Documents

Intro to XKS AppIDs and Fingerprints

Jul. 1 2015 — 1:51p.m.

/60
1/60

TCIP T0 USA, AUS, CAN, GER, NZLH20291123 in- hl. ill?II.- H..- August 2009 - R. . TOP SECRETHCOMINTHREL TO USA, AUS, CAN, GER, NZLH20291123

TU USA, AUS, CAN. GER.- NZL I [El Agenda Overview of Application IDs and Fingerprints Background of the 4 generations of Apple+Fingerprints Examples of how they are used for target development SIGDEV TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

To USA, Age, ?rm, GEL :?tW'h?a?t is a A An Application ID (ApplD) is a meta-data tag given to a session to help describe what application is being seen in the traffic Examples: - mail/webmail/yahoo indicates that the traffic was Yahoo Webmail - chat/msn_messenger indicates the traffic was MSN Messenger - indicates that the traffic was an HTTP Get TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, E. @339 Ml. have What's the point of AppIDs/Fingerprints? For one, they give you a powerful tool for the quick analysis of what applications are being seen in your traffic. A simple histogram on allows you to quickly identify all of the applications seen for a given result set, without needing to View each piece of content TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, AUS, CAN, GER, NZL I Why even have AppIDs/Fingerprints Ex: Histogram the applications used during Target activity: Grid E-u' v-u' Page 1 DH I a: ClearSelectinn Expert Filter Applicatinn ?aunt 1r httuigat BE undate sewiteiwintinwa 4? LIan lawman: WM 2 5 mailhvehmaili'nawat] 11 h?unealnnee 1D mailmahmai?mailru nhutn sharinniiai?amhutnhul:Hetmm mailhwehmailitimail httireennsemnt TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

To usiSecondly, they provide an additional criteria that you can use in your query. NOTE: It?s important to point out that since most Apple Fingerprints are tagging technology and/or applications, they SHOULD NOT be the sole criteria for your queries in TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, ALIS, CAN, GER, NZL Why even have Apple/Fingerprint EX: I?m looking for targets using mail.ru from behind a large Iranian proxy: ?ddresz: ?El- Either Appiljl [+Fingerprint5) [fulltEHt]: Field Builder 11me (+Fingerprint5] mailfweljmailfmailru [mailfweljmailfmailru TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, ALIS, CAN, GER, NZL Why even have Apple/Fingerprint EX: I?m looking for targets using mail.ru from behind a large Iranian proxy: ?ddresz: ?El- Either Appiljl [+Fingerprint5) [fulltEHt]: Field Builder 11me (+Fingerprint5] mailfweljmailfmailru [mailfweljmailfmailru TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, ALIS, CAN, GER, NZL Why even have AppIDs/Fingerprirll EX: I?m looking for Mojaheden Secrets 2 use in extremist web forums: Field Builder AquD er urintel lier mfeet?e iEtr'I . Field Builder I 2} {+Fingererint5] mejl . .- ?jrumfexn?emietfaI-nulchbah riy' me jah ede r1th id den ide ?jmwewemiwalqimmah ferumfeeh'emietfal-ehura ?jrumHeHU?emietIalmEre?'I ferumfeelremietfamh TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, AUS, CAN, How do Appls work??. ApplD?s are effectively looking for keywors in order to assign the ApplD tag. Example, let?s say that this is the definition for mail/webmail/yahoo: 9.0) 'Host: mail.yahoo'; TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, AUS, CAN, Example Here is a client side Yahoo session: GET flagin.html Referer: Accept-Language: ar Accept-Encnding: gzip, deflate (campatible; MBIE 6.0; Windaws NT 5.1; Hast: mail.yahan.cnm Keep?Alive Cnnkie: B=fn502hd261202&b=3&s=rp; TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, AUS, CAN. GER.- NZL I [El Example appid( 'mail/webmail/yahoo' 9. 0) 'Host: mail.yahoo' GET flagin.html Referer: Accept-Language: ar Accept-Encnding: gzip, deflate (campatible; MBIE 6.0; Windaws NT 5.1; SV1 Hast: mail.yahan.cnm Keep?Alive Cnnkie: B=fn502hd261202&b=3&s=rp; Application: mail/webmaiI/yahoo TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

To USA.- eras ML ls work-'3! ow :Ap What does the number in the ApplD mean? 9.0): Each session can have only one ApplD The goal is for the ApplD to be as descriptive as possible Any given session might qualify under multiple Apple definitions, but only the most specific ApplD that applies to the session is assigned Lowest number wins, so the lower the number, the more specific the definition TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, AUS, CAN, How do Appls work?l5 Let?s say there?s another more descriptive appid for mail/webmaiI/yahoo/Iogin: ?Host: mail.yahoo' and 3.0) '/login'; It has a lower number than mail/webmaiI/yahoo, so if it ?hits? it will be applied TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, AUS, CAN. GER.- NZL I [El Example appid??mailfwebmaileahan', 9.0} 'Hast: mail.yahnn'; 3.0] 'Hnst: mail.yahnn' and '/lngin'; GET /10gin.html Referer: Accept-Language: ar Accept-Encnding: gzip, deflate (campatible; MBIE 6.0; Windaws NT 5.1; SV1 Hast: mail.yahaa.cnm Keep?Alive Cnnkie: B=fn502hd261202&b=3&s=rp; Application: mail/webmaiI/yahoo/Iogin TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, AUS, CARI-GER ['Ap?pl? Structure - Note that the Apple have a directory-like structure: - mail/webmaiI/yahoo and mail/webmail/yahoo/Iogin - If you wanted to search for all webmail activity you could search for man/webmail!" - If you wanted to search for all Yahoo mail activity you could search for mail/webmail/yahoo/* etc TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TD USA. Ans, ?rmSome session can hit on many Apple. . For example a single session might hit on: 9.2) 8.9) 6.0) 5.0) Which one will be assigned as the winning ApplD? TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, AUS, CAN, GER OW Ap pl 3 work 1? i . - =11] When you see an ApplD how do you know" what was used to define that ApplD? Through the XKS ApplD signature page available through ?go xkeyscore? Or by simply clicking on the hyperlink ApplD from the new TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, AUS, CARI-GER ['What is a fingerprint? Apple were built to describe applications; of which there *should* only be one application seen per session. How do we describe other attributes of a session that aren?t necessarily tied to a particular application? TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, APE, EA. Ml. {What is a fi ngerprih?l One great example is . A particular type of could be used in Yahoo Email, Gmail Email, SMTP Email. It could be used inside of a Word Document being uploaded to a free file website. It could be used inside of a private message sent through Facebook. Etc. TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, AUS, CAKE-ER, r'Wh at is a fingerprin How can we tag anytime we see that type of regardless of the application we saw it in? Answer - Fingerprints Think of Fingerprints as ?attributes? of a session. A session can have as many fingerprints as is needed to best describe it. TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, AUS, CAN, Example appid??mailfwebmaileahan', 9.0} 'Hast: mail.yahnn'; 8.0} ?Hnst: mail.yahnn' and '/lngin'; fingerprint( ?mail/arabic') 'mail? and GET /10gin.html Referer: Accept-Language: ar Accept-Encnding: gzip, deflate (campatible; MBIE 6.0; Windaws NT 5.1; SV1 Hast: mail.yahaa.cnm Keep?Alive Cnnkie: B=fn50ehd261202&b=3&s=rp; Application: mail/webmaiI/yahoo/Iogin Fingerprint: mail/webmail/yahoo/Iogin mail/arabic TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, AUS, CAN, GER, NZL Appid vs Fingerprint Each session gets one appid -- lowest level wins. It gets databased in the 'application' field. All matching fingerprints are stored in the 'fingerprint? field. applicatien Type: Winning appid applicatien Infe: applicatien: [all fingerprints eppID [F'e Lilete with Field Builder] ?Fingerprint?l 15- [F?epdlete with Tre_e Field Builder] TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, EA. @339 Ml. ,Fihgerpri nt Examplj??}; Ex: E-Mails with rn rn: La 11 Lil" pa [Illa-an Haj..- a r'l? rr'a a1 ian" nara 3-13.23raga El 5 nd En: Subject: Launchpad: Can?rm yaur Hay Wed. 31 Del: Harainn' U1 :1 Pi imn?? applicatian ?aalD [+Fmgarprinta) 1' mailfwabmailfautblaza mailfwabmailfautlalaza haa_fingarpriat EljaTgDUquH?aHrE Fla EU N?kgguki' aM1 a8 La 1?3 Eh-wGEEunr QEQVHTEDVWQ [3:1 aTrr'I DFTIAN E331 +3 Fm [JngEan FF PGP Thanks.

SECRETHCUMINTHHEL TU USA, AUS, CAN, GEIR, MEL Fingerprint Exam ples What caused those fingerprints to hit? Application ApplD i+Fingerorintsi mailfwehrnailfouthlaze mailiwehrnailfoutblaze hasjingerorin Look at the definitions (notice any overlap?): 'begin message' or 'begin+pgp+message'; PGP TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, AUS, CAN, GER, NZL Ex: Extremist Forum Private Messages El HTTP Header Inf-ennetien [lenient Type: Sammie: .1 imegefgif. imegefe-ebitmep. imegefjpeg. imegefpjpeg. epplieatiem?vnd.me?ppwerpeipt, Reterer: ert-gle Cement-Type: ue?eep: eElE gzip. elet'lete Ueer?Aeent: Meeillef?l? teempetiple: MSIE Windewe NT 5.1: epplieetien eppID (+Fingerprirrte] recipients beereeipiepte title Fe: ,ee Lee; lei-'44: eele?le?liti?? Fem [18 mg? chin-El cm peel?emEIeIL?l 33;:5 teem DLe?t-Mlie?i?l?u WESEEQEI Emil}. ml?JWIml?lu??gm?e?e TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, AUS, CAN. GER.- NZL -- Ill Appl vs Fingerprint 9 Pi Apple and Fingerprints use the exact same language inside of XKS. You can tell which one it is by the definition: appid (mail/webmaiI/yahoo) fingerprint TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

To USA.- em ML I rug- nt La ng ual Evoldd ?sA?polD/Finge There have been 4 generations of XKS I ApplD/Fingerprint languages 1St Generation: Simple Keyword Scanning 2nd Generation: Context Aware Keyword Scanning 3rd Generation: Code based Apple/Fingerprints 4th Generation: Code based Apple that can extract meta-data (also known as Micro Plugins) TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TD USA, we, CANgle rin "1I3?tGenerat In the beginning, Apple and Fingerprints were just keyword scanning similar to CADENCE tasking Ex: appid('maillwebmaillyahoo', 9.0) 'Host: mail.yahoo'; appid('maillyahoollogin, 8.0) ?Host: mai .yahoo' and 'llogin'; TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, AUS, CANtarp ri in it Gene rat I 1St Generation would also support Regular Expression PGP (instead of quotes are enclosed by forward slashes) TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, AUS, CAN, 1 Ge ne ration Appl Ds/ i .: As well as Hex scanning: 7.5): (Hex characters are prefaced by TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

To USA, ALIS, gin. gamma; gyj2,?d Generation Appl Ds/Ffiergorl . 2nd Generation Apple/Fingerprints introduced context sensitive scanning engine. - For example, rather than scanning an entire session top to bottom to look for ?facebookcom? we can just use the dictionary context http_host to target the scan for the host field only. TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

To USA, we, CAN, ow do Appl 3 work? ApplD?s are effectively looking for keywor? in order to assign the ApplD tag. Example, this is the definition for Hi5 'hi5loggedln'o or or TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, AUS, CAN, GER, NZL What do Appl?s look like? 3 If you look at the raw text of this traffic, oe of the definitions for the mail/webmaiI/hi5 vyill hit:? Heed-er {35 "Iiil'ielza attachments PUBLIC EHTHL l.D TransitionalffEH" {html {head} ktitlehhi? Tour Friends. Tour Horid.i?title3 {mete chareet=utf?E" f} Registratien is quick and easy! TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL I I I

4- THREL my tee-me. mam pi EM Iml mm "In ?omlm 1m u; . a: .- - IWII H?i'witl 0? A . nidlf??iu Win IF 4' enerra ?Nu-uni mm: "Cum. u. .al' 1" BI 5' or. weExample: Sfacehnnk htl't'll_titJ_E I: II appldE'EDEialffaEEhDDk'; Sfaeehnnk; Note the use of the chain word $facebook in the definition TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

.1539: . 1 ?was.? If HR (5:542:15; was]; um: um um "01r-?It Iw? -- em 10 wrumml $facehauk acehnnk'? Dr appiJI'EucialffacehDDk'; d.U, wehpruc='FacehDDk'h an: Eh I: I: 1-1; GET {?riaFl HT .1 Accept: iJ'l'lEl geg?jpegq ?ue-6:131- ?ll-115:: Laugu? gt: UA-ETU: 3:36 A?ml?- gzilh ?an: Eucml?lg: - e; MSIE Wind?wa NT 5.1) 311115. mm Emma: Eti?l'l: Eu: rap-AER {1311:1515 1 TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

mm.1539: . 1 ?was.? If HR (5:542:15; was]; run n' -. *m enera nautumml $_a?Ehuuk ti. Dr . . 1354:- appid['sncialffacehuuk', J.D, H031 All of these hosts would match this 5tMic?l-Lf?mhmh?nn TDP SEGHETHCUMIHTHREL TD I

1f r' Tb?? EHET IWI I WI IWI Hm'will.o I?mwn?h? I - J: i-iil'il' I 3 mm in)! mm ?9'010?amm9m m?ur?f?w-Lq(FIE) 11Immn 39 (-1 gm- Exam ple: I $ka3persky_ip E39.144.T5 113 A 113 113 ipI' appidi'a?tivirusgkaspersky' $Las1erskv i1; 5.DI partIElI and $zia?er3kv i' TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

.1539} 1 aria-Cau?a mus-?'119?9'? "3 --.- .-. .. I . I. 1-. i I fruimumml 11101? Can you tell what?s going on here? appid?'maiifwehmaiifnetlng', n.U, Dr Dr TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

I int? 113:9: 1 r. H?di'win?; 'Z?ii?-ziite. kin-?mmo' mrmo u- .. In If? n1 ICU, 'lLl. ?It? 10? '1 "f tau- 4' ewerra 3' ID'th?ni alt-?r?h 1' 10 '90Mobile User Agent fingerprints: i, DE 'mnturnla'i; him-?Ear: I: 'Eilau?aEierrgr TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

4- To'?i?s THREL mo tea-e. - A I il onsr re i Ci In)! D. 1"n Hot. ?0?0 1'1, -492. 3 . (j E- i "?f?x?liu mm 1001 um (.1 1m mm?o u; ammo _1o 3 . 1 oh-uAIWII H?t'witl 0? If you were to query on any of these fingerprints by themselves, would your auditor be happy? i hromseri'iPhonE'i; browseri'MDT-'c or 'motorola'i; Eticsson'? brunt-?Jae: I: TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, AUS, CAN, GER . . I ConSIderatIonsl-g "usSI D1 8 But if you were to query on an Afghan IP address that was a valid foreign intel target, and then it with those fingerprints, that would be a compliant query (and your auditor would be happy) TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

To m. ion Appl ?ngerpfi era" 3rcl Generation Apple/Fingerprints introduced the ability to have code-based scanning Why is this important? Because scanning sessions for keywords, hex values and regular expression can only take you so far. Using Code-based Apple, we can run statistical tests of the data that can help determine what type of data it is when keyword scanning can?t give us a result. TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL To USA.- ML 2 neratlo Ap pl Ds/ ?ngerpn rt 4th Generation Apple/Fingerprints introduce the ability to extract and database meta-data from Appid/Fingerprints Why is this important? With the dynamic nature of DNI applications, we need the ability to quickly react and deploy solutions to extract new fields of meta-data that are important to TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, EA. @339 Ml. ,f4thiGeneration Appl [lop ll?? - Previously, if we identified a new protocol or a new field that we wanted to extract meta- data, we would need to upgrade a ?core? plug-in and wait until we could upgrade the field sites. With 130 field sites, each on their own upgrade schedule, this could take months for a simple change to get out in the field TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, AUS, CAN, GER, NZL Ge neration Appl Ds/ i int: With 4?1 generation Apple, 3 new protocol, meta-data value, can be properly processed within an hour of updating the AppID/Fingerprint. TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

2'13: I: awn"Fm. . . 1 . . IDIOID -39 (.1 '00? no - In' It Examples: l.D? and $http and extract?ra lagin_amail text main if [ingin_email? rks::user_activity_t "facehmnk"?; "facehuak"?; if (text: return true; TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

i I I . . . Kiwi? 593' Til-S 0 0 .- - -I Let's take a closer look: First a V4 needs to be ?anchored?. The anchor is the beginning part of the Server'I and TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

Facebook Chat V4 Appid Exam SECRETHCUMINTHHEL TU USA, AUS, CAN, GER, NZL DNI Presenter Display: Session Head-5H3} AttachmentS {13] Met-Elli?) 1 - UIS Web Farm Dis..me Farm Final-:15 mag-:1 clientj?ne 125U54213D342 ta: num_tabs 1 pail:ij 1250542145719 msgjea'l; dent 11 still receg?ize ma? pest_ferm_ic? -WEL33E 13-0 Async?eque 51: _a 1 ?ct?ic?] 125?64213472? TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TU USA, AUS, CAN, GER, NZL Facebook Chat V4 Appid Exampl- Lets look at the raw: - Session Header AttachmentS Meta I ASCII 374'. El- -: El?n:- Et I223 [313 I Cunt-3n . Enter text ti: 33am EH FEST HTTPI1.1 :Hnst: User??gent: Hn3i113f5.? [Hin?nms; Hin?nms NT 5.1; en?US; Firefnx?3.?.13 Accept: Accept-Language: Accept?Encoding: g31p,deflate I?ccept?Ehar?et: EDD Heep?alive 131121 Enntent-Type: :harset=?TF?E Cantent?Length: SEE Ennkie: Pragma: nD?cache Eache?Cuntrul: nD?cache TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

I H) I'll Il'[?at a] 1 1 II The ?anchor? of this Him. - 4.1. :Dfajaxfchatfsend.php Hnat: User?Agent: Hazillaf5.D [Minduws; NT 5.1; en-US; Accept: .-. I- TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

H.101 EC r? @Eattlr teem. It: 1:21; . luau no: vo-ol . INII HI): 11u:ouroOnce the ?anchor? hits, the rest of the code executes. In this case, we?re looking for these two from the ?Extractors? sec?on: login_email text TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

c? 3?33?, 1cm 1 no: man H?l'Win I um: mm um: ?mom:Etascae mo;ka at Mt tun??, 9m 30 1001! do! ?90: 110} I This REGEX hits within the large cookie string lugin_email :3 RB EMI HIEEJLTWEJ 11-, v: . Q. 61?- I: I: 1' TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL _w '1 I031 1 H'Iil'. juinclose look in[:37 3 - . E: =a%3A2%3A%7Bs%3A5%3A%226mai yahoo.com%22%3Bs%3A19%3A%22 cy07D; TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

TU USA, ALIS, gin. mm at V4 Appi [gig-l; I The other REGEX: 20me%3F :post_form_id TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

?t?Fl '13. 531m waiving: WEE I Iml mm mm ?om''90? 11m in" ?3 Finally, in the ?Main? section, if those found the data they were looking for, they get databased main if [login_emaiil er::ueer_aetivity_t ual"ehat?, "faeehook"?; "faeehook"l; ua-applall; l- if [textl l- return true; TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

H1339: m' g??s1'th A Eq?l i A: mow -m (.1 3001It? ?ft Another example: 5.Dh= title?'rEHARE'? and 'rshare.netfdelete.htmi' wft_file_name mft_deiete_url mft_upinad_id fdf?nt wft_uri fifunt mft_upiuader_uaername f{amali}LuggEd in as: main if ?wft_deiete_url "Eahare.net?; "upinad"; if [wft_fiLE_namej if [wft_url? if [wft_uana?er_uaernamEJ DE-appirii; regers didn't match"); return true;

SECRETHCUMINTHHEL TU USA, AUS, CAN, GER, NZL FFU Successful Upload Page if - - I: ?Weleeme te ESHARE With ESHAEE area ear1 uplead ?lea,i111agea, wdeea, audie and ?ash fer ?ee. Simply use the upleari ferrn belew and start sharing! Yea can alae use ESME aa Fear peraenal ?le aterage: baeL-Lup year data and prete et jreur ?les. First Tirrte?I Rea-:1 eur I UEleatl new it Leg- I Create Free i Pre millrn File Upleaded The ?le wekJ'm was upleatledl 1feu're new ready te share it with Lu?jmited peep-1e er Lteep it as a bael-tup. Dewnlea-d Link. Link fer f??l?l?i Direet L??ii Delete Link: TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

SECRETHCUMINTHHEL TD j'u?n, m. ?H?7?Tp_fm g?rr? air Successful Uj I 5.Dh= and '33hare.netfdelete.html' Free File, Image and Video Hastingiftitle} TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

IIDOI '2 li'h 3 .. loot: om mm . HOHZW . - - Innr urn 'l we) Mean may area. leek I g: .- . . In?) LQFOZI Next look for the extractor to match extractors {i mft_file_nama Rn" 1-- file {stronghcifont {Etontbci?stronglw Then database what was extracted main if [mft_filE_namEt TDP SEGHETHCUMIHTHRELTD USA, AUS, CAN, GER, NZL

Filters SVG