B.!.mM..h......B.!..B.!..){.............:t....E.!..B.!..BL"...!..B.!..BL....B.!..B.!...$.$..B.!..B.1.H.H.!..B.!..b.POv...B.!..B.1.edd.z....1...M.@B.!..B.!......7.....5#~.".8.Txl7)5.i.lg_x,...0...4..a.C.T....%m...V...B.!..B.!..7..k.\..,y..^...)........O...7T.......rv.tv........A...B. ...... ..B.!..B.!F5..F......A7[..FQ........<n.^.................Fi....v*..i.*..s.B.!..B.!..P7s.P....<.7x...P.B.....P..(...s.6..v..6........}...B.!..B.!n"}.>7S...p.x.Z.FoDk.....1(..O ....F.B.@...G.R.U.B.!....n. c.v.'.#.....\.dd.a.\a!......@..{....`..$...q*.._...v.f..W..Q_A.....3.tyP(@......B......M.`].....=...l....9lL.....|;..e..3..v.}/.a].....vg......~.....6P.}...z\......}.:.mje.......o...<7...{.......`}..<..BL..S..*.=.F..J]v.J.....V]..H/..2..o...B..*.;:.z.h5j.B......;......k*.R.*...B.[KA..r...P).. ...nS.l...S2.....|;...#.x39.:..9..=L..%c..Y7IPs......9.%:..3..n.}.A..Ev.fr^J..o....H..R...l....`.Vr^....0...H.S.!.D........q:N..9(b.............FAY5'.]..........).R..."..V.....<.......%v.\.....s.B.1..X...7w.-.....j.:...4.e.Mv.n..kyn..._a\g.M....1'.....i.......I..l.Z.-.....Z....?....B6.l....^.....dm...*wK.....{.W....(..<nY`..G.^..<..BL...@.T,z..8....p...@...B...^.Dmc.Z.... ...bs8(,)....$X.0..c.w!...l..L..^a....|.........._0.'.q[.^..kV..e0.|.[P...dfo"k[.k%.h.D..3.......rH.......2.....,]i% k/....f...uO.......

<<< skipped >>>

GET /ar19thbr9/maxresdefault.jpg HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s32.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/jpeg

Content-Length: 55279

Connection: keep-alive

Set-Cookie: __cfduid=d9c425df9f42e512da41c84a647c5975c1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Tue, 26 Apr 2016 23:00:09 GMT

ETag: "571ff2f9-d7ef"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb5816ed1694-ARN

......JFIF.............*Exif..II*.......1...............Google..............................................................................................................................................h..............................................h..........................!1...AQ."aq..#2B...356Rbrst....$SUu...........&Tc......LDe....7d...E.......................................M..........................!1.AQq."2a......4Rr..#35BSb.....$6....Ì.ET....d............?...R.....P..@(......P..@(......P..@(......P..@(....QT..P..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P..@(......P..U..U..i.2Lq.o)...C. &.. ...9.w...V..<S.........#.eee%YX.e`pU..A....5........5...t.NN3M5....Q.W...@*.S.P..@(......P..U..@*..L.@).)..p..........`..0PS.U0T....SW`....Y\..........P..@(......@(......P..@(......P..@(.....U@........j.*.|.KL.......6y...A......[...)R ..aCM...*S.t_.....5.~..?.N...I.j*m..O.U.M.#....._6.^./.].WT=bLo.XG..Y..$q...U...y.R.c......R...".._..n...c.6.........h.. ..SWm...n.._.t4>K.?.......].WR.=~.sw)........*..v..^da.S~....5...Ru%.I}..4..Z$\|..>2.p....O......5?...%...P.}....{.6....tY......2;....".......U..........ao.*._.E...Q........`.7..xS.8E%....J?T...n.<.....4~.<_.?..>..-z.........AT....................R....n...1.r.e.q.!..3.}..=.>..5.v..*O2.G{.le...H.r......~.....9..M..G..H.).W.m..O...|..,.....'^h....\..5o..?.~.?........O...V...8.O..h ......~.|..|.......]M9..ow..9..XVT6..........&WI~*._~Q.G..G<...L.>g5.....oa..&..\%M..n......h_CC>G....Y.it...p.

<<< skipped >>>

GET /t.php?sc_project=10738598&java=1&security=267f1d37&u1=E3A0092DF6854F4581DBD39C31C9578C&sc_random=0.40540406162741676&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1276&h=846&camefrom=&u=http://bestprosoft.xyz/redirection.html&t=&sc_snum=1&p=0&invisible=1 HTTP/1.1

Accept: */*

Referer: hXXp://bestprosoft.xyz/redirection.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.statcounter.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:53 GMT

Server: Apache/2.2.3 (CentOS)

P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Set-Cookie: is_unique=sc10738598.1463641853.0; expires=Tue, 18-May-2021 07:10:53 GMT; path=/; domain=.statcounter.com

Set-Cookie: is_visitor_unique=1463641853328226018; expires=Sat, 19-May-2018 07:10:53 GMT; path=/; domain=.statcounter.com

Content-Length: 49

Connection: close

Content-Type: image/gif

GIF89a...................!.......,...........T..;..

GET /83aip3acb/image.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s23.postimg.org

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Type: image/png

Content-Length: 116484

Connection: keep-alive

Set-Cookie: __cfduid=d8663556cce4a51711727b2234c7d1b5c1463641854; expires=Fri, 19-May-17 07:10:54 GMT; path=/; domain=.postimg.org; HttpOnly

Last-Modified: Sun, 03 Apr 2016 20:36:35 GMT

ETag: "57017ed3-1c704"

CF-Cache-Status: HIT

Expires: Fri, 19 May 2017 07:10:54 GMT

Cache-Control: public, max-age=31536000

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 2a55bb583fdd37b6-ARN

.PNG........IHDR.......g.............pHYs...t...t..f.x....tIME......-.UF.....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning.........tEXtSource.........tEXtComment.........tEXtTitle....'.. .IDATx...wt..}...[......vR.I.")Q....u,...O,;..N..'.DI.I.....ql'7v"'q.\."....^.bQ.M.$....o...3....J.....ZZK...~..Pk......~.#BDDDDDD...j.@DDDDDD...JEDDDDD.j.JEDDDDD.j.JEDDDDD.j.JEDDDDD.j....R.]........#.".R........-.........Q(........Q(........Q(........Q(..........=..........d......S...]..`.3.LbR...<.r...2{:}...,X9.F*g2..B?._~.]^;-..3gz...xg.R......sA.N.>.....................[f....@....9..[]...~...O....).. $(....i...?........(....=.j........[..L..._...B6..>.....m .p<.......O.:_~.......e.h>Kw.......s.S....|..,........\.]...[.....-.K....5..?...|........r.......K..V....7~.. ...9 ....""""""...IP..J..~6.LO....<...oq4u.#]..._v../.8t._........Ac...;..t.......k....>.a..""""""rB.|.^~;.........=..MLc....7..;.m.$..w;.R.......!.<..7|...o.p..{.^..7~.w.....Y..B.........;.....O../.a..,..o..|.C.....&S.8{.T.wEDDDDD....X..=|.?....O.._.w..?................)...i.TDDDDDd."...l..;<s.H.X..n.s/Z......0..!.^:....~....%.s%...........HK|...~...K=..wb]u!.._.-.JEDDDDDF(......|..>7...1.t..-......R.......w..<.........(= ..t...q..............w....2 .#6.J..=$...W....x.2..'3.........""""""#..V.Ts;..5d.:......8g.......C..5_.ob.c....? ....Y.~.==..^.......l...........`.}..:...{.0p.B..EQ.Z./"""""r......@/Y/...hb..%...cg/...A!C.@.p.1-.

<<< skipped >>>

HEAD /freeupgradesoftNEW/8-Windows10PHONE/upgrade.exe HTTP/1.0

Host: upgradesoftware2017.com

User-Agent: InnoTools_Downloader

HTTP/1.1 200 OK

Content-Length: 814257

Content-Type: application/octet-stream

Last-Modified: Wed, 18 May 2016 22:23:59 GMT

Accept-Ranges: bytes

ETag: "c4f445f953b1d11:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:47 GMT

Connection: close

GET /wp-content/uploads/2015/09/cover-coperta1.png HTTP/1.1

Accept: */*

Referer: hXXp://softvipdownload.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bestprosoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache,max-age=1209600

Content-Type: image/png

Last-Modified: Wed, 28 Oct 2015 19:27:33 GMT

Accept-Ranges: bytes

ETag: "bf4a8cb1b611d11:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:54 GMT

Content-Length: 408129

.PNG........IHDR...;.........,.......pHYs...............Q7iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:dc="hXXp://purl.org/dc/elements/1.1/". xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/". xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/". xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/". xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>adobe:docid:photoshop:7dc6d6fe-6f98-11e5-a45f-8d0ceaf35f2b</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:e23bdc10-e0bc-8842-acca-88dbbfba81b4</xmpMM:InstanceID>. <xmpMM:OriginalDocumentID>F31F7DCFDC00A2B122E4DA3F0F781EDF</xmpMM:OriginalDocumentID>. <xmpMM:History>. <rdf:Seq>. <rdf:li rdf:parseType="Resource">. <stEvt:action>saved</stEvt:action>. <stEvt:instanceID>xmp.iid:7566f5d8-be32-b744-b3a6-36661031e0ff</stEvt:instanceID>. <stEvt:when>2015-09-22T13:

<<< skipped >>>

GET /wp-content/uploads/2015/08/Cover.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bestprosoft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache,max-age=1209600

Content-Type: image/png

Last-Modified: Mon, 24 Aug 2015 01:21:30 GMT

Accept-Ranges: bytes

ETag: "9a0e134bded01:0"

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 19 May 2016 07:10:58 GMT

Content-Length: 111332

.PNG........IHDR...[..........M/.....pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......

<<< skipped >>>

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

iexplore.exe_808:

%?9-*09,*19}*09

%?9-*09,*19}*09

.text

.text

`.data

`.data

.rsrc

.rsrc

msvcrt.dll

msvcrt.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

USER32.dll

USER32.dll

SHLWAPI.dll

SHLWAPI.dll

SHDOCVW.dll

SHDOCVW.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

IE-X-X

IE-X-X

rsabase.dll

rsabase.dll

System\CurrentControlSet\Control\Windows

System\CurrentControlSet\Control\Windows

dw15 -x -s %u

dw15 -x -s %u

watson.microsoft.com

watson.microsoft.com

IEWatsonURL

IEWatsonURL

%s -h %u

%s -h %u

iedw.exe

iedw.exe

Iexplore.XPExceptionFilter

Iexplore.XPExceptionFilter

jscript.DLL

jscript.DLL

mshtml.dll

mshtml.dll

mlang.dll

mlang.dll

urlmon.dll

urlmon.dll

wininet.dll

wininet.dll

shdocvw.DLL

shdocvw.DLL

browseui.DLL

browseui.DLL

comctl32.DLL

comctl32.DLL

IEXPLORE.EXE

IEXPLORE.EXE

iexplore.pdb

iexplore.pdb

ADVAPI32.dll

ADVAPI32.dll

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

IExplorer.EXE

IExplorer.EXE

IIIIIB(II<.fg>

IIIIIB(II<.fg>

7?_____ZZSSH%

7?_____ZZSSH%

)z.UUUUUUUU

)z.UUUUUUUU

,....Qym

,....Qym

````2```

````2```

{.QLQIIIKGKGKGKGKGKG

{.QLQIIIKGKGKGKGKGKG

;33;33;0

;33;33;0

8888880

8888880

8887080

8887080

browseui.dll

browseui.dll

shdocvw.dll

shdocvw.dll

6.00.2900.5512 (xpsp.080413-2105)

6.00.2900.5512 (xpsp.080413-2105)

Windows

Windows

Operating System

Operating System

6.00.2900.5512

6.00.2900.5512