Trojan.Generic.11756232_077f5a78df

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

InstallFlashPlayer.exe:816
FP_AX_CAB_INSTALLER64.exe:192
%original file name%.exe:472
%original file name%.exe:1572
%original file name%.exe:1912

The Trojan injects its code into the following process(es):No processes have been created.

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process InstallFlashPlayer.exe:816 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{D09AEC29-5300-4066-8249-F4C940A0F49E}\fpb.tmp (1796 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{441F25F9-D280-4A11-B8EC-82F2D2BF5CCF}\fpb.tmp (6296 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{441F25F9-D280-4A11-B8EC-82F2D2BF5CCF} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{441F25F9-D280-4A11-B8EC-82F2D2BF5CCF}\fpb.tmp (0 bytes)

The process FP_AX_CAB_INSTALLER64.exe:192 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}\InstallFlashPlayer.exe (130014 bytes)

The process %original file name%.exe:472 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\%original file name%.exe (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\CET_Archive.dat (22433 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp (0 bytes)

The process %original file name%.exe:1572 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\CET_TRAINER.CETRAINER (0 bytes)

The process %original file name%.exe:1912 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\%original file name%.exe (46383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\CET_TRAINER.CETRAINER (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\lua5.1-32.dll (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\defines.lua (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\win32\dbghelp.dll (4438 bytes)

Registry activity

The process InstallFlashPlayer.exe:816 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 54 A6 5D 18 5A D6 D2 95 CF C8 00 A9 BF 4F C4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "InstallFlashPlayer.exe"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Macromedia\FlashPlayer]
"ConflictingProcs"

The process FP_AX_CAB_INSTALLER64.exe:192 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}]
"InstallFlashPlayer.exe" = "Adobe® Flash® Player Installer/Uninstaller 15.0 r0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c14c4f6-74da-11e2-81b0-000c29ec7fc5}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "FP_AX_CAB_INSTALLER64.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E F1 C5 D2 E2 F4 7B 8D FE 87 9F 65 A7 54 43 DA"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:1572 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 0E F1 9D EA 40 04 5C C7 27 A7 89 E2 E3 33 CD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Internet Explorer]
"iexplore.exe" = "Internet Explorer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Cheat Engine\Window Positions]
"AdvancedOptions Position" = "7E 01 00 00 FF 01 00 00 74 02 00 00 29 01 00 00"
"frmAutoInject Position" = "87 01 00 00 00 05 00 00 AF 01 00 00 4B 01 00 00"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process %original file name%.exe:1912 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D 60 4F 2C DA 25 9E CD AB 44 9C 40 E9 21 A9 96"

Dropped PE files

MD5	File path
9aad029c972d92be0ea8441b3e0e28b7	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
808de473370ef6b5d98ab752f245a3ca	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\cetrainers\CETB2.tmp\%original file name%.exe
d2aa9bb0e3220378c1022e8c951b73ee	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\%original file name%.exe
8abe7dd2963502fe189f42fa7cba4f74	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\lua5.1-32.dll
4003e34416ebd25e4c115d49dc15e1a7	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\win32\dbghelp.dll
685e7043dde485e5cee091c5f73ca5cf	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}\InstallFlashPlayer.exe
3a34cf39fb84031f445e3c68b75fe75f	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\{D09AEC29-5300-4066-8249-F4C940A0F49E}\fpb.tmp

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):

   InstallFlashPlayer.exe:816
   FP_AX_CAB_INSTALLER64.exe:192
   %original file name%.exe:472
   %original file name%.exe:1572
   %original file name%.exe:1912

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:

   %Documents and Settings%\%current user%\Local Settings\Temp\{D09AEC29-5300-4066-8249-F4C940A0F49E}\fpb.tmp (1796 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\{441F25F9-D280-4A11-B8EC-82F2D2BF5CCF}\fpb.tmp (6296 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}\InstallFlashPlayer.exe (130014 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\%original file name%.exe (200 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\CET_Archive.dat (22433 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\%original file name%.exe (46383 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\CET_TRAINER.CETRAINER (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\lua5.1-32.dll (563 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\defines.lua (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\cetrainers\CETB2.tmp\extracted\win32\dbghelp.dll (4438 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	36180	36352	4.54854	40b6c3ad804db9bc09242ade61fb6ea3
.rdata	40960	8468	8704	3.77319	33d023d2d6213e1f615883e5e3160e76
.data	53248	10972	4096	1.45741	3254d8738887635ac7c58c51f4e91adf
.rsrc	65536	3660208	3660288	5.52443	e8a5a12a329b0109f5967ebd5adfe1cd
.reloc	3727360	3818	4096	3.00051	65aac020a14aa9271485b36b38ac2718

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://ghs.l.google.com/
hxxp://onclickads.net/afu.php?zoneid=33507	78.140.191.70
hxxp://radiobaladaalternativa.com.br/nv-player?cor=0f87ff
hxxp://radiobaladaalternativa.com.br/nv-player/?cor=0f87ff
hxxp://radiobaladaalternativa.com.br/nv-player/spectrum.css
hxxp://radiobaladaalternativa.com.br/nv-player/spectrum.js
hxxp://imgur.com/9i3REYS.png
hxxp://imgur.com/wjFHehL.jpg
hxxp://photos-ugc.l.googleusercontent.com/-GT2zFFUi1wY/VHsuCGmbr8I/AAAAAAAAAUk/bYb53AeddIA/s1600/Lol.png
hxxp://photos-ugc.l.googleusercontent.com/-UmdwoZ-M0zY/VHu_EXIM3EI/AAAAAAAABc4/xr11nZe6QW4/s1600/Code+Master-+A+lenda.png
hxxp://photos-ugc.l.googleusercontent.com/-1CPlBGY2nWQ/U6oUCeEP2KI/AAAAAAAAAXY/dRC6jr8YqFE/s1600/Sem+título-1.fw.png
hxxp://youtube-ui.l.google.com/embed/Gjw4NCfc3iE
hxxp://imgur.com/nZ0jgYX.png
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.8.2/jquery.js
hxxp://imgur.com/Ndvqfhb.png
hxxp://jogoscelular.net/imagem/down_post.gif
hxxp://imgur.com/ZSI3Tki.png
hxxp://imgur.com/Cv8yKZy.png
hxxp://imgur.com/VFZJ3Hh.png
hxxp://imgur.com/HpH8fyK.png
hxxp://imgur.com/0fF60fQ.png
hxxp://imgur.com/v5pV86z.png
hxxp://www.xatech.com/web_gear/chat/chat.swf	141.101.112.75
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.4.2
hxxp://radiobaladaalternativa.com.br/nv-player/player.png
hxxp://radiobaladaalternativa.com.br/nv-player/pw.png
hxxp://youtube-ui.l.google.com/subscribe_widget?p=razortutoriais
hxxp://star.c10r.facebook.com/plugins/like.php?href=hxxp://www.facebook.com/RadioBaladaAlternativa/&layout=standard&show_faces=false&width=380&action=like&colorscheme=light&height=25
hxxp://star.c10r.facebook.com/plugins/follow?href=https://www.facebook.com/mpboato&
hxxp://blogger.l.google.com/img/icon18_wrench_allbkg.png
hxxp://facebook.com/plugins/likebox.php?href=https://www.facebook.com/hackernomice?fref=ts&width=400&colorscheme=light&show_faces=true&border_color=#fff&stream=false&header=false&height=250	173.252.120.6
hxxp://www.google.com/friendconnect/script/friendconnect.js
hxxp://radiobaladaalternativa.com.br/nv-player/player.swf
hxxp://atelier802.com/adcash.php
hxxp://radiobaladaalternativa.com.br/player/server.html
hxxp://radiobaladaalternativa.com.br/nv-player/play.png
hxxp://adcash.com/script/pop_packcpm.php?k=547511d4e15672671828.4120043&h=6f3af813683bda0ded5cfd60c1f29518e0ffdd78&id=0&ban=2671828&r=162025&ref=&data=&subid=&dx===Qj&pkr===ggLfohLf4j&psr==YYmHe4hGmZw&scr==UYhFK4gOm5h
hxxp://radiobaladaalternativa.com.br/nv-player/pause.png
hxxp://radiobaladaalternativa.com.br/united.html
hxxp://xat.com/RadioBaladaAlternativaWebRadio?p=1
hxxp://adcash.com/script/pop_packcpm.php?k=547513a7ab7c7902334.1583170&h=05b735714f42cb5da4c67aa7d8d7c99a577a51d6&id=0&ban=902334&r=162025&ref=&data=&subid=&dx===wg&pkr===AjFnIiFnYg&psr==g4lJmYiIe5z&scr==84iJm4iJeJi
hxxp://imgur.com/EeZYpJp.png
hxxp://imgur.com/lDm25Zf.png
hxxp://radiobaladaalternativa.com.br/nv-player/grad.png
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.8.1/jquery.min.js
hxxp://adcash.com/script/pop_packcpm.php?k=54751305f04f52749871.4174527&h=b8e5f1c7c892ac144346de651cb9a1edd2c3a996&id=0&ban=2749871&r=162025&ref=&data=&subid=&dx===wc&pkr===Af1kHe1kXc&psr==g3Z5lXe4d2P&scr===gfx5Hc5dGe
hxxp://ajax.cloudflare.com.cdn.cloudflare.net/cdn-cgi/nexp/dok2v=919620257c/cloudflare.min.js	198.41.215.158
hxxp://adcash.com/script/pop_packcpm.php?k=547514058ef2a2671829.4120043&h=a20f551b3316025afd96efc71aab3078dc8747dd&id=0&ban=2671829&r=162025&ref=&data=&subid=&dx===A8&pkr===w/2q/+2qv8&psr==sP56rv+7TOv&scr==kP+z7f+zTu+
hxxp://xat.com/images/xatblk.gif?a
hxxp://xat.com/images/b_groups.gif
hxxp://is-test3.imageshack.netdna-cdn.com/v2/90x90q90/912/u0rlT1.png
hxxp://xat.com/images/b_news.gif
hxxp://ne1.wac.v4cdn.net/2db7wn4.jpg
hxxp://xat.com/images/b_store.gif
hxxp://xat.com/images/b_trade.gif
hxxp://xat.com/images/b_help.gif
hxxp://xat.com/images/tgrid.png
hxxp://xat.com/images/tplayer.png
hxxp://xat.com/images/tdoodle.png
hxxp://xat.com/images/ttranslate.png
hxxp://xat.com/images/tclose.png
hxxp://xat.com/images/tsmilies.png
hxxp://xat.com/images/tgames.png
hxxp://xat.com/cdn-cgi/pe/bag2?r[]=http://xat.com/cdn-cgi/nexp/dok2v=1613a3a185/cloudflare/json.js
hxxp://e526.d.akamaiedge.net/pub/shockwave/cabs/flash/swflash.cab
hxxp://a1293.d.akamai.net/pub/shockwave/cabs/flash/swflash.cab
hxxp://photos-ugc.l.googleusercontent.com/-wbOyGFuANTQ/UVF1F4ouC4I/AAAAAAAABiA/RX4jNlICbjM/s1600/aktechz-fb-lock.png
hxxp://ux.microsofttranslator.search.prod.ms.akadns.net/ajax/v3/WidgetV3.ashx?siteData=ueOIGRSKkd965FeEGM5JtQ**&ctf=True&ui=true&settings=Manual&from=pt
hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl
hxxp://e6845.ce.akamaiedge.net/evcs.crl
hxxp://e526.d.akamaiedge.net/get/flashplayer/update/current/install/install_all_win_cab_ax_sgn.z
hxxp://fpdownload.macromedia.com/get/flashplayer/update/current/install/install_all_win_cab_ax_sgn.z	173.223.66.70
hxxp://i.imgur.com/EeZYpJp.png	23.235.40.193
hxxp://www.microsofttranslator.com/ajax/v3/WidgetV3.ashx?siteData=ueOIGRSKkd965FeEGM5JtQ**&ctf=True&ui=true&settings=Manual&from=pt
hxxp://www.adcash.com/script/pop_packcpm.php?k=547513a7ab7c7902334.1583170&h=05b735714f42cb5da4c67aa7d8d7c99a577a51d6&id=0&ban=902334&r=162025&ref=&data=&subid=&dx===wg&pkr===AjFnIiFnYg&psr==g4lJmYiIe5z&scr==84iJm4iJeJi	67.227.226.196
hxxp://www.youtube.com/embed/Gjw4NCfc3iE	74.125.226.8
hxxp://img1.blogblog.com/img/icon18_wrench_allbkg.png	173.194.76.191
hxxp://www.jogoscelular.net/imagem/down_post.gif	198.154.224.192
hxxp://4.bp.blogspot.com/-wbOyGFuANTQ/UVF1F4ouC4I/AAAAAAAABiA/RX4jNlICbjM/s1600/aktechz-fb-lock.png
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.4.2	173.194.76.95
hxxp://i.imgur.com/lDm25Zf.png	23.235.40.193
hxxp://www.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff	91.121.15.121
hxxp://1.bp.blogspot.com/-1CPlBGY2nWQ/U6oUCeEP2KI/AAAAAAAAAXY/dRC6jr8YqFE/s1600/Sem+título-1.fw.png	74.125.226.10
hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab	173.223.66.70
hxxp://www.youtube.com/subscribe_widget?p=razortutoriais	74.125.226.8
hxxp://www.adcash.com/script/pop_packcpm.php?k=547511d4e15672671828.4120043&h=6f3af813683bda0ded5cfd60c1f29518e0ffdd78&id=0&ban=2671828&r=162025&ref=&data=&subid=&dx===Qj&pkr===ggLfohLf4j&psr==YYmHe4hGmZw&scr==UYhFK4gOm5h	67.227.226.196
hxxp://www.radiobaladaalternativa.com.br/united.html	91.121.15.121
hxxp://i.imgur.com/HpH8fyK.png	23.235.40.193
hxxp://ajax.cloudflare.com/cdn-cgi/nexp/dok2v=919620257c/cloudflare.min.js	198.41.215.158
hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab	184.84.243.56
hxxp://www.radiobaladaalternativa.com.br/nv-player/grad.png	91.121.15.121
hxxp://www.transformicehackers.com/	64.233.171.121
hxxp://www.radiobaladaalternativa.com.br/nv-player?cor=0f87ff	91.121.15.121
hxxp://www.radiobaladaalternativa.com.br/nv-player/play.png	91.121.15.121
hxxp://www.facebook.com/plugins/like.php?href=hxxp://www.facebook.com/RadioBaladaAlternativa/&layout=standard&show_faces=false&width=380&action=like&colorscheme=light&height=25
hxxp://www.radiobaladaalternativa.com.br/nv-player/player.swf	91.121.15.121
hxxp://www.adcash.com/script/pop_packcpm.php?k=547514058ef2a2671829.4120043&h=a20f551b3316025afd96efc71aab3078dc8747dd&id=0&ban=2671829&r=162025&ref=&data=&subid=&dx===A8&pkr===w/2q/+2qv8&psr==sP56rv+7TOv&scr==kP+z7f+zTu+	67.227.226.196
hxxp://i.imgur.com/Ndvqfhb.png	23.235.40.193
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js	173.194.76.95
hxxp://i43.tinypic.com/2db7wn4.jpg	93.184.216.169
hxxp://www.adcash.com/script/pop_packcpm.php?k=54751305f04f52749871.4174527&h=b8e5f1c7c892ac144346de651cb9a1edd2c3a996&id=0&ban=2749871&r=162025&ref=&data=&subid=&dx===wc&pkr===Af1kHe1kXc&psr==g3Z5lXe4d2P&scr===gfx5Hc5dGe	67.227.226.196
hxxp://www.radiobaladaalternativa.com.br/nv-player/spectrum.css	91.121.15.121
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.js	173.194.76.95
hxxp://i.imgur.com/nZ0jgYX.png	23.235.40.193
hxxp://i.imgur.com/wjFHehL.jpg	23.235.40.193
hxxp://i.imgur.com/v5pV86z.png	23.235.40.193
hxxp://i.imgur.com/0fF60fQ.png	23.235.40.193
hxxp://www.radiobaladaalternativa.com.br/nv-player/spectrum.js	91.121.15.121
hxxp://2.bp.blogspot.com/-GT2zFFUi1wY/VHsuCGmbr8I/AAAAAAAAAUk/bYb53AeddIA/s1600/Lol.png	74.125.226.10
hxxp://www.radiobaladaalternativa.com.br/nv-player/player.png	91.121.15.121
hxxp://www.radiobaladaalternativa.com.br/nv-player/pause.png	91.121.15.121
hxxp://i.imgur.com/9i3REYS.png	23.235.40.193
hxxp://imagizer.imageshack.us/v2/90x90q90/912/u0rlT1.png
hxxp://i.imgur.com/VFZJ3Hh.png	23.235.40.193
hxxp://crl.verisign.com/pca3-g5.crl	23.9.117.163
hxxp://www.radiobaladaalternativa.com.br/nv-player/pw.png	91.121.15.121
hxxp://2.bp.blogspot.com/-UmdwoZ-M0zY/VHu_EXIM3EI/AAAAAAAABc4/xr11nZe6QW4/s1600/Code+Master-+A+lenda.png	74.125.226.10
hxxp://i.imgur.com/ZSI3Tki.png	23.235.40.193
hxxp://www.radiobaladaalternativa.com.br/player/server.html	91.121.15.121
hxxp://evcs-crl.ws.symantec.com/evcs.crl
hxxp://www.facebook.com/plugins/follow?href=https://www.facebook.com/mpboato&
hxxp://i.imgur.com/Cv8yKZy.png	23.235.40.193
4t4qjto8n6vcba9cabf6v2lrng9ast6r-a-fc-opensocial.googleusercontent.com	74.125.226.42
gg.google.com	74.125.226.6
yt3.ggpht.com	74.125.226.10
www.blogger.com	173.194.76.191
encrypted-tbn1.gstatic.com	74.125.226.5
s.ytimg.com	74.125.226.5

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /imagem/down_post.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.jogoscelular.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:51 GMT

Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0-fips DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

Last-Modified: Tue, 03 Jan 2012 13:24:38 GMT

Accept-Ranges: bytes

Content-Length: 12637

Cache-Control: public

Expires: Wed, 31 Dec 2014 11:47:51 GMT

Keep-Alive: timeout=2, max=102

Connection: Keep-Alive

Content-Type: image/gif

GIF89a(.h.......................................................................................................................................................................................................................................................................................q........~...........{.....q........v.....[..y..W........r.....e..W..u.....n..q..T.....Z..j..f..Y.....R..n..m..b..N.....K..W..M..K.....U..\.....M.....G..O..L..A..E..S..o..@..@..J..B..M..{..e..?..L..=..=..@..C{.G..=..Q..R..Qw.C..:..8..G..9..<.....5..b..@..n..G..;}.;..9..1..B..h..?y.9..H..:..aw.8..D..-..8{.G..;..5..4..,t.7..0.....2{.7s.7.})../.{(.{7.z-..h.y&u.:v.N.}>.{*.v$.v&m.4.t$.s%.x0.r&.s/.s'.p&.t6.o'g.1.v<.n'.o0.k).l#e.5.i*.m3a./.j,.g .f(.d .kH.d([.,.h5.^'.^2.Y'.T%.V8.O$.N%.K#.L0.E#...!..NETSCAPE2.0.....!...2...,....(.h........H........@.@...#J.......3j...... C..I.d....8X. ...0Y.\p..E.8s..........p ....H.*].TB...l..J....X....A...`........h..].v`...,..K.k........._...D !...... ^.........L.r_..*........C.........X^..5P..4. .y...%..@...M.....H.A.....(......s.x.B.....k.^...._s...O.....c...}........@....O|U.....}..]xN.h........]....f% }9$h...6.^..v..._.@..$.h.......,.8....x..$............C.@.)..@.. .<&.dA0....PF)..Fj...I6...\v...U"...-.........l....U....tB........|....|.._..D%@.u&....).@.(...WG.j....`C..@u..g)**k.:*....`..-|......*...f...-@V...(....^f...X.@....BaQ.....F.l.$.....P........{......P..t.......C].h..^........@.y.......n].h.@..&|U`.I...YD,q.t.a...gl...G..._Y@Bo.*l2N. ...y....0.,....q.W..0..'.....D...<.....

<<< skipped >>>

GET /evcs.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: evcs-crl.ws.symantec.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Server: Apache

ETag: "dc24a8a1ed5e253345e8075644a86203:1417425046"

Last-Modified: Mon, 01 Dec 2014 09:10:46 GMT

Date: Mon, 01 Dec 2014 11:47:54 GMT

Content-Length: 2419

Connection: keep-alive

Content-Type: application/pkix-crl

0..o0..W...0...*.H........0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1=0;..U...4Symantec Class 3 Extended Validation Code Signing CA..141201090059Z..141208090059Z0..b0!......>....{. ......131029083537Z0!...z..Q..{O..k1?....121226193726Z0!....A.O.;...........130918162142Z0!...a .....X..G.&.(..120920195501Z0!.......|..K..p.HA...131114172131Z0!...a<.N..\[k..||q...121113220113Z0!...n.g.}=rt|.....P..130416151422Z0!.....o...uq...../...140516212339Z0!...e..-'Y...9!......130320133514Z0!...N6..B....>.r.....130610165555Z0!...[..MMK...T-.Y....131021161346Z0!.....V@.N....g......140502095636Z0!....=...,.....0b.*..140205010422Z0!....wE..^..LF....L..140915110313Z0!...CQ~...9......4F..130207225040Z0!...#..hmHZi.>.6..E..130716173410Z0!..!q...|@d8....Tt...140312180031Z0!..'x....Tg,...M.Sp..131118195156Z0!..*".....i...<R..>..130812193938Z0!.....kG&.....4...N..140218140428Z0!..0......SY..\.&Cp..140325141402Z0!..3&....Vjyxg..:....130308131012Z0!..4..`...... .......131107155859Z0!..4..!.5..<.._q.\e..121126224218Z0!..4...,6.]w.^T..R...141020180109Z0!..5.......q...o.AO..130419133226Z0!..9#.......n........121025210412Z0!..:._c...k.\..e.....120723222250Z0!..;......Z<3.A04.:..140513212824Z0!..<Mw.f..O..6,&.....130729223110Z0!..<.S..U..z...U.....130425024845Z0!..=..1..0/..r. ..s..130424195525Z0!..>..nd...|.%.......130621101437Z0!..@<.0.VZR..x...~...140408141157Z0!..@..O..:J.!........140314051541Z0!..D...-./Uc'1..=....130207213638Z0!..F<..Q-78.#..D.....130627163721

<<< skipped >>>

GET /images/b_groups.gif HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: image/gif

Content-Length: 915

Connection: keep-alive

Last-Modified: Wed, 19 Sep 2007 08:45:17 GMT

ETag: "46f0e19d-393"

Expires: Wed, 31 Dec 2014 11:47:53 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d75518e0edf-EWR

GIF89a . ..............=.@...O..... a...<@.....w........d...5%..O ....g?.^^...&......PR.......l...b[.p.....Z...q# (vD<.........sK..j.......FJ.[ .55.....n.W..6'2.__....g..........._....M......|....&........o.o.............GK.........A1G..Jtt...O...F5.;$._/.r...Q....'({.......//.........<....B.../'Ogh....uH...>.W.T6.v..W.......././!L0.v.Z[.9:.b4.oD..U.......,".......0........EF.KO.4(?._.}M.......!.......,.... . .....................R..>..>?Fi$$....-.-kFUh.?.#.#.Ty..E.@$Y?.equu.9.J.``..mj.k...5<<556...y.A_.zyN.33.81V.5.u..-y`K.yI.LL((..W5u2..y..Qqa..;LhH...W....-.`LE./:.$,.c...2 ........1..Q....Pl<.....%J..p.b...cz....$..T.$.2GG........F.(F.UhC....,B.(.....~x...%.!.....a3P...7...!D..tQ.(...H.n*....1..:.........M.......;]J.. '.?...U..`H<.:..^h...82.Bt ...!..]......-w,. @....(..2pOl$.;..`..D-.6 j.....dP..A.e....k....1n,..@..#..|8....i..}..P.... ..(...K.8p..}l.C..@..!.*....8pB......p.........O....8....<....;....

GET /images/b_store.gif HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: image/gif

Content-Length: 497

Connection: keep-alive

Last-Modified: Thu, 21 Apr 2011 11:50:34 GMT

ETag: "4db01a0a-1f1"

Expires: Wed, 31 Dec 2014 11:47:53 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d75c1910edf-EWR

GIF87a . .........0..D...SD.......{g .....Z....q...v2 ......y.....v..6...lX.........[...uh<.x>..G>7...a..U...,.... . .... .di.h..l....Tt...[6....JC..... ..S>.O$..k..XC.W88. ..'.>.....-.,..... ...!...$..................o...g..fQ....n).=.]..............).J............Q.).W......Y...`)^dgY......rL .....Pi.....?.....=.iR...]J.)......bp.B......E...B...H...(.......B...5.zb..;..w~......Bv......8.g&.8. ....< 9Y.@J..<..p."...8.(....rH.i.0a......8.a.WL.<,R........zz.......J...]""8|...0`..2..#u...DB..;....

GET /images/b_help.gif HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: image/gif

Content-Length: 610

Connection: keep-alive

Last-Modified: Wed, 19 Sep 2007 08:41:28 GMT

ETag: "46f0e0b8-262"

Expires: Wed, 31 Dec 2014 11:47:53 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d75f1970edf-EWR

GIF89a . ....///...fff.........MMM......7K.w.....Yi....K].............hw.......*?....JW.\\\...............{..VVV......:::...SSS_o.......Rc.p~.DW...................aaa...}}}?R.2F......................<O....!.....?.,.... . ......pH,....r.l:.P..F..@.Q.Hh..`D...e......PXp...pAK.O..Q(T.&).-...O..<*...;;n<..)..M..;&*..(...&. .0 K ....,..(.>.&...J.(.)&........-..I2r>.&.......9. .3I.... .".7(!~......$%H8(&65...*.1.n...C.._..9H....Y..Y.p...{.l.X....Y.$R.x......$.....d9.......Q.^&......g,t..@.......H.P..`N)6.W hJY(B.[qb....BH4.3%..J.H`. Y..ZS x.a)..'<.H....d."........<..`....=..@..........@..".f.X@"....S.^..u. .;....

GET /images/tplayer.png HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: image/png

Content-Length: 2173

Connection: keep-alive

Last-Modified: Thu, 19 Jun 2008 16:31:31 GMT

ETag: "485a89e3-87d"

Expires: Wed, 31 Dec 2014 11:47:53 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d76519d0edf-EWR

.PNG........IHDR.......S........W....tIME...............pHYs.........B.4.....gAMA......a.....IDATx..YkL.W......(.....iKAc..Z..E.....?. ..Fm.F.........?>....m.Z...h.h...........(.......s........x....3s.{...w..h....H..B......v...w...^......D...).i.i...."33S......*q.....O.5.S3.C....../.D.S..@.5k..[.nU.o....Jv..%.~...u.PK.......p..}X...."..1.mmmq.@....K....V.~.z..b..1y.d...'jkk.^Iccc.nGnhh.. W.....1n.8.@",.....i..:::@.X.x1V.^...^.?..YYY.....3gPVV&...............`..Ma.>./=,.....~....N.8!...9"zzz..H...=[...Gtvv...4...".,.E...H..g.".. ''.....4...-..c.P^.&D..$..~t.0.{.....k.<....l.........pk.W..{.. tuuI.e....P........t.".}`.oww7...........Cy$...e.....>.lA...."04......W_.Q........~..--.....UU.}...r..l..9q"J&M...T.-_...vP0..U.......hn..~.....(|.9\..W.x.:M..../~.s'48....g....g.`.i.....2th4.E...@..4Z.ez!&e@L................(>on......9s..|.ny.......XG.B......u...V]....a==..]..v......B.%.*...@.m.~O.<.r.--. ...w..A...]a.U.k .?u....4.Z;................ ...N..lA..;..o.U].s]%.......I....._.VY..X$...XW.......B.......,.`B..%..0.Q.R....0.....6!.6.6a..SO.C...d.;v.z....7@.T.dr..........f..n.f.'B...X...~..7....).....om.6'.....7.@x.t..1..N.&f....59...uH"fi.(.bx>..,..$...f..5e.*`^..C;:%.....<..%...l[lh..I.t.@...\0..d......&...B4.....dA<..E...e...6....D.n....\mk....IIu.[h.n..v!p. .7......!I._.B'...9......v. ....h..j.Y.R.ZA.j..a....,....h.s`.Y...o.?...d......z)>..f..._.g......J..'d ..Q...6... .Hc:31hR..I.n....x..s..n..W.~.K..8.i.S@...o......q..!..S.L..%K\..;w....R.. .RVXX...R.O...=z.YD.U.V.>7.l..W...]...

<<< skipped >>>

GET /images/ttranslate.png HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:54 GMT

Content-Type: image/png

Content-Length: 2239

Connection: keep-alive

Last-Modified: Thu, 12 Mar 2009 12:18:04 GMT

ETag: "49b8fd7c-8bf"

Expires: Wed, 31 Dec 2014 11:47:54 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d76b1a00edf-EWR

.PNG........IHDR.......^.....9v......tIME.........o.....pHYs.........B.4....^IDATx..ZklS.......;..!!%o.,.RZ...*%!Tt........IUi%.U..t....?J..VjH.....JE..K..V...A.....4..Y%$..$1N....3b\?...v......w........S.NiH..M.Y.........eee7X.@U.n6.1..J.X,.j2....|m.............?;m.Fm......7..{.......~m..l..Z...Z.5.p2UQ..o/.LQ.{.........b._..h...~.3S......x),j&..|.&.\...J..&...v.[..W.04..|..O.... ......Y.A1...w....].}......Z'.Z....<F.z.3.....A.jy1:.z.g.$f. Z^*..F..x.......QWW.E.....|2...`s,....jVH.............y&..(..=>ty&C.].v...<X.! 0?.U..Q.....e..0..^.....pu%>.M..... .....8B.....5...].=...................n.k.~.r.........$~de;.xY5>.....w..\M9.K.5..m.h,q..Leo....i.....f...=~...~.O....i.7.......kN............wz.qvl......V.`*......Y..}..<.o..PL.67.b..?D...p....-...v.......z/..a..c.>.....A7.Ts.*.G..m....... .........Ug..y.x.....8`.n>.?.........U .P6..\....s`J.?......h..gj0._......v.l..x.6..;.)C.....z..P%&;F....E.%6...!......o`...rP....<.f..1..s.5|...N.....x.../t'.0......c*.....'....fP.Y....I..t...a..#...1..P_...sh...S.. $$....`....'G...(. 8.@.;..t.&[.w|3c.F.ch.n@g...:....gA..v.O...,.2.a..V..i.K.J......E.....*,P.`..x..b,.(.9Kt..P....n..l/.W.....`.sYJ&..`.M.......2..*.%Yx....:...?>...........{7....r~.=.....G......f<.....^/^..6... p..e...W.y....-[p........J....@CC.o,5.......rM....qm....:...w....3F_}.....V..SSS. `z._w........>...".E. .w..jkk.......WY.Vd}...$ .H=$L...K..T$..hU.....T.q.F.....c...q.&.IG29.a..}...........#....(....C..(..Sl..$.TW.M666..5L.|........p.c...rO!.!. ....u....J.YD0...I...777.{

<<< skipped >>>

GET /images/tsmilies.png HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:54 GMT

Content-Type: image/png

Content-Length: 1478

Connection: keep-alive

Last-Modified: Thu, 17 Apr 2008 11:12:48 GMT

ETag: "480730b0-5c6"

Expires: Wed, 31 Dec 2014 11:47:54 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d76e1a40edf-EWR

.PNG........IHDR.......".....E..3....tIME......0.(N ....pHYs.........B.4....eIDATx..W{lSU...{{..-].vsl..."...e.#...t..&H .....c.#.#".l.#&`."0..d".-F.0&..0........t.c..n?..v....._.K.......q~.T(--%.A.. .....j2.n.l......|..cl.P..hB..(..b....*..&.........~.$..N'.......G.......v.Kx,<..j$EEE...'K..4.".....8f..I.....r...F..B...e.....j1.1.innN.q..`@EY.~G...3..<.Cv;.#k..y...T.7....#{.(|-.z.0....3E.<.(.........0v....-......f.PUjBs.d.5....Qz8...F........'!.O2..Ay9p.Rhb5cz[.PS...g\.(........d...4..h.@..@k...O..H........k... ..U...%.Cs5.b.......5%....)..`....Q.JC..V0n...B`.r...pF:C......).C.1.....a"...B.,.|...TZ`L. k.<.....v.m...Z\.......$.....Z....}.....`X.E.3..A#...D..o..0....p,.F...#....6._jJ.mD.%Dy.... :..H%.'...ZZ.6......VS..w........DS..@.N...L.M:.n3..B=e;d*\......4...^.W3c"....@.r.0.>zS..A.I...p...F..-(...W.O..z.R....d..v.m."g.p..8.MV.t...x?^~....a{j.4....E.W$!......`$>A..x*.W.t.......P}>....-..6....M.Vl.D..J....:t.aj...".....>..$.f.....L.-.....|...3Xo <.......U... ]..H...yZ....o.e....5X[..U.;`5...)#{..Y.$.Z.....%/.|...>.iV`,...L....S..M.........g..#HqB.:A. j.tw.p.b'v.y..sL.S...6.0.].&.0....A...vG.Th...(I...v J...P..S p.?{..J........iN.........c^(~.o.....}....z".....bGi.:.}hlRp..>...>.8.x.I.L.qr...i............v.1=K.......s^.....pFD....b.ff.o...).9........i...................b.M....Uw.J.L/. .i.........:.....!....,...]......p....#..........S..ua.3.....u...e...px.E..m..........Q#.......o.`.r...k....v.)q.../....y.....{H)......H....|..... ...._\...^.......IEND.B`...

<<< skipped >>>

GET /afu.php?zoneid=33507 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: onclickads.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 01 Dec 2014 11:47:46 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Pragma: no-cache

Cache-Control: private, max-age=0, no-cache

Expires: Mon, 26 Jul 1997 05:00:00 GMT

P3P: CP="CUR ADM OUR NOR STA NID"

Set-Cookie: OAGEObec95=1|CA|QC|MONTREAL|H3C 2N5|45.4971|-73.5548|-1|514/438|BROADBAND|IWEB TECHNOLOGIES INC.|HOSTING; expires=Tue, 02-Dec-2014 11:47:49 GMT; path=/

Set-Cookie: ppucnt=1; expires=Tue, 02-Dec-2014 11:47:49 GMT; path=/

Set-Cookie: OAID=55c89d1422de8bdd357220ddc71ac57c; expires=Tue, 01-Dec-2015 11:47:49 GMT; path=/

Set-Cookie: _OACCAP[55866]=1; expires=Tue, 01-Dec-2015 11:47:49 GMT; path=/

Set-Cookie: _OASCCAP[55866]=1; path=/

Set-Cookie: _OACBLOCK[55866]=1417434469; expires=Wed, 31-Dec-2014 11:47:49 GMT; path=/

Content-Encoding: gzip

ba..............K..0....4,dU.V....pe..."m....DO..#...$_f.....Yi..,H..&low..$....%H....<)Zt9...t ......i.K.t.HN....5.R...i.VZj.JZ.N.........SZ..F.^$..:..D.......m.Q.g)m.Y)F~.U0.....?^..e5......0..

GET /friendconnect/script/friendconnect.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Mon, 01 Dec 2014 11:52:05 GMT

Last-Modified: Mon, 01 Dec 2014 11:42:05 GMT

Content-Type: text/javascript; charset=UTF-8

Content-Encoding: gzip

Date: Mon, 01 Dec 2014 11:47:05 GMT

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Server: GSE

Content-Length: 28395

Age: 47

Cache-Control: public, max-age=300

Alternate-Protocol: 80:quic,p=0.02

............i[.9...._az....16G...%.$d...2....Q....q.H..o.:$..0Ifg..g....R.*I..R.t....M.7...Q....w....S............8.&.q....,.Bf...{Y..zq1M....F...j....?...........X..k.i4N&A,..9WI4.B..x^.&....{.<Y.L.g...LfQ.j..k..^.5../..]\&..N..4.[g....AL...@.v.qj...o.Z...ykA.F.7].i......i9B$..ZS.$'Q7....d.n...W.. %. .I4._?..X2.u1..Z.>.Z..N .H/.qw...^..?......;.n$.W....Q<.U`......n.......M}.(.a...JOc......g14...3....!?9........&.Y..Z...x.7..b..>`.*..4t...CXXs3me........ .&__i....aLk.O..M....4....&.................D.`.v.^..IT.R....S...9n..(..2.*z.....t....(Y......x2..[.Y..G............;tn......J<..7V9..Er|3.0..8.....s..*._EK..2.:.&..e{..<....@f....?..Cf.A].w...a..R^.X......e./.p.\.p.'.,..h.....0.`............r.m.ww..a4....Wwng....2.........ukW...zkiy..2.Qy[K....4....kXKf.....`|./.\.U5...'l........Fg..1g.Q.c..bC..\...,...6.......6.....s;.8..1.."<S.....Y.e.0.......[..?M.n<K...x.*. .R......%@.....P.i....9.C....90...l..xl[..8SH..H.`....(.....^..n.&...}1;.....C!..c..j....g......K.....K..G7..j.X...U.T...c9......}.....2.\f..N.....b.......&.[..g.y......A.d.Kn.N.F...u..b.Z.).O.................jp]#."...\c.QG...-.6.v<..KZ...K.hv....7D......i.....^.=.L2.Bo...hg...V....cl.1....8.G..&.Cw.^..l.......3Fy....9..0..|2K...5.1..".4/)x<.8...9...] Oim...K=7..z...#..F.h....U..xO.l.........9.....C..m].g...<...g..dee.R....v4....hD....h.......{...{..Mn*8..g3(c.hL.V.y.k.M.k....U...U........c..J...N.@.1.3D.......!pn.0`..p..x<......X.tk]....X.{y.LWV&8..r.........G.g.....>.....x.;...a5.`b.TLA.........7...1..0.X.r..B

<<< skipped >>>

GET /get/flashplayer/update/current/install/install_all_win_cab_ax_sgn.z HTTP/1.1

User-Agent: Flash Player Seed/3.0

Host: fpdownload.macromedia.com

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 21 Nov 2014 12:07:26 GMT

ETag: "108918e-5085d49c23b80"

Accept-Ranges: bytes

Content-Length: 17338766

Content-Encoding: x-compress

Date: Mon, 01 Dec 2014 11:47:58 GMT

Connection: keep-alive

0.......*.H...........w0....q...1.0... ......0.......*.H..................MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]e.G..m...m...m..|....m.>.....m.>.....m...l...m..|.. .m..|....m..|....m..V....m.......m..|....m.Rich..m.........................PE..L.....mT..........................................@.......................................@..........................................P...3...........n..................................................@...............4............................text...z........................... ..`.rdata..hi.......j..................@..@.data....>.......$..................@....rsrc....3...P...4..................@..@.reloc...".......$...J..............@..B..................................................................................................................................................................................................................................................................................................................................u..V.t$..D6.......P..u..Y.p..@...@.......^.... ..`......L$......I..H.....t..........t..@. A..3......t..I..DH..3..VW.|$...................;.~.2.. .B........LA..G....DB...NHHf..IIf;.u...u..._^...V.t$...W............w...;.~.2..0.j....J. ........LA..F..DB...O@@f..AAf;.u...u..._^......L$.V..........%...;.^u..t$..8.....t.3.@..3....SV....W..t..@...3. F.@..W..t.......F.Y...TB.......ABBOu._^.....[.....u...P..I.SVW3..tH.2.....vI...f.

<<< skipped >>>

GET /script/pop_packcpm.php?k=547511d4e15672671828.4120043&h=6f3af813683bda0ded5cfd60c1f29518e0ffdd78&id=0&ban=2671828&r=162025&ref=&data=&subid=&dx===Qj&pkr===ggLfohLf4j&psr==YYmHe4hGmZw&scr==UYhFK4gOm5h HTTP/1.1

Accept: */*

Referer: hXXp://atelier802.com/adcash.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.adcash.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Vary: Accept-Encoding

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0

Content-Type: text/html; charset=utf-8

Content-Encoding: gzip

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Date: Mon, 01 Dec 2014 11:47:52 GMT

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Pragma: no-cache

Transfer-Encoding: chunked

X-ADCID: TNC0.00042,0.00207,9.53674,4.05311

Connection: keep-alive

X-Robots-Tag: noindex

120............U.MO.0....WD9L...&..5E.B..!....M.&./......d...d.......LJ...J.... ..UI.qw....G.....f.@..|..y...d.fI....:n.....O(:..0...oIF..=^jl{@.wA....x.Q.....$. .j.e/.Q..2.p.A.L.....f..L...e..iM..S......-!).......C..&y.`l"...a...F..cu.....=... ..N2....`.......I...Q..L~B....v..-]....k<_.d......8....<.......0......

GET /script/pop_packcpm.php?k=547513a7ab7c7902334.1583170&h=05b735714f42cb5da4c67aa7d8d7c99a577a51d6&id=0&ban=902334&r=162025&ref=&data=&subid=&dx===wg&pkr===AjFnIiFnYg&psr==g4lJmYiIe5z&scr==84iJm4iJeJi HTTP/1.1

Accept: */*

Referer: hXXp://atelier802.com/adcash.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.adcash.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Vary: Accept-Encoding

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0

Content-Type: text/html; charset=utf-8

Content-Encoding: gzip

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Date: Mon, 01 Dec 2014 11:47:53 GMT

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Pragma: no-cache

Transfer-Encoding: chunked

X-ADCID: TNC0.00045,0.00358,9.53674,5.00679

Connection: keep-alive

X-Robots-Tag: noindex

102............U..N.0....),.Ps.K*.D~.B..!.(<.kob#...mC.xw....vg..f..L*..i*.\6.j4.T.x.w../o.i..z_..k..w|-..H......tC.<X..."...ub..YI. 6..{l.8.'.Z.y......t.D...%...@w....,...c......j.............y.o..)U...1.}....\..yd.:..%.....A.)V....D....p.[0..B%..GU^,.YqI..bci....8...V.YS.....0......

GET /script/pop_packcpm.php?k=54751305f04f52749871.4174527&h=b8e5f1c7c892ac144346de651cb9a1edd2c3a996&id=0&ban=2749871&r=162025&ref=&data=&subid=&dx===wc&pkr===Af1kHe1kXc&psr==g3Z5lXe4d2P&scr===gfx5Hc5dGe HTTP/1.1

Accept: */*

Referer: hXXp://atelier802.com/adcash.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.adcash.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Vary: Accept-Encoding

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0

Content-Type: text/html; charset=utf-8

Content-Encoding: gzip

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Date: Mon, 01 Dec 2014 11:47:53 GMT

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Pragma: no-cache

Transfer-Encoding: chunked

X-ADCID: TNC0.00036,0.00430,9.53674,5.96046

Connection: keep-alive

X-Robots-Tag: noindex

109............U..N.0.E.. ,/P. ).`A..P...PEa..=...%gBT..N.tQVs.Y.9.M&.!g....eAH.."?....a......[....Q~..J...X.i.^.>..<...a.@V..........5l..>..1.59.....9..O..{.dN..l..Ay6....f.o:.....a{4..2..$.>K..T0..(..y...."f*...#....)..V.5.{.@c....b..:..<.'....kH#..Jl..K....jS....G.....8.....sg.....0......

GET /script/pop_packcpm.php?k=547514058ef2a2671829.4120043&h=a20f551b3316025afd96efc71aab3078dc8747dd&id=0&ban=2671829&r=162025&ref=&data=&subid=&dx===A8&pkr===w/2q/+2qv8&psr==sP56rv+7TOv&scr==kP+z7f+zTu+ HTTP/1.1

Accept: */*

Referer: hXXp://atelier802.com/adcash.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.adcash.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Vary: Accept-Encoding

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0

Content-Type: text/html; charset=utf-8

Content-Encoding: gzip

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Date: Mon, 01 Dec 2014 11:47:53 GMT

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Pragma: no-cache

Transfer-Encoding: chunked

X-ADCID: TNC0.00045,0.00178,9.53674,5.96046

Connection: keep-alive

X-Robots-Tag: noindex

127............U.OK.@....S,9.....=.$RD."".z...&.v..;.R..n..PO3......2....*s..)s..x..s.<~<.o...m..Z?....a..t...%.(Mccj.7.....g..e}....7.c..=^.ms ....w..."!h....(...Zp..<.....N0D..z.x.|...L8...2@iM..S..,......c..K.@..2...p06R.9.5.......Y.%......G]..{...A..V2...8`.........y#{].`...~:0V..eS\.e..6./s:.....8..r.........0..

GET /plugins/likebox.php?href=hXXps://VVV.facebook.com/hackernomice?fref=ts&width=400&colorscheme=light&show_faces=true&border_color=#fff&stream=false&header=false&height=250 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: facebook.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Location: hXXps://facebook.com/plugins/likebox.php?href=https://VVV.facebook.com/hackernomice?fref=ts&width=400&colorscheme=light&show_faces=true&border_color=#fff&stream=false&header=false&height=250

X-UA-Compatible: IE=edge,chrome=1

Content-Type: text/html; charset=utf-8

X-FB-Debug: y7uTEbeqGNaASZmr8UxtIFxZTF btO60N DkFIWTWLdulQPXaRKkSbRck1f0aO6CnHVXLyaJreXX/gIlqTgtFA==

Date: Mon, 01 Dec 2014 11:47:52 GMT

Connection: keep-alive

Content-Length: 0

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.transformicehackers.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Expires: Mon, 01 Dec 2014 11:47:48 GMT

Date: Mon, 01 Dec 2014 11:47:48 GMT

Cache-Control: private, max-age=0

Last-Modified: Mon, 01 Dec 2014 07:29:23 GMT

ETag: "f1ab25c9-9be8-4a51-a6e8-b6719cd776d8"

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 14556

Server: GSE

Alternate-Protocol: 80:quic,p=0.02,80:quic,p=0.02

...........}.v.......f&jr...U...K..VbY..N..[.......L_(...[f.y.......y.W..T...n^$..${ .D...P.*..@..G..;'._v. ..........).J?UwJ...].......\..q.YFP*u^dXf...f.tyyY...]._:9*]a-e,.>.|*S4.3....5bZ^[..OcWC....lU....Y..jvS`}....h..RE......u#P...^h......wo..........y|(.....)..]c.a..A[.m..4...k...ok.._=#...M..r........Xc....^...F6.......zo}.....e...V..o...J......FA...1l...._tDP...8....s.a..j...i,........t..\V.5.OP.P......'P.80-f.....}z.WX..C...[h...../.@.Zi............Z_8..........9.w...e6...1..u.9v...c......e........L..%.~..E;s.....2.J...>23.s7....A...%?A.v...f...`[.=v-........u.%......"8..".S...o.oD.|..zYY..6r.w}...q|..............R.1...<0..A..V....6.........v.`.....G.....;.X]..v*.({.k!...O.Y.l........ ..d.,"S..;.5...r...b......E...>G.P..A{.......:.l..l........A...Nj.m..&R...{v...aI8 ~^.S.Y&.......... r.[$5o..V.ozoWW.w..-.........^6J...#..'P..*!...t.3.&.N...........r4d.6......."Ua..J......"..R.. 9...I...(h.,8B...CwI....X...9..S.%o.."f...@._r..9wc..?nG.'..u9.l.5.S..f.....f..1R\A..^.......G.V,.C.`........,..<?8&......-r..........z2..RF.2.a.Q9... ......`.(;.ZaD....N%.....x...P..;>..e..7....$..q.z..Kc....~...5.V(].(.........ep{R..g..Md.6...LK$.%...1L..g.6d.$.a.d .....f$N.e:,...F...%S.xh.....<._..................C&...9... .V....zcc.\...Oy.n..#.Xf....=-H...-..Te.[.i@.....Q........M.f.M6;...Qgm.*......,..y.[&..........G...... ....3.1....=....pN..@....p..r."?.N..0.&.....0.eG..............C.n..... ...\.A/Y....U.......m.....<~.]2]#.......Z...-K.o..P.-.. .).....aj7..6...w.}T.;....g=n.".ÊUHE...[..X...w....

<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Mon, 01 Dec 2014 07:29:23 GMT; length=56673

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.transformicehackers.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Expires: Mon, 01 Dec 2014 11:47:50 GMT

Date: Mon, 01 Dec 2014 11:47:50 GMT

Cache-Control: private, max-age=0

ETag: "f1ab25c9-9be8-4a51-a6e8-b6719cd776d8"

Server: GSE

Alternate-Protocol: 80:quic,p=0.02,80:quic,p=0.02

GET /2db7wn4.jpg HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i43.tinypic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=21600

Content-Type: image/jpeg

Date: Mon, 01 Dec 2014 11:47:53 GMT

Etag: "52141-4e6d72acd726f"

Expires: Mon, 01 Dec 2014 17:47:53 GMT

Last-Modified: Fri, 20 Sep 2013 21:15:17 GMT

Server: ECS (ewr/158B)

Via: 1.1 varnish

X-Cache: HIT

X-Varnish: 770656004

X-Varnish-Server: den2tpv65

Content-Length: 336193

......JFIF.....H.H.....2Exif..MM.*...................1.........V.2.........b.i.........v...........J............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

<<< skipped >>>

GET /img/icon18_wrench_allbkg.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img1.blogblog.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 26 Nov 2014 05:07:50 GMT

Date: Wed, 26 Nov 2014 18:31:23 GMT

Expires: Wed, 03 Dec 2014 18:31:23 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 475

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=604800

Age: 407789

Alternate-Protocol: 80:quic,p=0.02

.PNG........IHDR.............a.~e....PLTE...... J.4e.............u..l..e..c{.........................................................................Y}.T|....`v.`w.............................................................[q.............Eq....__^........bY....tRNS.@..f....IDATx^M.U..1.@...A(33.Cf....qR......"..@....*.v&.g...X.="6.Xz.$/".3.;.R\....Mb.((...J...R...pK.OY.0...Q......q.r3..r.v...b...j ..h.r....<._...l.}lY........o%....b..d,l/. .........N...ig.K.....IEND.B`...

GET /9i3REYS.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Sun, 07 Sep 2014 02:58:37 GMT

ETag: "60779c8e659e53e112f0b1c33627b3c2"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 203

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:51 GMT

Age: 2193296

Connection: keep-alive

X-Served-By: cache-iad2120-IAD, cache-ord1734-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 50, 2343

X-Timer: S1417434471.098282,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR............./..8....sBIT....|.d.....pHYs...........~.....tEXtCreation Time.09/06/14.X.7....tEXtSoftware.Adobe Fireworks CS6.......#IDAT8.c...?.....M.5t..QCG..5t..Al(.wh.)........IEND.B`.....

GET /nZ0jgYX.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Sun, 07 Sep 2014 02:38:37 GMT

ETag: "5f1b328d6a7c02f94f779351d769d101"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 267

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:51 GMT

Age: 2202238

Connection: keep-alive

X-Served-By: cache-iad2146-IAD, cache-ord1734-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 1, 1

X-Timer: S1417434471.167748,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR.......I......b......sBIT....|.d.....pHYs...........~.....tEXtCreation Time.09/06/14.X.7....tEXtSoftware.Adobe Fireworks CS6.......cIDATx...... ...(...).n. H.A.../...D5.@..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A.....o....W......,....IEND.B`.....

GET /ZSI3Tki.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Fri, 28 Nov 2014 17:14:40 GMT

ETag: "e76bfd5f937ca3dc2b9ccd7175e0d12a"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 14273

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:51 GMT

Age: 239585

Connection: keep-alive

X-Served-By: cache-iad2128-IAD, cache-ord1734-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 1, 2

X-Timer: S1417434471.333807,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR...F.................sRGB.........gAMA......a.....pHYs..........o.d..7VIDATx^..u|........... ).c....f.....c.......;hED...;.....".`'......v.^PAA....q{.^.....oJ....B...In%lr.a.W.....FB....H.!F(...b..H.!F(...b..H.!F(...b..H.!F(...b..H.!F(...b..H.!F(...b..H.....Gh...0.B.)L..V.0.B.AL..V.0.B.AL..V.0.B.AL..V.0.Bn.*Xh..cT........._s X.(R..!..A..#Ha$...5a.<=....1....89:........"c.)ox...L...{0.......rC..F ...Z.Za....kx....z,...J.<.#!._C......F.U..BQ..."4.).....Y.9....v9.z.|...`......F..a.[&....7......\/.....iJ.DA..*./..7......j.......-..#..p_...F..H....#h..%.J.x@XH.Ss............w........D...^..x........`....J..X.'Oo.....m.C..!|4.G...[...7,5..X........E..V9|Y!..>:<r......Rf..d. .)._V.&)J..S..Oy...q...R=.........t4b$......U..6.|.ZU......D.Uj..u.`..BKu....M...H...........ev)...F.G?.Ez!,..a.Z..........<..B.....r.L..3m.$u.,s !.J1..Y.(T./.O..k.....*r...~@...#ba.F..........R0*G...../M..2uh....r.1 9..S.......j4O.A..{_%....F...!7.0.|D.4...'...p%..,.Q.x... 6#../.y.ct^......0jja...MA-..Q.6S...|.K...m....m....`.........0.....D..n....c.......l.yW..^/...?............u......&9...Ga$...>...[....].X6..BSU.,T.`..C..D..|.gY.....v~|^\W._..."X.sa.W.);.f...VV....EV..Y6....._......<... ......OD..C.. ...X..{....o...$r..)n.:.&V...~b...=.{XP[....^....rC..h...-...8.).T...,..>...[,H......)..9.U...Sv..ulD...0.8..`.......R..p. ..=wvQ...{.j..l...`..E..&...>....3.iF..>......NP.0....Ue......w.....uK`..2..8.#!...0....mi....d. e.d.b....... %..nm!$U.z.....@..7.>&.V.U0..0.T.R..c.c...1.T.x..Y.V..`.T.........D

<<< skipped >>>

GET /VFZJ3Hh.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Sun, 07 Sep 2014 03:50:30 GMT

ETag: "3f4d717b02c85d3690c7a1600834c71d"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 961

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:51 GMT

Age: 7153353

Connection: keep-alive

X-Served-By: cache-iad2133-IAD, cache-ord1734-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 1, 1

X-Timer: S1417434471.420595,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR......."....._.;.....sBIT....|.d.....pHYs...........~.....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6........IDATx...1h.Q.............:....vJ1Th..e.R..v.`R....t.&WA..L....s.....KC.2y[..t...@ S..<..j...;..t.w..A.......{Q.!...{...(D....p...n."..BD.Q..7...F!".(D.h.I$...=..........."...Uta....K].#17.....jZE.........:.".p...l.Z6.r... w......ay..v..[...Ut.|..z..]'...=a...K....B2......`..$..R.....u.@.{;....".....]1,...z./C.............M...V.N..H".x..j.]...`.]..e$f..$3l.yv....i.`..0...l...%,o.!1;.....|...9....HW ..(Wk....\....W.n9k%...M..M..?.....0.d.....H/.....$3P....1.x.1.c.*~............]C.D.<~.p......."0...ws^.......Su...%|.........g........$b\..e......5q.m....P'F.^.}:.?.~..f..m.......!x...^...l....C.Us.k.L7..c.j......3.q..............F.!v.y..W..BX5.H/....^@!B.'..[...b.....E.mp.x.=6h.....^....o..9.....y.?.%..'...o76...]Xk.0.....E......~.~=...s"...F{"..BD.Q..7...F!".(D....p...n.".m..A..@<.:.....BU.........IEND.B`.....

GET /HpH8fyK.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Sun, 07 Sep 2014 03:50:29 GMT

ETag: "3885fbd4bf799132e48ede0a2c53a420"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 717

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:51 GMT

Age: 2022696

Connection: keep-alive

X-Served-By: cache-iad2131-IAD, cache-ord1734-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 1042, 1

X-Timer: S1417434471.504360,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR......."....._.;.....sBIT....|.d.....pHYs...........~.....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6.......%IDATx...1h.a....R88H..s.p.1..b'........(q....S..g!...p".&[p...T..[.....P..:.!\L..%.Uc...t..........<yu."...^.-?FDb......1".cD$..H....#"1Ft.n...T.^.R(ED..{h...=.Y[.m*.Q.G.[T..^..`..g..... ...4s..b......B)"...*.T.A.OE.~.O.....kS...Ajn........i...RFt.....>.........U8.........S...0t...#...0...{.65g...V}...kp.{3_.EP.....#..knc.....G.UG..@..C............F.U..F..bc.e.U..?a.Zj.R.<....9...m*.1....9......W...a.*. ..7.I..s.uV.E..r$..KU.=.\_.T...Q. ...b.;.3.....9wg..(......1......S..I.ao..........V.G..d.N.....1"........1".cD$..H....#"1FDb...V.~Y..h..IDb..b..F<..Q....IEND.B`.....

GET /v5pV86z.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Sun, 07 Sep 2014 03:15:11 GMT

ETag: "a9d903784844f5a5f299884c5cce94cc"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 204556

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:51 GMT

Age: 7154129

Connection: keep-alive

X-Served-By: cache-iad2124-IAD, cache-ord1734-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 1, 4

X-Timer: S1417434471.543768,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR................)....sBIT....|.d.....pHYs...........~.....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6...... .IDATx....v.....m.SDH.L.g........_._...]]u..<x.LI1..v..i.dHi;}l..y).A..)...........W.A...)...].....p.}.....cW.y&.w......&...W.>W..<.~.Z.........$........G...3.....u....Q.H|c.oH.....s......k.KW......5...){...QUUUUU...)...Q....:U.[....>...Z..z.....k.@.C.d.b.../.}...*..W...\UUUUU....7h..~.zT......X.......fq....?.w2R.{.N6tZg....k..V..b}.. .....UUUUUU.W.vh~.JT}w].c^$x..L..6.N.w.9~W}... i...ZN...$.J.M..........0..#............*$........*......Y .k..1..]....A.v .Z9.]...k...>.dB0..x.............L...D...(B....}.A......~Y...3Q..k..$.^s...Q.Pk.c$(........./O....g?.....,s...^.J.....\Z..|...;X..'h&.,=.|..\UUUUU..*$....`..z..)R.......q.....\@..8E..a0.}....y=.......!.h.pv..vplm^..Q..(Md... .ye...1.^[.W]3........B.OL....b.;...kvZ...@Y/@.@.3.....A..!...B...I~.].-\P......&...P....R....[f03.eXf.......,.X..#f.G...\UUUUU%U!.'...8yE8_X.....!....k..).3.......v..C..O.Ez[..._.....9\...h.M.Fk.R>-C...@1......].9.r.$.....:.....UUUUU.\UH..u..%..h!J...H....@....?............~K.|...b.....9L.&................,..\..}..m[1....U..O(..Vh.........^..6.P."........Qa..........?....)...N.s...z.."....../....\/.9E...5..W|s.D..... .O8<xc7.@.\..}...?b.].e...k.......y..`.f4..v3@k..j.f.......@.@k.i.aB...2.XX.e[|..5....}^UUUUU.SU........cK0..G($..np?e..W ....j..@Z..0.%@. ..B.GX$N..c.....e_\........B...u.-. .......-j..a.1s..........x......my.8...t.a...i....r.iRJ..X..!e.r,.m_UUUUU.......%......

<<< skipped >>>

GET /lDm25Zf.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Sun, 07 Sep 2014 03:56:57 GMT

ETag: "0fcbf66eed6c315cad5a90fe9bd408cb"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 66029

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:53 GMT

Age: 2022668

Connection: keep-alive

X-Served-By: cache-iad2125-IAD, cache-ord1734-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 1, 1

X-Timer: S1417434473.198580,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR.......v......E......sBIT....|.d.....pHYs...........~.....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6...... .IDATx...y...y..;..>==.H.e. .B .`.fq.,!..6.qB.^...I.......,.9~!7N.....x...^.,.....#..@B....g...........==...~...tW...s....|.;..>......................@HHHHHHHHHHHHHH.....!$$$$$$$$$$$$$$dF.F....................BBBBBBBBBBBBBBBfDhD.......................!!!!!!!!!!.6.7..Ug.../...r.r.z\..m.....np..o..%w......a........a.$....#7q..e..g....C.p...M..#....M..m..F?..^....i.NR<x.g..#.-.M.)%.D.x4..........=I..*.H...1V...."..d^..7.#i..Ja.c.TN.J...../...j.F..S..(B.|.x. .v..,.B.....X.....i$.=CeF.UN[.F"bP.%B.hB \Y..hn.....B....k...p.E.'.M.......l.h.'...}.LF..U.V.^Rj....R),..V.T .R:I.5.T..B....Q.m..UreI.......I...$T-....%.......Y.1.....=\B.0.#.p..e........]...m.Q.Xz....,. W..%.R...[5.7.X6H..w.&....... .n.U.............R.@...p@..1.@yexg..}`........_$.j....6i......!!!!!!!!!!..mp..=...7>K........)%mmm.X.u..-.>...W........PJ...J$hoK....._.R.[:..T6HWK......I....l.R.T..&*..=..!.....3;6sRo.[).f.....M2fp..4 z.Tm. .E.g..k.d...J.......@.W.5b&..D.Qyz]P...N.?./S..).q...W.... ..h..b.(6.S. .^!J)TPQ.*..$uy#..I.R:.m.....r...U..r....V.r..v.@..........~.6.5....*...el..&.Gt,.v.-.qo.M..x..8.....@..{Gy.`.jM.7.B8..g@....{..t%g.:R.i.v.-c ...<.!..m..Z.H.......b=c.p..#H[.......=..G:B.N.u..0!;:......;....l3..'...G.0.R....C....i2xm...!!!!!!!!!!.......Q~...`.hb:.aj.R.b1...n........{.BV.]....._.j.J.B..:.U.....#?]P.T.WL.r.T.PR./......]AJg..U..Z.i.H..X..0...?.S/.`yw......|> .X.JM......6.w&0u.b.

<<< skipped >>>

GET /pub/shockwave/cabs/flash/swflash.cab HTTP/1.1

Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: fpdownload2.macromedia.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 21 Nov 2014 12:03:56 GMT

ETag: "1ef52-5085d3d3de300"

Accept-Ranges: bytes

Content-Length: 126802

Content-Type: application/vnd.ms-cab-compressed

Date: Mon, 01 Dec 2014 11:47:54 GMT

Connection: keep-alive

MSCF............D...............g.............................................sE.. .swflash64.inf...........sE.. .FP_AX_CAB_INSTALLER64.exe..5w..:..[...(.@..."S`$..o...\s.....2.0hH.$B9.VS.Z..P.....v.^RL......ml....=.{.g.ml.......E....tp.s..7 :..........{l{F....=.......g.T..fhX....e.{{.....z..........&......`..........V.b..l..VY...2.A [."#m...m.<(J.o...1..,.%..... 3.EDPV`.....y.......e.....R.*..F.:...$.;............M@.!..F..=....{X..P.M.S%..I..UQK.VZ..{............J=G.O...rz...Fj..d..:M>......"}..BQ)....V.N6.vJ.W..e.....$6..ZWM.d.EM....l....$.}.Q=.'.zSK...sZ6..fSvI.?.....UM_.Pw.O]...}.....Q.S.U.}w..B=.......(..;.Vg.....#...5.{F......W..D......l.>..R........#\.v.|.6.&....=..?z.J.w.z..c..}d.8........=}dC.?.....i. ...g.#A..i....b,..fgQD.y#R.h1...q.X...."".....o]%?....D_..M.I.r.!4B(3-KO.G..P a..2t.kS.h........c.r....B.w.NOg.?.*k.;.....Ca.A...$...d......2...1.s..r..!go. .M.U..N....... ...%.b\..3...iR...zJ`..-...-?....?p....u=.(.C....0V...F..Fm.9...-..*R......i............Y.i."Q...(.4..,-...Y3iO<q...1.j.P.A....@...@$.-..O."B..J.....5....Y...&6.......Q..s....D'..0K..._.....CI.......a.]~.$WY......Kz~.(.LL..P...A...gK..h.....kD.....r.. .W..S....=..2.kh:h....-}[...\.T.t....T...O.o.......[)Yt.e...G.. .....*6....Tx<j....].....e....`.c...o@(.y.`D..}&.?%.On.Pe.=u............l.D....~*....V.......D3..xBV.?V...b.ZV.......B.....z...\6....y.:....J...UP......Qo.}....N.Z.&B.lU........f.....#.l....4...-..(..<.....Aq..7.JC*....]...._..Jj..=u...TPSS...'. 6..7D..?1.e..7.......c.k./..o...#-.;?p.....1.KNM.x.T.O.j.T..Y.b.

<<< skipped >>>

GET /-1CPlBGY2nWQ/U6oUCeEP2KI/AAAAAAAAAXY/dRC6jr8YqFE/s1600/Sem+título-1.fw.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 1.bp.blogspot.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

ETag: "v176"

Expires: Mon, 01 Dec 2014 16:23:38 GMT

Content-Disposition: inline;filename="Sem t..tulo-1.fw.png"

Content-Type: image/png

X-Content-Type-Options: nosniff

Date: Mon, 01 Dec 2014 11:47:51 GMT

Server: fife

Content-Length: 103628

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=86400, no-transform

Age: 0

Alternate-Protocol: 80:quic,p=0.02

.PNG........IHDR...2...H.....u.y.....sBIT....|.d.....pHYs...........S.....tEXtSoftware.Adobe Fireworks CS6.......tprVWx..VQr.6..d.....'..........".B...Og......].'...>...fF.W...<K$@...H...._..>g./.8\..2...mw..K.]:\.%..q..~..q@..}?......,..~.......:\..e=.........zH|w]&.....@ .....@ .....@.....x.o7/...Q........"..WUhV.V.Z.0........%j.h..d.o.&g.v..|.. .6.....#Z..z.aU..T2fZ..f.........f.../..Ey.#y./.<.:/V.Z........|.m.R..E.tW....V.l.&........g..4$..E.zM. ..n.3....%Q.0..&.XW.5..Q]...........,r..\.dL2..e2u[..i..}...u.&F..U...o..l..q,...N.......,........D#...o.\...&E8!......4.qW..I..7$..["......K.59a..&.....!.C.x....).1..Y..[.ml..N5j...vf...`.J............>...u\.SJ.LZ.....G.M.l'.q.Yz!...\.Zs$...q..u..9.......Ry...m..&&..sG..W...G.....).....0.4D..H.h. .v$.a;3.ei..............|6G.S....:&..x......E......-...6...l7\.c ....n.m.::.....6.}M.N.....5W....}.d...{...v....2.O...X...g.........~.?Dv.. ..,.w..7...J......#)G.l...rn.n6....m..Z<g4D...a.!F..\......kc..?........_Xq.h....V..<...[.1.7.|v...2.".o....ck:....7..BZ..gO.K..%.......U...-..dk..fi.f..]....Q...]}.....^.....DU.g...*..X......n5=..V.)4.~E1D.3*E*........#..y..\3V..7...).wY..)..j`..S...3O.Ir..h"Jk.......'.......... o....z.....5t4..ky..|Xv..D.o......@ .....@ .....@ ............O.../..........c.....-.......HmkBF........................................................................).3...@.mkTSx..}.s.F.>&3.-....n...j.W..xp'.H.....8.e.yq.......de<,..S..O.....s...f.. ...X..D......\..8|.....{......NgF...$.._..3W..C.2...N0..7.x}..f......`V3........F.

<<< skipped >>>

GET /plugins/follow?href=https://VVV.facebook.com/mpboato& HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.facebook.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Location: hXXps://VVV.facebook.com/plugins/follow?href=https://VVV.facebook.com/mpboato&

X-Content-Type-Options: nosniff

X-UA-Compatible: IE=edge,chrome=1

Content-Type: text/html; charset=utf-8

X-FB-Debug: W2jCBgvU 5Uy8UPzySQ0cYOBbjxUzLsu2/LFUj/KPdkMU1MyWd9aCOugv3wnwnOTRij7Laq2Niz5JxXcc9w5Uw==

Date: Mon, 01 Dec 2014 11:47:52 GMT

Connection: keep-alive

Content-Length: 0

GET /ajax/v3/WidgetV3.ashx?siteData=ueOIGRSKkd965FeEGM5JtQ**&ctf=True&ui=true&settings=Manual&from=pt HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.microsofttranslator.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache

Pragma: no-cache

Content-Type: application/x-javascript; charset=utf-8

Content-Encoding: gzip

Expires: -1

Vary: Accept-Encoding

Server: Microsoft-IIS/8.0

X-AspNet-Version: 4.0.30319

X-MS-Trans-Info: s=13934

P3P: policyref="/w3c/p3p.xml", CP="CAO CONi OTR OUR DEM ONL"

X-MS-Trans-Info: 3541.V2_Soap.GetAppIdToken.4DC53436

X-Powered-By: ASP.NET

Date: Mon, 01 Dec 2014 11:47:54 GMT

Content-Length: 42698

.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"..........Z]....M.vvw./.i]5.yK_......Z.....'W.rV]}......'..........l.:.=...N.....w>.......j.b.n....O.O.<>i.}.zx<..`...EW.).'/..O?-W..|...O?....\......w~..{...O].|...W..2{..{...._d................b..^....O.....A.{.?}.......W..}<o.....^....;.......3....M..U=.V.|..h.5..y3....~^....-f.y....Y3....7E.?.Z.vo...<................q.;.O.k.-...iK].....9.\.......m..E..........5..7[......,..ad.b.0.../.3n.....Ev....y....iZb.)~#^z........x4.'..G.Y.....fe...|..hZ..m}..c.5k..J~...G.....yf.H....x.......y..c...:^....}t.M.IU...4...Z..I>......f..E.<n.E..../Z.M.y].W.xU.o02..................l........g.....#..yt.nY]..qY\.........U..UCo...../....z.,/?...?..g........?..O...............].>{..L~..Uy...}...=..m.!...L?....l...WW.~.{.V..w...`~....2.g....8.r^..6.g..y..8...(............>=..t..#.(-...fG....[.k;/..U0w.??...$.h.S.C.....Wc_._.$;w....s....e~....S...;..2....g..C> ...e..............>.._..h.....W.R.......G..X.[..~..>....>......F....l.T...?.}..G..,.....P.......F....2[^|4*?.......>:...G...[.._.....F..2?..~..>b...hE..3..g.].M1).Q......w.....s....4...UE*.{}..>.x..GM^.&..~.}K.z..G;.yN....4..d....-|.I/~......Y..G9.......G.......$...9...|{.T...N./.@..........G.g..\_...u.._g..~:*>.............@'....g.......9.h...6....g....g...h..g.9Y.htA8.{.....).vWT.].9..........->......3R..O..g...b4.e...-F..t......lt>......]....w..Q......bT.t...|..k.MF,..(.....v..O.H..F0...G...I.l.\..GS.i...

<<< skipped >>>

GET /adcash.php HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: atelier802.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Server: Microsoft-IIS/7.5

X-Powered-By: PHP/5.6.0

Date: Mon, 01 Dec 2014 11:47:54 GMT

Content-Length: 1228

<html>..<head>..<title>Atelier802</title>..</head>..<body>..<script src='hXXp://VVV.adcash.com/script/pop_packcpm.php?k=547511d4e15672671828.4120043&h=6f3af813683bda0ded5cfd60c1f29518e0ffdd78&id=0&ban=2671828&r=162025&ref=&data=&subid=&dx=%3D=Qj&pkr===ggLfohLf4j&psr==YYmHe4hGmZw&scr==UYhFK4gOm5h' type='text/javascript'></script>....<script src='hXXp://VVV.adcash.com/script/pop_packcpm.php?k=547513a7ab7c7902334.1583170&h=05b735714f42cb5da4c67aa7d8d7c99a577a51d6&id=0&ban=902334&r=162025&ref=&data=&subid=&dx===wg&pkr===AjFnIiFnYg&psr==g4lJmYiIe5z&scr==84iJm4iJeJi' type='text/javascript'></script>....<script src='hXXp://VVV.adcash.com/script/pop_packcpm.php?k=54751305f04f52749871.4174527&h=b8e5f1c7c892ac144346de651cb9a1edd2c3a996&id=0&ban=2749871&r=162025&ref=&data=&subid=&dx===wc&pkr===Af1kHe1kXc&psr==g3Z5lXe4d2P&scr===gfx5Hc5dGe' type='text/javascript'></script>..<script src='hXXp://VVV.adcash.com/script/pop_packcpm.php?k=547514058ef2a2671829.4120043&h=a20f551b3316025afd96efc71aab3078dc8747dd&id=0&ban=2671829&r=162025&ref=&data=&subid=&dx===A8&pkr===w/2q%2F+2qv8&psr==sP56rv+7TOv&scr==kP+z7f+zTu+' type='text/javascript'></script>..</body>..</html>..

GET /-UmdwoZ-M0zY/VHu_EXIM3EI/AAAAAAAABc4/xr11nZe6QW4/s1600/Code+Master-+A+lenda.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 2.bp.blogspot.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

ETag: "v5cf"

Expires: Tue, 02 Dec 2014 11:47:51 GMT

Cache-Control: public, max-age=86400, no-transform

Content-Disposition: inline;filename="Code Master- A lenda.png"

Content-Type: image/png

X-Content-Type-Options: nosniff

Date: Mon, 01 Dec 2014 11:47:51 GMT

Server: fife

Content-Length: 404201

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic,p=0.02

.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...................9.....m&15...-f.b.....b.B....,0.2H.Y2....k....U.-u..s_......U]...c.c..K...D.K.$..Hr..%;/G...$....f..HN^...8...-...$ '[rss%'..c.YV.....Q.h[...u...q..v.?.y..v.....%_/.....l>//O...$??_8..<'.\G..e.q?Zv..........E....9..VPT.-.g.....n/,.B|.....)..g...>.....>...JAa!...Vl.y9..s.8Nm.|..x......Z~!..@.....V.}.......a.x..)...K...S|gx>l.k......._....<<..r[i.R...?....^.H.q....\..\_.....kb..........s.=..6-.w.........5.k..KK.k.}...._..z^Gi...z.9.3...c..6n...5.>s.[?7.......y.g..v>{-.^:..k..itM.....q<.?#7.u..xm<...y................{...{..p>.\J.Z.............8...}.<..<.7i.>..G.....c..?.R.../..I}6...z..f...3....V.N.~.wY./f.................wC....].....p<...8wnc|..3....h......L.........,.!...............?...{ ..\.=..v......y.<..rp...}H..|w..}........?.da..cP...iX./Y..:..o.......}8.5d.....fx..{=...{..1........u.^...........*._....)-.....A.h..9.q..v..m=...q......kK.:u.mv^N..n..z>.s..4..83;O..5.........;.....:.y..>....W.....f............4.....V.../...^...^.. |sv..A.,.?...}.v.......y.<..y}...........ur=_..e.c.o....-sZ..c.........._.|6...s..z.........>.F..n......y>N..........p?n#...... \.........a....<....X.ll..s.6.....k...__..^.@Bh.....c.;..}.#K._....=3..~..%..;.;.......X...'.j|....p......ks?w..N`S..7....p.....;..4......i....-.k.g......e.i........A..z......qC.`.}........._t.......q|..D.0......&..8>...........<N........ksSw.............V.....=. .....8...

<<< skipped >>>

GET /nv-player?cor=0f87ff HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:49 GMT

Content-Type: text/html; charset=iso-8859-1

Content-Length: 405

Connection: keep-alive

Location: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

X-Cache: HIT from Backend

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff">here</a>.</p>.<hr>.<address>Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at VVV.radiobaladaalternativa.com.br Port 80</address>.</body></html>.....

GET /nv-player/?cor=0f87ff HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:49 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

X-Powered-By: PHP/5.3.29

X-Cache: HIT from Backend

157a..<!DOCTYPE html>.<html>.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<title>#PlayerRadioBaladaAlternativa</title>.<style type="text/css">.body {..background: url(pw.png) top left repeat-x;..margin: 0px;..text-align: center;.}.body,td,th {..font-size: 10px;..color: #000;..font-family: Tahoma, Geneva, sans-serif;.}.#aac {.position: relative;.width: 52px;.height: 22px;.top: -70px;.left: -12px;.overflow: hidden;.opacity:0.4;.}.#aac object {.margin-left: -20px;.margin-top: -3px;.}.#picker {..margin:0;..padding:0;..border:0;..width:70px;..height:20px;..border-right:20px solid green;..line-height:20px;.}.*:focus {.outline:none;.}.#play-pause {.width: 40px;.height: 35px;.position: relative;.top: -42px;.left: -67px;.cursor: pointer;.}..play {.background: url('play.png') center center no-repeat;.}..pause {.background: url('pause.png') center center no-repeat;.}.#load-all img {.width:0px;.height:0px;.overflow:hidden;.}.</style>.<link rel='stylesheet' href='spectrum.css' />.<script src='spectrum.js'></script>.<script type="text/javascript" src="hXXp://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.4.2"></script>.<script>.$(document).ready(function() {..var corp = $('#bgc').val();..var tocando = 1;..$('#player').css('background-color', corp);..$('#play-pause').click(function() {...if(tocando == 1) {....PlayerStatus('Stop');....$('#play-pause').attr('class', 'play');....tocando = 0;... }else

<<< skipped >>>

GET /nv-player/spectrum.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:49 GMT

Content-Type: text/css

Content-Length: 14603

Last-Modified: Mon, 05 May 2014 00:17:23 GMT

Connection: keep-alive

Vary: Accept-Encoding

ETag: "5366d893-390b"

Expires: Wed, 31 Dec 2014 11:47:49 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

/***.Spectrum Colorpicker v1.3.4.hXXps://github.com/bgrins/spectrum.Author: Brian Grinstead.License: MIT.***/...sp-container {. position:absolute;. top:0;. left:0;. display:inline-block;. *display: inline;. *zoom: 1;. /* hXXps://github.com/bgrins/spectrum/issues/40 */. z-index: 9999994;. overflow: hidden;.}..sp-container.sp-flat {. position: relative;.}../* Fix for * { box-sizing: border-box; } */..sp-container,..sp-container * {. -webkit-box-sizing: content-box;. -moz-box-sizing: content-box;. box-sizing: content-box;.}../* hXXp://ansciath.tumblr.com/post/7347495869/css-aspect-ratio */..sp-top {. position:relative;. width: 100%;. display:inline-block;.}..sp-top-inner {. position:absolute;. top:0;. left:0;. bottom:0;. right:0;.}..sp-color {. position: absolute;. top:0;. left:0;. bottom:0;. right:20%;.}..sp-hue {. position: absolute;. top:0;. right:0;. bottom:0;. left:84%;. height: 100%;.}...sp-clear-enabled .sp-hue {. top:33px;. height: 77.5%;.}...sp-fill {. padding-top: 80%;.}..sp-sat, .sp-val {. position: absolute;. top:0;. left:0;. right:0;. bottom:0;.}...sp-alpha-enabled .sp-top {. margin-bottom: 18px;.}..sp-alpha-enabled .sp-alpha {. display: block;.}..sp-alpha-handle {. position:absolute;. top:-4px;. bottom: -4px;. width: 6px;. left: 50%;. cursor: pointer;. border: 1px solid black;. background: white;. opacity: .8;.}..sp-alpha {. display: none;. pos

<<< skipped >>>

GET /nv-player/player.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:51 GMT

Content-Type: image/png

Content-Length: 26757

Last-Modified: Sun, 02 Nov 2014 21:10:25 GMT

Connection: keep-alive

ETag: "54569dc1-6885"

Expires: Wed, 31 Dec 2014 11:47:51 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

.PNG........IHDR.......1.....P.G.....sBIT....|.d.....pHYs...........S.....tEXtSoftware.Adobe Fireworks CS6...... .IDATx...y..U.?.y.s.....;['Mh..1..!....j@.....A...Q......~...........2......B.........t.o...kU..~..{;7Mw.AFq&..9O...S........=o..{@....T.1....".....64V..#.?.d..#...DG...p.c.h..~...p.11.o..e..l.....9../^O.y. ..!.#....zCi.u....F.;.cxC.. ....c......*.......1.....l,.....0.i.u.hR;...........4."..k.rww7.~...$.....';.>....Z{.E.]...O....._.d..)..v.m_/....'..x..W...eK.....0..........7o.\u.UR..........8.{p41..r"..0.e.a.}.....p.....]u.U#.d....._|.E.>}.jkks..[..D"...{.m..Mk........O>....u)..6ttt.J...y....af....</..w..y..........zc...._.O.6...UW]u.HU..c.w.G.?.X.x.6..5.....;.X._......H........"3.!"............5k.`..u....v~..'Tww..w.}s:;;/..gO_>.w....Y.f.;...._.^.4_r.%.._~.......B............=..m.../~q........|...............q...I....v...b..n..6[.....V.^mE.U....1..p8.....wY........X8Fh....!d&"..E.6m.............,[.......={.8.\.m......)S.w....X,.ghh(hkk;.. ....O>.w.^{..ZZZ....,...M.... ;..b.K_..Y..~......]{{._^s.5'......Z...'....w....T.;wn........eI...... ..hq.......N..].Wg,.v-..;j.*..........WYf]]].....S....F....0.ehhHR....8.....w/.8_..W..r.-..$W.Z..o|....R).........%K..nnn^....._..y...7.x...>8|..g.....u.Yge2.]'.p...{..?.3g.....-.?.pO}}..m.......u]..o.......!..L&C...............h..O....k..D..F.^....3....@D......hY^g.i..h.ltd.X..#....8.EVK^..1.%.Z(......uX.;.]MS....r.P.....`..A...=..@uw4.@D......J.............?........U.]vn.qo..[m...P.....[...5...].N{PF....U.K....3..s....E.s...>...V?....%...J

<<< skipped >>>

GET /player/server.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:51 GMT

Content-Type: text/html

Content-Length: 767

Last-Modified: Sat, 14 Jun 2014 02:15:55 GMT

Connection: keep-alive

ETag: "539bb05b-2ff"

Expires: Wed, 31 Dec 2014 11:47:51 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtml">.<head>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<title>Servidor Aleat..rio</title>.</head>.<body>.<p><a href="hXXp://VVV.radiobaladaalternativa.com.br/player/audiencia.html">Clique Aqui para ver Audi..ncia !</a></p>.<p> </p>.<p> </p>.<p> </p>.<p><script>..</script>. <iframe src="hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1" frameborder="0" scrolling="No" height="1px" width="1px"></iframe>. . <iframe src="http://VVV.radiobaladaalternativa.com.br/united.html" frameborder="0" scrolling="No" height="1px" width="1px"></iframe>.</p>.</body>.</html>.....

GET /nv-player/play.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:51 GMT

Content-Type: image/png

Content-Length: 1618

Last-Modified: Mon, 05 May 2014 00:17:22 GMT

Connection: keep-alive

ETag: "5366d892-652"

Expires: Wed, 31 Dec 2014 11:47:51 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

.PNG........IHDR...(...#......9H.....sBIT....|.d.....pHYs............Z....tEXtCreation Time.04/18/14.07t....tEXtSoftware.Adobe Fireworks CS6........IDATX...M..W...s...gzl.L.?.....]$.!.L.@dp.... .,.q.f.H......?.......cft.BL....z..sn.../W.........{.=.....?[....L....s...o$.........!I.HY...@)".P..j.l. ..d. .X.......$...!.X!.RD..ADJ......@i.OR0......'$...(h.J2...d.e-..ED.P......`...l S.d..KD$.*....R.(D. Y....:tQ..Cb.d]AS.Q.KI........).;.......R.n.....\...n58..H&$S..:..7W.s.}.bU....!.....hf.....J.\SD.../0.Z.%......U...t.j.z.%.I......\.T.....op..$M.z..K....<..>Q..4.`.8R.["... W~\]].......d....Dd.d.@..i.g....J.0.0..6.....u5.,...j..{.....]........H.X. .U..h...45....".Tc0..].@....,{.n..?|............WM[j...>.zA&..Tar..].5o.!..N..y.....<x....g.>z.(.0..5.W.0...T../..-..)0..C..{..y{......?^9}.tw}}=u...X..q'n....wv..19..E......N.<y...g.///..z..A..jsJ-....L..25........}...<s.........=.....O.9....2~....#.W.aF.....!........8.........[[[.b..MU...U-)...9....@..*....w..{.......n.....;T1..`.`@...].S..g.................].~._.i.\...d.&..Fv..tn.....N.7...;....?.p.B..7.H.....f.............}.......[..../..J/..x.*<.%....|....E.....-..$.G.0??........./--. .......z.......P.....2.|..Z! ...t:.v.Z.....n..%...ZD....@[_c/w...6.D..W.R;....T[....4-....n....aaaI..............c^)..}.5.|..W.M.M.s.*.y.....@[..(8......z.*.mM#.o..s../.........*.L._...._......b.o`.~ "}.3.a.RS.E.....IV:Y..bx.....I,...bo........~c.....x..A..n...z.Rl.[Z.n6... .......mr........c.......z..^..yP.X...3.......7.I`.T{.ZU...........Vk.^..E...t*..\g@.0?..`.

<<< skipped >>>

GET /nv-player/pause.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:52 GMT

Content-Type: image/png

Content-Length: 334

Last-Modified: Mon, 05 May 2014 00:17:22 GMT

Connection: keep-alive

ETag: "5366d892-14e"

Expires: Wed, 31 Dec 2014 11:47:52 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

.PNG........IHDR...(...#......9H.....sBIT....|.d.....pHYs............Z....tEXtCreation Time.04/18/14.07t....tEXtSoftware.Adobe Fireworks CS6........IDATX......!..9.....7..>...........8........v.e%F......3...|..(.D. ..Q..^..UuI)...R.c..1..9.]...!.....z...7}..#. ..QN.b.y.Z.......O..(.Dq/8.Xh.Y.SD..3{...@(.BA.....|..F)Ts.=.....IEND.B`.....

GET /united.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/player/server.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:52 GMT

Content-Type: text/html

Content-Length: 670

Last-Modified: Fri, 22 Aug 2014 13:43:50 GMT

Connection: keep-alive

ETag: "53f74916-29e"

Expires: Wed, 31 Dec 2014 11:47:52 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">.<html>.<head>.<title>Radio Balada Alternativa | A Melhor Web Radio do Brasil !</title>.<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">.<meta name="author" content="Geovane da Silva">.<meta name="generator" content="Web Page Maker">.<title>404 Not Found</title>.</head>.</style>.<style type="text/css">.#InlineFrame3.{. border: 1px #C0C0C0 solid;.}.</style>.</head>.<body>.<h1>Not Found</h1>.<p>The requested URL /united.html was not found on this server.</p>.<p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>......

GET /nv-player/grad.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:52 GMT

Content-Type: image/png

Content-Length: 238

Last-Modified: Mon, 05 May 2014 00:17:21 GMT

Connection: keep-alive

ETag: "5366d891-ee"

Expires: Wed, 31 Dec 2014 11:47:52 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

.PNG........IHDR.......1.......8.....sBIT....|.d.....pHYs...........S.....tEXtSoftware.Adobe Fireworks CS5q..6...hIDAT8......@..P......J.q.......\X..p..".....XDT...,.F.N.F..r....a..-....r....<H......<y..L...~... ........ o........IEND.B`...

GET /plugins/like.php?href=hXXp://VVV.facebook.com/RadioBaladaAlternativa/&layout=standard&show_faces=false&width=380&action=like&colorscheme=light&height=25 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.facebook.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Location: hXXps://VVV.facebook.com/plugins/like.php?href=http://VVV.facebook.com/RadioBaladaAlternativa/&layout=standard&show_faces=false&width=380&action=like&colorscheme=light&height=25

X-Content-Type-Options: nosniff

X-UA-Compatible: IE=edge,chrome=1

Content-Type: text/html; charset=utf-8

X-FB-Debug: AP/hEC9LuXnrKEQDgih/fPp6FD3j9LYUTNE62rTa J1G106bkFc61nL7WC3fZrTy2JK4MDVja UB9E3DAc1HfQ==

Date: Mon, 01 Dec 2014 11:47:52 GMT

Connection: keep-alive

Content-Length: 0

GET /v2/90x90q90/912/u0rlT1.png HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: imagizer.imageshack.us

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: image/jpeg

Content-Length: 7389

Connection: keep-alive

X-Powered-By: PHP/5.2.9

X-Original-Filesize: 49152

X-Mobile-Compressed: 0

Content-Disposition: inline; filename=30ea29da03c4af3bc6891a56b788833d

X-Varnish: 1254870703 990326892

Age: 1202014

Via: 1.1 varnish

X-Varnish-Hits: 5757

X-Varnish-IP: 38.99.79.20

X-Varnish-Port: 17001

Expires: Fri, 26 Dec 2014 19:23:02 GMT

Cache-Control: max-age=2592000

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET, POST, OPTIONS

Access-Control-Allow-Origin: imageshack.com

Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since

TestMode: rdcv7

Cache-Control: public

Server: NetDNA-cache/2.2

X-Cache: HIT

Accept-Ranges: bytes

.PNG........IHDR...Z...U.............iCCPicc..x.c``2ptqre.``.. ).rwR...R`?..............> v^~^*...v...D_....@..J.(*.....(%.8......../)..3...E..... vQH.3.}...K.....I........ ..H}:....6.....KR @.28..T.e.g.(.ZZZ*8..'.*.W..... x.%.....%.....B..........j..d.2.....9....bg.b..\ZT.e22...#..#.........B....a.....T...!...>...9...O..k..... cHRM..z%..............R....X..:....o.Z......bKGD..............pHYs.................vpAg...Z...U...?.....IDATx...y\M[.....S.4..4..<OJH..E...$C....4. .&...!............rC7C..y.>.........y>..G.y...{.g...Z.!.q.k\... ./.F.....<!...K[p@X`.Q..Iq....Q\ .W..(..Q.. .r.4.t$<g....-.....$.I...`.Z}F...Z....dM..4=..J.)h,....;.X...f.....Gf...s.C.."....m...ht!..{,O.......{.O.....RN...i..S3....Q..6..._sH.a..7h.....v}..f.............c.?..W...,." Y.H.m.....\y.......... .d.....K....i..bC....V-e3.........8BK..\{i.[.3.....[#.4....7._.H0>...Gj.Jf..Y9.M.....6.....7........._\.-?)Q1.H..|*/..3.......i........{...../.....4f....\n.....vn.bu?..XJH.C...>.'.u....'S..=..../ .....t.L....\z..%.z.^~J.9.L4" M@|.6~..2:......b..b$..tF....]-m..@....>...?.?..8.\R)vbA.....<...4...:...../u..N......./....a4.lBf8~.C.....5.?.:*.g.>q..{.....21$.I.s..b.......J.N.a....g@..~.....>.3....E..........2...H.... ...c.H. ].M...oX.h~a3...:.K.<!....U...-:(.75.b...*....B:....K.%|HX.R.7V...{j..x.C.M..6 ....d_3.Z{F......iy$..YH....P.|J.....~........v....o..Y..t....b....Y......S9&9...<y'..0B.EU.($......^....S.T<...._.{...0F..[F...\|....l!....kOi..=...U.g2c7]....2......7ei...'uO.......D.0..f.....Pxs,.V.

<<< skipped >>>

GET /ajax/libs/jquery/1.8.2/jquery.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Fri, 21 Sep 2012 18:24:20 GMT

Date: Wed, 26 Nov 2014 18:32:11 GMT

Expires: Thu, 26 Nov 2015 18:32:11 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 78932

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 407740

Alternate-Protocol: 80:quic,p=0.02

.............z.V. .[|..I..1..Sl*.:.*.....U.jYIC$$!....ZV"..}....I.... (9u.t.!...=...a..v'."../.ly..9}.....E.|../Sx.~w.pt.....b2...Ol:...cx./^...j.U..........5.......I..\..gurgg.....\....."I.YR.g.2..E...Wu..^...YZe....kh.|..M2..YQe..,......?M.l..9[%...L..pgw.{w.s?...o.;.vv......e..\.i.o....].;..U1............I^..........5.'.$0t.L..2;..Y1....i/.....f.tu....-|.O.........K\5..6......tv...?..U-..Ze..../.u.}'......t~....d.I.<...............H..:[.r..d/...,...i.....#....")......E2.3M..z|.........n.].>p..o..........}...qT.9.W..g.Y9.:[.....:...Y....bY.e}..F.x M*...6.\......NZ...mX.....Sh...W8=.T.i...zuQ...7?,.E../..e~...../<..yJ.....9..Y\....w..@..Wp..x.tQ..5A....|Q.......W.....UU...E^..U.\aO...8K.`f...eV.......5:)F.I...$........n.,9....zz..[......3..U....o....&og_..]...n.........W...*WK<...YV.t.sD^....... .Z..L.[.eM.q....z<KjD...c..wYR..0/2.3y....x....I.0dv...*...urY....'.2O..v...g.W...?......?{....ov.n_5~.>>...I..|1...K.&..l........K*.......K.s.oY.Y>...U..~....Kx......9......Y.....;.8......g..K.$n...}u.E.....o.:..u...........>..}....6.N....a....(......].&=.^.......[}.v|.5...........k?.~..%..S..|.>....Y..d.....?..`.xn....4.....W..A.A..8.....vY5M.|.oqu..o...O.e}t.:|;K.'.....~.c.}U...v.W................$.W.U........B...,..........u..g..7....W?...?.........}3_...x....v....F._.}... nN ..>?N...*..b.;...?..<r...d..@....:....I....5.u...;....(..c..Gb.xe6...R..8I..L.........'.L...2..:.tx......p..f..g$.Ya.4.9Zf.p..6.....;H........-..#Z..p.c...x:..u."r..O..r.........".....Gr.MS`(....Y-........n.

<<< skipped >>>

GET /ajax/libs/jquery/1.6/jquery.min.js?ver=3.4.2 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT

Date: Mon, 01 Dec 2014 11:21:57 GMT

Expires: Mon, 01 Dec 2014 12:21:57 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 32103

X-XSS-Protection: 1; mode=block

Age: 1554

Cache-Control: public, must-revalidate, proxy-revalidate, max-age=3600

Alternate-Protocol: 80:quic,p=0.02

............y..../....MD...j..v.%`C...-..K..aS.....H.Zr......SU(......}...(.j=u.:K.i.l...|....U.?{..M..M...........C.p.-..2.W...i.....U./. ?VIpo...[?.....v.:....O.*[.Q.0...j...?l.(..<.{Y>.o.........6.6_....su.Z...r.w.b....w..,..^..>.,........3/...M..^..$Py.......r.Y...`....r.....5..x..*.........p..)5.n.x.....4.. '.x.{.J.=...z.......l?..i^..}t..D....\d....I...C.jM.i..(\..v......:....L.Ri.......S..&..K..).x.....xC..C_.i.i?..g^H3.z..p..{....t..aM....y.\.uk3....^.LU.L.....>..E.Q..?:..V`.{.F........O..}......?. *....K. P..i.F.i..G.1..n..6.....hME.|..\.....n.e...&."....&..~....*.;.{........Y...|[...n=..~....^......{..M..4..5.o........[?L..b..=..x..Q......O#..O.<..... .EU..6....5U%..E.*.S5S.(.]..B-.J..f0Yo.".......v....bW..L.....6.]..nw..l=9......rUx4.|4..........0F..|4....".s....d.(~...h1...p.l....s.....h.....\..|.....yOQ.MtV..&Jx.k.3..g..G@Z.>.y|.g4].kq8._....G...X...6...J.c..Z...*....I3\E.`..........ygs~N`..R..w.3...;8......N......Eyg.5.)P..n3.V......_.. 8.O.:./@.........;5..wAO.|.Y........{.-..*.BE..2t>*F.xL.R....A..I.B..nZN.~.h...>.R.K:I...V...?....c....Gv....bU...<......s.......DYz. ..4kL51..5.E..Pro...V.....k%.)^....nqN.....q.....aF.i/P.[i.1.8"......'..l..H...v.....h..T. Q.....<...y...<..N..y]_.&B.........<.&......_B}..t......n...s.PR5... ..J..i..%.|.-J{..gg.?..b.B}..,.Y..U......&.x...uw...:....4HG..#0..........(..9B.....{....\*....O....D.."..0g..8...t...dL..Q .)=...T.h:.j..^.....?...uP^.h......*!.E4%....@..]..\.....x....w.cag.(zW.~A.....!.Q......Z5*CE.w.g!..2[.l...=..CL.D%|.

<<< skipped >>>

GET /ajax/libs/jquery/1.8.1/jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Tue, 04 Sep 2012 17:57:57 GMT

Date: Wed, 26 Nov 2014 18:31:39 GMT

Expires: Thu, 26 Nov 2015 18:31:39 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33221

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 407774

Alternate-Protocol: 80:quic,p=0.02

...............F........D...1..).......5...T..l....D..Q$S..<....?z.~.~.........U...UV.C ..;....vNn.v.o>.........On......'..Ym&..".........?...2......$.3w'.....].9I...x.....|w.Y..{y.N...]......SE..%.t.u...J...o.Ne.]1..(......\e....../..<..x..y......8....;{p........|.4..~....7.wOv.M...r?..T...[.O..oKo../..m>.e...v....t.B....-n/.vy;.{....Y...Y6.f...]...Y0X...f.......6..i.....w.u.=....T1u"..I........x....by...$..j.NO..b.|..}.!.......Q.....X...i..xV...H3.K..M.m/.......'.c...........r..}O.U..]m......lu.G.w.....~..y.kn@*v>....GQR...).....$., N.F.......N'...|.g*.-....!%.}...M'..........t..TSUR.4..\.......r...|'..I.>....a.....&....8...;s=.6y2... .@....M...g..vA..b.O..s.S...<..@.8....d7.....z..........,v~hO..._}|.O...Ts0......:_fO...0...2...6....>.Vj...$._......]..}...c..1..o...5.7...j..{.;..s2%.....?.P..l...~.....b.O.\f....).J=i..*.g.n...zq.Q3.B.a6....0...\P_..;...n..Qm..e.<.....Hi...xc.......O....7..^...3.F..V.....m..c3o........VT.....}K.g....mo...f...../..W..x.X....). uaAu...Wio#.|....b.....M....{...z....v.{:..YNH.....\.|......X..A.2OLC.5...$.-.G..zt.....Ke.7;Z\.............6..k.M..q.p......Bn...].l>.hM..r.....4.k.....]R..e.y.#..{.........j.d>oV.|/..GN..:i...5n..]0wl.V.@.^=.D.=.7......w.8.........@.X..M~6.W0`~v.....|..]Wo...H.Y..8.b..tK;JyYAx9...L...{..@...r...t.9U?pp..Y4..F. D.......W...p..!..x..w..v.q.W4GNo,.L...g.s*....8=....;.mZ.. .G.aq..?.. zO.*M.B.l.._HX5....~.Ne...G...=i2h~>m>.....x[.xA.a2@....B.n.B..f.".0..i..).q.D.....io.../T6....)QOA....#T..@.....X..H&`.?.x.j.....FJ ...

<<< skipped >>>

GET /RadioBaladaAlternativaWebRadio?p=1 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/player/server.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473; expires=Tue, 01-Dec-15 11:47:53 GMT; path=/; domain=.xat.com; HttpOnly

Cache-Control: max-age=600,public

Server: cloudflare-nginx

CF-RAY: 191f0d7114400edf-EWR

Content-Encoding: gzip

152............|.]o.0...M..].......E.-..15fW.@.M...Q.............s>:yX|..s.D/t......k..E.......kb`;....\.P...,.q.....#.(.....$.n...t@R.rn...i.3....Y\....P....Q.|.(.\.E/.c.]o>.~......39..K..q..80.......g.^...v..S....N......b...5g)..,.n$.qb;.....@.QG]..........ZR..*....<,..[.G.6....S.......2E...N..y......[...T...,k.n..=_...L..a..z#..?...........13ff...[ys.......w@.....$uZ...cg..K.l..}..T.$!.1EjxH.........Vf.xN,....F_........*1..tN.S.......t~qv{..Y.,...T^,.g..........X.<.i@.....9.L0..V......._...*.X..t....).@.....rEw.9...Bbc$6TT...............zOo.6..........*...N...o...A.:.....u.``.L...gLtlY6..:z.4.....q_..u.o...@..^......w.~.......X...o.....^.|..EC.Z.l.l.V.G.:4gq.T..lS.........;..Z................A...V...q.Yh..Z7....} ....V.h.^...*J..j...LX......tr.V....}..&...e...2.,CQU...7.u...c......Z....:..5......n....Y.l.L......r.*......TX.a5.....b.*y.........(...C.S......G.yx..h.....)w.C...s.q...Y..['!......#.l.....?..?.dJ......GC....."...(..g.......OW.C..I.;.b..Hg......F.....n.......?..............!9.%f.Z.......w..o.d.....z......@..$!.w...{.....[.._x.......C.{wu:.s.;...S..... .^...i....&....z[..MM......C!.........nvk<~.[.?..Y..f.0.!.m4.q...!i.(....{<Xq......q........h...*...@...^.......5'|\.c\..,.7...><.|G.u;..?...........A` ...X.<R..).D8.t.3..|3.(&...f<.. (.6.s...Y,P.x`......X..v.... G.......u...Vl...{L.....................[.@..h..4u...X..[].T.q....?./....m.....e..1.J'?.^A$.6. ia.......%mY...=..o....9w..5e....A.2...<..g...G....9.1e......A.....g.;.(F.!1}..z...O!...6..b.<6.o7....ey....4.:

<<< skipped >>>

GET /images/xatblk.gif?a HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: image/gif

Content-Length: 1526

Connection: keep-alive

Last-Modified: Wed, 15 Aug 2007 14:15:50 GMT

ETag: "46c30a96-5f6"

Expires: Wed, 31 Dec 2014 11:47:53 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d7504e20edf-EWR

GIF89a..1.................Vj..'jU.N....v....7@quwQ..3]f..g.......x...P=7"Q...../*.0..Nz.....%*..........v.ghhy....-......ZI.n..XXX....i..."j.....r.......lHII..3....FR............p....x..2.........6fp......!.....?.,......1......pH,....r.l:...tJ.Z...v..z...xL.k...g...v/@.g.....En./...5......113.S>$.)9!!00!)(.~.F...7...5..#<.L..(.....9(>..?.*......7...##;I.).....$...*..........3|B....!...=..4.4........<..$..!..N:.N].....[.P.......1.A3.:.L.@.. g9.u.@..-22.6\..a0.....d`...(..h......d.\...hK.......D.Y:N..9....D.j......R.8... ..c.d....R.E.4K.J.Y.`Z....)...~..@....w..X.....K.L( ..!...h..k..<~.....e!..x....1../.......Hj..........> ......z........Z.H....g...q....;..x@..."...=..@r.~...k..Y.E...a..w.1...w..G.{\h..^.. ..x.1.Y..a.}..`..g.aG...q8..[(..V,H ..h...O..........8.P..$ja.. 1."....M.EL.^#<......x..<@ .1:.q...R...Hb.#...i..6....I.......'qa.....u1..e.)...i.D."..A.Q.......e.yj1Z%d.I$.....u.]y..F.HU.H..!.T.i.X0..\r4.x&.-}.MXI\h..G.IU.E..%..n1.s.m..........UL.J..e.Bt9...n..Os.V..cj..... p.K..PC"l2a.z..zLhJ..-.Nb.*t..eT.~...C\....N........._..S.RX..-".!CQ......I...N.. ..V....bF..P.%.NH.,..C.....Q.S]K.j .D.|...R.(.3;..,8#.....ipc..P..H..hvEP..2.=-..R.{.lG...S.<. D...D.#.`.WD.p....w..` a3Y:.pRm.....Z..V....4.0O)..#..w...]...!..i.....(D2..-...^......3..p.D......&..j....>L.hn..cN...g;g]................X...O....K?...`....ms...#a-8......;......$a..s.%........c.6^b..5.o.1...5.nqh..K^..c......(@.....x..0..(J..(tO..x...d%...TD..........#P..&`.H.@.........x ..........d.;.A.*.7>...h$..|...,..S|.>.

<<< skipped >>>

GET /images/b_news.gif HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: image/gif

Content-Length: 827

Connection: keep-alive

Last-Modified: Thu, 21 Apr 2011 11:11:05 GMT

ETag: "4db010c9-33b"

Expires: Wed, 31 Dec 2014 11:47:53 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d7574f10edf-EWR

GIF87a . ........~..zU:..u...BXX..,.....h...-<.`.=x.R..B..7..".......!../2..>_n...J....3VRPS..*..F...Pm...E*..m.....ZG1.....6..#.....G..6.........GT&..\...]&B............4E2]p.~)4k|..,.l. }...7@...Oif..T!...)qD...}..c~,.(We.p Hq.S6.H....%..w."%.S.2m....Y..1..... k...[c..V&..u7z....*,u..2D>..k...Xv...X..D..b..r..I~.r.....-...)36..Am..Wr(IX..$.=R:..I.....S/.9....4.s&.X...J.........Qmy.G]0..@|.3..,.... . ..............x....7d.Lm...j>..bIh..x.....S.!z.#.a.....ZQwTo.|.0<.<a.`a..t.D......ijX~.]JM...b.).).SO.K#.Pfv..Zb..N"?A#.;JY/r.%`...g{2...gB. H.5...!..}.8......12j.....&....HR#..y.Th.$c..0c.D.B....@.9.....pz)...B.>.\pi..E.1...I..".96.$......*dXpA....gx..vB..8.b),..H../4..h.....2d|.@.Q... .....?..e.`P)....... .... *m.....>.."...S...~...`......i..7...U (.[.....@.b.A.....%.`..'B...>(@. ....a...7...H....ct.<.^.....M....R .;....

GET /images/b_trade.gif HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: image/gif

Content-Length: 361

Connection: keep-alive

Last-Modified: Mon, 19 Jan 2009 17:06:28 GMT

ETag: "4974b314-169"

Expires: Wed, 31 Dec 2014 11:47:53 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d75d5010edf-EWR

GIF87a . ..........^L.@4...a.......y...-............XXX..!...s].......mmm......>>>...K<.......#..........?fR.,.... . .... .di.h..l....$.......Qt. .p..0..2X..>.hP..H......F F..Z.F.)C...B......}.N..0.4.....Q.b}..zT......rB.(:....}.....K.)...".....f@.(.......PB........"..T............M..(................(...$....*......*...,....,........t;D......x..J.H.....C..;....

GET /images/tgrid.png HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: image/png

Content-Length: 1890

Connection: keep-alive

Last-Modified: Mon, 30 Jun 2008 13:35:24 GMT

ETag: "4868e11c-762"

Expires: Wed, 31 Dec 2014 11:47:53 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d7625190edf-EWR

.PNG........IHDR.......>.....1.......tIME.....#...I.....pHYs.........B.4.....IDATx..XkLSW......>,.". .."8..1.AA.m..?..&[f.i.l_.[.f.4.a.".3.Q...1....M...s.8..8._.eK...h...x.(........{...........S.....D...@.V.t:]..h...1??.Z..eM.,..q.(.JIpp0IOO'...'MMM')_=m....LF6o.Ljjj..g.s...-[.....Rz/......}....p..2..U...`.<.".ha..a..y~`.. .gC.......>.....X....5.......{.$......L"j.q2Rwh%}.%!..dMj.(QtQ.9Ih.u.I..4....sR]M..=.....H...jRYY. ..AQ..v..At=.C..........=....,]".x........'W@"...rggg.'<8..{ .....w..P..'N..1.m\ .....p....O..!......g.t8\....t...=r..k?..]Y@j..J%...t......m.a8.....0.dAx}].r.....#0H?!!E..(....DS.J..c..............V.v....>h.fA..bYj1./.......0.F....6.X...}....0.N$..a..F..u(.9..E0....1.I..`...q....^f.....&..>..P..#.6..N..}4BU.a.j.P..).........A.0.D..ut.~.lj......a...iHA...(y..&.p..L...&..X..0...8...t<.....1qIPk5t>s......o. .N..k.P(.I..\b..F..E>._..jb4F.....!..S...x....hV.E.H.2d...7s...._0g.BQ....8......b..m"?:-......X..-._.......D.......R.j..a...........E".7..]..].6<.~.....`I..R.s.4......5......X.{=~..Y...6...M.*....@.N...Q...A.P..ZJ.m.'].X....@.R.6`.........PU .C...LF.Ct...........> dM.Q....%u|y.Y"..e.Hxx......Q...|Cb....H...[L. qq.....s....(.......L.J.....((xK.f...0.f..t"y."......G...]?.._.Z.&...6l.....P.C..9..Z...I.........A.CA.9Qm..0...A(...v....Jq.......1C.4......M'M......c6ahp.--.0.u..g6(....K.....?1L.L..b.,..2........<...c..U.......@...R[[K.......<...J.R}}=..Sn_.m......."..-..:::...7.&.@LB&. ..XJJ..8......@m..H.3..@.%-,,t....c..}.?........0f...L..&b~`t....A ......

<<< skipped >>>

GET /images/tdoodle.png HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:54 GMT

Content-Type: image/png

Content-Length: 1608

Connection: keep-alive

Last-Modified: Thu, 19 Jun 2008 16:31:18 GMT

ETag: "485a89d6-648"

Expires: Wed, 31 Dec 2014 11:47:54 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d7685300edf-EWR

.PNG........IHDR.......R.....N.......tIME........R......pHYs.........B.4.....gAMA......a.....IDATx..Y[L.U..wg..@.(E..,m.V...`..^....IISH.&.P|........T...iRZ.TA.M[|PSh.....r....ib..*.lYw..7.Yf.......r..3.................E..)##.Aff..yyy7.8...6*....D....?.n7gggsii)777.....q?#i.XC.4.......!.==..r.....;w...kC..ISS......@.L.......q.X\\..S....M>Z[..n.V...v......[...z......(7.I.~..ZYYQ*e..........K.=....2..<.7.F.<...=.................N_.*...TZ8.6..1...K...y......6...{..D{`........O3.9.....x...u!..].P.iK......E./.........HK.".....v.~J.z.k.?..........1..w..4........[[KQ..n....*x....U.u4Q...... ..b..,#o....s... .vm'W....vQHkX..a[2..U!.'.m.;..4...=.a|.....w.. .i..[D a.?Q...........|.....k. &...A.muN........7...S...b..|4p.... h ....WF8{....l7O.a.c..bT....t|..p..,......On.y{...!...-....S..p....S..c.......O{M..........Ri.<...xT~...C........MNN..b.~.....s..hvv. **...S......{/...8q...}.....V......Q.p...G..$.?.....#....Kuuu.uzz...[W..966F..._.,??_....r......].j......72...---.................1..3...`U.677.....<...P..........U.F..-.c......3.(.......K.......j.j.3.......,....s.zVUU..B...o. ..k....%.d...5....>q.D$....K...c C.U..VM.E...t....=...........H...fj[.....5UVVF<@e.;U..!..H,...*9.....*)).W...e.......'......Y-`...t..)q........G .qws2K...@..h.....,....6}....r.jR1..".R.....]..ly./.A2<.p&;vvX=."..0..H.'..).Y..q.20<.-S.Mn...0...|.D...dV.Hp4.N..9@..D$....L[[[...C....@....u.....7.... ..h~7.......z .Py"..p.........V%k...'Y..WS.(....b..O.....Y.....M....G.0d.. ..&5.):...... R=S...b.&....b..z...J...#..Cb.t.....

<<< skipped >>>

GET /images/tclose.png HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:54 GMT

Content-Type: image/png

Content-Length: 793

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2008 13:03:46 GMT

ETag: "4790a3b2-319"

Expires: Wed, 31 Dec 2014 11:47:54 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d76b5380edf-EWR

.PNG........IHDR.......".....E..3....tIME.........O.....pHYs.........B.4.....IDATx..W;H.Q......C0N%...AZ... .H.I&..b..N....[.1..{......1 ...%.R......%H.u0.xz..B[.....B..$.=?.w.y.HKKK..$K...A...7....Vk...V.}.._0...h4W.*..L&...........E^..5A.U....xhoo.-?.);.....S2...oI..q...i.d2....-%......p8.$...rJ8...R.\H*...(....QQ.!..h..9....Oo/.WW.R...J....`0x ..YTSS.7..h....5............V...a.......r....B........y.`..s\.D.........`tt...a..ll.##2...LM..8..Sv....>..]]...PU.lm.CC........,,..]_.....B......_Y.<;.TV.==W...*..r..fyz..fs.'P.....b.t..z..~y)*...T|....NQTT...@S....}...p:e;.%qtT<...M..........-........$.t..x..VHr.A5...g......$.-.]">.e:."--p.\.f.9.......\.._'&..F..8.8>.F......<........L....^/}.F."..t<N.wwi||.t:..'...(:p..........f.......f.U.@L...nX,.9...\..z....]#.............}......IEND.B`.....

GET /images/tgames.png HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:54 GMT

Content-Type: image/png

Content-Length: 2056

Connection: keep-alive

Last-Modified: Thu, 19 Jun 2008 16:31:02 GMT

ETag: "485a89c6-808"

Expires: Wed, 31 Dec 2014 11:47:54 GMT

Cache-Control: public, max-age=2592000

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d76e5410edf-EWR

.PNG........IHDR.......O.............tIME...............pHYs.........B.4.....gAMA......a.....IDATx..YilTU...{..C[..i..@....J5A.L.R ......D-...5.%h..&..Pc.....4FV.HA.B.&B..(... ...2...[.83.y.f*.'.......{.w.yJee%C..g.4...ptedd\........f.i....%3L&..UUe...l..Yl......a7.....hC.4.b..V]]}........,.K..........TZZ..\..._ A.N.s...0.5..l...y..b5......zO:....%>..,....C.P.......2j....8|.0ZZZ.1E......=i......=....p..9Y}...{a...M...f..^.1.......|N.8...........WV............V...........\p.T.8..R.O....%..F._[[[N.......<.?..._...t.:...U........4.,. .&.hZ........x2...6N...C]{....?.....#'...`:.{...691n...K.;....!~......=........;()@.......!...........\5@v...v?r....KV..P,..T.x1s.......A1q........BV4..{.p..}.|;..4.V|..O...EN..........c.[0y........O.......'...nn76....k7.{.......u.j...|.^l"...^.g....kSQ8A.....&.R.l....jGQ...we~...r.^q....~j .......a>1......|..3....?..n'...D....5_#......Z..Am.....A ....c>...@...5......c.]..P.C.^...z8}V..Q...w.......h..B.......;.-8...!..y.?, ..g...rQd*.jc..r....t*W...yP...H......zt.<.....n...;....`..sp.=....~.....v..X...E.b........B.....o..LG.z7.......'..Y.[W@..4........eh.....o.%nu3.M.R.H.!a..zt....w/..^..hGg.gL@u.[0.g...v`........w{....Vd.f.}.x.@/..W......#$.D..O..4k..b...0.b.lN6....0C.G..13.H.........A..Y......g..s{{;..?...0.-Y......u...{..>.._.,.C" .....2Y.`. //gzD...................5k0v.X.h....:QYYYb....U{..m..&..........R.K...i......VD.$"..'OFVVV....3..e...N@j!..ysP.....s<.W...-.s....3.>a ...Q.....0?.;w.V.\.....;kjj.....n..$~..PA.........WG.9.o$..1.......'.....'...{.S.6h.Ak

<<< skipped >>>

GET /cdn-cgi/pe/bag2?r[]=http://xat.com/cdn-cgi/nexp/dok2v=1613a3a185/cloudflare/json.js HTTP/1.1

Accept: */*

PE-Token: 2cdef2412bbefb190871571e72650911b62ad89d-1417434473-1800

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xat.com

Connection: Keep-Alive

Cookie: __cfduid=d1de8ae0bacc52421da52c8b598e8a3e81417434473

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:54 GMT

Content-Type: multipart/mixed; boundary="-kVd8c3a-gAYFu==ahSw"

Transfer-Encoding: chunked

Connection: keep-alive

Server: cloudflare-nginx

CF-RAY: 191f0d7745530edf-EWR

Content-Encoding: gzip

65...............u..K-*....R0.3..r.. I. ...,H.R.-.).,H,*....HM.VH./.KI,..U...K.H6N.Mw.t ..M...W............c.....&..........51....uN..-..R.())....H,.K...ON..MN...K.(.O..6*.5434N4N4.0.O../MI.I,J..*....*..........14.....\.XRZl.`d.t6.......22...;.(1.8-.H.5/9?%3/.J!)3..`^.........18...k.M..uL..................14....;'&g................1a..B.................^.........16...ks-*./.RHK.)N..........c9..l....0.._.{@H...d'._.r.........|w.)...e..._...`..v'..Ff...Ly.92<.g ..&.*M>.....V.../&gi....[h#.........p:.}].........cu`.z.".3~.. z.z..".D.h....-.."!..i.X....k...U.O1.H.!...|.<=.v...pXW.*G.^U............be3...Y...8..y.j...5!.Z..1tc.`..>...J...B.lc.n..9......I2.#..Mu@z.....I....2#q. 'e.....?~.Q.......r10mV,f.I.t....Jf .6..........g..P ..t.p...Xv..A.N..]...$.B....f..|d.y_u.....D.`........`....O0.d....9J./P....e.Y;..*..<o.=s.].d{%..l... ...mU..\$f...%N..e.{V=..%.^r*?\._U"/.....x.......U7...N....R...V.j...z.~..a,..E<4o.L^p..NR.i.?.I7..q.....v.J.u......c64=6.C..06..u...3.Nw.*DT...d2X..EG.>..V......X....x..9..j.).].#?..6.;:.........]..41.q..X.....|p,.T.)..w9....0..M./...q....X..`.^....(..E.l..f....r..U.........qs(....UJt.Y..-U.|$.>`?.g.nT..m;N`.i5Qr..[u........[....$........7d.!...Q.&...]M..9. g....r.HrmK....IOR......x4...eo..."...S.y ..R...6^...-.d..nKQ......\.....f6._@....N..$...D.......#F...o.bX......... ...y.....U.;.H@..].........T.._l3x...%.9R.U.U.e.%.~f3kf.f.n!......N=V...cE...7Sk.....fLQ0...<M..M.......b....".05Pr........b.....3OXeQ.;)..M..D.y..X.G..rT^s..v.OF...`Z...Y....%...&..2^@...f.s.....%

<<< skipped >>>

GET /-GT2zFFUi1wY/VHsuCGmbr8I/AAAAAAAAAUk/bYb53AeddIA/s1600/Lol.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 2.bp.blogspot.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

ETag: "v14a"

Expires: Mon, 01 Dec 2014 16:15:39 GMT

Content-Disposition: inline;filename="Lol.png"

Content-Type: image/png

X-Content-Type-Options: nosniff

Date: Mon, 01 Dec 2014 11:47:51 GMT

Server: fife

Content-Length: 87426

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=86400, no-transform

Age: 0

Alternate-Protocol: 80:quic,p=0.02

.PNG........IHDR...7.................sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....].....w...13.$[....u........L.Y...,.....e.L.....s.}..o....w..-'.].3...c..h.^......U.....;..l..l..f.v..U..l..l..f..o..&..-..-......9.^.6..-..-.E..O......l..l.j...S...g.-..-..Z4x..-x..p..l......?u.^.6..-..-.E..O......v..9y..|?.86.9.-..._o.s..A....E..O........n..b6.i.Y.N..............f[.....m..m.z...h....E...5..C..X.^.].m...a.UL*c.JH.m....l..J.yw.$.......m...g.!...7.0..........Rn] ......ZEeZ.....}.d..'e.df...i3.B..zn.\...g..-=3........L.F..t..#..^.........N...2..]....w.'..9.....}.......h..3..........&...jA.P.....b.6dM6.~Jva....IZ.J....\.....f....3....%....;.......3^ot.e..,.n.w....h..Y.^.]..??.ap...BT.E.l...eT.........n.>...mY...FB,..-.."..</..f.4..?..S..[.r.[P..Y. *..Y.......1.T..........SmQ..E.X..5.a.A...".):..<Q.........E;....9...'.<....Y}.WX....n.\xSF7(a.........x&.a.R.J..~).U.e...b.`..d.".E.IF.3."...R.....E..?.n?.....h.....~...k...k.a.`...g.)#.f.[.ry.G.F..P1.n?..Vv,s..i.-......s.s..n.j....._.h...[......%.f......}......2.....S.h.`.u?....g....Eq...75.Z.\.p.~.............2..y.$.|%./r..IMJ.......6e........O..2 0.Y:..<.@......15........!.=...1w...f..f[f..........V.N......\...,...H..........u..Z.....G...X.}.....)=#.dH........{..9t..l.}.E..O....Wp..b..X9..;.....G.....F.......P..owRJ.-......!..Y.....m...]....#......z~..B.M.f......?u.^.]..H..n%.kd.....3|/Q.pv..O..2Gq).9U......-k.2.(.-t...~0PB.f..G.d...=...._6..h...S....5..o.%M:L.....b.Z.X..y.....-.n..m....~0...<..l.......-..-....%..[.e[....l.e[.e..H..[.e[.

<<< skipped >>>

GET /pub/shockwave/cabs/flash/swflash.cab HTTP/1.1

Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: fpdownload.macromedia.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Server: AkamaiGHost

Content-Length: 0

Location: hXXp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Date: Mon, 01 Dec 2014 11:47:54 GMT

Connection: keep-alive

GET /pca3-g5.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Server: Apache

ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"

Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT

Date: Mon, 01 Dec 2014 11:47:54 GMT

Content-Length: 533

Connection: keep-alive

Content-Type: application/pkix-crl

0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..140922000000Z..141231235959Z0...*.H.............O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.t....LV.uD....B..z...~I .6..aR[..(..q..............

GET /-wbOyGFuANTQ/UVF1F4ouC4I/AAAAAAAABiA/RX4jNlICbjM/s1600/aktechz-fb-lock.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 4.bp.blogspot.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

ETag: "v621"

Expires: Sun, 30 Nov 2014 19:43:04 GMT

Content-Disposition: inline;filename="aktechz-fb-lock.png"

Content-Type: image/png

X-Content-Type-Options: nosniff

Date: Mon, 01 Dec 2014 11:03:51 GMT

Server: fife

Content-Length: 149

X-XSS-Protection: 1; mode=block

Age: 2643

Cache-Control: public, max-age=86400, no-transform

Alternate-Protocol: 80:quic,p=0.02

.PNG........IHDR...............6....\IDAT(.c...?.!.....<.....a.d.....x../..}..~@.?....?Ab..@....~.$...6...pEH.../..(...PD..D..1../.M....R....IEND.B`...

GET /cdn-cgi/nexp/dok2v=919620257c/cloudflare.min.js HTTP/1.1

Accept: */*

Referer: hXXp://xat.com/RadioBaladaAlternativaWebRadio?p=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.cloudflare.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:53 GMT

Content-Type: text/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=da431ea9a7ab0bd86c595dadc44461fb01417434473; expires=Tue, 01-Dec-15 11:47:53 GMT; path=/; domain=.cloudflare.com; HttpOnly

Last-Modified: Tue, 14 Oct 2014 06:18:24 GMT

Expires: Tue, 01 Dec 2015 11:47:53 GMT

Cache-Control: public, max-age=31536000

Server: cloudflare-nginx

CF-RAY: 191f0d737c9301ed-EWR

Content-Encoding: gzip

1ac............\QMs.0...W(>I...%. f.......fz.. ....e.,.....9....F...oWW. ...}~.H...mb....<`N..'..r.'[...m..../......[. .R.....#..1}Q..T.Y/....l...:~&.!.;$.w..Q..d"..h.}...H....V1..~)g .g..l(...y....K.I...5$A,3.e..;s..... N..J.z.... .k......7...R.xzO..s...-Uh.C.....q.)r.{...........6G.E,u.{.......R........(............Q...5..`.....~.ex.T1^.....qN[......1\nb6...^.>;.x...$..r....{99.....(.......,.. ZbD..........v!4W....;...]..........195d...[iw.8.. .S....@R3..J..V.....==...l..`.6Y*....j.........[......d..:DD....=-...`.L._...-s6..oRp.6......... ....5Zd....>.9.M........y..$..T..D2.6........"Sm.Fh.......J4.2..H.....k8..N......f.E...`.|/..&.#.{.hp0J.X...J.d.I.... .SYW.7Io.,......L..0z..<...ATs/...FY......2.2../.t.@...5..\...(......8.X.......@G..N.N.....<b.`a.da.wx.^..NS#.M..8=...a*.....Bz.,.....K....$.../.l..%...!R.......L....1..%q...2Y.1..ZO#..@...omk......-rZM.OtK......W....|.%.V....j..uX.R...),..O....Z.....A....:&.#` a...-.X..T...E.....kq..V..Z..G....X.(..b.>..WQ....N....:.....0.q..C......-..8F=x.%............V....Ff..`.)*I..a...f..>..R-!.<2..,.!*.X.. .....B34..._.M.IMc.;.....(Vy'|.B..r}..{......"Mc.#.I^...B... Lh.U"...j?.|$...H.......z .)..l.fY.&w.Mx......<..c............&.4........_7.m.7........"..-.B...J. ..8.....3S...{..V>...w`'..C.gs?X.z.....m4.RH.l.yzp..H~zi....}..N..].O.....ZN@>.CA......a!.c...r.y....hL..Y......./...........c..l........h_.....HB\z..].....5)...#.m.NJa...F...xKK-@.....}V...|K6....P..B......A7.WW.......)T1...%*..Bb........].%...%...U.^.........D....#R.%8....m

<<< skipped >>>

GET /nv-player/spectrum.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:50 GMT

Content-Type: application/javascript

Content-Length: 71243

Last-Modified: Mon, 05 May 2014 00:17:24 GMT

Connection: keep-alive

Vary: Accept-Encoding

ETag: "5366d894-1164b"

Expires: Wed, 31 Dec 2014 11:47:50 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

// Spectrum Colorpicker v1.3.4.// hXXps://github.com/bgrins/spectrum.// Author: Brian Grinstead.// License: MIT..(function (window, $, undefined) {. var defaultOpts = {.. // Callbacks. beforeShow: noop,. move: noop,. change: noop,. show: noop,. hide: noop,.. // Options. color: false,. flat: false,. showInput: false,. allowEmpty: false,. showButtons: true,. clickoutFiresChange: false,. showInitial: false,. showPalette: false,. showPaletteOnly: false,. showSelectionPalette: true,. localStorageKey: false,. appendTo: "body",. maxSelectionSize: 7,. cancelText: "cancel",. chooseText: "choose",. clearText: "Clear Color Selection",. preferredFormat: false,. className: "", // Deprecated - use containerClassName and replacerClassName instead.. containerClassName: "",. replacerClassName: "",. showAlpha: false,. theme: "sp-light",. palette: [["#ffffff", "#000000", "#ff0000", "#ff8000", "#ffff00", "#008000", "#0000ff", "#4b0082", "#9400d3"]],. selectionPalette: [],. disabled: false. },. spectrums = [],. IE = !!/msie/i.exec( window.navigator.userAgent ),. rgbaSupport = (function() {. function contains( str, substr ) {. return !!~('' str).indexOf(substr);. }.. var elem = document.createElement('div');. var style = elem.style;. style.cssText = '

<<< skipped >>>

GET /nv-player/pw.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.radiobaladaalternativa.com.br/nv-player/?cor=0f87ff

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 404 Not Found

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:51 GMT

Content-Type: text/html

Content-Length: 613

Connection: keep-alive

<frameset rows="0,*" border="0">.<frame src="UntitledFrame-1" name="header" scrolling="no" noresize target="main">.<frame name="main" src="hXXp://VVV.radiobaladaalternativa.com.br/erros/404.html">.<noframes>.<body>. .</body>.</noframes>.</frameset>.<!-- . .--> .....

GET /nv-player/player.swf HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.radiobaladaalternativa.com.br

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx admin

Date: Mon, 01 Dec 2014 11:47:51 GMT

Content-Type: application/x-shockwave-flash

Content-Length: 162099

Last-Modified: Mon, 05 May 2014 00:17:23 GMT

Connection: keep-alive

ETag: "5366d893-27933"

Expires: Wed, 31 Dec 2014 11:47:51 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

FWS.3y..h..p........D.....C..........._sans...C...@b...o........!............................@.........Defaults.......@.........UIObjectExtensions...........@..........0................@.........UIObject...........@.........r...@.........Border...........@.............@.........RectBorder....._.D....X.C.....................3.C..s..r.@....._.D....X.C.................3...5hp.|.s..r.ND8..........................$.............this......tabHandler.R...........@.......`.>..>.........fff.5....D.t..C.t.................@.........BoundingBox.........&.....boundingBox_mc.@.........FocusRect...J.............&.....tabCapture.........@...............................r..@.........FocusManager.......@.........UIComponentExtensions...........@..........N........................1Qh..@.........UIComponent.............&......@label.@..............;r...........o...@.........TextInput.#...p..(..<...........(...... <.P.x......X.7..Y........./..z......h..>..q................@.......W.O.. P.6......d........#.zI....&.X.>.U................@......._. .9..X.. .k....d........#*.JT.{=..............................@.......g..?.#.`...."....d........#2.A......?0.h..........C...7.................@........................U&!........?............c........?.............8.......?...mc_wave_1...................?...mc_wave_2...................?...mc_wave_3.@.....I.....w.....#Pw.....#P.............***..-..............p...6.[..K..........................@.......p.....#...***............^...;.| ...... ...........@.....!..............@...

<<< skipped >>>

GET /wjFHehL.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Fri, 19 Sep 2014 21:00:59 GMT

ETag: "ea4ad3b1f73f64d9f7a10665ed592880"

Content-Type: image/jpeg

cache-control: public, max-age=31536000

Content-Length: 34404

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:51 GMT

Age: 5108613

Connection: keep-alive

X-Served-By: cache-iad2124-IAD, cache-ord1724-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 61, 254

X-Timer: S1417434471.099414,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

......JFIF.............@ICC_PROFILE......0ADBE....mntrRGB XYZ ............acspAPPL....none...........................-ADBE................................................cprt.......2desc...0...kwtpt........bkpt........rTRC........gTRC........bTRC........rXYZ........gXYZ........bXYZ........text....Copyright 1999 Adobe Systems Incorporated...desc........Adobe RGB (1998)................................................................................XYZ .......Q........XYZ ................curv.........3..curv.........3..curv.........3..XYZ ..........O.....XYZ ......4....,....XYZ ......&1.../........Adobe.d@.......C....................................................................C.......................................................................Z................................................\.............................!.1.."A..2356Qa.#47BRbq.$8ce..CDSUd....%&Tfr....9EHVs...........................................R.........................!.1.."2AQa.q..#3BR...4br......56C.$cs.....D..~Fdt................?.6.]&..).....daU....9@J^.b`r....\D..At.E...;l*"}.q.....uY...Y...*.1....4G..k..-k.v.....H#......o.-........b.QN.[.....B2.[:^....#&..8z.._1....0P1.. ......1D..../....(.duD.e......(..t<.YH.#2......U%Wf..G.)....... b`...".........C........c.1........R.. K....|q&..X..y-.T...rR:...N%.....;.8.3|...\co.9...b(..?!..`.n.t..[.m....D.....7>x..k.....w'.5....Vo..\H..5I.3uE..;D.].....9d.aD<...^......e...e.m.T..]-..Lc....t....g..i..W.eSe..Af.....7...iog.#.2.R..}.L.<...L.2.H.1.."R4....C.....d.Q*N.c..%P.0...4.

<<< skipped >>>

GET /Ndvqfhb.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Sun, 07 Sep 2014 03:04:59 GMT

ETag: "5a1c947ba04becba8a69d6a850d43d9e"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 1527

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:51 GMT

Age: 1986225

Connection: keep-alive

X-Served-By: cache-iad2125-IAD, cache-ord1724-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 1, 3

X-Timer: S1417434471.284806,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR.......Z.............sBIT....|.d.....pHYs...........~.....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6.......OIDATx...?h.g...oJ...R..%.D..E........S/kC......[JJ55[.....P\H._'.@..h..r.\.Z6H..5.*.....).d).Y".......w.....3.f.).8...}........b...1.`...0AL.. &.L...&........b...1.`...0AL.. &.L...&........b...1.`...0AL.. &.L...&........b...1.`...0AL.. &.L...&........b...1.`...0AL.. &.T....*.....}...|.....AE...X..vk}......Q...EL&.] (q..2.Ee..J.<..!...S;r.~PQz...fg^........i... .^..TU....}..%}=..Wl]..".Z..z....u......Y.o6.L& ..%oy.oH..[rry.k..vk..W......\^..b.o.As..7.....^y..N.....k.i0..>_Tf.(I.6.%...Ak.k{G....I........m...-'.Wvck.9.:..CLNYi....g....n.....CJ..u......x&7.Wi.v...o. ...knvF..1.A..... ..Y'..r..Kj......(.[.\{..Bw ^.........-..........B.......19........8.........dA.XDnjA.K...F..9y.K.cqy.n.;.....................uMN6.d.B..d.5....C.[..0.7'..h..M..=...n........rS..6..i=.......M.^y.......g{>..=;`..9....r...4.........J."..?....k.aanvF....?........{g.8..19e.XD...U....BY}...8P....mGxe;..h84.9...A^....aa.0..pH......8.c@/ns&.M-.....o.9.............T;.U...&/G.mnw...[...0.1..F2.Qi...........m{..*/.q9r.X^1O.W&..~&...P...$...-/).......8....su~.9.....~S4...>..){{Q.o~Q.RX..........52..u.]o......s.2.......]g.....rryI. ..:=.....u#vA.....?.u...i6..i......4q1.....7F5..zc_..A.... ..c...5....nWF9.a....%......y....&xf...1.`...0AL.. &.L...&........b...1.`...0AL.. &.L...&........b...1.`...0AL.. &.L...&........b...1.`...0AL.. &.L...&........b...1.`...0AL.. &.L...&.......}K...k.....IEND.

<<< skipped >>>

GET /Cv8yKZy.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Fri, 28 Nov 2014 17:16:34 GMT

ETag: "d5f0c4c69cafeedee83ac50acf486b85"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 117423

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:51 GMT

Age: 239475

Connection: keep-alive

X-Served-By: cache-iad2140-IAD, cache-ord1724-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 1, 2

X-Timer: S1417434471.369129,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR...^.................sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...x.g...0.v......3[...L-h1333[.-.2..l...q.......Y<...;....p..}..jU.[.L&.g._.u_U]]U].............f[.`......`a.......f0t....E!....;..T...2Gl.\..&_.'l.m..(...........c`...|5...<a..!...G].vl.wCy{....@VU#...................b<&.....(l...7Z.`p.....c...|cRh<...\Gy...z'......vTw.#$)_L3q.......}.,.E....B.....%.s...\.1..4*;.....&v~0.......mo.l.....q.....!!X.....H,.v...@....Y|".,.........eQ...]....X...mN.s..!X.#.p....!O......:4..DRI.:v...g4...h;. &..5]S...G.....I.O).6{_..3r...S..].....#.P..F.....5D`N..1s..ls...#gZ.a...`8......`.C"....o....t.gN...C'o.[.UH..~..."....@\...D7..j{......?)P4..[.........oF...G\^$.o@Ra ......0.g...c........U]1........e.!*....^...(.....\[..9........I.... X.n...&.7..x..!V..p@C....#`...y...N.@nM.l....yZ...\a...X...!.<...>000...........G.....7.l..X/..nK.....U8......Xy..Sa...%......(..0.>....d6(H.~..\..NA1Z....C#....."...[.<.Dk.....<....\T...n.'..,w.q&....q.h..BdZ..f.......]L.l.....H..DPB&.B...o.....'...T.o..d.7.\Oj..;y..>.....c@...&.Z....Bl./.9I=8.......'..C..,)..q.X.........`..',<....k......,I..;9....p..;.......l.......$.Mnab..v...U.....u....._e1j{.1.......4...q.(o.EFY;.JZ...~4$]..48.*.x.-nA0...&............. .w....!.W...........K...}....9lu..lqR!=......v......H..B.^s...G.L$j/.#....>..y.u4....@a...tX;.#:Y...\.'..w4..a[P.^..R.....V.....d..#(..........$#.".BQ..gP..r*.an..k..Z.#l\.......*x......5.....E}w>...QX.... .U'..c...m...l.Dx....!.a$..a.....#Y}......._..v.^....`..R..

<<< skipped >>>

GET /0fF60fQ.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Sun, 07 Sep 2014 03:04:58 GMT

ETag: "cff4f48184734aedd36500dd4c0f9682"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 2023

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:51 GMT

Age: 7154129

Connection: keep-alive

X-Served-By: cache-iad2120-IAD, cache-ord1724-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 952, 1

X-Timer: S1417434471.505467,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR.......Z......4!.....sBIT....|.d.....pHYs...........~.....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6.......?IDATx...1h.g...'......(K.......\2.CE.5.NY..R-.n..N..:..t..t).....D...=tX7..'K..V..r.t5..Y|.W}.......I...H.. y....>........ ._......e"... !......l..HH`..@B.................6..$$... !......l..HH`..@B.................6..$$... !......l..HH`..@B.................6..$$... !......l..HH`..@B.................6..$$... !......l..HH`..@B........?..p'......n. .7:.iG..o......x..............q...3....[G...D...c0..R....vt.^..\...... .....wc}s..<;s..w.V6...._.....J?Z.._..&.~(...X{.......w..........x7.wVc4....v.6...G.X....(......;.X:.....5J'..Z~...b4...!.C.....GZ../D{....VDD4..Ge.8.O.......M....B... ...)N...p'Z..c4......}..s}.........p....H...2...Q[x5:_l.x.z....9..........7....N.o..gQ*...l..#.q......X:....h...i.'....v..z...~............h........Q:Y...w.5Z..L..h.....(..Q[x5j............^.&.....;.t.2W<tV9...........>..j...(...bv.x4..GDDc.|t.....'_...K..i,....L...7..F}....h]Y..,G.{.X..Fe........y.N...3..T,...*s.,...F...h....g5Yk...x1?j.Y..'...^...x!.`.$.Z....f....B:k_EDD..v.......v.....I..v.......$...I........9.d.'i....;"...p'*s.X..F.......X....-.G.Voj........Z>... ........B>Y...D.L..J....6@B......M.....D....,.d.}....X.......^v..X..o.{<E~.?v.n. *s...;..D........F....9.....Q..Z.3'...~..........h^..?......q..1...........6@"....>..Y.....r~W....ylF<...J....%>.....^.?...Y.i.....xz..9...N...3.(W....hO...x..w.q._..z)....Ga........(..f.{..h.Y....5j.g..'{.>.v.@..a.

<<< skipped >>>

GET /EeZYpJp.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i.imgur.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Last-Modified: Sun, 07 Sep 2014 03:56:53 GMT

ETag: "cd941d641087462929a51636ecda8b68"

Content-Type: image/png

cache-control: public, max-age=31536000

Content-Length: 266

Accept-Ranges: bytes

Date: Mon, 01 Dec 2014 11:47:53 GMT

Age: 2174474

Connection: keep-alive

X-Served-By: cache-iad2130-IAD, cache-ord1724-ORD

X-Cache: HIT, HIT

X-Cache-Hits: 1, 2

X-Timer: S1417434473.197692,VS0,VE0

Access-Control-Allow-Methods: GET, OPTIONS

Access-Control-Allow-Origin: *

Server: cat factory 1.0

.PNG........IHDR.......v.......S.....sBIT....|.d.....pHYs...........~.....tEXtCreation Time.09/07/14..oR....tEXtSoftware.Adobe Fireworks CS6.......bIDATh......0....Q.......(S&..........x.....q.?...N.._.................................@a..^.@......#..z.......IEND.B`...

GET /embed/Gjw4NCfc3iE HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.youtube.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Dec 2014 11:47:51 GMT

Server: gwiseguy/2.0

X-Content-Type-Options: nosniff

P3P: CP="This is not a P3P policy! See hXXp://support.google.com/accounts/bin/answer.py?answer=151657&hl=en for more info."

Content-Length: 0

Expires: Tue, 27 Apr 1971 19:44:06 EST

Location: hXXps://VVV.youtube.com/embed/Gjw4NCfc3iE

X-XSS-Protection: 1; mode=block; report=hXXps://VVV.google.com/appserve/security-bugs/log/youtube

Content-Type: text/html; charset=utf-8

Cache-Control: no-cache

Alternate-Protocol: 80:quic,p=0.02

Set-Cookie: VISITOR_INFO1_LIVE=mZvidSZsQkU; expires=Sat, 01-Aug-2015 23:40:51 GMT; path=/; domain=.youtube.com

Set-Cookie: VISITOR_INFO1_LIVE=mZvidSZsQkU; expires=Sat, 01-Aug-2015 23:40:51 GMT; path=/; domain=.youtube.com

Set-Cookie: YSC=Z5e8luE5E2Y; path=/; domain=.youtube.com; HttpOnly

....

GET /subscribe_widget?p=razortutoriais HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.transformicehackers.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.youtube.com

Connection: Keep-Alive

Cookie: VISITOR_INFO1_LIVE=mZvidSZsQkU; YSC=Z5e8luE5E2Y; GPS=1; PREF=f1=50000000

HTTP/1.1 301 Moved Permanently

Date: Mon, 01 Dec 2014 11:47:52 GMT

Server: gwiseguy/2.0

X-Content-Type-Options: nosniff

Location: hXXps://VVV.youtube.com/subscribe_widget?p=razortutoriais

Content-Length: 0

Cache-Control: no-cache

X-XSS-Protection: 1; mode=block; report=hXXps://VVV.google.com/appserve/security-bugs/log/youtube

Content-Type: text/html; charset=utf-8

Expires: Tue, 27 Apr 1971 19:44:06 EST

Alternate-Protocol: 80:quic,p=0.02

GET /web_gear/chat/chat.swf HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.xatech.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 01 Dec 2014 11:47:51 GMT

Content-Type: application/x-shockwave-flash

Content-Length: 777

Connection: keep-alive

Set-Cookie: __cfduid=d837745ccecaa7ed3e99f39a0bd3371301417434471; expires=Tue, 01-Dec-15 11:47:51 GMT; path=/; domain=.xatech.com; HttpOnly

Last-Modified: Mon, 03 Nov 2014 12:40:03 GMT

ETag: "545777a3-309"

Expires: Mon, 01 Dec 2014 12:17:51 GMT

Cache-Control: public, max-age=1800

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 191f0d695ac506af-EWR

CWS.....x.US]n.F..Y..II.$......$NQ$...~(.....2T..R./B....@".je%oy..z...A.#...>..Co..%.@......of..oA.......pX3......@..^..a....>.....R.........7.....%.wi:.n.N.xR...4j...t.....Y,8......d?....Vk>.7....Q.O'.9.^.p7k-.[~...'vs:...h...Mzz/u..i.t..%N.>.D,.w..u...M.1..C)..<<.{]..R./.<.<k=....7.."N.......2>I.x;..Ae.....` .S....m...pa.............i"x"..u.0-/c..d.Z...m...z.....\0.x*.xV.:.,K.eX.y....~.{'.t!......be.q(.Z..g......ZW6.......i|.o.&.X.3..P7..4V...m.%d..1.T..H5.Y.....VH.A..a..5.u.....7.o.n....&.C$u..~Ax..>.....=...P>.Z....4SL.PW.4.e4..B....J..\L.C......a*.....M......c.d....o.... .....2..WC...y.........o........^<.._V.........G..................<.....=......"}X .ZA...GutV..U..E.=\....<,;.L..fx3.K..N..L....9.J..x]."-..X)kR...1y.{..a.e.....=.m...#E.......=X5..[.D.w...4..{..

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_472:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

Please contact the application's support team for more information.

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- CRT not initialized

- floating point support not loaded

- floating point support not loaded

GetProcessWindowStation

GetProcessWindowStation

USER32.DLL

USER32.DLL

-ORIGIN:"%s"

-ORIGIN:"%s"

CET_Archive.dat

CET_Archive.dat

%s\%s

%s\%s

"%s" %s

"%s" %s

Failure loading the trainer. Your tempfolder must allow execution. (Check your anti virus)

Failure loading the trainer. Your tempfolder must allow execution. (Check your anti virus)

SHLWAPI.dll

SHLWAPI.dll

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

ADVAPI32.dll

ADVAPI32.dll

GetCPInfo

GetCPInfo

GetConsoleOutputCP

GetConsoleOutputCP

c:\%original file name%.exe

c:\%original file name%.exe

/:c.hT

/:c.hT

ZI%CI

ZI%CI

%Foa5^

%Foa5^

&%d)K

&%d)K

.UzC*

.UzC*

%CsbI.

%CsbI.

H! #%d

H! #%d

$uc%u

$uc%u

.zM'C

.zM'C

6%U^0

6%U^0

7.Hw?o

7.Hw?o

A%C`2

A%C`2

~5`&9 ,[:7

~5`&9 ,[:7

N%u05 R

N%u05 R

.yiCe}

.yiCe}

gl%d%

gl%d%

.qh)F_p

.qh)F_p

T:.Vv

T:.Vv

(K.VL

(K.VL

E|D.go

E|D.go

%%S.d[

%%S.d[

%xXPZ

%xXPZ

U0.Dq

U0.Dq

.{odOdCMg.wI

.{odOdCMg.wI

H$.QU

H$.QU

F&RUdP

F&RUdP

.og:d@o

.og:d@o

8/L%c

8/L%c

O%c )c

O%c )c

#%umP

#%umP

%f!xW

%f!xW

7-X5}

7-X5}

u@,%F

u@,%F

L)URlO

L)URlO

D0%UI

D0%UI

Nø0

Nø0

.XwcX

.XwcX

S.SS.

S.SS.

'%FvQ

'%FvQ

.MB

.MB

5;n.bu

5;n.bu

$'%xi9"

$'%xi9"

`%d]Pl

`%d]Pl

i-x}n

i-x}n

o%UQ$

o%UQ$

kd'.Xa

kd'.Xa

%F">JJ

%F">JJ

S.gR-K

S.gR-K

R\.tU[*re

R\.tU[*re

I.nr[

I.nr[

`-.um

`-.um

.hXX#n

.hXX#n

)m.Kv

)m.Kv

d>.nC4

d>.nC4

Y.Br^

Y.Br^

5J.ps#

5J.ps#

lexe`

lexe`

N.oeg

N.oeg

Q%Fte4

Q%Fte4

zaR.OJ

zaR.OJ

iM%Cr]

iM%Cr]

JSSh0

JSSh0

.RzIID/

.RzIID/

.qLl%y:

.qLl%y:

Ae.Ed

Ae.Ed

O_%U=K5

O_%U=K5

.VslZ

.VslZ

%7.BZ

%7.BZ

0.aB

0.aB

{.Mksn

{.Mksn

S.cQm2

S.cQm2

fx.tZ

fx.tZ

CmDQB#H

CmDQB#H

9E.iw

9E.iw

R%uXO

R%uXO

vA.Kx

vA.Kx

.SCam

.SCam

dv7%xz

dv7%xz

.NU#n[3

.NU#n[3

(K.Me

(K.Me

.bxSd

.bxSd

@zJp%C

@zJp%C

%x0Xs

%x0Xs

5.xQV

5.xQV

A.Jfa

A.Jfa

.EeR-

.EeR-

Q9"%CT

Q9"%CT

%Xb O7

%Xb O7

;`.CJy)

;`.CJy)

I%s0r

I%s0r

.mE@5

.mE@5

4S%7S 7SG

4S%7S 7SG

%FYr7

%FYr7

=.AYJ4

=.AYJ4

.qY'0

.qY'0

%f=UQ

%f=UQ

( .VD

( .VD

V]quW%C

V]quW%C

.UWO^

.UWO^

cmdy

cmdy

L%U_`'t

L%U_`'t

"#T.Cl

"#T.Cl

-2)*1 1 33

-2)*1 1 33

b.UrQ

b.UrQ

hL.XoX

hL.XoX

VuXK%X

VuXK%X

u`a}0;p%s!

u`a}0;p%s!

IV.Ma

IV.Ma

,'A%X

,'A%X

5O!_%c

5O!_%c

-O.Nv

-O.Nv

l=C%s

l=C%s

X.tev

X.tev

.eWQW

.eWQW

.gN T

.gN T

h4q%x

h4q%x

;I[`)%C

;I[`)%C

k .KH

k .KH

@%UVe

@%UVe

P.EIQ

P.EIQ

.bq%)E

.bq%)E

:~.No

:~.No

W.YRY

W.YRY

\Lx|.Cw

\Lx|.Cw

S{.zY.

S{.zY.

i,.oN_]

i,.oN_]

.cY4{

.cY4{

r.ruvi

r.ruvi

Ftp&5JT

Ftp&5JT

*Vb%F

*Vb%F

Sqlo

Sqlo

þ*o

þ*o

#TGg.VK

#TGg.VK

tm.NW

tm.NW

%0SiSPN

%0SiSPN

QK.gB

QK.gB

#%xjQ

#%xjQ

S.JTl

S.JTl

m%XQk

m%XQk

9!;8!;8!;

9!;8!;8!;

.rPga2

.rPga2

Ol.Jeog

Ol.Jeog

"-j}J

"-j}J

GN.Ul6k

GN.Ul6k

hUW.gM

hUW.gM

f.Yrh

f.Yrh

Ì^(

Ì^(

o%2%f

o%2%f

.kE6;K

.kE6;K

}4i

}4i

.BSu4

.BSu4

# *-T}

# *-T}

T.UHG

T.UHG

/|(|,|*|)|

/|(|,|*|)|

/-(-,-*-.-)--- -/

/-(-,-*-.-)--- -/

/](],]*].])]-] ]/

/](],]*].])]-] ]/

û%N

û%N

Â%K

Â%K

%xB$d

%xB$d

Q9UP%UQ

Q9UP%UQ

UB%UJ

UB%UJ

S"%S*

S"%S*

S%US-

S%US-

9.EN4

9.EN4

H0Xx,x"x*x&x.x!x)x%x-x#x x'x/

H0Xx,x"x*x&x.x!x)x%x-x#x x'x/

/} }(}$},}"}*}&}.}!})}%}-}#} }'}/

/} }(}$},}"}*}&}.}!})}%}-}#} }'}/

.yW

.yW

.BW!Y

.BW!Y

.bW1Y

.bW1Y

.RW)Y

.RW)Y

.rW9Y

.rW9Y

.JW%Y

.JW%Y

.jW5Y

.jW5Y

.ZW-Y

.ZW-Y

.zW=Y

.zW=Y

Û%L

Û%L

%xB$dB%tRM

%xB$dB%tRM

7>81$141,11!

7>81$141,11!

T%UK5R

T%UK5R

B1I5K5[%U)Tj

B1I5K5[%U)Tj

q$.II

q$.II

,W.SnRfT9

,W.SnRfT9

}=}-}%}9}#}

}=}-}%}9}#}

-icz6}>

-icz6}>

g.fL9K

g.fL9K

?| |0|8|$|,|2|*|:|&|6|.|>|!|1|)|9|5|-|=|#|3|;|'|7|/|?

?| |0|8|$|,|2|*|:|&|6|.|>|!|1|)|9|5|-|=|#|3|;|'|7|/|?

%UJHI)-i

%UJHI)-i

/~$~~!~1~)~9~%~5~=~ ~;~'~7~/

/~$~~!~1~)~9~%~5~=~ ~;~'~7~/

?~0~(~8~$~,~2~*~:~6~.~!~1~)~9

?~0~(~8~$~,~2~*~:~6~.~!~1~)~9

%xB DB&4B'

%xB DB&4B'

.SI*EE

.SI*EE

.lw5Cy0

.lw5Cy0

;.8.:.9.;

;.8.:.9.;

;^8^:^9^;

;^8^:^9^;

;>8>:>9>;

;>8>:>9>;

;~8~:~9~;

;~8~:~9~;

%CrJ.iDrK

%CrJ.iDrK

%x2x*x:x&x6x.x>x!x1x)x9x%x5x-x=x#x3x x;x'x7x/x?

%x2x*x:x&x6x.x>x!x1x)x9x%x5x-x=x#x3x x;x'x7x/x?

%|2|*|:|&|6|.|>|!|1|)|9|%|5|-|=|#|3| |;|'|7|/|?

%|2|*|:|&|6|.|>|!|1|)|9|%|5|-|=|#|3| |;|'|7|/|?

%~2~*~:~&~6~.~>~!~1~)~9~%~5~-~=~#~3~ ~;~'~7~/~?

%~2~*~:~&~6~.~>~!~1~)~9~%~5~-~=~#~3~ ~;~'~7~/~?

TH*%U

TH*%U

'] ]$]"]&]!]%]#]'

'] ]$]"]&]!]%]#]'

%-&-!-%-#-'

%-&-!-%-#-'

%C)P*$

%C)P*$

OF{%d

OF{%d

u-s}A\G

u-s}A\G

/~ ~(~$~,~#

/~ ~(~$~,~#

#/ /"/!9

#/ /"/!9

!

!

5F#%SZ

5F#%SZ

|*~&~.~!~)~%~-~#

|*~&~.~!~)~%~-~#

/>(>!>%>->/

/>(>!>%>->/

90 0*0&0)0%

90 0*0&0)0%

)? ?(?%?-?#?

)? ?(?%?-?#?

>.-.=.#.7

>.-.=.#.7

.51595=5 5;

.51595=5 5;

&-6-#-'-7

&-6-#-'-7

:#*#.#3#7#/

:#*#.#3#7#/

727671757377

727671757377

;&8&:&9&;|

;&8&:&9&;|

;[8[:[9[;

;[8[:[9[;

;;8;:;9=

;;8;:;9=

ua.AY%]

ua.AY%]

&1$:4:,:<:>

&1$:4:,:<:>

?

?

N).gW

N).gW

?&?3?/??

?&?3?/??

.OWoWO

.OWoWO

kNn.inm

kNn.inm

;(;,;";!;%;-

;(;,;";!;%;-

18(8,8

18(8,8

%COC/B

%COC/B

c%S`,

c%S`,

W.NZt

W.NZt

.iIpr

.iIpr

#8R.nY%S

#8R.nY%S

eaC>%x

eaC>%x

%DZ 5

%DZ 5

~2.EB

~2.EB

%C g@r

%C g@r

.GM c

.GM c

%FQKuT(

%FQKuT(

_.KsU

_.KsU

&<.ze>

&<.ze>

71.HC

71.HC

jx!-a}

jx!-a}

I.HV}

I.HV}

%uG$=

%uG$=

NQ~%D

NQ~%D

.xNOdO\

.xNOdO\

.RuIz

.RuIz

.chSf

.chSf

5h0%cH

5h0%cH

A:.FW

A:.FW

?W.zt

?W.zt

9Q$ %C;EM[O

9Q$ %C;EM[O

.p%d"D

.p%d"D

):.tn

):.tn

.Or]6

.Or]6

b/.IgQ

b/.IgQ

OUK%xpK

OUK%xpK

td%c@

td%c@

{.IRYb

{.IRYb

!@%cNJF

!@%cNJF

aX.ybkV

aX.ybkV

f.pc6

f.pc6

%c(:;j

%c(:;j

7%uscB77R

7%uscB77R

1V%X1w6

1V%X1w6

%>dSH%ft

%>dSH%ft

&.iv'

&.iv'

4i.jk

4i.jk

Q7.qc

Q7.qc

D5%6um

D5%6um

aS.oC{|

aS.oC{|

KS%xp)

KS%xp)

.umlI

.umlI

.Bm9r

.Bm9r

Q.bX{

Q.bX{

0w.sOe

0w.sOe

*%dz&Y

*%dz&Y

X8*Ga.rb

X8*Ga.rb

x.Xx!

x.Xx!

`.data

`.data

.idata

.idata

t.Ht2Ht6Ht:Ht>

t.Ht2Ht6Ht:Ht>

F&{00000000-0000-0000-C000-000000000046}

F&{00000000-0000-0000-C000-000000000046}

3This binary has no widestrings support compiled in.

3This binary has no widestrings support compiled in.

6This binary has no unicodestrings support compiled in.

6This binary has no unicodestrings support compiled in.

&{3FEEC8E1-E400-4A24-BCAC-1F01476439B1}

&{3FEEC8E1-E400-4A24-BCAC-1F01476439B1}

&{663C603C-3F3C-4CC5-823C-AC8079F979E5}

&{663C603C-3F3C-4CC5-823C-AC8079F979E5}

&{BC7376EA-199C-4C2A-8684-F4805F0691CA}

&{BC7376EA-199C-4C2A-8684-F4805F0691CA}

.Owner

.Owner

cheatengine-i386.exe

cheatengine-i386.exe

cheatengine-x86_64.exe

cheatengine-x86_64.exe

CET_TRAINER.CETRAINER

CET_TRAINER.CETRAINER

CET_TRAINER.CETRAINER"

CET_TRAINER.CETRAINER"

Ancestor class for "%s" not found.

Ancestor class for "%s" not found.

rtlconsts.sancestornotfound

rtlconsts.sancestornotfound

Cannot assign a %s to a %s.

Cannot assign a %s to a %s.

rtlconsts.sassignerror

rtlconsts.sassignerror

Class "%s" not found

Class "%s" not found

rtlconsts.sclassnotfound

rtlconsts.sclassnotfound

Duplicate name: A component named "%s" already exists

Duplicate name: A component named "%s" already exists

rtlconsts.sduplicatename

rtlconsts.sduplicatename

rtlconsts.sduplicatestring

rtlconsts.sduplicatestring

rtlconsts.semptystreamillegalreader

rtlconsts.semptystreamillegalreader

rtlconsts.semptystreamillegalwriter

rtlconsts.semptystreamillegalwriter

No variant support for properties. Please use the variants unit in your project and recompile

No variant support for properties. Please use the variants unit in your project and recompile

rtlconsts.serrnovariantsupport

rtlconsts.serrnovariantsupport

"%s" is not an observer

"%s" is not an observer

rtlconsts.serrnotobserver

rtlconsts.serrnotobserver

Unable to create file "%s"

Unable to create file "%s"

rtlconsts.sfcreateerror

rtlconsts.sfcreateerror

Unable to open file "%s"

Unable to open file "%s"

rtlconsts.sfopenerror

rtlconsts.sfopenerror

rtlconsts.sinvalidimage

rtlconsts.sinvalidimage

"%s" is not a valid component name

"%s" is not a valid component name

rtlconsts.sinvalidname

rtlconsts.sinvalidname

rtlconsts.sinvalidpropertypath

rtlconsts.sinvalidpropertypath

rtlconsts.sinvalidpropertyvalue

rtlconsts.sinvalidpropertyvalue

List capacity (%d) exceeded.

List capacity (%d) exceeded.

rtlconsts.slistcapacityerror

rtlconsts.slistcapacityerror

List count (%d) out of bounds.

List count (%d) out of bounds.

rtlconsts.slistcounterror

rtlconsts.slistcounterror

List index (%d) out of bounds

List index (%d) out of bounds

rtlconsts.slistindexerror

rtlconsts.slistindexerror

rtlconsts.smemorystreamerror

rtlconsts.smemorystreamerror

Error reading %s%s%s: %s

Error reading %s%s%s: %s

rtlconsts.spropertyexception

rtlconsts.spropertyexception

rtlconsts.sreaderror

rtlconsts.sreaderror

rtlconsts.sreadonlyproperty

rtlconsts.sreadonlyproperty

Resource "%s" not found

Resource "%s" not found

rtlconsts.sresnotfound

rtlconsts.sresnotfound

%s.Seek not implemented

%s.Seek not implemented

rtlconsts.sseeknotimplemented

rtlconsts.sseeknotimplemented

Operation not allowed on sorted list

Operation not allowed on sorted list

rtlconsts.ssortedlisterror

rtlconsts.ssortedlisterror

Invalid stream operation %s.Seek

Invalid stream operation %s.Seek

rtlconsts.sstreaminvalidseek

rtlconsts.sstreaminvalidseek

Reading from %s is not supported

Reading from %s is not supported

rtlconsts.sstreamnoreading

rtlconsts.sstreamnoreading

Writing to %s is not supported

Writing to %s is not supported

rtlconsts.sstreamnowriting

rtlconsts.sstreamnowriting

Unknown property: "%s"

Unknown property: "%s"

rtlconsts.sunknownproperty

rtlconsts.sunknownproperty

Unknown property type %d

Unknown property type %d

rtlconsts.sunknownpropertytype

rtlconsts.sunknownpropertytype

Unsupported property variant type %d

Unsupported property variant type %d

rtlconsts.sunsupportedpropertyvarianttype

rtlconsts.sunsupportedpropertyvarianttype

rtlconsts.swriteerror

rtlconsts.swriteerror

ENoThreadSupport

ENoThreadSupport

ENoWideStringSupport

ENoWideStringSupport

=?&{7B108C52-1D8F-4CDB-9CDF-57E071193D3F}$TMultiReadExclusiveWriteSynchronizer

=?&{7B108C52-1D8F-4CDB-9CDF-57E071193D3F}$TMultiReadExclusiveWriteSynchronizer

BasicEventWaitFor failed in TMultiReadExclusiveWriteSynchronizer.Beginread

BasicEventWaitFor failed in TMultiReadExclusiveWriteSynchronizer.Beginread

ENoThreadSupportt

ENoThreadSupportt

sysconst.sabstracterror

sysconst.sabstracterror

sysconst.saccessdenied

sysconst.saccessdenied

sysconst.saccessviolation

sysconst.saccessviolation

Missing argument in format "%s"

Missing argument in format "%s"

sysconst.sargumentmissing

sysconst.sargumentmissing

%s (%s, line %d)

%s (%s, line %d)

sysconst.sasserterror

sysconst.sasserterror

sysconst.sassertionfailed

sysconst.sassertionfailed

sysconst.sbuserror

sysconst.sbuserror

sysconst.scannotcreateemptydir

sysconst.scannotcreateemptydir

sysconst.scontrolc

sysconst.scontrolc

sysconst.sdiskfull

sysconst.sdiskfull

sysconst.sdispatcherror

sysconst.sdispatcherror

sysconst.sdivbyzero

sysconst.sdivbyzero

sysconst.sendoffile

sysconst.sendoffile

External exception %x

External exception %x

sysconst.sexternalexception

sysconst.sexternalexception

sysconst.sfilenotassigned

sysconst.sfilenotassigned

sysconst.sfilenotfound

sysconst.sfilenotfound

sysconst.sfilenotopen

sysconst.sfilenotopen

sysconst.sfilenotopenforinput

sysconst.sfilenotopenforinput

sysconst.sfilenotopenforoutput

sysconst.sfilenotopenforoutput

sysconst.sinvalidfilename

sysconst.sinvalidfilename

sysconst.sintoverflow

sysconst.sintoverflow

Interface not supported

Interface not supported

sysconst.sintfcasterror

sysconst.sintfcasterror

Invalid argument index in format "%s"

Invalid argument index in format "%s"

sysconst.sinvalidargindex

sysconst.sinvalidargindex

sysconst.sinvalidcast

sysconst.sinvalidcast

sysconst.sinvaliddrive

sysconst.sinvaliddrive

sysconst.sinvalidfilehandle

sysconst.sinvalidfilehandle

Invalid format specifier : "%s"

Invalid format specifier : "%s"

sysconst.sinvalidformat

sysconst.sinvalidformat

sysconst.sinvalidinput

sysconst.sinvalidinput

Invalid floating point operation

Invalid floating point operation

sysconst.sinvalidop

sysconst.sinvalidop

Invalid pointer operation

Invalid pointer operation

sysconst.sinvalidpointer

sysconst.sinvalidpointer

sysconst.sinvalidvarcast

sysconst.sinvalidvarcast

Invalid variant operation

Invalid variant operation

sysconst.sinvalidvarop

sysconst.sinvalidvarop

Threads not supported. Recompile program with thread driver.

Threads not supported. Recompile program with thread driver.

sysconst.snothreadsupport

sysconst.snothreadsupport

sysconst.smissingwstringmanager

sysconst.smissingwstringmanager

sysconst.ssigquit

sysconst.ssigquit

System error, (OS Code %d):

System error, (OS Code %d):

sysconst.soserror

sysconst.soserror

sysconst.soutofmemory

sysconst.soutofmemory

sysconst.soverflow

sysconst.soverflow

sysconst.sprivilege

sysconst.sprivilege

sysconst.srangeerror

sysconst.srangeerror

sysconst.ssafecallexception

sysconst.ssafecallexception

sysconst.siconverror

sysconst.siconverror

sysconst.stoomanyopenfiles

sysconst.stoomanyopenfiles

sysconst.sunknownruntimeerror

sysconst.sunknownruntimeerror

sysconst.sunderflow

sysconst.sunderflow

An operating system call failed.

An operating system call failed.

sysconst.sunkoserror

sysconst.sunkoserror

sysconst.svararraybounds

sysconst.svararraybounds

sysconst.svararraycreate

sysconst.svararraycreate

sysconst.svarnotarray

sysconst.svarnotarray

zstream.sseek_failed

zstream.sseek_failed

zbase.sneed_dict

zbase.sneed_dict

zbase.sstream_end

zbase.sstream_end

zbase.sfile_error

zbase.sfile_error

zbase.sstream_error

zbase.sstream_error

zbase.sdata_error

zbase.sdata_error

zbase.smem_error

zbase.smem_error

zbase.sbuf_error

zbase.sbuf_error

zbase.sversion_error

zbase.sversion_error

1.1.2

1.1.2

FPC 2.6.2 [2013/03/17] for i386 - Win32

FPC 2.6.2 [2013/03/17] for i386 - Win32

GetProcessHeap

GetProcessHeap

GetWindowsDirectoryA

GetWindowsDirectoryA

kernel32.dll

kernel32.dll

oleaut32.dll

oleaut32.dll

user32.dll

user32.dll

version="1.0.0.0"

version="1.0.0.0"

name="Microsoft.Windows.Common-Controls"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

publicKeyToken="6595b64144ccf1df"

%hXXp://VVV.globalsign.net/repository/03

%hXXp://VVV.globalsign.net/repository/03

"hXXp://crl.globalsign.net/root.crl0

"hXXp://crl.globalsign.net/root.crl0

&hXXps://VVV.globalsign.com/repository/03

&hXXps://VVV.globalsign.com/repository/03

hXXp://crl.globalsign.net/Timestamping1.crl0

hXXp://crl.globalsign.net/Timestamping1.crl0

%hXXp://VVV.globalsign.net/repository/0

%hXXp://VVV.globalsign.net/repository/0

dark_byte@hotmail.com0

dark_byte@hotmail.com0

&hXXps://VVV.globalsign.com/repository/0

&hXXps://VVV.globalsign.com/repository/0

-hXXp://crl.globalsign.com/gs/gscodesigng2.crl0

-hXXp://crl.globalsign.com/gs/gscodesigng2.crl0

4hXXp://secure.globalsign.com/cacert/gscodesigng2.crt04

4hXXp://secure.globalsign.com/cacert/gscodesigng2.crt04

(hXXp://ocsp2.globalsign.com/gscodesigng20

(hXXp://ocsp2.globalsign.com/gscodesigng20

6$6(6,606

6$6(6,606

7 7@7\7`7

7 7@7\7`7

2$2,242

2$2,242

mscoree.dll

mscoree.dll

KERNEL32.DLL

KERNEL32.DLL

iexplore.exe_132:

%?9-*09,*19}*09

%?9-*09,*19}*09

.text

.text

`.data

`.data

.rsrc

.rsrc

msvcrt.dll

msvcrt.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

USER32.dll

USER32.dll

SHLWAPI.dll

SHLWAPI.dll

SHDOCVW.dll

SHDOCVW.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

IE-X-X

IE-X-X

rsabase.dll

rsabase.dll

System\CurrentControlSet\Control\Windows

System\CurrentControlSet\Control\Windows

dw15 -x -s %u

dw15 -x -s %u

watson.microsoft.com

watson.microsoft.com

IEWatsonURL

IEWatsonURL

%s -h %u

%s -h %u

iedw.exe

iedw.exe

Iexplore.XPExceptionFilter

Iexplore.XPExceptionFilter

jscript.DLL

jscript.DLL

mshtml.dll

mshtml.dll

mlang.dll

mlang.dll

urlmon.dll

urlmon.dll

wininet.dll

wininet.dll

shdocvw.DLL

shdocvw.DLL

browseui.DLL

browseui.DLL

comctl32.DLL

comctl32.DLL

IEXPLORE.EXE

IEXPLORE.EXE

iexplore.pdb

iexplore.pdb

ADVAPI32.dll

ADVAPI32.dll

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

IExplorer.EXE

IExplorer.EXE

IIIIIB(II<.fg>

IIIIIB(II<.fg>

7?_____ZZSSH%

7?_____ZZSSH%

)z.UUUUUUUU

)z.UUUUUUUU

,....Qym

,....Qym

````2```

````2```

{.QLQIIIKGKGKGKGKGKG

{.QLQIIIKGKGKGKGKGKG

;33;33;0

;33;33;0

8888880

8888880

8887080

8887080

browseui.dll

browseui.dll

shdocvw.dll

shdocvw.dll

6.00.2900.5512 (xpsp.080413-2105)

6.00.2900.5512 (xpsp.080413-2105)

Windows

Windows

Operating System

Operating System

6.00.2900.5512

6.00.2900.5512

FP_AX_CAB_INSTALLER64.exe_192:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

SSj%S

SSj%S

SSSSh0

SSSSh0

HHt.Ht%Ht

HHt.Ht%Ht

PSSj%S

PSSj%S

tOHt.Ht

tOHt.Ht

tGHt.Ht&

tGHt.Ht&

&Macromedia Flash Certificate Authority1

&Macromedia Flash Certificate Authority1

secure@macromedia.com1

secure@macromedia.com1

E.YY&~g

E.YY&~g

HttpQueryInfoW

HttpQueryInfoW

HttpSendRequestW

HttpSendRequestW

HttpOpenRequestW

HttpOpenRequestW

CertFreeCertificateContext

CertFreeCertificateContext

CertVerifySubjectCertificateContext

CertVerifySubjectCertificateContext

CertFindCertificateInStore

CertFindCertificateInStore

CertCreateCertificateContext

CertCreateCertificateContext

CryptGetMessageCertificates

CryptGetMessageCertificates

atl.dll

atl.dll

1.0.5, 10-Dec-2007

1.0.5, 10-Dec-2007

(VVV.memtest86.com). At the time of writing it is free (GPLd).

(VVV.memtest86.com). At the time of writing it is free (GPLd).

bzip2/libbzip2: internal error number %d.

bzip2/libbzip2: internal error number %d.

This is a bug in bzip2/libbzip2, %s.

This is a bug in bzip2/libbzip2, %s.

Please report it to me at: jseward@bzip.org. If this happened

Please report it to me at: jseward@bzip.org. If this happened

component, you should also report this bug to the author(s)

component, you should also report this bug to the author(s)

of that program. Please make an effort to report this bug;

of that program. Please make an effort to report this bug;

timely and accurate bug reports eventually lead to higher

timely and accurate bug reports eventually lead to higher

combined CRCs: stored = 0xx, computed = 0xx

combined CRCs: stored = 0xx, computed = 0xx

{0xx, 0xx}

{0xx, 0xx}

codes %d

codes %d

code lengths %d,

code lengths %d,

selectors %d,

selectors %d,

bytes: mapping %d,

bytes: mapping %d,

pass %d: size is %d, grp uses are

pass %d: size is %d, grp uses are

initial group %d, [%d .. %d], has %d syms (%4.1f%%)

initial group %d, [%d .. %d], has %d syms (%4.1f%%)

Y@ %d in block, %d after MTF & 1-2 coding, %d 2 syms in use

Y@ %d in block, %d after MTF & 1-2 coding, %d 2 syms in use

final combined CRC = 0xx

final combined CRC = 0xx

block %d: crc = 0xx, combined CRC = 0xx, size = %d

block %d: crc = 0xx, combined CRC = 0xx, size = %d

[%d: huff mtf

[%d: huff mtf

m unresolved strings

m unresolved strings

depth m has

depth m has

%d pointers, %d sorted, %d scanned

%d pointers, %d sorted, %d scanned

qsort [0x%x, 0x%x] done %d this %d

qsort [0x%x, 0x%x] done %d this %d

%d work, %d block, ratio %5.2f

%d work, %d block, ratio %5.2f

Please contact the application's support team for more information.

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- CRT not initialized

- floating point support not loaded

- floating point support not loaded

operator

operator

GetProcessWindowStation

GetProcessWindowStation

USER32.DLL

USER32.DLL

Morpheme.pdb

Morpheme.pdb

OLEACC.dll

OLEACC.dll

PSAPI.DLL

PSAPI.DLL

KERNEL32.dll

KERNEL32.dll

GetKeyState

GetKeyState

USER32.dll

USER32.dll

GDI32.dll

GDI32.dll

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

RegCreateKeyExW

RegCreateKeyExW

ADVAPI32.dll

ADVAPI32.dll

ShellExecuteW

ShellExecuteW

ShellExecuteExW

ShellExecuteExW

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

GetConsoleOutputCP

GetConsoleOutputCP

GetProcessHeap

GetProcessHeap

GetCPInfo

GetCPInfo

Morpheme.exe

Morpheme.exe

zcÁ

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

stdole2.tlbWWW(

stdole2.tlbWWW(

?jp_msgFormatVersionWW

?jp_msgFormatVersionWW

_:p_msgDataWWW

_:p_msgDataWWW

p_expectedMsgFormatW

p_expectedMsgFormatW

I:p_urlWWW

I:p_urlWWW

.zp_dwStateWWW

.zp_dwStateWWW

p_sourceURLW

p_sourceURLW

p_refURL,

p_refURL,

urlW

urlW

Created by MIDL version 7.00.0500 at Wed Nov 19 14:08:56 2014

Created by MIDL version 7.00.0500 at Wed Nov 19 14:08:56 2014

B.Ors

B.Ors

.NBQB~

.NBQB~

3%3,33393

3%3,33393

>">)>.>5>:>

>">)>.>5>:>

apphelp.dll

apphelp.dll

devrtl.dll

devrtl.dll

pcacli.dll

pcacli.dll

secur32.dll

secur32.dll

propsys.dll

propsys.dll

kernel32.dll

kernel32.dll

advapi32.dll

advapi32.dll

psapi.dll

psapi.dll

crypt32.dll

crypt32.dll

msasn1.dll

msasn1.dll

uxtheme.dll

uxtheme.dll

dbghelp.dll

dbghelp.dll

oleaccrc.dll

oleaccrc.dll

oleacc.dll

oleacc.dll

ieframe.dll

ieframe.dll

profapi.dll

profapi.dll

userenv.dll

userenv.dll

mscms.dll

mscms.dll

d3d8thk.dll

d3d8thk.dll

d3d9.dll

d3d9.dll

powrprof.dll

powrprof.dll

dsound.dll

dsound.dll

winmm.dll

winmm.dll

ntmarta.dll

ntmarta.dll

dwmapi.dll

dwmapi.dll

version.dll

version.dll

CodeSignRootCert

CodeSignRootCert

\System32\Macromed\Flash\FlashPlayerUpdateService.exe

\System32\Macromed\Flash\FlashPlayerUpdateService.exe

Shell32.dll

Shell32.dll

Advapi32.dll

Advapi32.dll

FlashInstall.log

FlashInstall.log

mms.cfg

mms.cfg

.json

.json

_pepper.exe

_pepper.exe

utilExeFilenameBasePEP

utilExeFilenameBasePEP

_Plugin.exe

_Plugin.exe

utilExeFilenameBasePL

utilExeFilenameBasePL

_ActiveX.exe

_ActiveX.exe

utilExeFilenameBaseAX

utilExeFilenameBaseAX

InstallFlashPlayer.exe

InstallFlashPlayer.exe

{FEC7EF28-53E7-4f06-8F56-FA6D670C8D3C}

{FEC7EF28-53E7-4f06-8F56-FA6D670C8D3C}

HTTP/1.0

HTTP/1.0

Wininet.dll

Wininet.dll

fpb.tmp

fpb.tmp

FlashPlayerUpdateService.exe

FlashPlayerUpdateService.exe

hXXp://fpdownload.macromedia.com/get/flashplayer/update/current/install/install_all_win_

hXXp://fpdownload.macromedia.com/get/flashplayer/update/current/install/install_all_win_

hXXp://fpdownload2.macromedia.com/pub/flashplayer/update/current/sau/15/install/

hXXp://fpdownload2.macromedia.com/pub/flashplayer/update/current/sau/15/install/

hXXp://fpdownload2.macromedia.com/pub/flashplayer/update/current/aih/aih_sgn.z

hXXp://fpdownload2.macromedia.com/pub/flashplayer/update/current/aih/aih_sgn.z

M/15.0.0.239

M/15.0.0.239

Msimg32.dll

Msimg32.dll

window key up

window key up

mscoree.dll

mscoree.dll

KERNEL32.DLL

KERNEL32.DLL

=This installer is not compatible with your operating system.

=This installer is not compatible with your operating system.

.Programme d

.Programme d

compatibile con il sistema operativo.

compatibile con il sistema operativo.

.Programa de instalaci

.Programa de instalaci

n no se admite en su sistema operativo.

n no se admite en su sistema operativo.

.Installatieprogramma van Adobe Flash Player ^

.Installatieprogramma van Adobe Flash Player ^

r inte kompatibelt med operativsystemet.

r inte kompatibelt med operativsystemet.

.Installationsprogram f

.Installationsprogram f

vel com o sistema operacional.

vel com o sistema operacional.

m opera

m opera

;Ten instalator nie jest zgodny z tym systemem operacyjnym.

;Ten instalator nie jest zgodny z tym systemem operacyjnym.

15,0,0,239

15,0,0,239

FlashUtil.exe

FlashUtil.exe

InstallFlashPlayer.exe_816:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

@.reloc

@.reloc

SSj%S

SSj%S

SSSSh0

SSSSh0

HHt.Ht%Ht

HHt.Ht%Ht

PSSj%S

PSSj%S

tOHt.Ht

tOHt.Ht

tGHt.Ht&

tGHt.Ht&

&Macromedia Flash Certificate Authority1

&Macromedia Flash Certificate Authority1

secure@macromedia.com1

secure@macromedia.com1

E.YY&~g

E.YY&~g

HttpQueryInfoW

HttpQueryInfoW

HttpSendRequestW

HttpSendRequestW

HttpOpenRequestW

HttpOpenRequestW

CertFreeCertificateContext

CertFreeCertificateContext

CertVerifySubjectCertificateContext

CertVerifySubjectCertificateContext

CertFindCertificateInStore

CertFindCertificateInStore

CertCreateCertificateContext

CertCreateCertificateContext

CryptGetMessageCertificates

CryptGetMessageCertificates

atl.dll

atl.dll

1.0.5, 10-Dec-2007

1.0.5, 10-Dec-2007

(VVV.memtest86.com). At the time of writing it is free (GPLd).

(VVV.memtest86.com). At the time of writing it is free (GPLd).

bzip2/libbzip2: internal error number %d.

bzip2/libbzip2: internal error number %d.

This is a bug in bzip2/libbzip2, %s.

This is a bug in bzip2/libbzip2, %s.

Please report it to me at: jseward@bzip.org. If this happened

Please report it to me at: jseward@bzip.org. If this happened

component, you should also report this bug to the author(s)

component, you should also report this bug to the author(s)

of that program. Please make an effort to report this bug;

of that program. Please make an effort to report this bug;

timely and accurate bug reports eventually lead to higher

timely and accurate bug reports eventually lead to higher

combined CRCs: stored = 0xx, computed = 0xx

combined CRCs: stored = 0xx, computed = 0xx

{0xx, 0xx}

{0xx, 0xx}

codes %d

codes %d

code lengths %d,

code lengths %d,

selectors %d,

selectors %d,

bytes: mapping %d,

bytes: mapping %d,

pass %d: size is %d, grp uses are

pass %d: size is %d, grp uses are

initial group %d, [%d .. %d], has %d syms (%4.1f%%)

initial group %d, [%d .. %d], has %d syms (%4.1f%%)

Y@ %d in block, %d after MTF & 1-2 coding, %d 2 syms in use

Y@ %d in block, %d after MTF & 1-2 coding, %d 2 syms in use

final combined CRC = 0xx

final combined CRC = 0xx

block %d: crc = 0xx, combined CRC = 0xx, size = %d

block %d: crc = 0xx, combined CRC = 0xx, size = %d

[%d: huff mtf

[%d: huff mtf

m unresolved strings

m unresolved strings

depth m has

depth m has

%d pointers, %d sorted, %d scanned

%d pointers, %d sorted, %d scanned

qsort [0x%x, 0x%x] done %d this %d

qsort [0x%x, 0x%x] done %d this %d

%d work, %d block, ratio %5.2f

%d work, %d block, ratio %5.2f

Please contact the application's support team for more information.

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- CRT not initialized

- floating point support not loaded

- floating point support not loaded

operator

operator

GetProcessWindowStation

GetProcessWindowStation

USER32.DLL

USER32.DLL

Morpheme.pdb

Morpheme.pdb

OLEACC.dll

OLEACC.dll

PSAPI.DLL

PSAPI.DLL

KERNEL32.dll

KERNEL32.dll

GetKeyState

GetKeyState

USER32.dll

USER32.dll

GDI32.dll

GDI32.dll

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

RegCreateKeyExW

RegCreateKeyExW

ADVAPI32.dll

ADVAPI32.dll

ShellExecuteW

ShellExecuteW

ShellExecuteExW

ShellExecuteExW

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

GetConsoleOutputCP

GetConsoleOutputCP

GetProcessHeap

GetProcessHeap

GetCPInfo

GetCPInfo

Morpheme.exe

Morpheme.exe

zcÁ

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}\InstallFlashPlayer.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\{4120E413-3A83-484D-B0E4-7C645A7C6821}\InstallFlashPlayer.exe

B.Ors

B.Ors

.NBQB~

.NBQB~

stdole2.tlbWWW(

stdole2.tlbWWW(

?jp_msgFormatVersionWW

?jp_msgFormatVersionWW

_:p_msgDataWWW

_:p_msgDataWWW

p_expectedMsgFormatW

p_expectedMsgFormatW

I:p_urlWWW

I:p_urlWWW

.zp_dwStateWWW

.zp_dwStateWWW

p_sourceURLW

p_sourceURLW

p_refURL,

p_refURL,

urlW

urlW

Created by MIDL version 7.00.0500 at Wed Nov 19 14:08:56 2014

Created by MIDL version 7.00.0500 at Wed Nov 19 14:08:56 2014

5555555555555555555

5555555555555555555

.>.>.>.>.

.>.>.>.>.

6(6(6(6(

6(6(6(6(

P;.xno

P;.xno

fJ.Fh

fJ.Fh

XFQ.BN

XFQ.BN

o.gGp

o.gGp

.rnG8

.rnG8

pg"b.dE

pg"b.dE

$(EK%Sq3

$(EK%Sq3

T^.Fu

T^.Fu

o!.zg

o!.zg

&9n%S(

&9n%S(

keyN

keyN

h.tgg

h.tgg

m.kty

m.kty

|%F!!Slk

|%F!!Slk

mX.fO

mX.fO

~1.hT

~1.hT

.AZK6'

.AZK6'

%fkWj1i

%fkWj1i

%u0$Q

%u0$Q

%Xjeo

%Xjeo

9e?B.SH

9e?B.SH

urLXun

urLXun

.qV*g8

.qV*g8

Q8!5|%u

Q8!5|%u

Jd.CM

Jd.CM

pk.Su

pk.Su

$%uOC

$%uOC

L~ExEy

L~ExEy

:s.bh

:s.bh

,.Qwi

,.Qwi

%Cv~/

%Cv~/

.ktjl

.ktjl

OA!%c

OA!%c

Sqv.CE

Sqv.CE

=.idE

=.idE

hn.hm}

hn.hm}

.FRBqT

.FRBqT

FY%x

FY%x

R%C[Eb

R%C[Eb

2.cdZF

2.cdZF

.kYS,,

.kYS,,

%Fu(b

%Fu(b

0D*%DhL

0D*%DhL

%DsWGq

%DsWGq

.cDgF

.cDgF

p%CRq

p%CRq

?.pb'I

?.pb'I

hg.RP

hg.RP

0%Uey

0%Uey

P;.Gx_

P;.Gx_

~-ZG}

~-ZG}

0 sy%xd6

0 sy%xd6

7.oyz-

7.oyz-

*Z.fj'

*Z.fj'

!.XztV>

!.XztV>

7v]%s

7v]%s

.TD!s

.TD!s

2H-ONTuj}

2H-ONTuj}

.Uno33O

.Uno33O

u.TfX

u.TfX

v.mZh

v.mZh

ú7t

ú7t

H%.DS7a.=

H%.DS7a.=

ÞJBB

ÞJBB

8Y.ywb

8Y.ywb

%U`>k

%U`>k

w.Iu/

w.Iu/

V.ltN

V.ltN

$WN%s

$WN%s

X=.dI

X=.dI

ugY-,.yXy

ugY-,.yXy

xd2.hL

xd2.hL

N[4R%S

N[4R%S

zT.dm

zT.dm

o.ZVA

o.ZVA

pI%C{

pI%C{

m"'WeB

m"'WeB

z%ugY?`

z%ugY?`

sl.ZV

sl.ZV

1.HvV7

1.HvV7

.dyWr &G

.dyWr &G

.CeKG

.CeKG

?>%fxs

?>%fxs

:>.eC

:>.eC

p:.Uf

p:.Uf

.mYuT2l

.mYuT2l

.TRHa

.TRHa

.SHrv9

.SHrv9

9Om3%C

9Om3%C

%u&^7>

%u&^7>

7g%s"

7g%s"

L%UJkV

L%UJkV

Eq.lC-

Eq.lC-

[#&3PS%u

[#&3PS%u

J.Do3

J.Do3

.Vb

.Vb

{.Fn~

{.Fn~

tw!r%Dz*

tw!r%Dz*

!s%uN

!s%uN

W{Ú

W{Ú

CpF%X

CpF%X

_,.nH

_,.nH

.zG//

.zG//

B~*.*

B~*.*

.kR[@C

.kR[@C

(.UTa

(.UTa

I:S.qXUo

I:S.qXUo

.Fw:Q

.Fw:Q

?.qk&

?.qk&

^t{.NJ

^t{.NJ

8N.FtKG

8N.FtKG

j.Fmv UI

j.Fmv UI

m%.cJ

m%.cJ

x`%Ct

x`%Ct

TzY{%S

TzY{%S

p%Fw|

p%Fw|

um.tt{`

um.tt{`

d.UHcz

d.UHcz

.eLHfZ

.eLHfZ

×@#

×@#

Z*H%sP?

Z*H%sP?

Q%X~`

Q%X~`

t%-j}]

t%-j}]

iE.sgO

iE.sgO

Gh%dN

Gh%dN

7~.Ud

7~.Ud

E.TK`

E.TK`

o.qM(

o.qM(

a-%u`W

a-%u`W

R%x=*|U6/i

R%x=*|U6/i

-A1I}

-A1I}

\s3.aS

\s3.aS

fkSSH

fkSSH

r%xnO

r%xnO

h-jxduy}S|

h-jxduy}S|

h

h

%UsH/G

%UsH/G

!8] .4/*

!8] .4/*

mb;F%d]

mb;F%d]

.rOPO

.rOPO

-o}*:s?

-o}*:s?

.gN'K

.gN'K

.MZrm

.MZrm

%uzqz

%uzqz

W%Dh3l

W%Dh3l

nXEe%C

nXEe%C

J;'.JCg

J;'.JCg

4?.qm!

4?.qm!

2m$%d

2m$%d

.ki0

.ki0

iN%ux

iN%ux

O.ovxHW

O.ovxHW

%F@/V

%F@/V

.wMaI

.wMaI

c%f,BsR&D

c%f,BsR&D

`aM%s

`aM%s

m*.oFnO,

m*.oFnO,

x0{.ikdyE

x0{.ikdyE

{o>%UR)

{o>%UR)

w%dhd

w%dhd

Bo%S~>"1W

Bo%S~>"1W

n.lo)

n.lo)

v.aRXuy|kf

v.aRXuy|kf

Th %x

Th %x

?t.mw!p

?t.mw!p

.xT);

.xT);

.wbY=&

.wbY=&

D/Q.kM

D/Q.kM

JS.aD

JS.aD

.hTx&

.hTx&

}.At]

}.At]

L.lM&

L.lM&

WB.rH

WB.rH

tË^0FT/!

tË^0FT/!

UX.Mj

UX.Mj

4`^.eN

4`^.eN

5%.bO

5%.bO

.zoQD

.zoQD

o`S%d

o`S%d

{W.tJ

{W.tJ

.bjl

.bjl

M

M

c.arB

c.arB

p|.wp.

p|.wp.

Q*V\%S

Q*V\%S

/L%c!^o4

/L%c!^o4

.uXpKG`

.uXpKG`

`vt.kY4-P-H

`vt.kY4-P-H

J).orQb}&

J).orQb}&

g).ww|

g).ww|

.MO*f\

.MO*f\

%fW`g

%fW`g

2d%fq&

2d%fq&

4@'%D@aw;T

4@'%D@aw;T

;.DuIX

;.DuIX

NtCP

NtCP

%xn9J

%xn9J

l\.Pi

l\.Pi

qCÏg

qCÏg

[uURl

[uURl

u!'?%uh

u!'?%uh

I.oW=/z

I.oW=/z

=h.LW1

=h.LW1

-./@\'[5

-./@\'[5

0Kz%u

0Kz%u

.rCHh

.rCHh

.bb9;

.bb9;

(%S548

(%S548

T-.Yk

T-.Yk

.mL7;

.mL7;

yg.Va

yg.Va

j]%uY

j]%uY

%u>Wx

%u>Wx

!]$ôy

!]$ôy

),=3$^_$

),=3$^_$

pv.NP

pv.NP

A.hn*

A.hn*

.rpeQW

.rpeQW

gV%D(

gV%D(

%cx*s.b

%cx*s.b

.QcVk"

.QcVk"

n-.cxS]3v(

n-.cxS]3v(

D2.WQ

D2.WQ

"D8'%D

"D8'%D

)w60%cIqr$}

)w60%cIqr$}

'y?%C

'y?%C

mkG%DQ

mkG%DQ

]`%dv

]`%dv

f.dj&

f.dj&

{3h%D\@

{3h%D\@

.iQl]

.iQl]

$l.Nnb

$l.Nnb

yg%U*9[

yg%U*9[

$Ë=K

$Ë=K

VJ\\%S

VJ\\%S

j'.mr

j'.mr

.Ck ]

.Ck ]

]gd.Od

]gd.Od

.niC#

.niC#

N.Wk7

N.Wk7

Ks`%u

Ks`%u

a_~%c

a_~%c

pS.Vc

pS.Vc

P.pl:J/%

P.pl:J/%

dZk%F

dZk%F

qM.eF9

qM.eF9

.LV*C

.LV*C

.Vr$H

.Vr$H

u2%XMH

u2%XMH

SEt;[F&]Ï

SEt;[F&]Ï

5=.gK(

5=.gK(

.vYt6

.vYt6

8n.dL

8n.dL

B".lT

B".lT

.GkA9

.GkA9

R#.lx

R#.lx

O3%s8Ab

O3%s8Ab

x@.ko

x@.ko

eFv.prW

eFv.prW

zd.VxQ

zd.VxQ

:.dKs

:.dKs

x].hS

x].hS

1/@[%D

1/@[%D

.CIs{

.CIs{

dOb.Rbkw6K$

dOb.Rbkw6K$

&.LghK

&.LghK

&<.ttu>

&<.ttu>

%1x%]U

%1x%]U

F.qm1!nQ

F.qm1!nQ

Os}}.Ue

Os}}.Ue

%Xv0{

%Xv0{

%xg&8

%xg&8

.zDa;j

.zDa;j

(%d_R

(%d_R

r%fsX

r%fsX

fs.aq

fs.aq

hz.QB

hz.QB

;hZA×aN

;hZA×aN

zP.eQ9~

zP.eQ9~

1).lX

1).lX

ft'#%u

ft'#%u

4_m%s

4_m%s

\%xD[

\%xD[

9(u|O

9(u|O

oa%Dw

oa%Dw

/\Q.zG

/\Q.zG

n.AIf

n.AIf

%SIM[

%SIM[

5M%CL=S?

5M%CL=S?

\.dCMIS

\.dCMIS

;eXe7

;eXe7

f)%d`

f)%d`

5.TJ|

5.TJ|

yo-5}y

yo-5}y

(.FZI

(.FZI

m%c?;

m%c?;

T.WQ5

T.WQ5

BpNby!..klU

BpNby!..klU

c%UGe

c%UGe

tFtp

tFtp

r7þ

r7þ

%UBF_

%UBF_

:;~.dD

:;~.dD

8r&*%C

8r&*%C

630%U{8_

630%U{8_

.Zq]|7).

.Zq]|7).

.Lj]i

.Lj]i

.snp2YV

.snp2YV

0@%u*

0@%u*

.VG(

.VG(

.apt}

.apt}

.otx(

.otx(

;-.wY.fK\

;-.wY.fK\

t.TFj

t.TFj

2.rtb

2.rtb

(IkYZ%c`

(IkYZ%c`

Wl.dG"-Aqp

Wl.dG"-Aqp

.mBrU1

.mBrU1

.DYU"

.DYU"

ruF:/%F

ruF:/%F

O =.vk

O =.vk

)7%X4%

)7%X4%

K.zR'

K.zR'

&.Keex

&.Keex

/PD

/PD

.adOc

.adOc

f%X@Qj@

f%X@Qj@

H.vEf

H.vEf

B%u*n

B%u*n

%u

%u

.jd[$,

.jd[$,

j.vd6

j.vd6

%uSb!

%uSb!

`,f.CB&E

`,f.CB&E

@7sQl

@7sQl

ZCMD

ZCMD

I7E%C'u

I7E%C'u

6);.bq

6);.bq

S!%UE

S!%UE

.yy=3

.yy=3

%.Cxg

%.Cxg

r1m.ql

r1m.ql

;"h.MY

;"h.MY

.ikbu[

.ikbu[

.iZ}%

.iZ}%

ph.Sh

ph.Sh

3p.ZE

3p.ZE

zi_H%x

zi_H%x

hGC.iI{

hGC.iI{

}%s$!

}%s$!

fN%SO

fN%SO

MyE%F

MyE%F

S(g0%u_@c

S(g0%u_@c

m_.Cz/

m_.Cz/

*.TbC

*.TbC

^%X

^%X

'>.vyFV['

'>.vyFV['

~d5%u

~d5%u

z.jyN

z.jyN

g.fc.

g.fc.

iD.Oy

iD.Oy

Q>:%c

Q>:%c

%Fp0J

%Fp0J

.Sk(0

.Sk(0

$F%F@

$F%F@

rK.LIr

rK.LIr

.mmtMy8

.mmtMy8

b&.Id

b&.Id

h.By

h.By

}/%S_

}/%S_

xd1gL%D

xd1gL%D

.wnLf

.wnLf

A{H%D

A{H%D

U.Rls

U.Rls

Q.NDW

Q.NDW

%U8-f

%U8-f

x.Es1

x.Es1

ck8%D

ck8%D

.Vs=U

.Vs=U

,Q'@.zS

,Q'@.zS

n&%C_

n&%C_

.sr=F

.sr=F

#.RWpV!

#.RWpV!

n.OL?Zc

n.OL?Zc

3HF%dS_

3HF%dS_

A{Q:

A{Q:

%Sd=&'

%Sd=&'

c%c=WB9

c%c=WB9

.lj^9

.lj^9

H`[4S.DRa

H`[4S.DRa

Ch.Wk

Ch.Wk

*ýM

*ýM

JAR%sg'

JAR%sg'

.iMcy4p

.iMcy4p

y.ub)

y.ub)

[R.mjP

[R.mjP

R!.mb!

R!.mb!

?"b.Wx

?"b.Wx

.KSs@

.KSs@

eJ7.mdE&

eJ7.mdE&

.zIAC

.zIAC

j.kh,

j.kh,

_.LR"

_.LR"

^R%q>.GS

^R%q>.GS

.syY".

.syY".

{X L-LH}J

{X L-LH}J

ü)n

ü)n

cX.TA

cX.TA

\~.Ec

\~.Ec

{=b_KeY3_

{=b_KeY3_

~.iKu

~.iKu

_/.kO

_/.kO

o3i%Xk

o3i%Xk

.kBlz

.kBlz

v}C.Qs

v}C.Qs

.DL;'

.DL;'

N%S#l

N%S#l

d.rn(

d.rn(

~&.Lo]

~&.Lo]

%f/h]

%f/h]

1??3%S

1??3%S

t9 .Vk

t9 .Vk

N>.UM

N>.UM

.OjP;B

.OjP;B

6c.lk\%NL

6c.lk\%NL

-# .Vl

-# .Vl

.amkp

.amkp

c..rM

c..rM

& .Cv&

& .Cv&

,.czHT

,.czHT

d?B)-o}

d?B)-o}

.OX{*

.OX{*

.Fono

.Fono

%?5%S%v

%?5%S%v

DB].jVR

DB].jVR

.vo.e}#E

.vo.e}#E

.Fk")N

.Fk")N

.lh{@v

.lh{@v

5 Î

5 Î

W%cq5l

W%cq5l

ra%xf*

ra%xf*

û1N

û1N

( Z|E"T%S

( Z|E"T%S

W.Be ^C

W.Be ^C

["x{.KZX

["x{.KZX

N.wr/

N.wr/

.wb4f

.wb4f

`F5 %uO!LD3m

`F5 %uO!LD3m

j%.mf

j%.mf

.Gff[@

.Gff[@

%U=5"

%U=5"

imk.RSQ{

imk.RSQ{

c%D{2

c%D{2

}%9UJ

}%9UJ

lZF%C

lZF%C

Ykey

Ykey

@W.ii

@W.ii

.BW;Q

.BW;Q

HWDo%XT

HWDo%XT

w%U[`9Ky>

w%U[`9Ky>

P.&x%X

P.&x%X

A.ZfN

A.ZfN

T-qE}

T-qE}

a.aTzs

a.aTzs

sS

sS

"@%xX

"@%xX

/%s.:u

/%s.:u

_~.BS*4

_~.BS*4

J}L%s,

J}L%s,

5NK!%s

5NK!%s

%XK`F

%XK`F

R]%8S

R]%8S

Gm.SJ

Gm.SJ

1vl.xIKM

1vl.xIKM

.rhHj

.rhHj

9,C-%F[xw

9,C-%F[xw

1.qW|

1.qW|

O.GR]FA

O.GR]FA

X&g.Mt

X&g.Mt

Q.RPF

Q.RPF

%cr6

%cr6

Q.glf

Q.glf

.jt81

.jt81

..Ho'S

..Ho'S

.zY[nx

.zY[nx

U%X/_

U%X/_

.IYy\

.IYy\

FE.Hi

FE.Hi

%D%o/

%D%o/

.ZWuz

.ZWuz

#Ì,{v^

#Ì,{v^

A_.PV

A_.PV

#.auN3n

#.auN3n

5*6%sJ

5*6%sJ

.%D=T

.%D=T

.yIuC

.yIuC

j%DTFWu_

j%DTFWu_

9Ht%SOMIN8

9Ht%SOMIN8

SA%XA

SA%XA

h".yi

h".yi

.SB#*"FnU

.SB#*"FnU

.yg8|Q

.yg8|Q

.oZ47\

.oZ47\

V.aaH9

V.aaH9

.HHp)" 1

.HHp)" 1

}Ër"blOd5

}Ër"blOd5

lL47yf

lL47yf

eZ%w%u

eZ%w%u

.zz7Y^

.zz7Y^

.HiAa

.HiAa

Z}%Uu

Z}%Uu

=,.wY

=,.wY

W%cxvrH

W%cxvrH

/T|e-m}

/T|e-m}

c

c

suuDP1

suuDP1

#.Mg]Y

#.Mg]Y

.uk)Y

.uk)Y

SO %Ul

SO %Ul

w.lAS_j

w.lAS_j

}b%X=

}b%X=

.FN0Y

.FN0Y

^Z.do

^Z.do

a!P4"%F

a!P4"%F

;Bf%U

;Bf%U

.^%u>F

.^%u>F

x.B.WU

x.B.WU

ÏQkmO

ÏQkmO

j h%d

j h%d

s%xu

s%xu

(o*.mA

(o*.mA

YI.AjxJn

YI.AjxJn

%Dq.6

%Dq.6

z%u=7

z%u=7

.Vo@*

.Vo@*

Pv.Za

Pv.Za

@R{p.oy

@R{p.oy

7.ZC%

7.ZC%

re%xT

re%xT

.FETlFDk

.FETlFDk

C%xBrE

C%xBrE

2ú@

2ú@

hf.Fx

hf.Fx

û,xR>T

û,xR>T

.RAJMDEm

.RAJMDEm

r8UDSH5

r8UDSH5

Xj%xe

Xj%xe

.LoI]

.LoI]

".OLv

".OLv

%X_l2

%X_l2

Ou.oS

Ou.oS

W8n .wv

W8n .wv

S?.tX

S?.tX

P*.Ok

P*.Ok

{=:X.Qr

{=:X.Qr

"^n.El

"^n.El

Dr5%s?

Dr5%s?

.tWaz

.tWaz

.nj*N

.nj*N

.Vx5-m

.Vx5-m

-s}^0;5|

-s}^0;5|

.XKHS

.XKHS

q-L5}

q-L5}

lHG.cd

lHG.cd

a.JtXh

a.JtXh

zS%X?

zS%X?

Uw.ErBN

Uw.ErBN

RC.Yb

RC.Yb

.Zed#

.Zed#

.Do@FRm

.Do@FRm

.Fa*S``$

.Fa*S``$

`f.UU

`f.UU

s.XRt

s.XRt

.wFEZM!

.wFEZM!

5%fyv

5%fyv

.Cyf]

.Cyf]

:qT%f

:qT%f

(37%u

(37%u

%d:_t

%d:_t

Vg.kNH

Vg.kNH

(.VgW

(.VgW

(h.Nd

(h.Nd

ML![c%ST

ML![c%ST

q$l

q$l

bUrL

bUrL

AKr6#%d

AKr6#%d

Bo.Xy

Bo.Xy

9%UloC

9%UloC

-F}4Yb

-F}4Yb

%c w#8

%c w#8

N,-n}

N,-n}

cN0%x,

cN0%x,

Vp%c{g

Vp%c{g

6GJ%c

6GJ%c

5H.aB

5H.aB

0).WP

0).WP

E .ged&%]g

E .ged&%]g

.KGR.Z

.KGR.Z

_.ywREI

_.ywREI

EdX>%Dx

EdX>%Dx

7\l%x

7\l%x

.HX?u

.HX?u

m %c~

m %c~

"j%cy

"j%cy

CY>%s4

CY>%s4

%Cy|\V

%Cy|\V

Yxn.Fz

Yxn.Fz

ð

ð

F&.MnJ

F&.MnJ

8.shH[

8.shH[

'_.hF|J

'_.hF|J

Fm.mA

Fm.mA

.sQ7l

.sQ7l

)%S\%

)%S\%

Ü1c

Ü1c

Pef%D~

Pef%D~

.CFn~1ZX

.CFn~1ZX

/)cVjTr)c'.Bx

/)cVjTr)c'.Bx

.AlMK

.AlMK

Yh.JQH4

Yh.JQH4

M.ElQ

M.ElQ

T_%5S

T_%5S

,tFlT

,tFlT

1Ca.af

1Ca.af

?%u2z

?%u2z

B>%Uhr

B>%Uhr

ED\.PfZ

ED\.PfZ

.dA$>

.dA$>

.uLGQ!

.uLGQ!

ah.Dk

ah.Dk

.Ivnewfz,

.Ivnewfz,

2e.DP

2e.DP

uz%dJ

uz%dJ

L%c#@

L%c#@

]SO.QA

]SO.QA

$.sAh

$.sAh

`*.WH

`*.WH

w{A%F

w{A%F

JL%XR

JL%XR

G.YG=

G.YG=

R.Xn_G

R.Xn_G

4%2S@

4%2S@

$a.Gp

$a.Gp

=P%snO

=P%snO

w4.G-2}[

w4.G-2}[

QX.yt

QX.yt

s*.Nv

s*.Nv

w,fB%stAj

w,fB%stAj

6k~%x

6k~%x

TUDP-C

TUDP-C

%.Ao~

%.Ao~

/5.NSc3n$P6t

/5.NSc3n$P6t

S-[%C

S-[%C

}D.no

}D.no

"GMSG

"GMSG

.Nz_

.Nz_

"OZ%X75

"OZ%X75

.TNtv

.TNtv

#NDPd.mP

#NDPd.mP

.sJtq

.sJtq

n.ru-

n.ru-

.SSWb

.SSWb

eCc.Bz

eCc.Bz

~%FM]

~%FM]

X.srM?

X.srM?

,b.ze

,b.ze

h=Z%d

h=Z%d

na.WX

na.WX

]#.jD

]#.jD

\ia%d

\ia%d

%C&xz

%C&xz

gp.aM

gp.aM

Z$7%u

Z$7%u

G^.XdgU

G^.XdgU

*O.ew

*O.ew

d.Ooj

d.Ooj

.szjAu

.szjAu

.ood

.ood

*@".Hu

*@".Hu

]\v%f

]\v%f

.%Fu-

.%Fu-

pBF%X

pBF%X

%.kg7

%.kg7

Ä(2:

Ä(2:

2K.nB!3

2K.nB!3

m!.pa

m!.pa

av=%d

av=%d

*p.sn

*p.sn

4.Re\r

4.Re\r

.Hgs\

.Hgs\

.QS12

.QS12

.LwXu*

.LwXu*

G.Ô

G.Ô

*EY.tq

*EY.tq

H0%F

H0%F

nkEy

nkEy

v.qTm"

v.qTm"

.hP05

.hP05