HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Variant.Symmi.46681 (B) (Emsisoft), Gen:Variant.Symmi.46681 (AdAware), Backdoor.Win32.PcClient.FD (Lavasoft MAS)Behaviour: Trojan, Backdoor
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 6205e490358ccd613d6833c2967cf5f3
SHA1: e477623a1bb746ba244207e7e88baa7dbe531102
SHA256: 5d29b48a2081dd7f2a2fb78ffb59cdbf0edf75e5db89d307c89b96162a31e4f4
SSDeep: 12288:zj8mtkFUHcLmxSl7nYbfxcNpkLdon hRNyONDQKRORYBQwlwK70pF:3IWHcL0knYrxAQdLPyGDQKkCQwlwvb
Size: 1468980 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-09-14 14:00:33
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
RunDll32.exe:1280
RunDll32.exe:1900
The Trojan injects its code into the following process(es):
%original file name%.exe:1736
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1736 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_big.ie6[1].css (1642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\fc07[1].swf (1633 bytes)
%System%\drivers\etc\hosts.ics (535 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.red-hack[2].txt (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\Htc4rFwBo9MiiLtTJ52VfJFHA[1].png (1279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\XZLHgNwOWBTV7ks9l0LIq69q4[1].png (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\2[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\SYVqxrdCZZcZKF2eqSMa5ASsE[1].png (379 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\_big.ie[2].css (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\L9oVwoGR96dEDhTKmwv9mQ[1].png (1463 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\gF8niIgIQ0t6FKXZhJfMaZks[1].png (720 bytes)
%System%\drivers\etc\hosts (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\YJoTPXQ4lyvFxy-YA21NYfeuE[1].png (438 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_big[1].css (12446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\fYfY3206UtcGoRhtjWePt8s1s[1].png (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\_big.uk.templates[1].js (25994 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\i_5cY2K41gNjDw-NvobBPpiw0[1].png (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\_big.icons.ie6[1].css (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\4wOHp7JmBIaRrlw2H2cx6WyBg[1].png (613 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@hit.gemius[1].txt (202 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (8160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_big[2].css (13715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\Is8JnxA2G2XZ-WZ2Xde_bMhVU[1].png (429 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pass.yandex[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\bTH3x-WofUo09diZC73BQiQbg[1].png (1526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\anti[1].php (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\jquery.min[2].js (12777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\sj4YylGvYOLvKGaXOysZ1vn3AZA[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\_big.uk.templates[2].js (30469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\ico-16[1].png (2051 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\sBzUHrzXNNmc65s2qEWEZfvtg[1].png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_big.ie6[2].css (777 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@hit.gemius[2].txt (467 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\logo[1].png (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\ALv6Jm_Bmg0ny1St-meLdGwtU[1].png (508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\QY6oXmIXtWtWLJK6JwzZJpQAk[1].png (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\kOSsbal6tC_C9WZL6M65ZfUfc[1].png (438 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_ID4xq1duIV8d1zGVIkfTeLlQ[1].png (671 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\ajax-loader[1].gif (3966 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\2hG0eCPmwbgSzQzPLOTCeEZY8[1].png (822 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tns-counter[1].txt (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\epPrmzlEkEFE6HHmLUbNzylAY[1].png (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\GMB2ZfLtSQVjHRbXRfaY3GIO0[1].png (475 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[3].txt (3034 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.red-hack[1].txt (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\fc07_2[1].htm (1510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\fUi1MQ-aKai27PBlsS3FoeCh8[1].png (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[2].txt (2787 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\jquery.min[1].js (11431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\_big.ie[1].css (1642 bytes)
%Documents and Settings%\All Users\Desktop\ÌÅÃÀÃâ€â€ÃƒÆ’ˆÃ’11.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\watch[1].js (36122 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[1].txt (2070 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\yandex[1].htm (1512 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\B32OFZsVQcrxvnZgLKMmFmu3U[1].png (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\_big.icons.ie6[2].css (651 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\skc_d[1].png (585 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\pwwDoBiDac4NZYxGN-R4wD6PA[1].png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\UzbfvkemSS3OfjF86pijzhjIE[1].png (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\La6qi18Z8LwgnZdsAr1qy1GwCwo[1].gif (43 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_big.ie6[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\_big.uk.templates[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\_big.icons.ie6[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@hit.gemius[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.red-hack[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[3].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\_big.ie[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_big[1].css (0 bytes)
Registry activity
The process %original file name%.exe:1736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1410692433"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"NetHood" = "%Documents and Settings%\%current user%\NetHood"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1A 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
"Templates" = "%Documents and Settings%\%current user%\Templates"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"PrintHood" = "%Documents and Settings%\%current user%\PrintHood"
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 EA FF EB 37 A6 9B DA 97 B9 48 AE 87 A9 BA 0C"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"
"AutoConfigURL"
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"cfire"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cfire"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"cfiremaster"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cfiremaster"
The process RunDll32.exe:1280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 7E DC 20 88 D0 4E 62 13 1D 36 8D 88 8D A2 4C"
The process RunDll32.exe:1900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 9E 6C C4 72 A0 30 03 B6 BB 27 72 13 06 C1 76"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 533 bytes in size. The following strings are added to the hosts file listed below:
9.9.9.9 | mobily.pw |
9.9.9.9 | patron.tweethashcount.com |
9.9.9.9 | track.ttswebdesign.com |
9.9.9.9 | grizzl.thewell-beingcompany.com |
9.9.9.9 | rdp.thewalkinginstitute.com |
9.9.9.9 | welcome.thesplitscreenphotobooth.com |
9.9.9.9 | hello.thesplitscreenphotobooth.com |
9.9.9.9 | welcome.thecraftbarnwales.com |
9.9.9.9 | hello.sylvanstructures.com |
9.9.9.9 | remote.sylvanstructures.com |
9.9.9.9 | wuah.chekc.co.vu |
9.9.9.9 | canmacar.com |
9.9.9.9 | www.canmacar.com |
9.9.9.9 | phaelixe.com |
9.9.9.9 | nitrous.cf |
9.9.9.9 | godlikeweapon.pw |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
RunDll32.exe:1280
RunDll32.exe:1900 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_big.ie6[1].css (1642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\fc07[1].swf (1633 bytes)
%System%\drivers\etc\hosts.ics (535 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.red-hack[2].txt (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\Htc4rFwBo9MiiLtTJ52VfJFHA[1].png (1279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\XZLHgNwOWBTV7ks9l0LIq69q4[1].png (239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\2[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\SYVqxrdCZZcZKF2eqSMa5ASsE[1].png (379 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\_big.ie[2].css (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\L9oVwoGR96dEDhTKmwv9mQ[1].png (1463 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\gF8niIgIQ0t6FKXZhJfMaZks[1].png (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\YJoTPXQ4lyvFxy-YA21NYfeuE[1].png (438 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_big[1].css (12446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\fYfY3206UtcGoRhtjWePt8s1s[1].png (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\_big.uk.templates[1].js (25994 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\i_5cY2K41gNjDw-NvobBPpiw0[1].png (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\_big.icons.ie6[1].css (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\4wOHp7JmBIaRrlw2H2cx6WyBg[1].png (613 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@hit.gemius[1].txt (202 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (8160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_big[2].css (13715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\Is8JnxA2G2XZ-WZ2Xde_bMhVU[1].png (429 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pass.yandex[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\bTH3x-WofUo09diZC73BQiQbg[1].png (1526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\anti[1].php (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\jquery.min[2].js (12777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\sj4YylGvYOLvKGaXOysZ1vn3AZA[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\_big.uk.templates[2].js (30469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\ico-16[1].png (2051 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\sBzUHrzXNNmc65s2qEWEZfvtg[1].png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_big.ie6[2].css (777 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@hit.gemius[2].txt (467 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\logo[1].png (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\ALv6Jm_Bmg0ny1St-meLdGwtU[1].png (508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\QY6oXmIXtWtWLJK6JwzZJpQAk[1].png (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\kOSsbal6tC_C9WZL6M65ZfUfc[1].png (438 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\_ID4xq1duIV8d1zGVIkfTeLlQ[1].png (671 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\ajax-loader[1].gif (3966 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\2hG0eCPmwbgSzQzPLOTCeEZY8[1].png (822 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tns-counter[1].txt (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\epPrmzlEkEFE6HHmLUbNzylAY[1].png (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\GMB2ZfLtSQVjHRbXRfaY3GIO0[1].png (475 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[3].txt (3034 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.red-hack[1].txt (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\fc07_2[1].htm (1510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\fUi1MQ-aKai27PBlsS3FoeCh8[1].png (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[2].txt (2787 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\jquery.min[1].js (11431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\_big.ie[1].css (1642 bytes)
%Documents and Settings%\All Users\Desktop\ÌÅÃÀÃâ€â€ÃƒÆ’ˆÃ’11.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IMOOAFEK\watch[1].js (36122 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yandex[1].txt (2070 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\yandex[1].htm (1512 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\B32OFZsVQcrxvnZgLKMmFmu3U[1].png (184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\V250UGS4\_big.icons.ie6[2].css (651 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\skc_d[1].png (585 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\P2WRT9QD\pwwDoBiDac4NZYxGN-R4wD6PA[1].png (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\UzbfvkemSS3OfjF86pijzhjIE[1].png (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\NLD600WS\La6qi18Z8LwgnZdsAr1qy1GwCwo[1].gif (43 bytes) - Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: MS
Product Name: Project1
Product Version: 1.00
Legal Copyright:
Legal Trademarks:
Original Filename: fapcfok.exe
Internal Name: fapcfok
File Version: 1.00
File Description:
Comments:
Language: English (United States)
Company Name: MSProduct Name: Project1Product Version: 1.00Legal Copyright: Legal Trademarks: Original Filename: fapcfok.exeInternal Name: fapcfokFile Version: 1.00File Description: Comments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
4096 | 916240 | 61440 | 5.41695 | 70a4d1633d8191a6a9cc336b5d7c8bf2 | |
921600 | 8712 | 4096 | 5.54494 | 9472719f5bfed4c3ff9b09e9c068a092 | |
.rsrc | 933888 | 1385576 | 1388544 | 5.54484 | 5c1ad279f6ccfafcf9a6c53e80d725e4 |
2322432 | 81920 | 10804 | 5.50418 | 9b4dce047a133b554176b842632fe78c |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://antiweb.zapto.org/ | 8.23.224.90 |
hxxp://googlecode.l.googleusercontent.com/svn/trunk/anti.php | |
hxxp://yandex.ru/ | |
hxxp://www.yandex.ru/ | 213.180.193.3 |
hxxp://pass.yandex.ru/?retpath=http://www.yandex.ua | |
hxxp://pass.yandex.com/?retpath=http://www.yandex.ua&session_info=noauth:1414065795.sah^FFFFFFFF.yandexuid^5337164561414065795.yandex_ua:85403.369128.f20677761d4d045c21725e708c1de9b2 | |
hxxp://www.yandex.ru/?ncrnd=966 | 213.180.193.3 |
hxxp://yastatic.net/www/2.115/rapido/pages/big/_big.ie.css | 178.154.131.216 |
hxxp://yastatic.net/www/2.115/rapido/pages/big/_big.css | 178.154.131.216 |
hxxp://yastatic.net/www/2.115/rapido/pages/big/_big.ie6.css | 178.154.131.216 |
hxxp://yastatic.net/lego/_/La6qi18Z8LwgnZdsAr1qy1GwCwo.gif | 178.154.131.216 |
hxxp://yastatic.net/jquery/1.8.3/jquery.min.js | 178.154.131.216 |
hxxp://yabs.yandex.ru/count/CAqUTXJ6gTy40002gP0088wrw8v41L6L0fi4Qbg8iSa32mUcXGcAjHU3XW6g0gMM66IGe1y2tf6yq4ba1fE32K6k-XfVLelP5GO5iG6xy-Wuxa6k5g44lj790miN061x2W00 | |
hxxp://yabs.yandex.ru/resource/L9oVwoGR96dEDhTKmwv9mQ.png | |
hxxp://yastatic.net/www/_/t/Y/UzbfvkemSS3OfjF86pijzhjIE.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/R/6/B32OFZsVQcrxvnZgLKMmFmu3U.png | 178.154.131.216 |
hxxp://yastatic.net/morda-logo/i/logo.png | 178.154.131.216 |
hxxp://yastatic.net/weather/1.1.81/i/icons/30x30/skc_d.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/U/N/2hG0eCPmwbgSzQzPLOTCeEZY8.png | 178.154.131.216 |
hxxp://yastatic.net/www/2.115/rapido/pages/big/_big.uk.templates.js | 178.154.131.216 |
hxxp://yastatic.net/www/2.115/rapido/pages/big/_big.icons.ie6.css | 178.154.131.216 |
hxxp://yastatic.net/www/_/2/4/Htc4rFwBo9MiiLtTJ52VfJFHA.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/U/l/sBzUHrzXNNmc65s2qEWEZfvtg.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/m/R/fUi1MQ-aKai27PBlsS3FoeCh8.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/w/x/SYVqxrdCZZcZKF2eqSMa5ASsE.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/U/E/i_5cY2K41gNjDw-NvobBPpiw0.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/X/9/kOSsbal6tC_C9WZL6M65ZfUfc.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/h/a/YJoTPXQ4lyvFxy-YA21NYfeuE.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/U/y/4wOHp7JmBIaRrlw2H2cx6WyBg.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/F/8/XZLHgNwOWBTV7ks9l0LIq69q4.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/y/x/fYfY3206UtcGoRhtjWePt8s1s.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/u/f/_ID4xq1duIV8d1zGVIkfTeLlQ.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/i/I/ALv6Jm_Bmg0ny1St-meLdGwtU.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/m/z/Is8JnxA2G2XZ-WZ2Xde_bMhVU.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/5/0/GMB2ZfLtSQVjHRbXRfaY3GIO0.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/E/m/QY6oXmIXtWtWLJK6JwzZJpQAk.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/Y/Q/gF8niIgIQ0t6FKXZhJfMaZks.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/6/x/pwwDoBiDac4NZYxGN-R4wD6PA.png | 178.154.131.216 |
hxxp://yastatic.net/www/_/C/T/epPrmzlEkEFE6HHmLUbNzylAY.png | 178.154.131.216 |
hxxp://yastatic.net/social/current/sprites/ico-16.png | 178.154.131.216 |
hxxp://yastatic.net/lego/_/sj4YylGvYOLvKGaXOysZ1vn3AZA.png | 178.154.131.216 |
hxxp://mc.yandex.ru/metrika/watch.js | |
hxxp://mc.yandex.ru/watch/722545?wmode=5&callback=_ymjsp758632273&page-url=http://www.yandex.ua/?ncrnd=966&ut=noindex&browser-info=j:1:s:1276x846x32:f:11.6.602.168:fpr:216613626101:w:773x409:z:180:i:20141023150328:et:1414065809:en:utf-8:v:580:c:1:jv:5.7:la:en-us:rn:1019842152:hid:649985213:st:1414065809:t:ïýôõúѠ| |
hxxp://yabs.yandex.ru/count/CAqUTaYUBO440000ZhNeZaG5KP6yq4ba1fE32Qxw6bzMYzaL1WMxy-Wuxa6k5g44V0G0=MRlc0fK2cmHgMegr5uE60QMM66I8iSa32mUcXGcGe1y2th41lj790miN061u1G00?wmode=0 | |
hxxp://mc.yandex.ru/watch/722545/1?wmode=5&callback=_ymjsp758632273&page-url=http://www.yandex.ua/?ncrnd=966&ut=noindex&browser-info=j:1:s:1276x846x32:f:11.6.602.168:fpr:216613626101:w:773x409:z:180:i:20141023150328:et:1414065809:en:utf-8:v:580:c:1:jv:5.7:la:en-us:rn:1019842152:hid:649985213:st:1414065809:t:ïýôõúѠ| |
hxxp://yastatic.net/www/_/S/E/bTH3x-WofUo09diZC73BQiQbg.png | 178.154.131.216 |
hxxp://yandexgaua.hit.gemius.pl/redot.gif?id=.FiadjwiP9UYHyKfnAdx9rR2Pw1yqHsEeo4qE539Jrb.d7 | 89.184.80.21 |
hxxp://yandexgaua.hit.gemius.pl/__/redot.gif?id=.FiadjwiP9UYHyKfnAdx9rR2Pw1yqHsEeo4qE539Jrb.d7 | 89.184.80.21 |
hxxp://kiks.yandex.ru/fu | 93.158.134.143 |
hxxp://kiks.yandex.ru/system/fc07.swf | 93.158.134.143 |
hxxp://awaps.yandex.ru/0/c1/tp9hEQr5hrgBvINUGEeiKEgnSnwlDzIL-Yn8zEWJ49RxeBS-A5ooWqCTeCN3d_tWDVxHcRaZkoi-Ef4UQE2PcLzneOJtPdeaMl4orym2gf G9bS KiDxA45i4eY_teMFdkHPieC4sMtrDPadRyc3YaXPz4iAg27YY6e4cHH2oeRJLRTEu28sUftx5_tvmv60OcTbtUI3UYHHti78s4usDvwV31QgM9XMSIz26lbX0o7xe884pGn4LIv_tWz3VS03OOkLc7ytB0n1v -ebZLZHsCGTIE8ZYsZSisZkh8DSJ1zSPsMvlhXm_X-aIBzSY3qnHus4cyEl0gpRJgjHM77fcA_A_.swf | |
hxxp://kiks.yandex.ru/system/fc07_2.html | 93.158.134.143 |
hxxp://www.tns-counter.ru/V13a**b177413d15bebe1720fe1ce072d4a689**yandex_ru/ru/CP1251/tmsec=yandex_main/0 | 194.226.130.228 |
hxxp://clck.yandex.ru/click/dtype=stred/pid=132/cid=72323/* | |
hxxp://www.tns-counter.ru/V13b**b177413d15bebe1720fe1ce072d4a689**yandex_ru/ru/CP1251/tmsec=yandex_main/0 | 194.226.130.228 |
hxxp://www.red-hack.ru/2.html | 188.165.31.18 |
hxxp://pass.yandex.ua/?retpath=http://www.yandex.ua&session_info=noauth:1414065795.sah^FFFFFFFF.yandexuid^5337164561414065795.yandex_ua:85403.369128.f20677761d4d045c21725e708c1de9b2 | |
hxxp://cfpro00007.googlecode.com/svn/trunk/anti.php | |
hxxp://yabs.yandex.ua/count/CAqUTXJ6gTy40002gP0088wrw8v41L6L0fi4Qbg8iSa32mUcXGcAjHU3XW6g0gMM66IGe1y2tf6yq4ba1fE32K6k-XfVLelP5GO5iG6xy-Wuxa6k5g44lj790miN061x2W00 | 87.250.250.91 |
hxxp://yabs.yandex.ua/count/CAqUTaYUBO440000ZhNeZaG5KP6yq4ba1fE32Qxw6bzMYzaL1WMxy-Wuxa6k5g44V0G0=MRlc0fK2cmHgMegr5uE60QMM66I8iSa32mUcXGcGe1y2th41lj790miN061u1G00?wmode=0 | 87.250.250.91 |
hxxp://www.yandex.ua/?ncrnd=966 | 93.158.134.3 |
hxxp://yabs.yandex.ua/resource/L9oVwoGR96dEDhTKmwv9mQ.png | 87.250.250.91 |
hxxp://awaps.yandex.ua/0/c1/tp9hEQr5hrgBvINUGEeiKEgnSnwlDzIL-Yn8zEWJ49RxeBS-A5ooWqCTeCN3d_tWDVxHcRaZkoi-Ef4UQE2PcLzneOJtPdeaMl4orym2gf G9bS KiDxA45i4eY_teMFdkHPieC4sMtrDPadRyc3YaXPz4iAg27YY6e4cHH2oeRJLRTEu28sUftx5_tvmv60OcTbtUI3UYHHti78s4usDvwV31QgM9XMSIz26lbX0o7xe884pGn4LIv_tWz3VS03OOkLc7ytB0n1v -ebZLZHsCGTIE8ZYsZSisZkh8DSJ1zSPsMvlhXm_X-aIBzSY3qnHus4cyEl0gpRJgjHM77fcA_A_.swf | 77.88.21.131 |
lh4.googleusercontent.com | 173.194.43.108 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /0/c1/tp9hEQr5hrgBvINUGEeiKEgnSnwlDzIL-Yn8zEWJ49RxeBS-A5ooWqCTeCN3d_tWDVxHcRaZkoi-Ef4UQE2PcLzneOJtPdeaMl4orym2gf G9bS KiDxA45i4eY_teMFdkHPieC4sMtrDPadRyc3YaXPz4iAg27YY6e4cHH2oeRJLRTEu28sUftx5_tvmv60OcTbtUI3UYHHti78s4usDvwV31QgM9XMSIz26lbX0o7xe884pGn4LIv_tWz3VS03OOkLc7ytB0n1v -ebZLZHsCGTIE8ZYsZSisZkh8DSJ1zSPsMvlhXm_X-aIBzSY3qnHus4cyEl0gpRJgjHM77fcA_A_.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: awaps.yandex.ua
Connection: Keep-Alive
Cookie: Session_id=noauth:1414065795; yandexuid=5337164561414065795
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Oct 2014 12:03:24 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 52648
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, max-age=5
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Accept-Ranges: bytes
CWS.r...x...uXU]..>........C...Ii.n.. ). .- .."-..-......o..._..;......}]{^..s.'...g<...\..T.....@...x... .$d...,..5.e.}......g".6.........l..l.nO.9....9....X.....N.f>.N.t....-H[.[...x.:;Q....;{z....i....of....,....,...}.\.9.8.o........<......D%n..e...m...x.................?.[I._.\.....<..mN.A..A.....A.....C..U. .3K3....yX99X.8.99..x.9.I..d.Tw.....O).].Z..?d.?.OK..........YZ.[9X9Z9y..S..;......n.f..f.....f...}X.m.-.....X.o. ..w...!.#SQ..O..#._....V..{iwm_. vM wgO7. .8..E....................[......p ..............(\....R.O@..[Z.!.'/...'..4.....4.,./....0....e.....6..Z..[.............mM@ZZ...[..K.K.C./k....5g7.'..z..W..<..<.\R.\..2\......!.q.p..r.H..e.....]h......_].I...._T....o.............%..K......l|..@....F........p..i....?...-.......p..P1s........oB@..)..m[..7..\.......%x.....IG..((.........l...n... ..~..].E`.....o......C..i...|.I|4..s...!.lc...<......lj ....O.....F...W{..>2/.n.u.....R$..)....:@(.......bH..Iq ....p..1;.!.K....c}9..........q.)j.........7A0..e..C.E.K..,.)...=n..n.$..wd$$D$.d.../Tt4.................u{rk..U.dDDd.T.T......P....{,..... "!...}b...p.cED....><....}....O.).B.a.J.J...X.F'Y..H..>=..[.:.]b.R....P&f.^.....R.2.r...Z.:.z...,,.......{xzy....>......NJNIMK...*,*.)- ..lx..............`ph|brjzfvn~u....o..7.........._............<........A....CB..D...@5s%...F#.L,...N...Od.....=......~G...,..*.......:!.w.@......(. .n...6........d..".. .A.. .Sj..Jm.`!B.........>c..ct......K.]d.....`.(.._..[^.......=$.k\Y>.H.G.o.....2...9....w..Q...5tt...=.u.....F(...
<<< skipped >>>
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yandex.ru
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 23 Oct 2014 12:03:14 GMT
Location: hXXp://VVV.yandex.ru/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=iso-8859-1
Content-Length: 183
..........-.;..@..{~.J/.....yD.T...<.5g. x..{y....|3......1..)..z....5b...1........]...e!....b_.`...H......!...^.a.l._.'..!....].....P...@.L...k.mv.}.{..4...CW.n.P....Bf...*9?.D e....HTTP/1.1 302 Found..Date: Thu, 23 Oct 2014 12:03:14 GMT..Location: hXXp://VVV.yandex.ru/..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Type: text/html; charset=iso-8859-1..Content-Length: 183............-.;..@..{~.J/.....yD.T...<.5g. x..{y....|3......1..)..z....5b...1........]...e!....b_.`...H......!...^.a.l._.'..!....].....P...@.L...k.mv.}.{..4...CW.n.P....Bf...*9?.D e......
GET /2.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.red-hack.ru
Connection: Keep-Alive
HTTP/1.1 200 OK
Set-Cookie: xxlplanBAK=R3174120206; path=/; expires=Thu, 23-Oct-2014 13:15:50 GMT
Date: Thu, 23 Oct 2014 12:03:25 GMT
Content-Type: text/html
Content-Length: 571
Connection: keep-alive
Set-Cookie: xxlplan=R1719519349; path=/; expires=Thu, 23-Oct-2014 13:11:17 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
...........R]K.A.}....}...n..Z.,D.P...bA.a..d....d.mR.V..|..}(...J_ .!%V..._...Y.. )-......{...q~./....]...K2*'O...n...j) O.f..r........e...U...y...Pg.2..N]g-.K.2.....f.Z........f.c.|Z.BHY..j..W................6w.j.R.......'.....A..w%{.`CF....D..Q.c...%.a..@.h..pM.'.*.X.:-..\...I\5 ^..JF..m.l....5K..?3....X...g..4.........C..e.......a[..4.2.H....:WK.y..7..?.{..'..?...y....H..lE...9}..<.......~.<...9~..y.........i#.4.......V..C..{x6..#.......x!.......0.gbO.~..i.F..I.v\bsi:....W..<................5t..7n.6....K.5.....,.r[.u=.R@.].a;e$......\..(.....~] ...DF.......Q...HTTP/1.1 200 OK..Set-Cookie: xxlplanBAK=R3174120206; path=/; expires=Thu, 23-Oct-2014 13:15:50 GMT..Date: Thu, 23 Oct 2014 12:03:25 GMT..Content-Type: text/html..Content-Length: 571..Connection: keep-alive..Set-Cookie: xxlplan=R1719519349; path=/; expires=Thu, 23-Oct-2014 13:11:17 GMT..Server: Apache..Accept-Ranges: bytes..Vary: Accept-Encoding..Content-Encoding: gzip.............R]K.A.}....}...n..Z.,D.P...bA.a..d....d.mR.V..|..}(...J_ .!%V..._...Y.. )-......{...q~./....]...K2*'O...n...j) O.f..r........e...U...y...Pg.2..N]g-.K.2.....f.Z........f.c.|Z.BHY..j..W................6w.j.R.......'.....A..w%{.`CF....D..Q.c...%.a..@.h..pM.'.*.X.:-..\...I\5 ^..JF..m.l....5K..?3....X...g..4.........C..e.......a[..4.2.H....:WK.y..7..?.{..'..?...y....H..lE...9}..<.......~.<...9~..y.........i#.4.......V..C..{x6..#.......x!.......0.gbO.~..i.F..I.v\bsi:....W..<................5t..7n.6....K.5.....,.r[.u=.R@.].a;e$......\..(.....~] ...DF.......Q.....
<<< skipped >>>
GET /svn/trunk/anti.php HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: cfpro00007.googlecode.com
HTTP/1.1 200 OK
Date: Thu, 23 Oct 2014 12:03:14 GMT
Server: Apache
Last-Modified: Sun, 07 Sep 2014 02:56:18 GMT
ETag: "35//trunk/anti.php"
Accept-Ranges: bytes
Expires: Thu, 23 Oct 2014 12:06:14 GMT
Cache-Control: public, max-age=180
Content-Length: 533
Content-Type: text/plain
Alternate-Protocol: 80:quic,p=0.01
9.9.9.9 mobily.pw..9.9.9.9 patron.tweethashcount.com..9.9.9.9 track.ttswebdesign.com..9.9.9.9 grizzl.thewell-beingcompany.com..9.9.9.9 rdp.thewalkinginstitute.com..9.9.9.9 welcome.thesplitscreenphotobooth.com..9.9.9.9 hello.thesplitscreenphotobooth.com..9.9.9.9 welcome.thecraftbarnwales.com..9.9.9.9 hello.sylvanstructures.com..9.9.9.9 remote.sylvanstructures.com..9.9.9.9 wuah.chekc.co.vu..9.9.9.9 canmacar.com..9.9.9.9 VVV.canmacar.com..9.9.9.9 phaelixe.com..9.9.9.9 nitrous.cf..9.9.9.9 godlikeweapon.pw..9.9.9.9 kwi.amulet-am.comHTTP/1.1 200 OK..Date: Thu, 23 Oct 2014 12:03:14 GMT..Server: Apache..Last-Modified: Sun, 07 Sep 2014 02:56:18 GMT..ETag: "35//trunk/anti.php"..Accept-Ranges: bytes..Expires: Thu, 23 Oct 2014 12:06:14 GMT..Cache-Control: public, max-age=180..Content-Length: 533..Content-Type: text/plain..Alternate-Protocol: 80:quic,p=0.01..9.9.9.9 mobily.pw..9.9.9.9 patron.tweethashcount.com..9.9.9.9 track.ttswebdesign.com..9.9.9.9 grizzl.thewell-beingcompany.com..9.9.9.9 rdp.thewalkinginstitute.com..9.9.9.9 welcome.thesplitscreenphotobooth.com..9.9.9.9 hello.thesplitscreenphotobooth.com..9.9.9.9 welcome.thecraftbarnwales.com..9.9.9.9 hello.sylvanstructures.com..9.9.9.9 remote.sylvanstructures.com..9.9.9.9 wuah.chekc.co.vu..9.9.9.9 canmacar.com..9.9.9.9 VVV.canmacar.com..9.9.9.9 phaelixe.com..9.9.9.9 nitrous.cf..9.9.9.9 godlikeweapon.pw..9.9.9.9 kwi.amulet-am.com..
<<< skipped >>>
GET /V13b**b177413d15bebe1720fe1ce072d4a689**yandex_ru/ru/CP1251/tmsec=yandex_main/0 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.tns-counter.ru
Connection: Keep-Alive
Cookie: guid=2BD0670A5448EE8CX1414065804
HTTP/1.1 200 OK
Server: tns-counter-0.5.6/1.2.7
Date: Thu, 23 Oct 2014 12:03:25 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
GIF89a.............!.......,...........L..;..
GET /?retpath=http://VVV.yandex.ua HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pass.yandex.ru
Connection: Keep-Alive
Cookie: yandexuid=5337164561414065795
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Oct 2014 12:03:15 GMT
Transfer-Encoding: chunked
Connection: close
P3P: policyref="hXXp://pass.yandex.ru/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"
Location: hXXp://pass.yandex.ua/?retpath=http://VVV.yandex.ua&session_info=noauth:1414065795.sah^FFFFFFFF.yandexuid^5337164561414065795.yandex_ua:85403.369128.f20677761d4d045c21725e708c1de9b2
Set-Cookie: M__yandex_ua=1414065795/0; path=/; expires=Tue, 19 Jan 2038 03:14:07 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate, max-age=0
0..
GET /fu HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: kiks.yandex.ru
Connection: Keep-Alive
Cookie: yandexuid=5337164561414065795
HTTP/1.1 302 Found
Date: Thu, 23 Oct 2014 12:03:24 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: fuid01=5448ee8c1ea485b9.dFo_ScI9DoaQeWzT8IY25bUs1eX6P5yct36yBy0tA71B9oXGZsXCqqG6ANDbR2Hl9uafsf34d0Iz9yVtVtybBdqgG_2JlGNIO_JvADxmPOQVnkjUeU60pPfWzxBrq5cc; domain=.yandex.ru; path=/; expires=Thu, 23 May 2024 12:03:24 GMT
Location: hXXp://kiks.yandex.ru/system/fc07.swf
Content-Length: 0
....
GET /system/fc07.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: kiks.yandex.ru
Connection: Keep-Alive
Cookie: yandexuid=5337164561414065795; fuid01=5448ee8c1ea485b9.dFo_ScI9DoaQeWzT8IY25bUs1eX6P5yct36yBy0tA71B9oXGZsXCqqG6ANDbR2Hl9uafsf34d0Iz9yVtVtybBdqgG_2JlGNIO_JvADxmPOQVnkjUeU60pPfWzxBrq5cc
HTTP/1.1 200 OK
Date: Thu, 23 Oct 2014 12:03:24 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Tue, 29 Nov 2011 12:40:22 GMT
Content-Type: application/x-shockwave-flash
Expires: Thu, 30 Oct 2014 12:03:24 GMT
Content-Length: 1633
CWS.....x.}U.o........-R.i.~......\Rv. 2.E.G.".....b.pw(n..e.!.E...z(...{..[.....E......MN...!..zS...^nQ.......}...F..e.....B?...Fh.3.K;k......Kp.?....R.6..............i.Z..............5#.5...5.,...3..ap.nn.j.'....#H..q......z..@...u.>..l0.-.......s..!...].....................*...S..:6...)...0....n.6.\34.S.."....b.vl..q..:{.;..8.....,p.[....f.n.vys};...#.,..mw..xS.4.z=.!.....=.@..h...i.........T8.?I.e.E.....?....Mo.4........_P.@.....:*........e&..g9..(.U./.5...7.=.... ...v......3........F.......2.7..3..`..3.....c....-7.^.9.~.9..=.....4.v.y.lu>.F..@..3.*.....^HBF.~J:#.J.._5.2....:..~0........E...[.h|..Y{.x...=~.X....}...~..r.*..^9.........L..<v.f\0.~..K..wN<.v=....\>.M.y....X:^...Xb..RhA.c.nh.Z....q...J.'..O.wvZ;.f.Q.. ...^z{............G..'....v...f..0.J~.E....f....M...38..\...3..#..k<..'!..a........s.eh.~..;f.-.x.t7..b.9....^i/....F..Zv`9..Zs)n.....x..l.....Q.8o..gF`........zv...d.=..xu$b.L.n.C..2.'l.....8.0..\..@.^.t...A/.q"N.........J..!fm...r.... .......Kr)y.*.T(.).y. (.Z....zy....^y....Jg.l.?Q(N.SL(.(Q(IPL...J.*...T.Q%O...(Re.*S.k..)nP.H.]..G..(^.x....7i.m.z......f.O..(....M...~D.&%m*=..#*=.......AD..0..C.k..H..Xa$%.J.4F$...E(..B2..X..Vd.(.&S....D..../......4. ?...I.$.i..ZR/..........ZV..W.k.u..ZQo...3..zK}U.S_So.......<....7....S.jm.@zY=.K..>..$...Sz....B....C4....z._K.Y...|.M.>..../g..,2d=..P.W#iG.. '.4.6Q.x..~.....\...QRI......[)I.......b.V........n|z.....ST.......2..0AW.H.....b..o.DI......O8 v.u...P.._...y. ......(J.-..O...-...,......A.3.A.hn.s..)lE*..|....|. ......'g..H.=...
<<< skipped >>>
GET /system/fc07_2.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: kiks.yandex.ru
Connection: Keep-Alive
Cookie: yandexuid=5337164561414065795; fuid01=5448ee8c1ea485b9.dFo_ScI9DoaQeWzT8IY25bUs1eX6P5yct36yBy0tA71B9oXGZsXCqqG6ANDbR2Hl9uafsf34d0Iz9yVtVtybBdqgG_2JlGNIO_JvADxmPOQVnkjUeU60pPfWzxBrq5cc
HTTP/1.1 200 OK
Date: Thu, 23 Oct 2014 12:03:24 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Tue, 29 Jul 2014 14:24:01 GMT
Content-Type: text/html; charset=UTF-8
Expires: Thu, 30 Oct 2014 12:03:24 GMT
Content-Length: 1510
<html><body><script type="text/javascript">(function(){var C=window,Q=document,E=navigator,L=E.userAgent,K=location.href,P=E.mimeTypes,F=9,G=L&&/gecko\//i.test(L),I=L&&L.indexOf("MSIE")>=0&&L.indexOf("Win")>=0,A=G?"embed":"object",M="//kiks.yandex.ru/system/fc07.swf",H="application/x-shockwave-flash",B=' classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"',N=' width="1" height="1" id="ya_fc"';C.onerror=function(){return true};C.ya_fc=function(){var T=(P&&P[H])?P[H].enabledPlugin:0,V=false,S=0;if(T){S=T.description.split("Shockwave Flash ")[1];V=(parseInt(S)>=F)}else{if(I){V=false;try{V=new ActiveXObject("ShockwaveFlash.ShockwaveFlash." F)}catch(U){}}}if(V){if(G){Q.write("<" A ' src="' M '"' N ' wmode="window" bgcolor="#ffffff" type="' H '"></' A ">")}else{Q.write((I?"<" A B N ">" D("movie",M):"<" A N ' type="' H '" data="' M '">') D("wmode","window") D("bgcolor","#ffffff") D("allowScriptAccess","always") "</" A ">")}}};C.ya_fc_requestData=function(){var S=Q.getElementById("ya_fc");try{S.setLocation(O(),J())}catch(T){}};C.ya_fc_setCookie=function(T){var S=new Date();S.setTime(S.getTime() 315360000000);Q.cookie="fuid01=" T ";expires=" S.toGMTString() ";path=/;domain=" O()};C.ya_fc_getIFrame=function(S){};function D(S,T){return'<param name="' S '" value="' T '" />'}function R(U,T,V){var S=U.match(T);return S&&S[V||1]||""}function J(){return R(Q.cookie,/fuid01=([^;] )/)}function O(){var S=R(K,/\/\/([^\/:] )/);return S&&R(S,/(^|\.)([^\.] \.[^\.] )$/,2
<<< skipped >>>
GET /click/dtype=stred/pid=132/cid=72323/* HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: clck.yandex.ru
Connection: Keep-Alive
Cookie: yandexuid=5337164561414065795; fuid01=5448ee8c1ea485b9.dFo_ScI9DoaQeWzT8IY25bUs1eX6P5yct36yBy0tA71B9oXGZsXCqqG6ANDbR2Hl9uafsf34d0Iz9yVtVtybBdqgG_2JlGNIO_JvADxmPOQVnkjUeU60pPfWzxBrq5cc
HTTP/1.1 200 Ok
Content-Type: image/gif
Cache-Control: no-cache
Content-Length: 43
GIF89a.............!.......,...........L..;HTTP/1.1 200 Ok..Content-Type: image/gif..Cache-Control: no-cache..Content-Length: 43..GIF89a.............!.......,...........L..;..
GET /V13a**b177413d15bebe1720fe1ce072d4a689**yandex_ru/ru/CP1251/tmsec=yandex_main/0 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.tns-counter.ru
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Server: tns-counter-0.5.6/1.2.7
Date: Thu, 23 Oct 2014 12:03:24 GMT
Content-Type: image/gif
Content-Length: 0
Location: hXXp://VVV.tns-counter.ru/V13b**b177413d15bebe1720fe1ce072d4a689**yandex_ru/ru/CP1251/tmsec=yandex_main/0
Connection: close
Set-Cookie: guid=2BD0670A5448EE8CX1414065804; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.tns-counter.ru; path=/
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
GET /www/2.115/rapido/pages/big/_big.ie.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:17 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 22 Oct 2014 12:16:57 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Content-Encoding: gzip
1339.............<.s.8..._....Lf0..B...%.d...l....r.../.vl.H....z.......P..juK.V........{.i:D.4.Oo..q..t......e...u......).H._..a......}/...E...0.. .1....x..~.......N.'.hM['..(..7$...a8....5^i..Y^..x....za0...R.......(...:B.......X....5..k;.]...h.%......K^...#WO...p.SyjY>z....|..V#......}</uJ.*.Wa....FK.M.....(u@..v.$.jC/ .F|<."M....r..^..>....s..#....9....(8.H...9....V ...K..U=-....}....'.\._....A......3..."p...;.........[..m...v.q."M@.........^....%..2......d.b..a..`.....0..Y....Jf^...c....q........o.......nvaH.c..sP.`.3.f....FuO........y..m;.;....t<.9l;....).[31...........Uq.......&...*........v..Q....U.Kw...h).5..i.;..3...;.iY....9`k..@.Bg&.U..0.."....j=.$..N3.ik.\...I.m.}..zw.o?.......'....z...x...G>......t...bd..Ip.7....)`U...z...A...M...&i<2....q....A.........hRR%y.&q#.R...Be.49.........}....wL..`.#w=.|05.(.'.;...3a..(...K..S...&..p.....qzJ..(......).....Wj *f..k|.]o."|dj....icL.BlN..L0(.g..\..q....;..CM?...........``.)._..4FT.t.j.B0.{.&...Z& .....#.T....`.......3.!h...W.Y.;.r...k....c2.........`.....%.!\Z....).Xe0.,..I...c...t.c...e....~.SP%.).?b.....eh...&X.....a..J...M.m......I..U..e..u.....?............._~..4.`....`...... .=4KVL...Y.v.......y.D"..bUb<.....G(...jj....q..w.!K.S;N....@7...Rm..J...s.\.......F.....\ .<.$ecgD..).zo$......Gl.l.3.....p.d....6.....uuE.0.F{vr...<;>..x..c'..p..9.0-6.l.jL.......cC2.9k..f..;0.Q.......1....R7.2..~K8..~....A.d..k.n..4.:*.O...5.5.RPVZq.G..d.sA<....p.....).....^&..`*.|.n'..f....i.N=j........k|..H..c6M..$8~....Y.X |g..N...6..o...
<<< skipped >>>
GET /www/2.115/rapido/pages/big/_big.ie6.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:17 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 22 Oct 2014 12:16:57 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Content-Encoding: gzip
1307.............=]...q.^@..%A.....j._X..Y.."......$...!9...=3\..,.N...g./....A...@...Fw.................\i9.]]]U.]].]...K..&.3\S..n..Gv.g..SW....gO..22..f...C.6..Kz..........[.o..<...........mm.T.83.3&.....7....v=.....D...~....'. h..@....{f.>.h#.=.?.ku2.LW.....;......n.%.<.......'.j... ....,~._.o......%.......$.....(..<..j.&....HB,.`.g..S{:...I.6h...m..1.&..n.....f.},QW.7NF...V..dj[P...<58F.M...Dg/.Y..O&."....4#....)..m.9f..3..#.....6..........X.. .H.Nt.W.^.[.fsA...C.5s:.....7...V.....g8.....mo.w..s.9d...kL5.(....u.....i...]....x.$.X.y..<NS.1.d{.k....2.!?.9P....x'N.~.. .S2..q.=.q...#.X..{.....q&(.$./..Y......n.2V.ay.....z.S]........D .o.,.|S.5..A...x.y:......i5[D;..y..L....F.p,v..c......J..'P.;..I...wl..z........\7?....=..@}?.N........P.C.{.....Vc..> J..p*....:~%;..D..=...6}...:l...LL..G...#..KI.rAh...=...7Z4|.*.H.zBA.*.....L......f.jD.$J.....0.....>.....(..9... .].,Y!0t>...T.....(.m..=..{.6=?.......8.D2C.4...i.5)..zamz.o....X.:...^.....9.......wu.......lQ....l.}..E2.XJ.\R...G..J.M.(r<..$ML.U.c.s......I....o.........EJ...:...5..L.X......Z...A^5.z.=h.&.......P..".........Q.(.|.r1..r....*tX.(..DQ....d...y..........Y_.1.B.c}..<k..-.z.X....=.....2`.|X.....H5`m..........@..F..*.........0;W'vP'......s.V.y........{..|.T.............pw...:Ozv..........[; 3.....I.d.n..t...7.~l....@3...,.ky.2.KW(6Y.v..n_X......\...:..w...2X.........)l..oz..qC.....q.`.c<.a...TO...K.. .>.'k={...@..;..........iCDT....,..p] Z..[#f.>.2.%.2*...QIL....?..X,(......q(.~....FK..pb..V}.....y".U`..e...(}Nv.
<<< skipped >>>
GET /lego/_/La6qi18Z8LwgnZdsAr1qy1GwCwo.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Thu, 09 Oct 2014 15:38:49 GMT
ETag: "5436ac09-2b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;....
GET /jquery/1.8.3/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:18 GMT
Content-Type: application/x-javascript
Content-Length: 32275
Connection: keep-alive
Last-Modified: Tue, 01 Jul 2014 14:12:14 GMT
ETag: "53b2c1be-7e13"
Content-Encoding: gzip
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
...........z.s.8...Wu...M............2y\v/..$..9Y..H....h.P.G..~..HB....JYx..~........~h..?.^........../..Y.u.^].b...g./....... .L9.d.....r......73>g..Ds.hy..y.X.<7.Z......$;;.s6...j.=.W8G5..*..1{~.s......C...&X.,m9N2.k....O..d..*!.U.....J.S2... n.Z.....T.....OUgpFb`F...H..4.c....LG...Uem.{.....d...LgI.cz...yn...&.m.)......-t.._..xa.n....@...`@........{.N*.S{&..w...y....m.........7..)..9!.%...w......$..3.....p..)................q$.K.V-......A.....:......E.S..|.2.T... .....m{.."/^v:f...q.:..X.t.G....e]....I.p.{.)=.....IT[.=V4. .....0=.C.yH.z..).Dm.N- ?.dbY<D.....6.T.............`....9i.B%..B....j..ri_.r...CY...5.A..l....]..i...MJz)....AY......|...\.-o.2.].Q......38n..\.I.;...$..O.)......o.ui.;...0A.H....8.......Xj.m....1E.4......).(.5.*L..D[.h....f.T..|e`.D_...2....r..c$.53='{.<..y....~...t..~(&.] ..2y@xG).......9?.0..j.[.W<^.`.9$.?..v...D...7K......ds. ...o^3>......l........Y...#BJ....$.(..v.$.r.2.M..a"....h_...t.. fK^.Mm....._2.Gh......u.......V7...6(.d...k ..tG|.#1Jm.:....*qcX...>...f.....9.C.\..r..GAj~....RT.........|V.t.Ms..F.BB.e2...&..R.`\ .)W.i]..8...g....8..$...c....h.a.......f.....^b...f..p."..)."T3K..[....'.c..0<..LN..q"...#......_....R._....".%y.|.F......R...K...36.S..G1.!..hb......I.gf...dn.}....fz.(i..e....t......<..h.|....xb9,..H..?9.J......W..=..l. .G.......#3.?..?p.d.-zO.$.x.N...M....?......|.........7...).:.-...T....TB.DH...w.~..mp....9.L.IR=M> ....AJ..........X.u2.*.Q......LD..#.W..z%$..d..a.=B..#...i. {..t.\X..V.M.#....?...VB..*G........,..0..I.H. '....G....^,&.
<<< skipped >>>
GET /www/2.115/rapido/pages/big/_big.uk.templates.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:19 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 22 Oct 2014 12:16:57 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Content-Encoding: gzip
172bf..............{w.H.'...O!..d..Q..........k......:...P&.6..R.......D.AI.....=....Df"......6.Wi...7~..0.n.%.A.{.....*].........&).u9,...-...#?...I.u..k*..Uq}....|......BU..*i>..:/..."_?M..j..B/..Um...}.-....y.V.?..L.....mV...o6Iu... <..(.~.....j~....n..gY.ibx..P.]....6.^S.A./..v......R........y...a.....d.U.o...V^...zS]{..;..J..z.@3W.:y..........._...'=:..]y.GGUM/R1kW<K........;w..F....x.l..i...a\]oT.<h.....u.-..]...d...........=...o./...{.V.i...h....<&.H.5....i^.jxY.eL@.7....).*.. Z.....:.._...I.~O..|......fzQdx.....'..aA0..OG./...... ........y.P....i....A..m.U..j..}<..eUmN.I..N... ....6..~...GU*.HT..K...%v..]....8..4l..*..z.X.KU=.."=.Vt..t^...O../..5....eu.R..RUO....VA.s..'......5..dAg ......d.Q...e.Z...V.y).9LeZy......K....T .)............F@..u..A%t....t.P.7&<.... .U....7....c..........h.#]..~..KUV.6..[o...d..<:X.^....Z....UB;X..,.....f7T.Y.pj...-.w...........*...4.....d.x..W..P.........[..R.O..Je.....>*<.!.7.st_..T?`(.i..f.\G......'........y..60./...aB .{e1.hP;.....p.>..."._*...!r.....,T.7.........j.f..).W.g..."..bHh.x|A....._.8;:"X(..U.T~].....(........l..)...._6. ....Q........-....#.!QI|.wj...gy...\....w?.......] .X'sg..........a....h2.t.9&.m,M:.>:........%|..~E.]MN#=..5.........*.&...3.r..{|.7>X&....1.N......kBl%-u.p....R..'W..e>..>y.......l.g..U........"....|...........%..=..........=/..f..Wv.C/8~...#.].{U.......#.PGG.f.{.C......1..w.?~9....{e...S........z....U...~...>.a....h.....Y1:.N..V4.If/.X...J.......X..l.k0._..U.....J......fP...... ^...*.......dC..
<<< skipped >>>
GET /www/_/2/4/Htc4rFwBo9MiiLtTJ52VfJFHA.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 3440
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-d70"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.............V..W...AiCCPICC Profile..H...wTS.....7..." %..z. .;H..Q.I.P...&vD.F..)VdT..G."cE....b....P..QDE...k...5.....Y......g.}...P....tX..4.X....\..........X...ff.G.D....=...H......d..,.P&s...."7C$...E.6<~&....S...2.....)2.12....."...l... ....&...Y...4...P..%.....\.%.g.|.e.TI....(....L.0.._..&.l.2E..........9.r...9h..x.g....Ib....i...f...S.b1 ..M..xL.....0...o.E.%Ym.h......Y..h.....~S.=.z.U.&...A..Y.l../....$Z.....U..m.@...O. ..........l^....'....ls..k. .7...o...9.....V;..?.#I.3eE....KD......d......9i...,.......UQ.....h..<.X..d.......6'..~.k.hu_.}.9P.I..o=.C#.$n?z.}.[.1....h...s.2z.....\.n.LA"S....dr%.,....l.....t..4..0.,`...3p.. ...H.....H.i@..A>...A1..v.jp...z..N.6p.\.W..p...G@...K0...i......A......B...Z.yCAP8...C....@..&..*...CP=.#t...]..... 4...}.....a.......;..G...Dx.......J..>........,._...@....FX...DB.X$..!k."...E.......H.q.....a.......Y..bVa.bJ0..c.VL..6f.3....b...X'.?v.6...-.V`.`[.....a.;.......p~..\2n5............&.x.*......s.b|!...........'..Z.k..!. $l$T.........4Q..Ot"..y.\b)...A.I.&N..I.$.R$)...TIj"]&=&.!..:dGr.Y@^O.$. _%..?P.(&.OJ.EB.N9J.@y@yC.R..n.X....ZO.D}J}/G.3.........k...{%O...w._..'_!.J.....Q.@.S...V.F...=.IE...b.b.b.b..5.Q%......O.@...%.!.B..y...M.:.e.0.G7............e%e[.(.......R..0`.3R.........4......6.i^..)..*n*|.".f.....LUo.....m.O.0j&jaj.j........w..._4........z..j...=.........U..4.5..n......4..hZ...Z.Z..^0....Tf%..9.....-.>...=.c..Xg.N...]..[7A.\.SwBOK/X/_.Q..>Q.....G.[.... .`.A.......a.a..c#....*.Z.;.8c.q..>.[&...I.I..MS...T`.....k.h&4.5...
<<< skipped >>>
GET /www/_/m/R/fUi1MQ-aKai27PBlsS3FoeCh8.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 1015
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-3f7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...!...!.....`:2]....sBIT.....O.....pHYs.........B(.x....tEXtSoftware.VVV.inkscape.org..<.....PLTE.............@@.......33.6(....5 ....< ..x.........................:*.......; ................8'.9'.8'.:*......................>-.......; ......................SD.......:).9)....?/.......PA.....y................SD.ma..z.......8'.9(.:).;*.>..^Q.A1.B2.E5.H8.N?.ZL.............L=.QB.......VH.XJ.~s..u......................l`.ma.qe..........vj.ym.................w......................................................................................................s......BtRNS............."$( GHkkrs{..........................................N.Y....MIDAT.....6.P......{....Mb... V.........r..-.qn..|......^.X_....?....WV.eQ(...7...C.E}P...c]..I.. .q.F...>..............*].....5...w.......@........D......e..tK...Q......mfE.... .k.a..<..Y..F..........3mJB.0.g,.L uI..zh...`D. *YE......E...~.|..#uf.2......V..7.".c5..e......t.,R..-...r...w.?....zY..|o..9....V...:........05.~...........~p.}.......IEND.B`.....
GET /www/_/U/E/i_5cY2K41gNjDw-NvobBPpiw0.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 338
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-152"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.............a.~e...ZPLTE..................................................................................................tRNS......% DJ^j.................\.......IDAT......B....!7.6....7w........QS..=.~......|^Wf@...&I.............`.......A..(P.I.... ..g......e..%.z..N.|.l%`......y.................?&4.3........IEND.B`.....
GET /www/_/h/a/YJoTPXQ4lyvFxy-YA21NYfeuE.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 438
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-1b6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...!...!.....`:2]....PLTE........3$.I.II...... .@.UU...(.6.YY.....................).6.XX.....%).7.YY).6.YY).7.XX(.7.XX........$.........(.7.YY(.6.XX......(.7.XX..%..g....*tRNS..........99JKMNOPQQQRapp.................^a.V....IDAT8......0....$.*..y.....=[..K....`.%..)..)^=/......._r[............v.....i]..J!J..T.B.....)a...Z..t.....M...........wb...?.4.....CbR".."JtBt.(.(../......:.v...Y.B.^.Kf7..k.i/.<.$..L.....IEND.B`.....
GET /www/_/F/8/XZLHgNwOWBTV7ks9l0LIq69q4.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 239
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-ef"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...!...!........\...'PLTE.......................................".N.....tRNS.. @`r......7M.>...kIDAT(.c`...uw.C.Vd.n......Ex..0..A.`.9........."......X.J.......p...."........ N...%.5.<@.......Z.....0r...=....P.w....IEND.B`.....
GET /www/_/u/f/_ID4xq1duIV8d1zGVIkfTeLlQ.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 671
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-29f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: nginx/1.6.1..Date: Thu, 23 Oct 2014 12:03:21 GMT..Content-Type: image/png..Content-Length: 671..Connection: keep-alive..Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT..ETag: "5448e495-29f"..Expires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max-age=315360000..Cache-Control: public..Access-Control-Allow-Origin: *..Accept-Ranges: bytes...PNG........IHDR.............a.~e....sBIT.....O.....pHYs.........B(.x....tEXtSoftware.VVV.inkscape.org..<.....PLTE............................................................................................................................................................................................................................................................*5.....StRNS............&' .1347@DFJOTUVWZ[\`aswz...............................................b#n....IDAT....."............Bffd%....w...].....A.@q..6...s..t_g...I6.H.:.g?I..*I...$.\k...&I..m.k.Bs.%I.[Em.n...t..v....'........_r.[.....VR...].8...L..*..$.s.v.....,@a.=Ir1................."...Y.....IEND.B`.....
GET /www/_/m/z/Is8JnxA2G2XZ-WZ2Xde_bMhVU.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:22 GMT
Content-Type: image/png
Content-Length: 429
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-1ad"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.............V..W....sBIT....|.d.....pHYs................OIDAT8..../Ca....m..Q...w.UZ&.]...HD.6.v.....n6}......lb.{.....Ci..{O....w.............N.*'...u.u...Z.....H.j......,.F.4T.... .H....@n@.....8 ..WDP%..R.....].t.c..........v,..z.4..jdnI......f.H.;".g=...>.ld[...X.b-..jZ.j..'...N.R..Jq...h*4.].m.|?=v. ..G.7@....E>l..)....S ....... .O..q..=FF....5\._..R![.37\..H..J..........s".........Z.(.t[.J......IEND.B`.....
GET /www/_/E/m/QY6oXmIXtWtWLJK6JwzZJpQAk.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:22 GMT
Content-Type: image/png
Content-Length: 268
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-10c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.............V..W....sBIT....|.d.....pHYs.................IDAT8...A..@.E.|..x!6......0$...Wq/......8C&...]....)|I..l...wZg.sU..dP.bv.@...V..D.......^.=.y;.hT...4..f......7....<.....W.Kw....'):.*..._.B....3.`KU.n9u.'.>....sJS......z.RqW.d.......IEND.B`.>....
GET /www/_/6/x/pwwDoBiDac4NZYxGN-R4wD6PA.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:22 GMT
Content-Type: image/png
Content-Length: 384
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-180"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...............U.....sBIT.....O.....pHYs.........B(.x....tEXtSoftware.VVV.inkscape.org..<....cPLTE....................................................................................................@~.... tRNS.....'23@DL^fpqs.......................cIDAT....9.. .D.....}A....B...0._.d..>K......)..Zyf...`..I&..I.$.............n.U.....}L......k.~x.c......O......IEND.B`.HTTP/1.1 200 OK..Server: nginx/1.6.1..Date: Thu, 23 Oct 2014 12:03:22 GMT..Content-Type: image/png..Content-Length: 384..Connection: keep-alive..Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT..ETag: "5448e495-180"..Expires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max-age=315360000..Cache-Control: public..Access-Control-Allow-Origin: *..Accept-Ranges: bytes...PNG........IHDR...............U.....sBIT.....O.....pHYs.........B(.x....tEXtSoftware.VVV.inkscape.org..<....cPLTE....................................................................................................@~.... tRNS.....'23@DL^fpqs.......................cIDAT....9.. .D.....}A....B...0._.d..>K......)..Zyf...`..I&..I.$.............n.U.....}L......k.~x.c......O......IEND.B`.....
GET /social/current/sprites/ico-16.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:22 GMT
Content-Type: image/png
Content-Length: 4595
Connection: keep-alive
Last-Modified: Mon, 24 Sep 2012 13:54:33 GMT
ETag: "50606619-11f3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: nginx/1.6.1..Date: Thu, 23 Oct 2014 12:03:22 GMT..Content-Type: image/png..Content-Length: 4595..Connection: keep-alive..Last-Modified: Mon, 24 Sep 2012 13:54:33 GMT..ETag: "50606619-11f3"..Expires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max-age=315360000..Cache-Control: public..Access-Control-Allow-Origin: *..Accept-Ranges: bytes...PNG........IHDR..............R.N....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:32D27BC4FE6511E19497AC40F2DC7933" xmpMM:DocumentID="xmp.did:32D27BC5FE6511E19497AC40F2DC7933"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:61462FF5FE6411E19497AC40F2DC7933" stRef:documentID="xmp.did:61462FF6FE6411E19497AC40F2DC7933"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..,....gIDATx...wTTW...dWc6F.d7............-.`....$bo.........Q..Q.....R....EA...^..).........d....w.g..w...........d.O,o.wB.j.....a^b{"Z0m_..]o....=..O,v.b.K....d..5.....x.Ji...H.k.d.. Pe.g...v..A]Ox....Z.[J...(l9~.B...OH........*..
<<< skipped >>>
GET /count/CAqUTXJ6gTy40002gP0088wrw8v41L6L0fi4Qbg8iSa32mUcXGcAjHU3XW6g0gMM66IGe1y2tf6yq4ba1fE32K6k-XfVLelP5GO5iG6xy-Wuxa6k5g44lj790miN061x2W00 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yabs.yandex.ua
Connection: Keep-Alive
Cookie: Session_id=noauth:1414065795; yandexuid=5337164561414065795
HTTP/1.1 302 Found
Date: Thu, 23 Oct 2014 12:03:18 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Thu, 23 Oct 2014 12:03:18 GMT
Expires: Thu, 23 Oct 2014 12:03:18 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: hXXp://yabs.yandex.ua/resource/L9oVwoGR96dEDhTKmwv9mQ.png
Content-Length: 0
....
GET /resource/L9oVwoGR96dEDhTKmwv9mQ.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yabs.yandex.ua
Connection: Keep-Alive
Cookie: Session_id=noauth:1414065795; yandexuid=5337164561414065795
HTTP/1.1 200 OK
Date: Thu, 23 Oct 2014 12:03:18 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Fri, 17 Oct 2014 08:51:08 GMT
Content-Type: image/png
Expires: Thu, 08 Oct 2015 12:03:18 GMT
Content-Length: 7114
.PNG........IHDR...x...Z.....s.......tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:3FE646F94BD911E4A9FAEAE330C400D7" xmpMM:DocumentID="xmp.did:3FE646FA4BD911E4A9FAEAE330C400D7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3FE646F74BD911E4A9FAEAE330C400D7" stRef:documentID="xmp.did:3FE646F84BD911E4A9FAEAE330C400D7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>JIn....=IDATx..]...E.....g.AD......(..........3V.D.u..P.....>`...X....`..r.. .....q...!.0.qY\ADT..........2... .2..{zf.......G....... "D../...y.....o.........jkk.!:....M....z.......h..n...C.h........fb.{.1......=C...Y..=.O...:..Ft...F......A.B...h.u....Q4.x..I0......f..|}W....`OB(..).O9........".zp...mx..!-....5N...b.B..R}.0H.a...3f....p....-?D......86q.l...(......../..c..`...M...(.H..'.i.........G...qj..f........I.Z...{.qR....I.b..o._....r...v........0.C......Vs..8.9.U.Ng...F..N..U.H..&r-....:.R....@,.......| ..5jT!U.....9..l,Q.Z......2..y..9f...@.4.L36......GCCC..l...Q?:.m..]j%.v.Vr...v
<<< skipped >>>
GET /count/CAqUTaYUBO440000ZhNeZaG5KP6yq4ba1fE32Qxw6bzMYzaL1WMxy-Wuxa6k5g44V0G0=MRlc0fK2cmHgMegr5uE60QMM66I8iSa32mUcXGcGe1y2th41lj790miN061u1G00?wmode=0 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yabs.yandex.ua
Connection: Keep-Alive
Cookie: Session_id=noauth:1414065795; yandexuid=5337164561414065795
HTTP/1.1 200 OK
Date: Thu, 23 Oct 2014 12:03:23 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Thu, 23 Oct 2014 12:03:23 GMT
Expires: Thu, 23 Oct 2014 12:03:23 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: image/gif
Set-Cookie: yabs-frequency=/4/0000000000000000/aJomS70R8G00/; domain=.yandex.ua; path=/; expires=Sat, 31-Jan-2015 12:03:23 GMT
Content-Length: 43
GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Date: Thu, 23 Oct 2014 12:03:23 GMT..Server: Phantom/0.0.0..P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"..Last-Modified: Thu, 23 Oct 2014 12:03:23 GMT..Expires: Thu, 23 Oct 2014 12:03:23 GMT..Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0..Pragma: no-cache..Content-Type: image/gif..Set-Cookie: yabs-frequency=/4/0000000000000000/aJomS70R8G00/; domain=.yandex.ua; path=/; expires=Sat, 31-Jan-2015 12:03:23 GMT..Content-Length: 43..GIF89a.............!.......,...........D..;..
GET /metrika/watch.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: mc.yandex.ru
Connection: Keep-Alive
Cookie: yandexuid=5337164561414065795
HTTP/1.1 200 OK
Date: Thu, 23 Oct 2014 12:03:23 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 22 Oct 2014 08:44:04 GMT
Content-Type: application/x-javascript
Expires: Thu, 23 Oct 2014 13:03:23 GMT
Content-Length: 57533
...(function(f,d,ba){var ca;function x(a,b){return function(){try{return a.apply(this,arguments)}catch(c){("string"!=typeof c.message||-1==c.message.indexOf("NPObject")&&-1==c.message.indexOf("Too much time spent in unload handler"))&&da(c,b)}}}function da(a,b){if(0.01>Math.random()){var c=["cp: " b,a.name ": " a.message,"debug: " za,"code: " Ma,"stack: " a.stack];(new Image).src="//an.yandex.ru/jserr/101500?cnt-class=100&errmsg=" encodeURIComponent(c.join("; ").replace(/\r?\n/g,"\\n"))}}function M(a,.b,c){return f.setTimeout(x(a,c||"setTimeout"),b)}function w(){for(var a={},b="hash host hostname href pathname port protocol search".split(" "),c=b.length,k=c;k--;)a[b[k]]="";try{for(var h=f.location,k=c;k--;){var d=b[k];a[d]="" h[d]}}catch(e){A&&(a=A)}return a}function lb(a){return a?("" a).replace(/^\s /,"").replace(/\s $/,""):""}function Aa(a){return-1!==("" f.navigator.userAgent).toLowerCase().search(a)}function na(a){try{delete f[a]}catch(b){f[a]=ba}}function oa(a){var b=d.createElement("script");.b.type="text/javascript";b.async=!0;b.src=a;try{var c=d.getElementsByTagName("html")[0];d.getElementsByTagName("head")[0]||c.appendChild(d.createElement("head"));var k=d.getElementsByTagName("head")[0];k.insertBefore(b,k.firstChild)}catch(h){}}function pa(){if(top!=f&&parent==top&&f.postMessage&&!Ya.Metrika_visorPlayerOn){Ya.Metrika_visorPlayerOn=!0;var a=d.createElement("div");a.innerHTML='<iframe name="RemoteIframe" allowtransparency="true" style="position: absolute; left: -999px; top: -999px; width: 1px; he
<<< skipped >>>
GET /watch/722545?wmode=5&callback=_ymjsp758632273&page-url=http://VVV.yandex.ua/?ncrnd=966&ut=noindex&browser-info=j:1:s:1276x846x32:f:11.6.602.168:fpr:216613626101:w:773x409:z:180:i:20141023150328:et:1414065809:en:utf-8:v:580:c:1:jv:5.7:la:en-us:rn:1019842152:hid:649985213:st:1414065809:t:ïýôõúѠHTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: mc.yandex.ru
Connection: Keep-Alive
Cookie: yandexuid=5337164561414065795
HTTP/1.1 302 Found
Date: Thu, 23 Oct 2014 12:03:23 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Thu, 23 Oct 2014 12:03:23 GMT
Expires: Thu, 23 Oct 2014 12:03:23 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: hXXp://mc.yandex.ru/watch/722545/1?wmode=5&callback=_ymjsp758632273&page-url=http://VVV.yandex.ua/?ncrnd=966&ut=noindex&browser-info=j:1:s:1276x846x32:f:11.6.602.168:fpr:216613626101:w:773x409:z:180:i:20141023150328:et:1414065809:en:utf-8:v:580:c:1:jv:5.7:la:en-us:rn:1019842152:hid:649985213:st:1414065809:t:ïýôõúÑÂ
Set-Cookie: yabs-sid=975899981414065803; path=/
Content-Length: 0
HTTP/1.1 302 Found..Date: Thu, 23 Oct 2014 12:03:23 GMT..Server: Phantom/0.0.0..P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"..Last-Modified: Thu, 23 Oct 2014 12:03:23 GMT..Expires: Thu, 23 Oct 2014 12:03:23 GMT..Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0..Pragma: no-cache..Location: hXXp://mc.yandex.ru/watch/722545/1?wmode=5&callback=_ymjsp758632273&page-url=http://VVV.yandex.ua/?ncrnd=966&ut=noindex&browser-info=j:1:s:1276x846x32:f:11.6.602.168:fpr:216613626101:w:773x409:z:180:i:20141023150328:et:1414065809:en:utf-8:v:580:c:1:jv:5.7:la:en-us:rn:1019842152:hid:649985213:st:1414065809:t:ïýôõúÑÂ..Set-Cookie: yabs-sid=975899981414065803; path=/..Content-Length: 0......
<<< skipped >>>
GET /watch/722545/1?wmode=5&callback=_ymjsp758632273&page-url=http://VVV.yandex.ua/?ncrnd=966&ut=noindex&browser-info=j:1:s:1276x846x32:f:11.6.602.168:fpr:216613626101:w:773x409:z:180:i:20141023150328:et:1414065809:en:utf-8:v:580:c:1:jv:5.7:la:en-us:rn:1019842152:hid:649985213:st:1414065809:t:ïýôõúѠHTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: mc.yandex.ru
Connection: Keep-Alive
Cookie: yandexuid=5337164561414065795; yabs-sid=975899981414065803
HTTP/1.1 200 OK
Date: Thu, 23 Oct 2014 12:03:23 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Thu, 23 Oct 2014 12:03:23 GMT
Expires: Thu, 23 Oct 2014 12:03:23 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: application/javascript
X-Content-Type-Options: nosniff
Content-Length: 75
/**/_ymjsp758632273({webvisor:{date:"2013-11-11 15:23:25",recp:"0.00010"}})HTTP/1.1 200 OK..Date: Thu, 23 Oct 2014 12:03:23 GMT..Server: Phantom/0.0.0..P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"..Last-Modified: Thu, 23 Oct 2014 12:03:23 GMT..Expires: Thu, 23 Oct 2014 12:03:23 GMT..Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0..Pragma: no-cache..Content-Type: application/javascript..X-Content-Type-Options: nosniff..Content-Length: 75../**/_ymjsp758632273({webvisor:{date:"2013-11-11 15:23:25",recp:"0.00010"}})..
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.yandex.ru
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 23 Oct 2014 12:03:15 GMT
Content-Length: 0
Connection: close
Cache-Control: no-cache,no-store,max-age=0,must-revalidate
Location: hXXp://pass.yandex.ru/?retpath=http://VVV.yandex.ua
Expires: Thu, 23 Oct 2014 12:03:15 GMT
Last-Modified: Thu, 23 Oct 2014 12:03:15 GMT
P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"
Set-Cookie: yandexuid=5337164561414065795; Expires=Sun, 20-Oct-2024 12:03:15 GMT; Domain=.yandex.ru; Path=/
X-XRDS-Location: hXXp://openid.yandex.ru/server_xrds/
GET /redot.gif?id=.FiadjwiP9UYHyKfnAdx9rR2Pw1yqHsEeo4qE539Jrb.d7 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yandexgaua.hit.gemius.pl
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Oct 2014 12:03:24 GMT
Expires: Wed, 22 Oct 2014 12:03:24 GMT
Server: GHC
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtest=KlS4HRGGQMQGCXopp1CFxsFIssGMXP8cFRgG; Domain=hit.gemius.pl; Path=/; Expires=Thu, 24 Jan 2019 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Location: /__/redot.gif?id=.FiadjwiP9UYHyKfnAdx9rR2Pw1yqHsEeo4qE539Jrb.d7
Connection: keep-alive
Keep-Alive: timeout=2
Content-Length: 0
....
GET /__/redot.gif?id=.FiadjwiP9UYHyKfnAdx9rR2Pw1yqHsEeo4qE539Jrb.d7 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yandexgaua.hit.gemius.pl
Connection: Keep-Alive
Cookie: Gtest=KlS4HRGGQMQGCXopp1CFxsFIssGMXP8cFRgG
HTTP/1.1 200 OK
Date: Thu, 23 Oct 2014 12:03:24 GMT
Expires: Wed, 22 Oct 2014 12:03:24 GMT
Server: GHC
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gdyn=KlGHDRGGQMQGCXopp1CFxsFIssGMXP8cF86SssX6nsGfGHZNPb2xQjGowOx1G0F6Sssa; Domain=hit.gemius.pl; Path=/; Expires=Thu, 24 Jan 2019 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: keep-alive
Keep-Alive: timeout=2
Content-Type: image/gif
Content-Length: 43
GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Date: Thu, 23 Oct 2014 12:03:24 GMT..Expires: Wed, 22 Oct 2014 12:03:24 GMT..Server: GHC..Accept-Ranges: none..Pragma: no-cache..Cache-Control: no-store, no-cache, must-revalidate, max-age=0..Set-Cookie: Gdyn=KlGHDRGGQMQGCXopp1CFxsFIssGMXP8cF86SssX6nsGfGHZNPb2xQjGowOx1G0F6Sssa; Domain=hit.gemius.pl; Path=/; Expires=Thu, 24 Jan 2019 00:00:00 GMT..P3P: CP="NOI DSP COR NID PSAo OUR IND"..Connection: keep-alive..Keep-Alive: timeout=2..Content-Type: image/gif..Content-Length: 43..GIF89a.............!.......,...........D..;..
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: antiweb.zapto.org
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 23 Oct 2014 12:03:13 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Location: hXXp://cfpro00007.googlecode.com/svn/trunk/anti.php
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
GET /?ncrnd=966 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Cookie: Session_id=noauth:1414065795; yandexuid=5337164561414065795
Connection: Keep-Alive
Host: VVV.yandex.ua
HTTP/1.1 200 Ok
Server: nginx
Date: Thu, 23 Oct 2014 12:03:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache,no-store,max-age=0,must-revalidate
Expires: Thu, 23 Oct 2014 12:03:17 GMT
Last-Modified: Thu, 23 Oct 2014 12:03:17 GMT
P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"
X-Frame-Options: DENY
X-XRDS-Location: hXXp://openid.yandex.ru/server_xrds/
Content-Encoding: gzip
4261.............}{s....W......'A..R.EQ"E..=W....@.@7.. ...r.Lf..J...];;..lvk.j.X.c...{.._....I.w.._h..Eyf.q.D....q.....}..[[ {O.Wcm........wU.....@U^..a....m .....rxI.2..f)=[....j.....G3........h...8..t.l.S=-m..A.......'...~X.?N./'W.^_u.Z...M.....__.j.......j...g........N..^..M....N........9i..R..Z..T..n'..tW7:1K.V.j..,Cu0........u..4..m_.....R...1.f......oc..._.cmKkV..t.fe.R#.O;JY....m.O...A.........=..f ..q...5....a.........6...o!...}.........|~x.m.r....V..;....)Cs.=.j.I..L...zHU....5...$B.j/.`I*........l.:'....,,........\H.......j9.j.l-2..}..g......P..:.Ol.@U..b'x.J.G.48.@q..-i.R}..."u.\.J.at......@...l....qc....n.......~.....g...l...H..|...........2.ni.VwLkn.e|`k1....._:T..0.!^..N.a..=........y.....K...,........A......./t.[....J.......4...Z%"b6cZ..k...#*<.j...."..="`...4..uN.-.Y....Y.a7M..-p.?A..]d.....#[.'...m..m.....d.{x.0..x..f.z.Iu5.........k....;4.F,.N..=s.Y....4..c.fij...^.i.vj....5.........z.....;.b.=ph|..*.ul.6...2...60P..,...Mks.*..F2..N{f.}nkz....$..m....s.m.tKo..T[ ..;.....n{......e..v..|..S......pykX..O.....p....*...t}'..X..Z..wh"C..s.._=..........6ul....t...3O_d%x5...n...|._.X.&......83.gU.....T..:.~...A..[.4....n...88Ec ..df&.(A.,.pw..........0\.t.-.W^..2.b}uSs,s.lh..`........(|D...wDAp-../...p-..ak...Q..!Vu./.V<...004......V|^.*.&>....j.=.J_.'.TS.lg..w.XN..7..L...e2.4.... ..t.}.....c.........w.F........&.j...P..D.#...7...|......Q.W....K.C.P........n8sz"...'b..'.K...^.c.....U...L...]...e.......h0....8...3....K...{.H....=........#../.^\.?O.0uc..Iu..-1W..]..{.r..H...u........'US...e...
<<< skipped >>>
GET /www/2.115/rapido/pages/big/_big.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:17 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 22 Oct 2014 12:16:57 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Content-Encoding: gzip
c4a7...................0.........,y?.b.....|?..@@DATP....of...VU....9..S-B... . 3W.^...}....s{.j..ko.....c.......?.g.y!...ee....F. .i.....M?G./.......F..c........l..............6.ljO.7..:(.*?...hU.7....{M..F.^~...'*[..{C.?I.........9[Y.^Mc...../.....s.Z...V...M............8...7d....G.5.......mo,~..[.1\..|.k...G...76.v...4,=.....r.^.....T;..Y.P.{.Pjk..W........b.e.qco....s.um.;.0R....<....l.?".b?.C.....Pu.}.w.......8j*|.K....;..W..........%...yw//......W....w..........H.b..V.....vo[...9.w..[.b......V..X.(..D..&....m....I.d../..s...Y3..I.Qs.].eRU../F. ....(.....d..`\n........ael......w....>.....E......y......e@... V....r2,..t....b..F..w..s&T...TF?3.|...#..n...i....,..........j....~.4.Fw..........\-.4....fV........ ......A.L....kk.]y..rDt........&.....n..!..~FBB.e...p.."..]..@..|.0....p..G.H.._#.....m..G<..K.."2i......./5Y}.........@H.._....i....s.=..d...``.d..U.Q......Q..O..n...>.....C.>V..0..<M..........Q../../6.f...V...?...u.#....To.[...m...b.......lU.../..;.....!.L..E....W.K;.m..._.7....9... ..........[....o...0...\j....-._..{..........d...........o.4.l.o8k..M..........5.?.1|I...._C.O*..RJ....................[....j..u.>.......=...C5..)....e.V.;.yp.K.$.b.uQz{.... ...6...].{...nl._!P`..mO.....b.....G...k.....\.Qm....B.........q..3..?...'O....^..u.....?X..Y._.........uS.2..a.W6.x..:...... ......U.4.O.V5.9U........$4H.......>..wy.....NK..p.qn......v...i ..r..u.5U..n..y...gS[.._.....tn..V..:.E\...g....E\@^.....a.....0yp4SS.@..Xe.uno.o$...,..^...k...IS....2\f..B.G..._..z..x..4D...h..8\As?.F..
<<< skipped >>>
GET /www/_/t/Y/UzbfvkemSS3OfjF86pijzhjIE.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:18 GMT
Content-Type: image/png
Content-Length: 388
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-184"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR....................KIDAT8......Q.....n...../. ........... x..O!......$$Be.bf.c....%.....s..............Z...}.C7..4Q.,...s...1.J....l.p.p...1.....E..........q....'...... n..79./l`$ux.....\.j.`..zvs.XI.g.6G.lz..s&.0-.g.........z......0..W.^....)..%.s....qJ.v..~@..&....@G....P........(..g..\..Lk..(..".......[....."....0./c.^......cK.t.vKm..%.1...b..2.....x./'.....IEND.B`.....
GET /www/_/R/6/B32OFZsVQcrxvnZgLKMmFmu3U.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:18 GMT
Content-Type: image/png
Content-Length: 184
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-b8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR................a....IDAT8.c...?.:...Dc..@.&h@III7E..$...v...^.l.@X^^...k..........}y..a.......'.Qd@ooo...@(.edd...D|.xyym...#.Y....4....ld'$..2]s#......}.!....IEND.B`.....
GET /morda-logo/i/logo.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:18 GMT
Content-Type: image/png
Content-Length: 3729
Connection: keep-alive
Last-Modified: Wed, 15 Oct 2014 08:34:32 GMT
ETag: "543e3198-e91"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: nginx/1.6.1..Date: Thu, 23 Oct 2014 12:03:18 GMT..Content-Type: image/png..Content-Length: 3729..Connection: keep-alive..Last-Modified: Wed, 15 Oct 2014 08:34:32 GMT..ETag: "543e3198-e91"..Expires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max-age=315360000..Cache-Control: public..Access-Control-Allow-Origin: *..Accept-Ranges: bytes...PNG........IHDR.......x.....V......XIDATx....l....G...........J...Ay.2)$...K...GI...LS....&%r..y..... .......P)).d. N.).@..%.......Z.3..xX..;..ww...~.........3gfgEss.`...n....b1.,...b..Yt....~*U)U-uJ..E[.....d.....X....b.a....A....9.>d...(A......3..r. .H.9.yUj.T.M'.d....C.i.\&..(..Af......g..q.GV0.lq....... ..S.....r.A...B.4.{d..A...'..i... s...9...o....'.Z.E.r%.r...W0.lQ.|.....\...l...Ox...2[.@.B..F. sg.A......?g.....t..R.-...ri.A.P..Z.>..{..Z&.A.Z...&.iR..\.$...Cp.J...H....%..KC..8.#.5#......2.<|)....h.......8.w^j..:..:.u).F......;..7^.#.v.#.h. ONcg....D...4n.Rf...V..y..1:J}`X..j.a..<..S.1.68.K>....@.N..3. O..2.!Vz.yE.@.......i.........q^..6..yOT w...@. ..4..I.....iD.*8.?...0......;.R.c..(..T.T)......bT#{...<$..u.@...2.Z....9...5. O./..;...&.}...L..ad.:..)...;R...m5.(.1|...E.25.sc.A......c.K>@~....g7....B.G..}....H...-fy..........o.....-....5..z...H.}..y....#..t]P....O...\.,uH.7..G......a..&....#.C....G..f......#.'..1.v.Mt.....0.'..1.`...[.!.^3......a.s.G.K.2&.... RnWRF.t.r.y....$u.."....F....k\..wH.#.B......\..[.,M.@V...tY.B.aQ$.....A=.>..........2.... oA>.. e./. }K.h....9kq.)?,`.<...Q>...#F.......0h.5D.8.T...Q7f..
<<< skipped >>>
GET /weather/1.1.81/i/icons/30x30/skc_d.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:19 GMT
Content-Type: image/png
Content-Length: 585
Connection: keep-alive
Last-Modified: Tue, 13 Nov 2012 13:07:43 GMT
ETag: "50a2461f-249"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.............;0......IDATx....G,Q....w...{.^..,@ ..... .(.....vM.A..J(...."P.j#.J...$-....Z....c."<...7..wf.........n.=.....!w..............HjY#..Z.}.gqp..-s..M.6.4.Cq.h.\q.A*.....l.6..6b].....;...........N-o........lo.~0k....S..xQV....0"..C.......<..u..<..*vA..[..<.....r...........n.5=..Y..U[........nd.(.d.[.d.5I...z.....b4T|.;Eq)X........Z.....<...0...B.6k.....*v.%Op.Z...,[w.ZZysM...;.....(....K..).T1.....ruu.G.J..[T..pL^8H4Z..H...z........j.X....@....\..x....}.........N.X....:........}(.s.Yn.<vB^....J a.{.b#.@./...H_.....|...H.lK.V.>....;....5~........IEND.B`.....
GET /www/_/U/N/2hG0eCPmwbgSzQzPLOTCeEZY8.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:19 GMT
Content-Type: image/png
Content-Length: 3631
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-e2f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.......8.....(..H....tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:CFA4935B13E711E49184C3B40A965389" xmpMM:DocumentID="xmp.did:CFA4935C13E711E49184C3B40A965389"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CFA4935913E711E49184C3B40A965389" stRef:documentID="xmp.did:CFA4935A13E711E49184C3B40A965389"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?> .......IDATx......X...O9.9UuWO5...@H0j....i..r........'..G..7.....@B...s...tRI.l.'...S..=].T\..Z.....rg....a.......9.5.>~......[.>{.{..........|.......`.._....z.'.?........~.Qp.....Hsl..J....1.?......,[?..j!=oZ....an.]z...Q.D...F.....w......hu$=ot..s{<.......:.?.{. .9..*<..0......5{.1...x*..q..a....h...X.....$nVOj.m.g....%q..1..<.r.b..n.w..4"n^..0......Xj...n..s....$nV/.}Y...f.0#.....h:...0.'n.6Bf/*.`._.)...fQP...0.....(O-.c.5C.0&`-_.g^.}F.an.Ik..z..%..//..\..,O.gny......[.......,....:#..-.c...$...hWxf......8Za..1.m.yC.vU.........O...<EYp.3...h....C.|.....l.........;n..%O.
<<< skipped >>>
GET /www/2.115/rapido/pages/big/_big.icons.ie6.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 22 Oct 2014 12:16:57 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Content-Encoding: gzip
95f..............M..H......g".[.....P.......Q|..E.B.......;.......#..!#..7...C.nIA.........n...)._......U.0,... ...~.P.../;S.a...,..D..s......m.U...S.....^#.....a.!..o..A.u..s..#v.$t.r}.c......$...V..O...!..........?.....o...TSc.......!..{a.....;..g.....S......n&\N....J.t.~.......,...w..,.Sux.<1.u...Stb.z......?5r.f@=.E.s....ZpZ.....Gx#A.0 C...zj..4.....7..23...}.[.........`?5.8..~.],..x....uF.Y>"C$(D7 ...D.4(R..m....dx.W..W\.w.....Sc......o..M3zP{fc.z....&..G...m.-F..R..P".|.V.\..J........\.x..U...Ee..6J..iN........5a.K4y..QA6.W..U.=..|u.o.;.).......}.O..oPu....;.2..z..Je..{%...8.g.....E.\.\M....CQB..rV..&P...S..c....Z.;.........pG.....8...}..n ..".C.FcV8..H.....H^T..?yK|.:.....]...9$........ h.Q..lj......!...z..<..OXuE.f.-1.y=.....q...lf...b....c!....#.....7.....~D..(.....k..?........'..d...D...Lo..,...6.F....>F.......z.t.c.....U.u...}..~K......o..b...7....;.kU.m...8V..&...7N&P@.zl.Xk_'..(F;..!z3&C.]W... P.yq\..%x...$...P=nu..$..8y.)....sz.V.v5./iv...h1.1A...6..."P.*V_.......h..S.i....y.....d1./Z=..`y....jj...j(..@.*X.h..Sc...c>.c.t...n..z....b./.RD..<....H;\...}.#z.=F{ekM.......W4G.8`.M.d...T4#Z_..j.d.@.qB........g.. .W.v.-...P.k.`)..........C..........7s"]....(.]S..t...k..#.X.......C.F8y.W..3...}...O..O...qh.kN*...an>..snz...#..&?..Tv.......[.1...kD..f........Am~..0.>i..d.w.-Q...v'X/x...h.p{r.../(...`#.....<..~.........!m......e...........a...p?.n.F%.)?..tJ..._......3..v3....j...A..L....0..[..(77.-.\4..?d..J........~..Y.B.O..h.....X]ww..R..P...%.!....=9z.n.k.U....g.e>.s..R.q...
<<< skipped >>>
GET /www/_/U/l/sBzUHrzXNNmc65s2qEWEZfvtg.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 978
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-3d2"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR................v....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:E5FA95829B5C11E1B863C0645BC4C2AB" xmpMM:DocumentID="xmp.did:E5FA95839B5C11E1B863C0645BC4C2AB"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E5FA95809B5C11E1B863C0645BC4C2AB" stRef:documentID="xmp.did:E5FA95819B5C11E1B863C0645BC4C2AB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..d....FIDATx.bd``..by....Lt...f./......L.t..h..9..b!..o..#..........@,@... ..7e.{za.]....IEND.B`.....
GET /www/_/w/x/SYVqxrdCZZcZKF2eqSMa5ASsE.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 379
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-17b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.............V..W....sBIT....|.d.....pHYs.................IDAT8...KKBa....KI.Q......@.....m.6.%t...P..[.9x..n.8|..y..w...Yi...Gx.O.....s.......Z..c..}..A3..X.v...f....V$...S.^.?.Q.;.Z.....'6......... ......(..HP.3...`/....R7.B.XK..L..)...>.d..2J....o......a..c.N..[...8....x.........Ub?.Y.A9'......d%...........Z........5..%...M.c....V{..d.../.F>@........IEND.B`.....
GET /www/_/X/9/kOSsbal6tC_C9WZL6M65ZfUfc.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 438
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-1b6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...!...!.....`:2]....PLTE...........................................................................................................................................;h....-tRNS...........#/=?JKMNOPQR^ghy|}................1.p.....IDAT8......0...[..UP.<."...i0..5......$.kn.?...eM..m.o.a.7.m...#...k..,...`.!..b.P8.S@ZvE..zG.0....J6..B.@U.....5g.pK.,]JT.`U...)......X..ID.^......8..B....n.e..|..........<.....#..O....IEND.B`.....
GET /www/_/U/y/4wOHp7JmBIaRrlw2H2cx6WyBg.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 613
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-265"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...!...!.....`:2]....PLTE.............. ..$.. ........................................................................................................................................................................................................................................<.....StRNS............... )*,-/17;?CIJKLMOQUW[krswy~.........................................G./.....IDAT.....V.P....#bG..(.-......b/.....gn"`...7..._.,.V.....RP....Z@....I..4.B...R..#n..*X...N#....'C.~.`B......4.....9....C.\@...mQ...g...t\S-..>...6....HU.."....2"u.?.u{?.1.A.@d*.wqw.c%.c.....1....jg;A.n......IEND.B`.....
GET /www/_/y/x/fYfY3206UtcGoRhtjWePt8s1s.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:21 GMT
Content-Type: image/png
Content-Length: 336
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-150"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...!...!.....`:2]...cPLTE.......................................................................................................... tRNS.....$*8<=>@Zl....................M....|IDAT8...... .C............r.../..9.....n..X..C .J.a....m"".K..8.........A...3.......6.......TKl.~`...TN.x.F...........R...umG...g .~....IEND.B`.HTTP/1.1 200 OK..Server: nginx/1.6.1..Date: Thu, 23 Oct 2014 12:03:21 GMT..Content-Type: image/png..Content-Length: 336..Connection: keep-alive..Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT..ETag: "5448e495-150"..Expires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max-age=315360000..Cache-Control: public..Access-Control-Allow-Origin: *..Accept-Ranges: bytes...PNG........IHDR...!...!.....`:2]...cPLTE.......................................................................................................... tRNS.....$*8<=>@Zl....................M....|IDAT8...... .C............r.../..9.....n..X..C .J.a....m"".K..8.........A...3.......6.......TKl.~`...TN.x.F...........R...umG...g .~....IEND.B`.....
GET /www/_/i/I/ALv6Jm_Bmg0ny1St-meLdGwtU.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:22 GMT
Content-Type: image/png
Content-Length: 508
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-1fc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.............V..W....sBIT....|.d.....pHYs.................IDAT8....K.Q....3.ZC..lw..Z...\4...].~B..k.....NAAT.(.Fa6*.v!...v.d.........u.>.w.........hv.......=.q..8.Z...>n.....eN...o.n4..4xF....EPO....J.9........m...`<..e.&.....$D ..f..M5..KF........m..P.<;((yG...._.a....# ......!. ......Z.. ......Xm..JlG..Ag'].. ..(.(...l..~|.R..Lm.*....,.R.U"<.1U55......`r=.U...ry.....k..Q......F3}....c .&4..t.Rn0n-.3|....:.D4..K3kg........4....f............D8I....~....=.fh..q.....].;.....0C....IEND.B`.....
GET /www/_/5/0/GMB2ZfLtSQVjHRbXRfaY3GIO0.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:22 GMT
Content-Type: image/png
Content-Length: 475
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-1db"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.............a.~e....sBIT.....O.....pHYs.........B(.x....tEXtSoftware.VVV.inkscape.org..<.....PLTE......................................................................................................................................................z.y....1tRNS........... ".036>EW\^_hv.........................m?&...zIDAT..]....@.../[$..ad...._.......e...i.GZ..R<R.G.%I.A...6.....}.#m....-k.y.&....V..G.X*:...hQ.........cC.......dy.'..0.......v.......IEND.B`.>....
GET /www/_/Y/Q/gF8niIgIQ0t6FKXZhJfMaZks.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:22 GMT
Content-Type: image/png
Content-Length: 720
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-2d0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.............;mG.....sBIT....|.d.....pHYs................rIDAT8.uS1hSQ.=.|...f.. B. X*. ..:.S...XPph.....P.-("M.....8.H..B...X.8.\.....b.A..s..o.....8..w.y..Rkzz. .......A....4...-.r.......F...R.,..$..l....MU.....aU].<.......).....I..q|}jj.G.e.V..EQED...w.-l.$..$'.s..`ff.[D.Dd..|..xqK.R.\S.k....}.M..>.|.....sss.766.H.....U.B2....8.bf.. 8.l6;N. ...[.777....p.../...H..p..;..@...("#f......2.......m...@;.8A.|....Fv...Pm..9w.-.1.WU.7...._....t.l._"....<....P.X|..4U.gG...$..$............if.....,.H...N.......-..p.V...T6.W.V.L..V.......r....EQ%M..........DQ4.`.9.R. ...f....s...Z...........)....g.T*...PD.... ....(..I.U.3.bq.HMq..G[..}...Gz...`W.b..j&..(......dwvv.....8..=$..h..;.^.k...I..........IEND.B`.....
GET /www/_/C/T/epPrmzlEkEFE6HHmLUbNzylAY.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:22 GMT
Content-Type: image/png
Content-Length: 252
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-fc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR.............a.~e...HPLTE...U..Im.M..\|.Yy.W|.Wz.[}.Yx.Wz.Xz.Yz.X{.Zz.Yy.Yz.Yz.Yz.Yz.Yy.Yz.Yz.Yz../8.....tRNS....'(),-HIZ.............(....LIDAT....[.@0.....Y"....M)..?..IU.E...j.)n..a..qQcr...N....K\..1w...9...vR.{ .A..........IEND.B`.....
GET /lego/_/sj4YylGvYOLvKGaXOysZ1vn3AZA.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yandex.ua/?ncrnd=966
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:22 GMT
Content-Type: image/png
Content-Length: 1081
Connection: keep-alive
Last-Modified: Thu, 09 Oct 2014 15:38:39 GMT
ETag: "5436abff-439"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: nginx/1.6.1..Date: Thu, 23 Oct 2014 12:03:22 GMT..Content-Type: image/png..Content-Length: 1081..Connection: keep-alive..Last-Modified: Thu, 09 Oct 2014 15:38:39 GMT..ETag: "5436abff-439"..Expires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max-age=315360000..Cache-Control: public..Access-Control-Allow-Origin: *..Accept-Ranges: bytes...PNG........IHDR.......9.......pg....PLTE.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................0.C....2tRNS........!.......N..Q............................{.l..@....bKGD....H....pHYs...H...H.F.k>...HIDAT8...gO.A...Q....w.z.....D.....b....v......[.2...'..N...2...)..A.Q....u..D.7.i.&.h..Iij....j.XIik.t..i.t.b.......,...e.H..y.........Q.I......3..6AJ..9.T.)... .I............T..A/..aT.v.b\jH...,........ (w.X...tX...3`c....-.j;.vl..l..G......8.NX.i......p..p.'...p....%...ps ..........}..bxt..J....y)....c......!.................k,mc*%....%tEXtdate:create.2012-04-26T17:01:56 03:00..z....%tEXtdate:modify.2012-04-26T17:01:56 03:00}.......tEXtSoftware.Adobe ImageReadyq.e<....IEND.B`..PNG........IHDR.......9.......pg....PLTE...........................................
<<< skipped >>>
GET /www/_/S/E/bTH3x-WofUo09diZC73BQiQbg.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yastatic.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Thu, 23 Oct 2014 12:03:24 GMT
Content-Type: image/png
Content-Length: 3786
Connection: keep-alive
Last-Modified: Thu, 23 Oct 2014 11:20:53 GMT
ETag: "5448e495-eca"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...$..........._N...CiCCPICC profile..x..SwX...>..e.VB....l.."#....Y....a...@....V....HU....H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0..>.3.o..~..@...z..q.@......qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N....l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A..............a.D@.$.<.B........A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R...J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6..l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V..I.\.,.m.WlP.W...:........v.m.
<<< skipped >>>
GET /?retpath=http://VVV.yandex.ua&session_info=noauth:1414065795.sah^FFFFFFFF.yandexuid^5337164561414065795.yandex_ua:85403.369128.f20677761d4d045c21725e708c1de9b2 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: pass.yandex.ua
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Oct 2014 12:03:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
P3P: policyref="hXXp://pass.yandex.ru/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"
Location: hXXp://VVV.yandex.ua/?ncrnd=966
Set-Cookie: L=; domain=.yandex.ua; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: Session_id=noauth:1414065795; domain=.yandex.ua; path=/; expires=Tue, 19 Jan 2038 03:14:07 GMT; HttpOnly
Set-Cookie: YX_SEARCHPREFS=; domain=.yandex.ua; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: fyandex=; domain=.yandex.ua; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: my=; domain=.yandex.ua; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: yandex_gid=; domain=.yandex.ua; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: yandex_login=; domain=.yandex.ua; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: yandex_mail=; domain=.yandex.ua; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: yandexmarket=; domain=.yandex.ua; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: yandexuid=5337164561414065795; domain=.yandex.ua; path=/; expires=Wed, 23 Oct 2024 12:03:16 GMT
Set-Cookie: yp=; domain=.yandex.ua; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: ys=; domain=.yandex.ua; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate, max-age=0
0..
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
RunDll32.exe_1280:
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
GDI32.dll
GDI32.dll
USER32.dll
USER32.dll
IMAGEHLP.dll
IMAGEHLP.dll
rundll32.pdb
rundll32.pdb
.....eZXnnnnnnnnnnnn3
.....eZXnnnnnnnnnnnn3
....eDXnnnnnnnnnnnn3
....eDXnnnnnnnnnnnn3
...eDXnnnnnnnnnnnn,
...eDXnnnnnnnnnnnn,
.eDXnnnnnnnnnnnn,
.eDXnnnnnnnnnnnn,
%Xnnnnnnnnnnnnnnn1
%Xnnnnnnnnnnnnnnn1
O3$dS7"%U9
O3$dS7"%U9
.manifest
.manifest
5.1.2600.5512 (xpsp.080413-2105)
5.1.2600.5512 (xpsp.080413-2105)
RUNDLL.EXE
RUNDLL.EXE
Windows
Windows
Operating System
Operating System
5.1.2600.5512
5.1.2600.5512
YThere is not enough memory to run the file %s.
YThere is not enough memory to run the file %s.
Please close other windows and try again.
Please close other windows and try again.
9The file %s or one of its components could not be opened.
9The file %s or one of its components could not be opened.
0The file %s or one of its components cannot run.
0The file %s or one of its components cannot run.
MThe file %s or one of its components requires a different version of Windows.
MThe file %s or one of its components requires a different version of Windows.
UThe file %s or one of its components cannot run in standard or enhanced mode Windows.3Another instance of the file %s is already running./An exception occurred while trying to run "%s"
UThe file %s or one of its components cannot run in standard or enhanced mode Windows.3Another instance of the file %s is already running./An exception occurred while trying to run "%s"
Error in %s
Error in %s
Missing entry:%s
Missing entry:%s
Error loading %s
Error loading %s
RunDll32.exe_1900:
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
GDI32.dll
GDI32.dll
USER32.dll
USER32.dll
IMAGEHLP.dll
IMAGEHLP.dll
rundll32.pdb
rundll32.pdb
.....eZXnnnnnnnnnnnn3
.....eZXnnnnnnnnnnnn3
....eDXnnnnnnnnnnnn3
....eDXnnnnnnnnnnnn3
...eDXnnnnnnnnnnnn,
...eDXnnnnnnnnnnnn,
.eDXnnnnnnnnnnnn,
.eDXnnnnnnnnnnnn,
%Xnnnnnnnnnnnnnnn1
%Xnnnnnnnnnnnnnnn1
O3$dS7"%U9
O3$dS7"%U9
.manifest
.manifest
5.1.2600.5512 (xpsp.080413-2105)
5.1.2600.5512 (xpsp.080413-2105)
RUNDLL.EXE
RUNDLL.EXE
Windows
Windows
Operating System
Operating System
5.1.2600.5512
5.1.2600.5512
YThere is not enough memory to run the file %s.
YThere is not enough memory to run the file %s.
Please close other windows and try again.
Please close other windows and try again.
9The file %s or one of its components could not be opened.
9The file %s or one of its components could not be opened.
0The file %s or one of its components cannot run.
0The file %s or one of its components cannot run.
MThe file %s or one of its components requires a different version of Windows.
MThe file %s or one of its components requires a different version of Windows.
UThe file %s or one of its components cannot run in standard or enhanced mode Windows.3Another instance of the file %s is already running./An exception occurred while trying to run "%s"
UThe file %s or one of its components cannot run in standard or enhanced mode Windows.3Another instance of the file %s is already running./An exception occurred while trying to run "%s"
Error in %s
Error in %s
Missing entry:%s
Missing entry:%s
Error loading %s
Error loading %s