Application.Bundler.Somoto.I (AdAware), mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: f851beeaa9065db1ee91294fc5689b2c
SHA1: 5bba3f979572c1200e02b334bc2a6ffebd85d33b
SHA256: 25bdcac96ec41c47a9f1e77873687bbcd41a14cf8e401fef2497bcc04443a7a5
SSDeep: 3072:h22ihA0m3BJf0v3z2FXwQVwIQuDv4gBZG97yj7hAahAFS6:CA0m3T0v3z2FXwVWQUI97yj7hAP
Size: 166736 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2010-12-17 11:14:12
Analyzed on: WindowsXP SP3 32-bit
Summary: Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Application creates the following process(es):
%original file name%.exe:1844
The Application injects its code into the following process(es):
biclient.exe:980
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process biclient.exe:980 makes changes in the file system.
The Application creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\The_Pirate_Bay_logo[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe (22288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula-sourceapp[1].html (1650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.3 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\tokyo_sprite_full[1].png (3505 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.0 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (37040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.0 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.4 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.5 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.5 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.4 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.7 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.6 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula-sourceapp[1].htm (395 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.0 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.3 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.2 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\tokyoThreeWavesBG[1].jpg (510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.1 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.3 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.2 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.1 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.7 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.6 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.4 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.1 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.0 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.3 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.4 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.7 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.6 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.2 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\eula[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\eula[1].html (538 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.5 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\eula-istartsurf[1].htm (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.6 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.1 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\eula[1].html (538 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.2 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe (70607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.5 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\The_Pirate_Bay_logo[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\eula-istartsurf[1].html (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.7 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe (21724 bytes)
The Application deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\The_Pirate_Bay_logo[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula-sourceapp[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.6 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.5 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.4 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.6 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\smt_istartsurf[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.5 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.4 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\SourceAppSetup[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.5 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.4 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.6 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.4 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.5 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.6 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Neon_Genesis_Evangelion_Platinum_Collection.8401676.TPB.torrent (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\eula-istartsurf[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.1 (0 bytes)
The process %original file name%.exe:1844 makes changes in the file system.
The Application creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\biclient.exe (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp (6501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\config.ini (154 bytes)
The Application deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\config.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\biclient.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss1.tmp (0 bytes)
Registry activity
The process biclient.exe:980 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 91 57 7C CD 09 2D 1E 3A 31 91 D3 B4 4D 71 03"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Application modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Application deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process %original file name%.exe:1844 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E 82 1B 33 B3 8B 79 A6 6B C1 16 99 AC BA 02 F6"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\biclient.exe,"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
Dropped PE files
MD5 | File path |
---|---|
2fb21755514945c8d5d27bbdd84eef62 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\4.tmp |
d65611fbc4da8cea4e886076bec82d1e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\InstallGenieo.exe |
518879abe3170dabd172dfffcd165598 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\appshat_generic.exe |
ac8f7611f353ca9803fad5ff81900678 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\biclient.exe |
a8baa7d8069523253b8d8ccde24bf5ec | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\smt_istartsurf.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1844
- Delete the original Application file.
- Delete or disinfect the following files created/modified by the Application:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\The_Pirate_Bay_logo[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe (22288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula-sourceapp[1].html (1650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.3 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\tokyo_sprite_full[1].png (3505 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.0 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (37040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.0 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.4 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.5 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.5 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.4 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.7 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.6 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.0 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.3 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.2 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\tokyoThreeWavesBG[1].jpg (510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.1 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.3 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.2 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.1 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.7 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.6 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.4 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.1 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.0 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.3 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.4 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.7 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.6 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.2 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\eula[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\eula[1].html (538 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.5 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\eula-istartsurf[1].htm (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.6 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.1 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\eula[1].html (538 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.2 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.5 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\The_Pirate_Bay_logo[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\eula-istartsurf[1].html (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.7 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\biclient.exe (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp (6501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\config.ini (154 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.0.0.0
File Description: Powered by BetterInstaller
Comments:
Language: Language Neutral
Company Name: Product Name: Product Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: 2.0.0.0File Description: Powered by BetterInstallerComments: Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 28860 | 29184 | 4.36907 | 33e8227bf6edbf3997e3d0895494668e |
.data | 36864 | 140 | 512 | 0.818223 | 1b0351714f371c0ba066871d4e504b00 |
.rdata | 40960 | 3196 | 3584 | 3.54441 | 88a268b1fac88e9fad865c68cf3abce2 |
.bss | 45056 | 110088 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.idata | 155648 | 4932 | 5120 | 3.53424 | 11c816edc4ef9cc4aa5511f8a707232b |
.ndata | 163840 | 36864 | 1024 | 0 | 0f343b0931126a20f133d67c2b018a3b |
.rsrc | 200704 | 17800 | 17920 | 3.9497 | 3b952b6cf19449d255a36efe2cd57cc1 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 3630
7f6d030a23f210ff0f767468fe3edd48
74fc1165f17d69e1205b8624e8b5fbbe
6deaaa49634d4ef6589fa2116f011a45
630e34598c05843fcf78ed9e87504e63
5325e620ec6cbf6918bc19bfc0ca49d0
9874d250393a5ca9bdb584349e6a11d4
99cbf9001892c6af0efad4afa94b2702
45cd604407f0af04cedd17c4d9bbba0d
4cef15098297e7c42991be3e40ad9bcf
192e76e660fabd4c5c4fc6056179fc86
6d6cadeac6ec451c70b3f47c7d794a34
56728519451e2b52f5f62c9fb6691d29
0d785d47b1c82023af9cf11d40f20704
50071def1d19b4a292932e38232d7b33
499a5a244e686961854cc81a6ac2f894
a777b08a4f3bd56dea2185c48cda4393
b18d4cd9c83d89116a7478da7a9d8b01
ca4a7cf7aaf0c145c06d67bb96a61da6
22f9e23fcc1e96fec45133be287a6bd5
6fad99e5944cf70690121a6aa6d64b82
e4e8d08fef9dae512def175605b37b30
330361ffef8a4c4690ec3d5e9acbee1d
15085ef3a04cc8da75e4e88c8e40360f
95d29a753a41d388af981f54013fa0e0
9fd81c119909308d540861e600a43bd3
Network Activity
URLs
URL | IP |
---|---|
hxxp://installer.betterinstaller.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC | |
hxxp://d3fih8vt5tnw32.cloudfront.net/images/Tokyo/tokyoThreeWavesBG.jpg | 54.230.99.198 |
hxxp://d39a6n71ru013w.cloudfront.net/images/Tokyo/tokyo_sprite_full.png | 54.230.98.196 |
hxxp://installer.betterinstaller.com/installer/ajax | |
hxxp://d3fih8vt5tnw32.cloudfront.net/sponsored/sourceapp/eula-sourceapp.html | 54.230.99.198 |
hxxp://d3fih8vt5tnw32.cloudfront.net/affiliates/eula.html | 54.230.99.198 |
hxxp://d3k2eoekmudqmk.cloudfront.net/affiliates/eula.html | 54.230.99.69 |
hxxp://d3k2eoekmudqmk.cloudfront.net/sponsored/istartsurf/eula-istartsurf.html | 54.230.99.69 |
hxxp://d1p2zvpeuweyai.cloudfront.net/affiliates/piratebaymirror/The_Pirate_Bay_logo.png | |
hxxp://www.girlliuxiaowei.com/home/smt_istartsurf.exe | 208.43.230.100 |
hxxp://installer.betterinstaller.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=bb240ea4d92fcc6bc5ca46520f398adc&client_uid=da282e2bbb7e4e4483dc4da5b3e19aab&uniqid=f851beeaa9065db1ee91294fc5689b2c&affiliate_id=piratebaymirror&software_id=neongenesisevangelionplatinumcollection&sponsored_id=istartsurf&tokyo_csrf2_key=84803c5219e63d6e8599911dfc4f01e1&tokyo_csrf2_timestamp=1426208469&slot_number=1&index_in_screen=1&index_in_session=1&display_height=68&0.1199777363849811 | |
hxxp://a1049.d.akamai.net/sd?is=sm | |
hxxp://dpo55t230unug.cloudfront.net/mirror/nerocrossrider/appshat_generic.exe | 54.230.99.179 |
hxxp://s3-1-w.amazonaws.com/partner/gim394750002/release/live/InstallGenieo.exe | |
hxxp://install-cdn.sourceapp.info/sd?is=sm | 212.30.134.169 |
hxxp://download.genieo.com/partner/gim394750002/release/live/InstallGenieo.exe | 54.231.17.33 |
hxxp://bi.bisrv.com/installer/ajax | 78.138.127.15 |
hxxp://downloadcdn.filebulldog.com/affiliates/piratebaymirror/The_Pirate_Bay_logo.png | 54.230.98.79 |
hxxp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC | 78.138.127.15 |
hxxp://bi.bisrv.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=bb240ea4d92fcc6bc5ca46520f398adc&client_uid=da282e2bbb7e4e4483dc4da5b3e19aab&uniqid=f851beeaa9065db1ee91294fc5689b2c&affiliate_id=piratebaymirror&software_id=neongenesisevangelionplatinumcollection&sponsored_id=istartsurf&tokyo_csrf2_key=84803c5219e63d6e8599911dfc4f01e1&tokyo_csrf2_timestamp=1426208469&slot_number=1&index_in_screen=1&index_in_session=1&display_height=68&0.1199777363849811 | 78.138.127.15 |
piratebaydownload.co | 52.1.146.44 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /sd?is=sm HTTP/1.1
Range: bytes=178497-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Content-Range: bytes 178497-475991/475992
Content-Length: 297495
Connection: keep-alive
...rcn.{*......@.dI..T....n....._........3.D.r..I..XIPc-..g..V..\r....[..\h.........Q.....,.)[.PIR......aq..?<R~".....H..B&..D1.A.,.d.<.....E...S.......4.u.}.9$!K..q..^..._S.Fb.h.g......f......k.D..ol....".ZB<]......b..>-A....~p;t...p.!Q.gZi[:.c..?....t#1..2c..\.H.T.j.T.W..y.....\V..BTqD..r...b.zd.....s...".k..z../..V.........5Rm.!....tS.4..AI.`R.I.X ........V...g...........8......([3.O.).`5;.X.>[.....rV..4lW..4#.~.1A...h.r..c.*..k~4....W:s.)........../.....5....].F.......P.Q..N....NX[kK.3..,.{...5.g...........7... .WI...b......5..._..i.Q|!...x....o.A~....t....BS0F.........b-0/...,.. ....w.....f....FU...[*,f~#...0..B.o..}....N....H.W.2.T.i.}......e........i.`..../...c............}B*......Mu.......X..9Sq......l'g.....M..........*.W..'E..........Y.....Z_j.@.....|@FM......=....(.f...NDV...f...*....Me..CU}.....NN .r..S...HL.3y.uz...v.L.........F...S.u.. .$0h70..[...9..A..PxCy.w.-!....Yf...8z.....F...4iMt5|.".k.J.P6f......*-/..M]....f..........0.g.C0:1.g...L.2X...g.rs...P........A.v...[<a5..>%..B..0.d...x...]?...ZJ...{e.1..<7......".......".......%......Q....&3..'..<...KP../.....l...iuS......q....i..O.../..Y..q..e.....WN.....[w..,M.'.....2....)U.8...J...`.3.Z.......[.&M...c.P....}6..u...<..sp.hE.H.........4z ...I...w........."q.f..w,B.mu.?...m.P..F~7..J,..p...|.@..T8..B.S;x^...:.=.F..,...5.\..g....O........*....g.../....,.?..Z....Y..u.2E.o;.)q..L.......-^.:i.s.aH..w.f3K~....nz.......2o..S3..R.E. .}&(HKRnB.&$I......}.Y.....Fxx'=.....J..... .._../s....O.. .=7r.N.....~.<.....7.i.^.8y..
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: OmhLswUTpfiVMSdmOyv / L ubjOcIYhUwAc4MvrisZFgTuSX5l0lEeLHU79DTUQHiTu t3IfqE=
x-amz-request-id: F3EE81C1A09E83F7
Date: Fri, 13 Mar 2015 01:01:13 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 988408
Server: AmazonS3
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................................................................s..........P...............`............................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc...P............v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 285558
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 0-285557/285558
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 95a477af435073615179b256d8101334.cloudfront.net (CloudFront)
X-Amz-Cf-Id: fU-BDVqbrsIVuEKn7pX3O5cYenKdB6NeUDIM0UQjngGijf5DezUWMg==
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................................................................s.......@...............................................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc........@.......v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>
GET /sd?is=sm HTTP/1.1
Range: bytes=297495-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Content-Range: bytes 297495-475991/475992
Content-Length: 178497
Connection: keep-alive
f.k00. J.b)Q...g0..J1V.m.aC.I...N.=.j...b|.....S.(.A^.Ww&.uW....=>..0..{._J./)6.e..].....R..MVLn....{..5-%......\....d..S......X>e.\..`...%.b..$..Cn....8.PKZ.Z.%..p...\....e=......h.v.h....U`.|...T...O..2.v%.....3Lh0.C.q..~....sO\<..A.....W.....K..=..]V.UT......}..[..e....z...`Mw{....w...|.$l.0Ky..o.X.^.c...Pa.=%,.`q.cT*......K.0..@....z!"....4.q.]...|.%..1.5pB.7.6}..d..O..VoM.W(......b..G.M.u...f.].../C{:..Dg...\...D...b...#k...o.K.Y5...J..3j....}.m._....P...-..d.....}..l..(......@...........;.....,...^.L...(... ..r..2..B...|u.a,.I.K.$.M.. .~.8.P.J.".X... ....v.}.cn...=.\f;I..M..p~.!.^.....l0Bj[.4R...U......n^2\.........A...). ..Ee..y.~..d....wx).....3.........Ke.f....G2].....g.Y..%..f.].>....=:.1...<l..ow...Z.....D{..#.p.."...P../\.IN.(....1.$.d|......xJ.4e.I..~'..Dp....uS.1oW.W$..Y..A..)..%/J..a........0I=..o.4.........>...3......M...9.......@./.n.X..,...7......h......R..w.&'....<..{.#Aw..f.Vg....w.oBT..%.tU(X.4.w. /. E.'..n...!FE1.9\d.h..z...C}T..?..98......1...F. b.).....e....tw...b.*.U.W.d..r..S..c..4.k..M!...........0..R#.M!...jf..... ..q..SK. ...v.VcT'vg.1...:.,....X.Z....0^y...m...r.a8.Z..?w.........q.Y..7@$A=.Ju..v..r....c, ....S.V..j......5.9.....}T;..Xi..&...M.c!t.z..5....|.m. ..'....:.j.b.......:...N.b...OF..M.b.....|R9....m.. 0"!....B.]...CZ.!H..L.F......pA.j...s=.i>.6.2P..y..._\3.0...<...CZt...YL....6...`.rs.-.h3....d..........^.7u......L.{.j._...%.6.......(B2&V.....C;...,e.?..Qp#.F..?`Q...s.m.5..j...7.BH.k.]...>.{l.&..kD...g...*P@v..:kd.....e?..MY....O..5......q..U
<<< skipped >>>
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=214170-
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 71388
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 214170-285557/285558
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 c1639d907cade557ebff29e5be78b0b6.cloudfront.net (CloudFront)
X-Amz-Cf-Id: kvsqd3J7qqIgXR-tqXzY_nK07jp_4hvDyE4VbgEs5nko0EreHzZF6w==
a...:X.h0...d...,Q..b:..... <o..^..z.nI...n..b..3........$.#....k..m...L:M..^..b..j.*G.:c'^T... .k..|..?D...c....\..P.}...@.....I.Rcl.au....x.X..7.[.f...!......g...)aT......k.....1..K.....ou74.U..#.k3-...N.......t....u8n.7.c.2..7J... ...h..s......[.V..44.a..<.- .....x..O2oZ*...u.....oY...T..k..r. z'._GC..B.W.9&1......'.~/].2 v~..:f.=.x<0.}.e3F/5..b..<!..H...1)......V~G...7.........A..1VS..s.!6.k.J6...h.o...8..A^.@......l>.[.Z...I..P..................Y..... .I."....s....6d..<F-..[....\]^... C4w>..'j$.qT........J .{..\....X>..............|EU.*................c..Q.<......Mk..%....1c...8.g:...=.d'.R...Im,O.o$..Q.....O..fS43.(...`..........M.s...Rx..[.|:...&.^.....c......)...>.6.C4c".%..O..r.Cg.........|._...9..m.h.6.;.Y.L.~).M..]A\...e.u`...U....s.X....m.....1y|.....k......~..uEi.$...J..pK.:Xt.....z9.bu*...1:.C....`.]..N.oR.....0..(.5U!.*....$.......3t.0..Vd6..H....6.9N,....)T....e.h.."..N6..nUE.......Z..d.........&.....`..1..............b9..K..g..9Md...K...6q.?...MU.GW.c.C..Ppfw..u.{.."..]....wf|k./(BX......V...p>...'.;..(..Q.....9.:...R.v";...zv\;..Ow.2...7.~.IT.D..mu.k.OGw....<U.....x.. ...i.....W.5|w.#....DR.w.}..r......D...^Y..v.... 05...K.:.{..}Q...t.Y......P..#Hl....2........&c.....C.*...D....l...v.K.vD.wC..vK4..W.P.).X.....Z..;V2......,j....q./.q.i..d.........\..F.._a...U....T...m...d.....>....{z.tf.T..%...5.. NF.......).....:.b,..O.Yq.....u/oT<.`.m...1.@...................l.X.l..M.E.|T..mVLY.......C(E.....F...e|...hu.\.\. .....~ ..Fi>..M.;..f.U$..!.&6 Y......s..
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: Y5ULIsaIj700HSLzORofHH82Mi5arROrRKvtJLKwb7CGiaJxSZShy/4KgKn/b2yDtDlB5loA9WU=
x-amz-request-id: 65718E8B896215EE
Date: Fri, 13 Mar 2015 01:01:14 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Range: bytes 0-988407/988408
Content-Type: application/octet-stream
Content-Length: 988408
Server: AmazonS3
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................................................................s..........P...............`............................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc...P............v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=181500-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 108900
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Content-Range: bytes 181500-290399/290400
ZHH.$.B.CHS...B.ZHI...B.CHT...B.NLB...B.ENU...B.ENA...B.ENL...B.ENC...B.ENB...B.ENI...B.ENJ.t.B.ENZ.\.B.ENS.@.B.ENT.4.B.ENG.(.B.ENU...B.ENU...B.FRB...B.FRC...B.FRL...B.FRS...B.DEA...B.DEC...B.DEL...B.DES...B.ENI.p.B.ITS.d.B.NOR.P.B.NOR.<.B.NON.$.B.PTB...B.ESS...B.ESB...B.ESL...B.ESO...B.ESC...B.ESD...B.ESF...B.ESE.t.B.ESG.`.B.ESH.P.B.ESM.@.B.ESN.,.B.ESI...B.ESA...B.ESZ...B.ESR...B.ESU...B.ESY...B.ESV...B.SVF...B.DES...B.ENG...B.ENU...B.ENU...B.USA...B.GBR...B.CHN.|.B.CZE.t.B.GBR.d.B.GBR.\.B.NLD.P.B.HKG.D.B.NZL.@.B.NZL.4.B.CHN.(.B.CHN...B.PRI...B.SVK...B.ZAF...B.KOR...B.ZAF...B.KOR...B.TTO...B.GBR...B.GBR...B.USA...B.USA.......6...-.........OCP.ACP.Norwegian-Nynorsk...c.c.s...U.T.F.-.8...U.T.F.-.1.6.L.E.....U.N.I.C.O.D.E... Complete Object Locator'... Class Hierarchy Descriptor'.... Base Class Array'.. Base Class Descriptor at (. Type Descriptor'...`local static thread guard'.`managed vector copy constructor iterator'..`vector vbase copy constructor iterator'....`vector copy constructor iterator'..`dynamic atexit destructor for '....`dynamic initializer for '..`eh vector vbase copy constructor iterator'.`eh vector copy constructor iterator'...`managed vector destructor iterator'....`managed vector constructor iterator'...`placement delete[] closure'....`placement delete closure'..`omni callsig'.. delete[]... new[]..`local vftable constructor closure'.`local vftable'.`RTTI...`EH.`udt returning'.`copy constructor closure'..`eh vector vbase constructor iterator'..`eh vector destructor iterator'.`eh vector constr
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 290400
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.C...-R..-R..-R...R..-R...R6.-R...R..-R...R..-R...R..-R..,Rt.-R...R..-R.E.R..-R...R..-RRich..-R........PE..L....<.T............................ 8............@.......................................@.................................08.......................R..`....p..L...`...............................h...@............................................text...#........................... ..`.rdata..f...........................@..@.data...$K...P...*...2..............@....rsrc................\..............@..@.reloc.../...p...0..."..............@..B........................................................................................................................................................................................................................................................................................................................................................U..3.j.P.u..F......F......>.....]...U......V..M..;...i..... .;E.s..E..M..I....s..M.S... ]... M.;.w.h..B..b....M. E..M..E.;.s.j.Q...'....]..F.;.tR...r..........r........u....M....E.QP.........{..r....~..r........u...SP.B(........U.j.[;U.wG;.r.......;.r.......RQ..P......F....;.r.......;.r........u....M....E..F;.r.......;.r........u....M...Q..P.d....F....;.r.......;.r........u...QP.>....M.....~...N.[r.................h..B..p....U..Q.}...M.u.;A.viS.Y.VW;.sY .9].wR3.B U....y..r......M....SQ.E.P.&.M..}..
<<< skipped >>>
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=142780-
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 142778
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 142780-285557/285558
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 5f32e0f17e78c0bfe70226dd05074c92.cloudfront.net (CloudFront)
X-Amz-Cf-Id: iii6CV_ytH9oiFgHkIgrrRBVCGRJLq8R5ABuDlUVCIl1lXTKaYlBsg==
..<......O.. ..o...U ...h..y.O..X..C............2.[..,..."m...~b..........V:...!.......;n .f.P..i?.|...B..w..?5w{...z9.].8*..3..(x...z/E_...oz...#.".2:...z-.&ng...&y.......H|.q$...Y.....G..M..E.*N...&..z...U.`....t.?T5.m..<.<...BK..nY_#[....YI?.4...!h.Y..>.....c.M....F..j..Ht7.gN...z..(..l..\u.~...].Ub...M!..<{.P.M.MM.ne?..<.:....O.,=.h.....Z.b.........Y....R.s.e.I).i..fpk.j.O0........].2|.0.C``.......m_z.=W..^...C:............Q...xbR.....t...eF.V.....aR..2o..w.>..r!U......Xs%.Wm.&.LbX0{.P........@..\w.......>.../.bW........X....^e8......Lq...[.3a...n*..........2..!c_ .......{...Z.lf...z..o...~*..l....G..2.w.8.#.*........DH..-df.].....kr........_..@..g...'k.... ....m.=....X..J........e.... .R.7.........!..\..C..G/./..y..*=.......,..V..f.%....LF.|......T..g..fPs.............-6.".l.t 5..'B.....=.}K.9.%.j.1..J.\u&...mg!..Y(...U./?q=B{.z..Q...>....<..B.|keIL.c;........N....n....*K...F..~.5.2......K...'n..,&rt...N.G.59.]k....N..3....P...)......M w..........6.G.2T......L...B0.#.R....5..,.N..|#..%.lN...9.j...j.2x....R....Mh..-...D.2...l....*....9c..m.9.e....].j....a.2.7...\....E.Biu.Bf....a..Oh..r... ...(2n..7BD7.D/........D...T..*.q...u.J..4...v...I..u.Wr......*.......b....`..L@.CI.......1@...zrR..Z..Um....Z.D>\..........3C.b.._XI.[s..t.......].R..p.=.&E..Z4<....z...=..%.Y..>..CF.,]tp..C.iV..z.dh.pI?c\7..4!2..^.M....GDiK..*.=...!.?.......H.......)]...(..@..(..{..E^yVP ......%M,..O...S2........d^....T..VE.....j.y.......}..GqN....E7rG{.E.....y...N/.WG..,...QV.GC.m.gY..........4...
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=72600-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 217800
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Content-Range: bytes 72600-290399/290400
.....^]...U...u.j..u..u..u..o......]...U...E.S.].f.;.W..tC...f..t9.. ..M.f..t....f..t .... .u....f9..u.f.9.t..........f..u.3._[].......U...U.VW..t..}...u...1..j.^.0.gl.....3.E...u....... ......@..t.Ou...u......1..j"Y......3._^]...U..V.u.W..t..}...u..|1..j.^.0..l...._^]..M...u.3.f......f.:.t....Ou...t. ....f......f..t.Ou.3...u.f...*1..j"Y........U..V.u.W..t..}...u...1..j.^.0..k...._^]..E...u.f...... ....f......f..t.Ou.3...u.f....0..j"Y......j.h..C......3..}.3..u.;....;.u...0.........%k..........V.....Y.}..F.@uoV.....Y...t....t...................C.....YC..A$.u)...t....t.................C.....YC..@$.t...0..........j...M..9}.u..N.x......A....V.N...Y.E..E...........E..i.....u.V.d...Y.j.h..C......3..}.3..u.;....;.u.../.........1j..........V.....Y.}..F.@uoV.....Y...t....t...................C.....YC..A$.u)...t....t.................C.....YC..@$.t..#/..........i...M..9}.u!.N.x....E..........V.u..`Z..YY.E..E...........E..m.....u.V.h...Y...U..SV.u.W....F.@uoV.....Y..YC.;.t....t...................C......A$.u%;.t....t.................C......@$.t..]...........h...._^[]..].;.t..F...u...y...u..~..u.V.w...Y..;F.u..~..u.@.....F.@..t.8.t.@.......F..F........F...%......j.h0.C..-...3.9E......u...-.........Yh......,.u......Y.e...u..u......YY.E..E...........E.. .....u......Y...U..j.j..u.........]...U.... SW3.j.3.Y.}..]...9].u..I-..........g......i.E.;.t.V.u..E..u..E..u..E.P.E.B....E..............M...x..E....E....E.PS.ZX..YY.M.x..E......E.PS.BX..YY..^_[....U...u.j..u..u..K......]..@RC... .C.Vj.^..u........;.}.... .C.j.P.W ..YY...C...u.
<<< skipped >>>
GET /images/Tokyo/tokyoThreeWavesBG.jpg HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d3fih8vt5tnw32.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 15368
Connection: keep-alive
Server: nginx
Date: Tue, 10 Mar 2015 15:26:31 GMT
Last-Modified: Tue, 10 Mar 2015 13:40:32 GMT
ETag: "54fef450-3c08"
Expires: Tue, 10 Mar 2015 15:36:31 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Cache: RefreshHit from cloudfront
Via: 1.1 95a477af435073615179b256d8101334.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Ec0jRv_InmseArx5n6HF4Eu6dCNsnsi6s8E-uOAQBixQMKZmVXHOHA==
......Exif..II*.................Ducky.......2.....mhXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:20C8E87541DAE111B4BB9504935C1EDB" xmpMM:DocumentID="xmp.did:9221A174EAAF11E18FF38F26F77384E1" xmpMM:InstanceID="xmp.iid:9221A173EAAF11E18FF38F26F77384E1" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5CE23EFD5CE7E11188929FF0DC9AD62D" stRef:documentID="xmp.did:20C8E87541DAE111B4BB9504935C1EDB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........D.."......................................................................................!1.AQ.aq.."2...BRb#....r.....3c$CSs.....Dt....4...6.......................!1.AQaq..."2...BR#...r..b.3...S4T..............?............................@...... ........B.....V@.. ..U.^R...Y......8.M.O@9....Yk.6Fq.'............)...........b...........................B.....................2.......FR0 ....%l...6
<<< skipped >>>
GET /sponsored/sourceapp/eula-sourceapp.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d3fih8vt5tnw32.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 08 Mar 2015 06:44:47 GMT
Last-Modified: Sun, 02 Nov 2014 08:13:44 GMT
Expires: Sun, 08 Mar 2015 06:54:47 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: RefreshHit from cloudfront
Via: 1.1 95a477af435073615179b256d8101334.cloudfront.net (CloudFront)
X-Amz-Cf-Id: rXLp9U6SDUNyb5mma7HQOQbZh5oaQs0Jq3pz6MA3Rf4TGNzxE97zqQ==
36ec.............}.r....sU..C..cLE."U.m[. ."A.6I...d..#.$IT.H..Q..........Yk.}....|..vtGQ@..........=...>^....tR\].=...{.....?9>>....z?.8/^..,..r........../.....j...........zqw<....X..c..p...h..........t2[.~.0.~......lU..|....jU...r..V..[.n......a.z.T..q^.~oU}^...K~..M=z....7.zR/^......;~4-.w.......p?^U..y9.^..z1-'..........O_...N.......u...............wz%'b ..p..a9............)?-..an....^....r.....5s~:.g..N......;...o.....G..c....5.x...j=)...a.....i_....v..-./......n_./...w......E..?h..w........=.|h..........t..Y....A..{.....O....A.{.?(>.....x'...x.e.....z-~..}P.......>..........>>.\`..3|......6..k.;.....o.;.......Q....8~....dS-....U..V..xV.....=...8..|<.f..h.-.jZ.V........(.EU...H..,..zV....E.^/.Uk>...b........A..P.....[/1....L.;...#M.kL..0.5&.,.......X.......c.X._xw1.OA.#.......%.mR.6..TeS.Y..\...]=p.6...s....^...;.....?U...u...|9.X.W...r.X\...../.?....b^/JN.?[T..... |..j3..r...r<)o.....IBf.},......>....<.0..#-.s.._U.0..x9......d=....\.....r6...... l..g.....N.........k.....^d.....\...XK|...pF8...Jk......ZL.9......Z....|.....r...N....' <..,k..A.H.h...CQ......jt.....C./.rR.q.....S.......@.X......W...rj..Q....M..tz...ed...$<y...... ....|X.....Z.w...2H.c..4...).......... l3F.o3.,....qVc...Z.SmP....02&.....Y.j...s.bR...(.. ...;..K.lb(g.z.Z.G.a....`>...1......K2.../.hg.....9e...H.gU.Zc.,z......2f.........7..R.AYX.'.....`.I...B..4p.......x..@.\..5U..x.......*..z.=r.6.'.s\H.9.!.N.;......g....gq.O.. .Y......[.X%........ L.........9..E..............`.I1.F.......0|.h...".
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=217800-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 72600
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Content-Range: bytes 217800-290399/290400
....................h.u.........................................t.w.....................................z.h.........................................d.e.....................................d.e.........................................a.t.....................................d.e.........................................a.u.....................................e.n.........................................i.t.....................................i.t.........................................e.g.....................................a.r.........................................r.o.....................................r.o.........................................s.a.....................................a.r.........................................d.k.....................................d.a.........................................m.a.....................................a.r......................................D..m.y.....................................e.n.....................................U...m.m.....................................m.m.........................................p.t.....................................p.t.........................................f.r.....................................f.r...........................................................................................................B......?AV?$_Node_str@D@tr1@std@@.......B......?AV?$_Node_class@DV?$regex_traits@D@tr1@std@@@tr1@std@@......B......?AVcodecvt_base@std@@....B......?AV?$codecvt@DDH@std@@...B......?AUIHttpNegotiate@@......B......?AUIServiceProvider
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=145200-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 145200
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Content-Range: bytes 145200-290399/290400
.......}..t...'....]...U...E..h.C.]...............U...M..MZ..f9.t.3.]..A<...8PE..u.3......f9H......]..............U...E..H<....A.SV..q.3.W.D....t..}..H.;.r..X...;.r.B..(;.r.3._^[]...............U..j.h.$C.h..A.d.....P...SVW.tVC.1E.3.P.E.d......e..E.....h..@..*........tT.E.-..@.Ph..@..P........t:.@$.........E......M.d......Y_^[..]..E...3..9...........e..E.....3..M.d......Y_^[..]...U....$.tVC.3..E..E.S.E..E.VW.E...p...e...=l.C...E.u}h4.B...T.B............= .B.h(.B.S...........5..B.P..h..B.S.l.C...P..h..B.S.p.C...P..h..B.S.t.C...P...|.C...t.h..B.S..P...x.C..x.C..M..5..B.;.tG9.|.C.t?P...5|.C.........t,..t(....t..M.Qj..M.Qj.P....t..E..u..M... ..3.p.C.;E.t)P....t"...E...t..t.C.;E.t.P....t..u....E..5l.C.....t..u..u..u..u.....3..M._^3.[.........U...E.f.....f..u. E...H]...U...M...x....~....u...{C.]...{C....{C.].............;N.....]...U......tVC.3..E..E....@.SVW.=|.B.3.VV.u..E..u......M.;.u.3......~Ej.3.X.....r9.D..=....w........;.t............P.....Y;.t..............3.;.t..u.S.u..u.....t VV9u.u.VV...u..u.j.SV.u...<.B...S.....Y...e._^[.M.3..W.......U......u..M.......u..E..u..u..u.P.........}..t..M..ap.............U..SVWUj.j.h.GB..u...O..]_^[..]..L$..A..........t2.D$..H.3......U.h..P(R.P$R........].D$..T$.........SVW.D$.UPj.h.GB.d.5.....tVC.3.P.D$.d......D$(.X..p....t:.|$,.t.;t$,v-.4v....L$..H..|...u.h.....D...I....D..._......L$.d........._^[.3.d.......y..GB.u..Q..R.9Q.u.......SQ..bC...SQ..bC..L$..K..C..k.UQPXY]Y[........U...E.VW..xY;...C.sQ...........<...C.......<..u5.=.TC..S.].u....t.Ht.Hu.Sj...Sj...Sj....
<<< skipped >>>
GET /images/Tokyo/tokyo_sprite_full.png HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d39a6n71ru013w.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 26401
Connection: keep-alive
Server: nginx
Date: Tue, 10 Mar 2015 13:50:19 GMT
Last-Modified: Tue, 10 Mar 2015 13:40:32 GMT
ETag: "54fef450-6721"
Expires: Tue, 10 Mar 2015 14:00:19 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
Age: 59
X-Cache: Hit from cloudfront
Via: 1.1 9d3cc62eeee5c3d8d5e74dc52327bf12.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 4Um8bl3UQAgq82s0pR0RknNSh9ALTAp8voXujwLceI-Eyn5h4VqMkQ==
.PNG........IHDR...............-)....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:080CC8DDBD6511E3B018CC780203A0F9" xmpMM:DocumentID="xmp.did:080CC8DEBD6511E3B018CC780203A0F9"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:080CC8DBBD6511E3B018CC780203A0F9" stRef:documentID="xmp.did:080CC8DCBD6511E3B018CC780203A0F9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..!C..c.IDATx......G}.....9....,....;...Mx.1..!.l...`............{..%.q...o..qp ...1.flA0..E.d......vW..W/S..3..IgF:....5=..=}..3....._.B>......!...%.....RJr....e...m......M...uW*..v..j.J.b.~.w.7QI/....{.@...)]....}.Ugf......eM.u..].N."c%.,.V...;.5..}.v.......A...l>.;.>O....Lo..ku^......3.8....x./M.G]5y.(P....p...X..^.z.....R._ ..m..u/|.......:D.Z....\........;\....k.....|x>7\."....RLi.$.%ZWo\......o.]]q...|.r.......Y.3.mal...d{{..W.....fQ.-.......j5..e.....6............k(......b^k.....|miA....A$..(;o.??D.p.S5S'..KW.......=....>..H..f.5....N.t...6 .......0w.0.`.......x.y....S{.
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
Range: bytes=247102-
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: mIIbQquEwYDXE0otso5JbZMpXv1pljmqYBV08yJHLzxQeiWmfiFqOtfA5FPaJlEyg4KhE2vvMyU=
x-amz-request-id: 3A4FBC598373E204
Date: Fri, 13 Mar 2015 01:01:14 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Range: bytes 247102-988407/988408
Content-Type: application/octet-stream
Content-Length: 741306
Server: AmazonS3
-s...R.... .e.>7........... )..51.n4..@..)....ck.../.01-. Z?L....k....O..<2Ma....7..r.2....j....O.".A......dK..&G..Hj6.(.P....ZxVA.>...Sr.l:.86....6bq.....>.d-p~R{..jI.L..M. .8O....q..[..J4...T..l.....m.......)e.C..A....I,cPy2|.."-...".M.O..v...=Q......|.......'..Z..I}....Dw.....f.i...m.~.o..H'.j.....&.agE.`._`.>...[.:O...^4......3...7.{.a@.m...9..bH...<......BY..4C.}..Qf.'(.....rRf?...q.=|....|....[........E..Gu...oD2 ...E/....2$..k......o......E.. h.....s7..ouq...N..".o.....L.....%.8-...zG.._.|.B{.e(w.iy.....ALA.}.,.cf1%ZE-.U.....oa.F.~|o.":,.N.s...N.^x....GT..(.!..oy'.N..?.L....7...)..f1nS.P.6....._v......._)S......`....qe0.d.DI............sq..su...{j..Y..'...;..6.{..@..Os3p4T8.z...8....L.Q.F...H../...b...(..k._..z.a...f...0......}.......P.|-.3.g...<.,w=P.tk_$..p..\,...K..*..........S.....l&..^C.q.J...OD...$..T..x...`........:Ea#"...fv....p.u.YWE.........m..E...CV....=sR...=W.DC..jQ..o.74;9 .5y^.H&f.3..|X.......w. ..^./E...X..lC.|.hR.. ...._Jr..v...E..X~.D.Q.......5.>...A..v ...a~=..F ..{a"....yj F..].n......=1H<.Z...n}.1.;.!7U3..........G..N...T......A.........m .....PcC\Cek.w.........J.a....{*.>.u..]9.....2K.}.G@........$-H....=9....f&f..6l...M...u ..k.N).O..8J.~........i ..`5.........r..g`..../...E.....R...P......l$r.GTJ...\...v9..Y.D.!&e..aq...)%.'.[.....Pgx..../.PQ..yv..D...#...m.|P!.l..s.$.q&=..d6T.jQ...]d....7c ...ll.s...X..`T.(Da.P..b..!....A>..n."..H.....Rrc...C.T..J]Jx\*.....l...q2..q...R......?9..4l.....F..3`{..x.`..d^.g............C..t.G.'xdA>y...m....m~..."..~
<<< skipped >>>
GET /sd?is=sm HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Cache-Control: no-cache
HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Content-Length: 475992
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................Z....... ...0.......p....@.................................$S.......................................s.......p..............h*...............................................................p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...x............p..............@....ndata.......p...........................rsrc........p.......t..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....nD..H.P.u..u..u...Hr@..B...SV.5.nD..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h..D.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G.....t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>
GET /sd?is=sm HTTP/1.1
Range: bytes=356994-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Content-Range: bytes 356994-475991/475992
Content-Length: 118998
Connection: keep-alive
....j..bY-?..xx.J.s.:wN.-.UD..2.Z..6..g..R.H.......v*....->..f..yn..y... ..~..t9...'J..i..Yy... ..i.//L..'....X.....{.I..../jK.m.Gd......X.....sJ.(".(.5J.. $.,....W..kj.B..V4H....CW..R..D.y.....)/./.x......v..#.....s....Y.<.w.D&.w..N...>fZ.f.#GF...(&.....-.....Ep..b....e1....3.....n.T..'y....t.x.@@l...3..<..%...j......Y.{33.q.^..F..X.z.TU.......|...2...R....H....M[Vs#_6... ..n@]....m<^....e.......<n. (n....w.)..1K.0.u.s....;.....u]...._.}:-.C...H..[!.%.......J7.#..*i.y.9.B..s....%e......2.K...=w.......U6....i....u.v.1...)..[y...M'vHG.^H^93.<1bifU].._b.U.8k..W.m.........}%s.V..]H.Z&c...4g........J...M.....\...[...|...Q.5]..L..!.M'B..F..8..=V..p.."9X@.HDa.,.2...S....%CN.jE.].../..h.M#...\k.y..Rt..[F..&}..].95.?.@ .........&....1ul.3 ....X..3..._......P.G.l..*".M....}.. O. ..fb~;)...sXm..<.".*.|Q.vZ.,...M..M....8..Q...t.gE....@.....Y..Oo...I.....\..C......Jl.... #.z....1.EA...R).u..d.!=..|...L..|9......:....D.a.i....m..>.....S...........P(.e>.,..LI.M.U.C........'?W7..$....R...8...g66..}..74..H.r.{..5..K@vGx.~.:&e.......=.~...].2,.5..r.......9Dy.pD.....%P.J..s....9b.E..(.......].......g.'F*....~..7/....8....C.kg."`;......B.,E..E.(.!.w.hN...H;.....n...DQLK.......n.Z..]..Oz.\xW...`._.I...h.9c$t....x...~.J.".%j..5.....E.#..G.H.b.......>..i5...H.;=B...t*5.pXZ...;...x......od.C.<'n ..V0T.[%..f....N8....e....O....X..........h. ..PDJ9. .l....3....;t.....44..A.Ss5....m,.yk..1qX.m..|..a..:i.....a..H.....V.OPi..........:?fN........c.....q.X.c....5.3....i.$f...T4.W=....Q...hb.....{p.C.._1..
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
Range: bytes=123551-
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: UR jPMoB20rNAlRZOtN6q1JCsozx4Buz3j5AKlcz VhniI3DErqU3gjW9VVEYG FbYWHQwSgOgo=
x-amz-request-id: 761BAF852748A891
Date: Fri, 13 Mar 2015 01:01:14 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Range: bytes 123551-988407/988408
Content-Type: application/octet-stream
Content-Length: 864857
Server: AmazonS3
.[J.w...qYt\M.Fz.4.*.......o.....1K.pE..2....CpY%...~45...'...E...o.$....H.h..;o.r.~.98....'...Y.E........r.....C....'!^....i.=.*.(..........."...s...v..u..-."...Nm2\..t..@K9...ao.L..78.n.c.1>.-..\....I....z.n?.......2...^..?/...a'..".A...D6P....Q.F....<.B6.a<{\..1V..' ...3/...a.*..MkJ.....$ ...=b.z..5...#..O.W......^O..K...s....>..6.f!<.S.{. '..Ich...h...f...8<\<`..ff.Y;.<=......:E.f|.Aj..*nN/....[.S.l.....U....\........k....#p........>.Nvg....c..Q.....k...p..q....;..<.....l..<..\y....{...fH...F..... [....B...Y.'..T..w.a..9.....cCW.'S.k.......7.CY.t.....(.)IX...W...........T.......M/.......uzfBNU.y.....s...W,&.>B....{E...^.v...%<...R...w........<.E=c.. 3.....5...V...U....W@...s..%..M]~...&..@..w.s.6#R..X2X.5uUZ.Q......tM.k.u.O.....G.Vz...,.JZ&J.'..fBE.M..@....F....8.....P..mN...t..j.61Luq.....l...@f.X..=v.....s;.Y...Zfy..e..m.G..0..i=.Y.$..ok...I .V...,.A...K.gB..c..,.AEfS\....;.9.J..{//>.x_.t5i.6k}....I......I....R.......O..d..Y6eD.kG.Aj..,.....u...2Be....WRU?.36...9..N....l;.m..y....\......g.m'.Q..%f.#../......Yoe.......j."&.-.WB..'W.J|2..R^p\.2}.S^.[j.3..3M.d..}1....}.X;[..f?o.h..W...[N..Q.P.JI...fc...E..bkhW.;&.f..........AY.p...t.....3UP.^-'G..7.e.nL .!i\q{...M.'..=.K&.-..!.9<......p.bhX.......[Tz1.k..n.QD.....>F..$.$9x.Q..f.e_.0...j.<...d.Y..MKL......8.;h.w.g...Q.{q..B..f4.O...hk.bf;.[)..._...DE8C.(I/..*..z.:.....s.#O...[)(.lA.zC...b}..P.S.X..o....Z..0.....Y.$....mu..C...J..p....I.s~z..Kr...Y..c:....Y..a.....z%. 7L...8t^..w..d..df...Yt...9.......Ru...
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=108900-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 181500
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Content-Range: bytes 108900-290399/290400
.......pl..u.j .....Y...%....j...2..Y.e...5.XC...lV.Y...YY.E..E............j...1..Y.u..j.....B....d.B......V.5.XC...h.B.....u..5..C.....B...V.5.XC...l.B...^...XC....t.P.5..C.....B......XC....XC....t.P..p.B....XC...-0..j.h."C......hh.B.....B..u..F\..B..f..3.G.~..~p......C..K...C.Fh.\C.j...1..Y.e...vh....B..E......>...j...0..Y.}..E..Fl..u...XC..Fl.vl.....Y.E................3.G.u.j.../..Y.j.../..Y...VW..d.B..5.XC..............uNh....j........YY..t:V.5.XC..5..C.....B.....t.j.V.....YY..x.B..N......V..f..Y3.W..t.B._..^...V.........u.j......Y..^.j.h."C.......u..........F$..t.P..e..Y.F,..t.P..e..Y.F4..t.P..e..Y.F<..t.P..e..Y.F@..t.P.|e..Y.FD..t.P.ne..Y.FH..t.P.`e..Y.F\=..B.t.P.Oe..Yj.../..Y.e...~h..t.W..`.B...u....\C.t.W."e..Y.E......W...j..L/..Y.E......~l..t#W.....Y;=.XC.t....XC.t..?.u.W.*...Y.E..........V..d..Y.........u.j......Y..u.j......Y...Whh.B.....B.....u..4...3._.V.5 .B.h..B.W..h..B.W...C...h..B.W...C...h..B.W...C....=..C...5l.B....C.t..=..C..t..=..C..t...u$.h.B....C..p.B.....C...A..5..C....C...d.B...XC...........5..C.P................5..C..5..B....5..C....C....5..C....C....5..C....C......C..c,....tc.=..B.h..A..5..C.......XC....tDh....j........YY..t0V.5.XC..5..C.......t.j.V.,...YY..x.B..N....3.@.......3.^_...U.........tVC.3..E..}...E.SVW.}...x...........t....h......|.....Q.u..u.P............ub..d.B...zuxVV.u..u...x.............p.....tXFVP.*.....YY..tH..p.....t...S.u..u...x....l..........t.j.V.......3.YY;.u!9.t...t.S.Tb..Y....M._^3.[..Z.....N.QSVP.Gi.......u.9.t...t.S. b..Y3...WWWWW......}..uH.5|.B.3.PP.u
<<< skipped >>>
GET /sd?is=sm HTTP/1.1
Range: bytes=59499-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Content-Range: bytes 59499-475991/475992
Content-Length: 416493
Connection: keep-alive
...3l. ....i;....51...6E..Q.o7.9.<~...&o.`7D..z......7.y.lp........3.`1...96X...f...g@.').%..q.[..S/.....E...%../ ..;!cc.=r.s?..J...{R%..0<q].$...b.......Yn..A~'.fx..71....L..7.....j.^.l]b..#&O<6.pV\m{"".y..Y...0.f ...B.._h.T..6..O.<......NJ..{il.....9.~........%...._x!.@..c..m.Ht....j.y..Ay...]............F.;._.... .[......}g&.1....SU.....4VU..i....g...S&YX...Hx.....}c..;..j.m.(........'.).wZ..0.j..J.........C...=..^W...............Z..rN..?.,.{..C......3:..G.rQ...Z$..?.3m3L.......eY.k..x.{i.........e5..t.%~8...8.........N.l..!.j*.,....B..C...s......L.. X.#...4..&.;..?...0..z.3..9i.o.'....17)0o........8........].. 2dt.]=,9..{......&.W(..r..9,...F...z].J.L...~......l.x.*G....)b.Ej.....Mc.H]....k.;.....2.V...t.......x(Z.*gE.e.2....s.}........W..?...X....?~7..bY.?..&p.I......O..~y..../....U....qP..v/..@.....p2..G.0...Z...r..k.......z..0.º.0....ldl..TI.x..3.. ..>M.I...hx......C.. d..-.......;.....{.].t..i0.T...%.|b..#VL[.z...\..?u.K.........}.q...)..&..*..z.......9...o.9s..,..h..,..O.H........95.]......A..;....:.Lw.c.G..4. w;......p.}(...}d.Eq.5..*....c.4E~...f..fZ.kbF].........)..O..A........ND....]A......a`I...iP...[..6:-.,.../0..!.....2..a...-.;...p..^gL...^.F[..@.)_.a`K......qu..v.C ..p@.)...q..J...l;..#....Q9,G.......i.\.G..o}....&.s..Nz..fP.0.....F..M-.$D.....0}....99....y.Z..d..(.j...f(...fEW...,..8.._.4Y1.y...eq....d.t.%6....]$..KE......k.&6j`.pJ.2^.2x.t.<..>l.......&..)<...w....0%:...d.......G.^.'I&........A..........s.NE9.s.^.....<x./..4.'..=T.(&....Y....`,....l...7...rz...6.q
<<< skipped >>>
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=71389-142779
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 71391
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 71389-142779/285558
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 c1639d907cade557ebff29e5be78b0b6.cloudfront.net (CloudFront)
X-Amz-Cf-Id: XdsAdeUuFWvSC_qbO6r8hh8y9xoXY4FhIcb7tVkhhpIswJ2DvRqb_Q==
...IK.#.ikv7..=....\z....if.J^.;,5!.._...MR..w.OX..&.....p:.........5.L.iT.L.O.....7D.]b..........3.. 2=v.a.....^k....xp .`..y.1>...A.Q!..._.J.D.......j..].8v....>.P.\ei%..OU[.V.p.*ky..E*.D0).-l.B.....*..aG.b^..T.yqu8.Np.'.Z&V`..-..2l..Bu.l ........4X.U..9p..}E|..J...".m..:.....@..8auM.wLc$h...8D.s"..]......3.. .$..H.Sf.z.....q.Ke.....b.......IO[......U....l..-.!2......2.ed...M...@..s..K.....].<.........g.mG..as..ez|.C.......=p.^U|.`s6.).\).]........2j.....N....a...i\.m.<......8......z....=....i.s.2...r...n.=h.D".O.MN..a.S..f. .S.i....N>.O;...>..4%.{.L....... m.....%.Hw.U<...."...ns.Z....).)`o:....O....0..SDt..|V.G...iU.d P..x..{`i[.X.Uh..@..`C...;6.\..y.]-W.... ...G9`.%i~.G.......r#`...`...G....Z..KQA~'vL2XAM..(o......jU.....3........7...o.q...9...@....dO.r..c.KO.`....u...G......H.N.|..;#..G.n]J.Kx......t.if.8u.^....L..L..;..# 6...p ...........U..KU%....F...>....L.sZ.Cm.!..cllj...&.:......p..y.....ds_.....W..t2.,.I...Z..c.T?/&O...8..q..<:Cp.....7&.D7.....e,2.)..G..FP.l. .N....(......I.......4&...8.1;...M...=.2..%;.V).>..5e...I...@D....0.!..GHUZ.nnh..........n#.....F.v.S...Zy.m..........;..k...3..(. .k.............,H.D.L.....K...`[.. C..7X.uq.zV.t...m..`..H.....s.e..R.7...4.F..`.b!..N.pY...=%K...s.Tt*9.rR..A....xt.hR.k..25...=`...7.........&=....vK.A...4.d7y.....(....7.(..l.k...h.C.w|..yP..#...lNI..\8....c...I&.h.[.=p... ...._......).;.>"@.....@.n@..)...,....80.W......kh..z8.......W3S..E...3..H....^.t.L.\........3G..b.....!.^....U........
<<< skipped >>>
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 285558
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 0-285557/285558
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 1bf0d882921b31997e2650c5d2719973.cloudfront.net (CloudFront)
X-Amz-Cf-Id: y7O2Y1wPhIiOP64hFKZCDSw2PwXypjG_juQ87yk4gVfMuR1WS-mJiQ==
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................................................................s.......@...............................................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc........@.......v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>
GET /sd?is=sm HTTP/1.1
Range: bytes=118998-237996
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Content-Range: bytes 118998-237996/475992
Content-Length: 118999
Connection: keep-alive
........{i......EdZ$.. ...?.Cbp....k..?.pLH....j.J1...W.0\NjWF2...A2.8N...~........u...../...i..#..x...?...b@V..3r..."./jl....W...........?.5.i....QFK...b.>....wt<..L9........t...i..;.l...g0....8.......uKt..^.N....76.6s.I...d._.w......}...s.k..q.F......F...@T.X..4.......o...n6!.u.i....[.U.G..F...*vY..K'.....7NTW,..ZD..@I#sngXI.....".{.Q......~...5`.#.......S....QD...........G...R........Y.|...?Cc.w....R|..QZ...@.\.'...@...O.T..N.`.<.$g..U...H]. ....-. .@.u..".}=P..B_.}.$f.j.k.Q.u...(.Fa.sJ...x.3.ri.E..:.;_H<...z.x.w........l..l...T......A.d.(Q..s:.a^......i;.8.../..c..T...o..V..H....i_\}...iJ.....u....'i..".4.......7.x.e.R..5.U.=.....VTE-R#Oi....b.t..#...W,L..;M...`.....r.."C../$.......].A...S.$^........@..!T_../l.I..I`......I-.w.J..r..>8.H.Q.Hd.@.[av..c~.@.5.......eR.......Q....\d..C1....%...=*/...d.... ...aN..,..7"...C!94..;.8.O'.3B..D.B..\%......\3.F..4B.....o..B0.1.z]......%..wS...6...f.H..K..r.4....&7|.o\.%.Rx...I..w&....V..O..}......;.%.K...".z......&.L...4h'A.v{,1....e:...J..k@.Y}..5t.....T...U.E.q.......N.Z|.b.FRj..3....O....Xdp..p.:.P@m......43~.&Q.>7SO3.o.8.....).n|.}.x....u7&.=kO..[...Fj...tq..v..(.9.7......P%..>....C....YM.V.u."yk.{..E..0_......o..w..C........~L...7...q..#.T..n.y0.....J..nb..\..u....9....YN......x.9..&.d.sN~..5m....J3....D..L'..0 . !Q...2L...G....s..D..r......Z..Df....sN..o]".& ..L.>HE...T7...u.(..!.Jkn....Z..$h.J2.....m..1.#.0&.@t..N7Xw....=T..K..hX....?v.I...G.8..Ny...@C....B..M!..M,..q......P......R..[V.ieo_.j5Nl....h%.>...W..6i..s......#~...$.........m
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: YDfoA9PCw4GoEMSNgZ1OC0zyYwkphxQ31330LNVRYvWJwp7 V8dIzshmUn4MFXzuUqFLSc8uigw=
x-amz-request-id: 44DC3AB5B4F9EE6E
Date: Fri, 13 Mar 2015 01:01:14 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Range: bytes 0-988407/988408
Content-Type: application/octet-stream
Content-Length: 988408
Server: AmazonS3
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................................................................s..........P...............`............................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc...P............v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t..
GET /affiliates/eula.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d3k2eoekmudqmk.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 08 Mar 2015 05:10:31 GMT
Last-Modified: Sun, 26 Oct 2014 17:23:05 GMT
Expires: Sun, 08 Mar 2015 05:20:31 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: RefreshHit from cloudfront
Via: 1.1 a7ff8407dd3b3befd5f1244b3435b471.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 4Wp6OE_NXmBd3bYxgslvH_SplwBhjz4OE-uZxSjHXTbpo_YvGqvUxA==
1500.............Zks.F......N.......|.-y."!...P.P.... .)".....1S..{....R.g.Jl...}.{...>....F7..ZV.T]NO..Pu....?...Q4R..G.c...VEE..I..Y......:..Z........?...n...G......o......w>.o.d..U.../......4..`..?~{T..d]..i..;.~......y.Q....7i<,..<.....d...|...l.?..t..F.OeU$.....:Xl..U;8...Q.~.vGw......E.I.....z.7S....q.I..f.q.DW.....U....|..(.u.1...z..3..|....A.....:.............P....X$..*.w..........s.;..]..........u.?..%f...~....S..b...,..........5.(,Qm...w .NK...Y>......u.......}n..C......8$....)..R..4IuwS....h...*...f.e.q7...<y...I.....:8...s#Z/M./...B...s..|}.........@..T..)t..uJ.WR..._.LTvz. yV._.L.tz..6 ........e.......6.....#b.j.A..yw.[.p.a...6n.6;(u40..8.....&..DT.....EQ..k..JD.C....zDq....W...X...f.W..D....I.:............~..........f..a.QZ....>f%.(..n....z.v.u.mCc..].......u$..S..UK<...."T.......dhR.U7i.3.......4.K.....6..-..]......'$Y..9$.....U>Et....y....M..M.2x.....`An|.^.t'O.. !..m>.:8.KZ.........$C...f..Ll...4.<ZGm.$H{Q...........z..m................p........|C.......i^.W.}'.>..*.....z .=,..7..L.WY^..T./..zS&...w....g.x..O.U\$q.S....Y.S%*.7..................W..,^'8......o..W..Z....Q.U.7bp...l5.E....=P....A.D;45....d.q...Jg....."...<._&...>(VQ..<......Q..v.....?@,...h...P8..i.<N.......fs5.u.8...8v..-. .....OG..'O.....3{*1u....P..?TK...!..:...e.......6.N./.....C...'...V&.].....|.b...\.D..J...Y...n-.j.j...u..G.....B.h.Z......s..dw...9.\...D....]w.n..r...~..q4.St........&..3RC'pO.....p.C.2R..."7..6x8.'#/..I..S......vd..r......I.9..79..B.4..^}ur....S..s...u2."...~
<<< skipped >>>
GET /affiliates/piratebaymirror/The_Pirate_Bay_logo.png HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: downloadcdn.filebulldog.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3955
Connection: keep-alive
Server: nginx
Date: Fri, 13 Mar 2015 01:01:09 GMT
Last-Modified: Mon, 04 Feb 2013 18:04:54 GMT
ETag: "510ff846-f73"
Expires: Fri, 13 Mar 2015 01:11:09 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Cache: Miss from cloudfront
Via: 1.1 82cdda900e097a19d365892f62aa31dd.cloudfront.net (CloudFront)
X-Amz-Cf-Id: lNqgr8Cbru17FtYMqqd7iRJ4-zyTh88cqgShlD7TsSqEaj_-czrOzw==
.PNG........IHDR...0...0.....W.......sRGB.........gAMA......a.....pHYs..........o.d....tIME......0..w.....tEXtSoftware.Paint.NET v3.5.100.r.....IDAThC...x.W..e.K..Id.=..._....KD.!...P...-..m....jM.v...>S.....S.6.t..U.UKH... .F..$m.<.y....s..s.=w.:th... g.p.M.vP...H.r..u.p.c........d...vP......e[...m.P.....6Z.....%.~\.. .Fz..:..T.....fYm4....'.t..........?kh..t...MZZ......a.wl_.m.6:=0~LV. .;Q.....a...D?..Y...I~.{.6.k...r.#'....d..h.....N..HK..}"[........\~o.........7..T~h...a.&.....s................<u@D....."....9 .gT...T....oN.<......d^.........)....\..1T...[N..m.}....b..AQ..AQ..... *}.....5 ..........w..<.....v2...f.....*.^.u)S.....0..7m..!......y...s....Cc%.K....O t.)*..N"fL*..'.........)...H.kT%s.cj..)jTd....9.?..%.....E./.%.YCb..J.....O.....1......>..S..[.....6....^xk..X.rr~........p..6(.s~I....... ..*..&\..S(.=I.n..r.X.....AM..9<;..n..:..U.....@..c{......v4.7}.0bZA.......,......w[R..s..d.\..42.z....!D!.........H...{t....feT...^}.!..D....d.nd.......L .J....A...xc..,.J.-etzP.....eU)..AN.$HD.C.Q..K...ow ]ke.`R..{*.#. .S.....1.HC..>sH. ..iT..3$.....*V.J.x.\E..>dN0q...(...."V4....*i.....j.V..D<?d...3.....e.......@5.B..19......,=)....2..U%.|yt.xiTj}i.o.....XE.lo...d.-w[3....8...j......'e..i...}i`B?]<....".g..... .....D5.y.4>zUu. 2.......&.."...R..T2.=.>...j....P.........8...HT....@.2L`-..6....w.).EDe..[..6..uc2......Y..$.....?.Qk6Y.Y.J.G...*.._]K.m&...j.H.7.W@..6y......L..&i.>.....R..V!.. Z{.sw.={HL>^....2.............."i]s.x........5..cx^..6.._.Fy...5.....K.kk2....
<<< skipped >>>
GET /sd?is=sm HTTP/1.1
Range: bytes=118998-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Content-Range: bytes 118998-475991/475992
Content-Length: 356994
Connection: keep-alive
........{i......EdZ$.. ...?.Cbp....k..?.pLH....j.J1...W.0\NjWF2...A2.8N...~........u...../...i..#..x...?...b@V..3r..."./jl....W...........?.5.i....QFK...b.>....wt<..L9........t...i..;.l...g0....8.......uKt..^.N....76.6s.I...d._.w......}...s.k..q.F......F...@T.X..4.......o...n6!.u.i....[.U.G..F...*vY..K'.....7NTW,..ZD..@I#sngXI.....".{.Q......~...5`.#.......S....QD...........G...R........Y.|...?Cc.w....R|..QZ...@.\.'...@...O.T..N.`.<.$g..U...H]. ....-. .@.u..".}=P..B_.}.$f.j.k.Q.u...(.Fa.sJ...x.3.ri.E..:.;_H<...z.x.w........l..l...T......A.d.(Q..s:.a^......i;.8.../..c..T...o..V..H....i_\}...iJ.....u....'i..".4.......7.x.e.R..5.U.=.....VTE-R#Oi....b.t..#...W,L..;M...`.....r.."C../$.......].A...S.$^........@..!T_../l.I..I`......I-.w.J..r..>8.H.Q.Hd.@.[av..c~.@.5.......eR.......Q....\d..C1....%...=*/...d.... ...aN..,..7"...C!94..;.8.O'.3B..D.B..\%......\3.F..4B.....o..B0.1.z]......%..wS...6...f.H..K..r.4....&7|.o\.%.Rx...I..w&....V..O..}......;.%.K...".z......&.L...4h'A.v{,1....e:...J..k@.Y}..5t.....T...U.E.q.......N.Z|.b.FRj..3....O....Xdp..p.:.P@m......43~.&Q.>7SO3.o.8.....).n|.}.x....u7&.=kO..[...Fj...tq..v..(.9.7......P%..>....C....YM.V.u."yk.{..E..0_......o..w..C........~L...7...q..#.T..n.y0.....J..nb..\..u....9....YN......x.9..&.d.sN~..5m....J3....D..L'..0 . !Q...2L...G....s..D..r......Z..Df....sN..o]".& ..L.>HE...T7...u.(..!.Jkn....Z..$h.J2.....m..1.#.0&.@t..N7Xw....=T..K..hX....?v.I...G.8..Ny...@C....B..M!..M,..q......P......R..[V.ieo_.j5Nl....h%.>...W..6i..s......#~...$.........m
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
Range: bytes=494204-
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: U6WzL5ZVMkiTYFgaaRNgiDNXWIX1UnLSeACUu0lRjbHILy7 UXJGPEflVwfK4IPu1r4850OC5zc=
x-amz-request-id: F776F0D2F7E9E215
Date: Fri, 13 Mar 2015 01:01:14 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Range: bytes 494204-988407/988408
Content-Type: application/octet-stream
Content-Length: 494204
Server: AmazonS3
.;M@{..M.?..4R.[v. .-..bIcw.......b.....!..rf.P.........0.....{......y..WL.D*^...a...Mu.....U.O!4_?....@.cbA.k.)4......V.P!s...!pW6$~......T..i...kQ.X..-.V.&...;.`...._B..-*.V.*[.S..?...)$\....i...E;........|p.B|ON......:...@,.qX.vb8.%.<@..z.>_.RB..y.n.oX.AW1(....YU.4..O....Q...........A.z[.G..-z#......4/...X..N..l|.p..5!'hV.._.n..c..^.k...E.....p..5B.......HEm.dh.4.sGUh..WP7.#...........:Z.].K"............B]W.V...L0q~.].AB.`.trp.eW..J##..[.r,.(.&...."..G..B........#o..`....p...]5{w.......%z......P}......Wj. M)^...5...Y.C._.7..*........'.. jI.c...t..@$.X.ty...1.He...eV....}.l.R.2....A.P.....q....#"..58.Yg.f...(...1).....,......|.#.KB...3H$..N...r...r.)...^.ST.$..?\.... 8,d....{ M...u..:C........e..FL.j....S...MMd....%.N.i.....y.c..M..H....v.~5........:.fDI...#.....0.(TH...sWso...:.#~....p....B!.....D."m..Xt..c,.m...e....z.F*..m.Ci.Qt.....j.m*<...n.7...M..J......(..{....z......y.v.."@kNX.k3{.m.[.._m\....(...Rz.ka..Qwb....3.\o.?.x..6........j..Do..j....)q....]Q..}.. ....9....x.. b#Q/ .g.._.-Y.ZZ..r>2.e.\zu....d:w..].j..ma.0D[........9..2.=...<....j..h.D.3Z..0.f.{$......i..tm..y.J.>.$.kz......._.....z...Q.K.(..=.7..I....C.9R_.z...w...B.... ..y...2.j..@'q.m..zs..}.........z...r).~....%.............]..rY0..Y.sgE...B.e.....|.<h..q.tLPw.....MD....z.....z..3..jP.KQ6>.I..#.{...gyf...@|..#....|..,t..m....q*.r.OLX`"B.....k....!n.Q;n......2vn....... a....{..|z...H....C.!.eGn.#.....-..m.R...N...._..e..k.&../p......b.....jq.L.-.c..q/..O/b.......m....~.....:D.A&..Y...`...z..c..U...F...jZ.G.s....*..AI..
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=72600-145200
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 72601
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Content-Range: bytes 72600-145200/290400
.....^]...U...u.j..u..u..u..o......]...U...E.S.].f.;.W..tC...f..t9.. ..M.f..t....f..t .... .u....f9..u.f.9.t..........f..u.3._[].......U...U.VW..t..}...u...1..j.^.0.gl.....3.E...u....... ......@..t.Ou...u......1..j"Y......3._^]...U..V.u.W..t..}...u..|1..j.^.0..l...._^]..M...u.3.f......f.:.t....Ou...t. ....f......f..t.Ou.3...u.f...*1..j"Y........U..V.u.W..t..}...u...1..j.^.0..k...._^]..E...u.f...... ....f......f..t.Ou.3...u.f....0..j"Y......j.h..C......3..}.3..u.;....;.u...0.........%k..........V.....Y.}..F.@uoV.....Y...t....t...................C.....YC..A$.u)...t....t.................C.....YC..@$.t...0..........j...M..9}.u..N.x......A....V.N...Y.E..E...........E..i.....u.V.d...Y.j.h..C......3..}.3..u.;....;.u.../.........1j..........V.....Y.}..F.@uoV.....Y...t....t...................C.....YC..A$.u)...t....t.................C.....YC..@$.t..#/..........i...M..9}.u!.N.x....E..........V.u..`Z..YY.E..E...........E..m.....u.V.h...Y...U..SV.u.W....F.@uoV.....Y..YC.;.t....t...................C......A$.u%;.t....t.................C......@$.t..]...........h...._^[]..].;.t..F...u...y...u..~..u.V.w...Y..;F.u..~..u.@.....F.@..t.8.t.@.......F..F........F...%......j.h0.C..-...3.9E......u...-.........Yh......,.u......Y.e...u..u......YY.E..E...........E.. .....u......Y...U..j.j..u.........]...U.... SW3.j.3.Y.}..]...9].u..I-..........g......i.E.;.t.V.u..E..u..E..u..E.P.E.B....E..............M...x..E....E....E.PS.ZX..YY.M.x..E......E.PS.BX..YY..^_[....U...u.j..u..u..K......]..@RC... .C.Vj.^..u........;.}.... .C.j.P.W ..YY...C...u.
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
Range: bytes=617755-
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: Ur/0DlqWP66Ok1G5COX8gPrdRTgtsoiBUdTH8lrPT4TUeccliMjzbscfDwETzB1Edavve pPiC0=
x-amz-request-id: 05351A7EDDE2FAA1
Date: Fri, 13 Mar 2015 01:01:14 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Range: bytes 617755-988407/988408
Content-Type: application/octet-stream
Content-Length: 370653
Server: AmazonS3
...m$......"4C..HA.e...P.V.9J.2.E...."X..!X...>.U.oL{$.!.......5..h.9\...Ua.M.%....... .5.}.@R2.s.l.'...'..My.......3i.........e..SPNO.ka..R...f...5Mm..............c....W..%z`..U........D.h]...\q.....vyr..2..$.[.8M..6...=.*..g...J. N-k....w........G....s......6.3?>...).>D..J.^.c/.N....u.6.....s...{....L..n......:........'...,...^..mg...BO.>..}H#..N.'.F...%.....p..#....t...zV.,.\9.......D...B...B.:.[.IYZ...c..^K..[(d....H.......FwD.......z..L....-.i(.......I.....x.*..s[.....b.H0DR..<"......d..w.{..v%e.8n......6t..P..>VK.e...4...B(7...>.a....K..A...Z.%.x."...:O...!...".p`......t.....q..Z...".....t...s;.".[h.#z..ZG....&A.(.....@..........}...?g..u(.M..[.dD..h.7C4HS......I.-....'.....|O......X[.....2"6.lR..(......m_....f...........u...n....Y..i.9.......5..5..<7 ...0.c...|.i..zHh8..B'.........B.~1..;....A.T.H..FT.....8.9L..i`,..t.!C...B.<..lQ..W...F[....|T\..o.f...e.....H.o....9U....p.ReW.z.wJ.....A.!.#.../0.......E..v...X.M.(.:p[...b9.{#N.....0...%6..AsI....'.........9.H%}6.0..'.;..R5.........4.j.Vw..g..N$...q............s.}.)........\.2..^P..f....UA.bQK...o.~B..D...F...W.....)L.../.wL]>f.x....S@.g..A^.x......&G.Z........G..2.WuO......&.....T.W...)(..D.e.........C .Bl.U{...hC..ml0.......x......3...............h|....d.0`3.6$l.)Q...e.....BPo|-..@..<,K.0t.....2g.o./4..(.q$.M..M..X(J}..F.Y.%Z..9.'.n...WR.V.V..I:.S`..uA.(h9FN.c..X.........4..........kD......>7.6%..n..`.v..R..w.u:.n.......u5f.!K*....6:...tK..n...k.%...AJ.".../..}p.g...3.2.m.[..6....g..F...C......G_..B]*..i.<PX./gMI.
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 290400
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Content-Range: bytes 0-290399/290400
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.C...-R..-R..-R...R..-R...R6.-R...R..-R...R..-R...R..-R..,Rt.-R...R..-R.E.R..-R...R..-RRich..-R........PE..L....<.T............................ 8............@.......................................@.................................08.......................R..`....p..L...`...............................h...@............................................text...#........................... ..`.rdata..f...........................@..@.data...$K...P...*...2..............@....rsrc................\..............@..@.reloc.../...p...0..."..............@..B........................................................................................................................................................................................................................................................................................................................................................U..3.j.P.u..F......F......>.....]...U......V..M..;...i..... .;E.s..E..M..I....s..M.S... ]... M.;.w.h..B..b....M. E..M..E.;.s.j.Q...'....]..F.;.tR...r..........r........u....M....E.QP.........{..r....~..r........u...SP.B(........U.j.[;U.wG;.r.......;.r.......RQ..P......F....;.r.......;.r........u....M....E..F;.r.......;.r........u....M...Q..P.d....F....;.r.......;.r........u...QP.>....M.....~...N.[r.................h..B..p....U..Q.}...M.u.;A.viS.Y.VW;.sY .9].wR3.B U....y..r......M....SQ.E.P.&.M..}..
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=36300-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 254100
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Content-Range: bytes 36300-290399/290400
.....Yj.X......w@.K<3.9s4.OT.wP.K4....Od...O`.K..Oh.w.;.u..w$.w(.w,.w......3...u..G@.....C@.GX.CD.G\.C0$..Gl.C0.....t..C9...C?........Gl........G|.E..Op..xV4..Gt.gE#.Gx.xV4.E.;.t..E.....t..X....E.u..Cx.M..D...G<.w..{|3._^[..U......U.SV3.W.u..u.;.t....;.u.j.X......x|;.t.97u.j...;.u.3.......E..G..G\.O.;.v..G.9w..........U............GX..........@..;.s.......y....Wh.W<.G`3..].......q....w`j.S.7.............X...._<)_X..l..7.w.._.t@.e....t8.Op.A.%................E....2.0.U..;....U..E..E...29].r..G|.O.;.v.....t%.W..4..V.)G\ .)G|.O..w.u.:.............d.u_.G..w.;.s...3...t..O.....W....@;.r.._..GP.........)w\)w.)w..w..w..u..GP.G\..._...uN.E...tG....B.G.._..E..G..%....w..M..E..GP ........)w\.u..}...GP.G\t>..t:.}..u.......j....}..t..E._^[....../.......'........j.......E...t.....E...U..QW3..}.;.u.j.X.PV.s|;.u.j.X.B9~\u..FP;FTt..E.......;.t.P.C...Y.>.>9~@t..F..n...V.~@.(....E.Y.{|^_...j......h.......RP...........U..Q.>.SWu~.~..ux..D...S.....W..H.B....H.f.....f..u. ......FB.....\t.../t.h..C.WS.........E.P.u..5...YY..u..E...P...........%....Y............_[Y]...U..SW.u........D...SW...........H.f.....f..u. ......FB.....\t.../t.h..C.SW.;......_3.[]...U.........tVC.3..E..E.SVW.....................d.....;C...Y....~..t..F....E..N..;.8...u....t...........3.........uE...@...3.f.G................................. .....$.....(.....,.......;A.}...............E...9A.}..6..............M.......9H.|......S......Pj...T...P.6..............P......P......P.6..........t.......\.............3........t.......=..........>
<<< skipped >>>
GET /affiliates/piratebaymirror/The_Pirate_Bay_logo.png HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: downloadcdn.filebulldog.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3955
Connection: keep-alive
Server: nginx
Date: Fri, 13 Mar 2015 01:01:09 GMT
Last-Modified: Mon, 04 Feb 2013 18:04:54 GMT
ETag: "510ff846-f73"
Expires: Fri, 13 Mar 2015 01:11:09 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Cache: Miss from cloudfront
Via: 1.1 82cdda900e097a19d365892f62aa31dd.cloudfront.net (CloudFront)
X-Amz-Cf-Id: E5nJfzKu7lbVGtg9eRIJ59AwQs3wq73GTI_qf3WqmvURj3Yva0blyA==
.PNG........IHDR...0...0.....W.......sRGB.........gAMA......a.....pHYs..........o.d....tIME......0..w.....tEXtSoftware.Paint.NET v3.5.100.r.....IDAThC...x.W..e.K..Id.=..._....KD.!...P...-..m....jM.v...>S.....S.6.t..U.UKH... .F..$m.<.y....s..s.=w.:th... g.p.M.vP...H.r..u.p.c........d...vP......e[...m.P.....6Z.....%.~\.. .Fz..:..T.....fYm4....'.t..........?kh..t...MZZ......a.wl_.m.6:=0~LV. .;Q.....a...D?..Y...I~.{.6.k...r.#'....d..h.....N..HK..}"[........\~o.........7..T~h...a.&.....s................<u@D....."....9 .gT...T....oN.<......d^.........)....\..1T...[N..m.}....b..AQ..AQ..... *}.....5 ..........w..<.....v2...f.....*.^.u)S.....0..7m..!......y...s....Cc%.K....O t.)*..N"fL*..'.........)...H.kT%s.cj..)jTd....9.?..%.....E./.%.YCb..J.....O.....1......>..S..[.....6....^xk..X.rr~........p..6(.s~I....... ..*..&\..S(.=I.n..r.X.....AM..9<;..n..:..U.....@..c{......v4.7}.0bZA.......,......w[R..s..d.\..42.z....!D!.........H...{t....feT...^}.!..D....d.nd.......L .J....A...xc..,.J.-etzP.....eU)..AN.$HD.C.Q..K...ow ]ke.`R..{*.#. .S.....1.HC..>sH. ..iT..3$.....*V.J.x.\E..>dN0q...(...."V4....*i.....j.V..D<?d...3.....e.......@5.B..19......,=)....2..U%.|yt.xiTj}i.o.....XE.lo...d.-w[3....8...j......'e..i...}i`B?]<....".g..... .....D5.y.4>zUu. 2.......&.."...R..T2.=.>...j....P.........8...HT....@.2L`-..6....w.).EDe..[..6..uc2......Y..$.....?.Qk6Y.Y.J.G...*.._]K.m&...j.H.7.W@..6y......L..&i.>.....R..V!.. Z{.sw.={HL>^....2.............."i]s.x........5..cx^..6.._.Fy...5.....K.kk2....
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=254100-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 36300
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Content-Range: bytes 254100-290399/290400
.Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..H#..P'..Q'..Q'..Q'..Q'..........Q&..R&..R&..R'..R&..R&..R&..R&..R&..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..R'..........R&..................................................................................................................................................................................S&..........S%..................................................................................................................................................................................S$..........U$..................................................................................................................................................................................U#..........V"..................................................................................................................................................................................V"..........W!..................................................................................................................................................................................X ..........Y...................................................................................................................................................................................X ..........Z..........
<<< skipped >>>
GET /sd?is=sm HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Content-Range: bytes 0-475991/475992
Content-Length: 475992
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................Z....... ...0.......p....@.................................$S.......................................s.......p..............h*...............................................................p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...x............p..............@....ndata.......p...........................rsrc........p.......t..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....nD..H.P.u..u..u...Hr@..B...SV.5.nD..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h..D.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G.....t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>
GET /sponsored/istartsurf/eula-istartsurf.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d3k2eoekmudqmk.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 08 Mar 2015 05:10:31 GMT
Last-Modified: Sun, 26 Oct 2014 17:24:16 GMT
Expires: Sun, 08 Mar 2015 05:20:31 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
Age: 245
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 3fe63ad2ae5f5b8c327f7cf3001228e0.cloudfront.net (CloudFront)
X-Amz-Cf-Id: UzW2fN3xiO2R8NKPoGZipngAiWLzFLE_-z_kMiBpPhB-YIC_WcWMYA==
139c.............Z.s...... ..4.Z....m......g..........#y.>X|.b:........R.f&q........]<...o......Y.En.~....s39...}|>..q.....W_]....sU.....J.........m7....v;.~<.......-.:....'.h.,k........"/..{.9...Ou...l.?........;......oo.>....M\......G/.....S...f.....V..k..]...\._...eW......d.1....{z.v....vy....r\...4.zvVvy~..}6........im..z.Y....k...Y.6.M.t...........O..O?.....a...M.V....nk.q.W.....w.....7..7.....~....>.....V....u.4.).RK....[...B....z....h....;H.....^Ze..o^.W..*].b......~.5?>.?z..,.lw..\;....n...r..5A....*..lK.......|weW_..M......'.z.......i.l......>....f.k_.p.E....v.$.4...x...y.^9I.zr.4..e.`...Q...f7.Wf.k.gS..~.:.....n.....W>..;J..&:...P......<.k..x........k[C#g..].......(c...)~x......................^...y"...}.N.....)....<_Ve{......ts;<[....g..`.4..K..#.]?.#.rE.%.{fR...Ilu....'..S..c.l....'..=.{od...H....=>...}fN.r..G...H.............Ac.../.|........Cc.S....Z..\..h.....;.&iL.v..Sf........>..v ...6H.%.....j.\.....t.....7%<..KW.@.ff>.a/Bi|..1[.@.pX....]..)..|......X^.....<.G\.B..*3I68..R.f....-.w...........u....E.2...w&u....q...... ...s@5x..D..._...B.rgZ_....U......>.j.m2....w.C...Z...M...w.^g. .....HO1....g.r... ..6.P.o...... i.......z.B...9../.F0N.X...S.K@.......U.....FF_....2....7.%. .B....^.[.?N.....w.74........ 6.E_.j["kB..k..x.2'.L.N..Z6..ZN.E\!.7}z....T...MyJp.aoY.1....x.\...iP.t.....3*.)...4.p...4.l.li.kD.W.......J...n.=......f"..O@s|n.....m<B.J".Y.<....C.....!;#7.p..2..&.A.{.K.....s.mp1.g.K.{P.. M....@....]]../.H.z.!X".b.....hL.W.e....vM...)
<<< skipped >>>
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 285558
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 111d7d2d6210ffae0900ad3d2e66bc5e.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 7PysVT31wEjjkA1F3vz8AyMPaLEkMCgHuYctw8qi16MkzZ-EsIG9fg==
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................................................................s.......@...............................................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc........@.......v..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....>B..H.P.u..u..u...Hr@..B...SV.5.>B..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h.6B.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>
GET /sd?is=sm HTTP/1.1
Range: bytes=416493-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Content-Range: bytes 416493-475991/475992
Content-Length: 59499
Connection: keep-alive
.....o....^(.l.X..W......^Hk r... .jy "..<....../..3I(.c<...=....yR..`EJ...C...=..F....t....yx...!....D"..kOE...6......q`.@..ggx........'......<4.QIh.y.....% z....y...VL...*z......K.......:..:...R.F........./...s\....Wk.Q3*wZ.......P...61.[.g<...9..Ra4..].......h...!k........_..h...~t`T/....`.:d....\)%"?1.X...@.q%...".M......j..X'..I......../.6s<.[..S.-........*xk....p.a.2VK.B\...v...G....J...Oc..6..3..0........,..e|KL3....~.F^s........lU.....o...$.Q.......]..{aB...Pr.s..$......_.4.....l...v ..0?M1b&......I.$C.fl.d........k...N.g^...bb.x..v..~....:...jT......S....:......G...un.r.IP.T.. ...$>.....#U.B.' ......y=ZB......_..r?.r.5...=..{(.}.e..{.n..:S.a!.:....Pk_.E...{u.UJ...l....T|....AV....3>Y..=}....G.X%...aTg...8~.X...9.....C.9.....2z.vh.....R..z.s.w...j.t..........&...:...g......3d.Zf.%&P|J...x.Z..>.2zbK.....>B.6..0.A.).....O.h.....v..zP.wj..J.ng...%Hz......tV..(.......p.A...p.A.2JN...@..<....P...I..{}0....p.0.`GW.....xA)A.h..1.b............qQ.b_`n....2.....L.`#...:E.o...H....|..../..@.x<A.0..j....w.p.....60...).V.q..;BD.v.zuHM.....M.M6..$.U....*.........HI4....m|0rO.*....o;..:.y...P.......34.0.....D.wx.......R.C1A.....=..........Tz...9%...R.x.&......2./..X.sC.Ps.8...{...c......k.....$$....T.y...E|..H)(....l.]....q.3#K....H..b...40..."..c._..d...M.Y.UZ....Q......d..).!^.........G...q4a..R.&U..._.....LY...'a... .~.NpA....4... ....8.H;3.\..!..k6.e.....~N8.. $/.7....(.[.L.rkU...%Z1#..'$m..atp./wT..=i..{.L]...$.....p.....W..gJQ<..I..Lp%k&T...3.:........3.TA..*cB...[D._..?l (.!.
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
Range: bytes=864857-
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: AsfOVK1IHuc7mLqhQt6ewOB 8WIACEwqgR8ME9cpeadCc/19oGQEWB Fsv oHkdvvgw/GYskQ1U=
x-amz-request-id: EDB4698CE09AD0AB
Date: Fri, 13 Mar 2015 01:01:14 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Range: bytes 864857-988407/988408
Content-Type: application/octet-stream
Content-Length: 123551
Server: AmazonS3
7f..]....|.5...[HZ-.....{\..Y......?...DQ....5Wp.!./...,LGv....- ......zw..x..B%9{..#....x.. Rp..by....KZ...k.t..y......8*.<.........L.d.-..@....a.v.s..,...}..l....g....s.6*...".....F..f&.0.p..-....q....UN.....^...-S.3.....@ /2.;......v.(.#....2.......Z.un....:....U.J4.......l.....S.........Y....".W.1..r.-.!./.a.......v....6.......l..a.!.^.;..8.t.]qeq..u..7'/..I.fEd.m....ij....L..R..$......0..1O.......D.C.........n...^...eC~...>ec...xU?4......Y-s.F...y,..cM.....'.b.w-..z>U.... .9.K.!4..y..&N...Y..$...R*........b....V....\6l...H..`.{.....4.Z......X?.q.2Y.D..J.Z.z..~..p.JP(...v.#..P...._ ....G.s $..x[.e..$<V!....h...I.h9O%,....R'S..F...*.G......I.Sp.1]....#|K.G..S........."=.XZ....9.......S.DR..)9..x....:.....$......=....n.....{.J.......I..[..VLm.6l.!=..Q.v.....f*....".)>..D.1......t..:9.....d5.).y|w..Z.(.=~....2Ix..o_;..........'..J.2Ds.!q.v.-.....#."..iq.:1A[d...]....,....-(.^Q..R.>..-=...[=.M.c...%.\hu.t...M...h.WC:r......|x)....[~k.[....d......@F....X.....*..7YQ..Kai.m7.....Y...D.2.o.P......(J&>z..\5....5L@..Y.t#r`o.h.....c)y...=.x..%...%...A_.r.Po...}.........Uq...V.r....i.m].!...)d.....I..R.$..)*..V.z..O.).n.15.qP.]t.9..'.J2y..9?..S.....4C....a..%.I....?g...5..M..cy.....o...........<...P.S3c.M../[=u.#.g.m.V._H=.....E.>U.R..3"..u.|j.n..\...r*.....o.b...;.j\.H......g#..S........hv..<..H!.(.......q.g .....Bc..u.E......./5.Qo....j....@^......J....._=.Iy..K.`.W..E.t...m.w.K..[<..e*.g(.T.fD=.........xeD.g....&.._.b..Lc.zvkn.Q.O..0NI...~.5.b%k...**.f...sk..)z[.0..JY.u:lJ?...'.M~.k.
<<< skipped >>>
GET /sd?is=sm HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Content-Range: bytes 0-475991/475992
Content-Length: 475992
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................Z....... ...0.......p....@.................................$S.......................................s.......p..............h*...............................................................p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...x............p..............@....ndata.......p...........................rsrc........p.......t..............@..@........................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....nD..H.P.u..u..u...Hr@..B...SV.5.nD..E.WP.u...Lr@..e...E..E.P.u...Pr@..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..Tp@..u..5Xp@.W...E..E.h ...Pj.h..D.W..Xr@..u.W...u....E.P.u...\r@._^3.[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G.....t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=249864-
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 35694
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 249864-285557/285558
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 5f32e0f17e78c0bfe70226dd05074c92.cloudfront.net (CloudFront)
X-Amz-Cf-Id: xvkNAkXafdcHi7TToWdLi460swN3oFqUL2C5iTQYv2b0JBvHzfhbyQ==
..X..9f.q...%.@_e../xo....nFE5..b:.....I..}..ELr.......b.....=..Bq.G._...|.eh:..B_]...'.q.T..XMz4N.@.....?.....Kg.I....f&.\.B6...........f..Ff...,...i0E["...A/#.).....P..]..,.[..$.../..Q..>'...F.1.=.h.C ..l...Vc..^K]....z.Dp.<6.. .=..%$`.G...'..h..'"#......!^..}F7g..[.K..n~.s..4fo%.K.....M...-......GM|V.......N..o...(.,........1...=...J{....~v..C...HwM'rg=...Y..Y>Rj.[....=Xh%P.F(...Ph.D&..S.....EF..7....\.Z.&/`..1q......(./..A.WWs.....L...:^.`....:......z.7.m.c.Xj(...z.....z._.Y.Z.<..m....-F..-r.......yV....;\~....P...`qR..ue..Pad"..8.f&1/.w%.e...m.....M].c..C.}.%_.s.WQxQ..1.WO.Ea.76.~..r.&..9..%8.0.......xE..$..a/..*z.;khi.k".<}.....v....0)..a.&..Z..n..a|P.gjT....C.....[..W.g.4.k|a.Zw-....k...?.{.......ZM......_.>i.@.`<#...y.S.<.;..kf..u.....6....$..}2..6.....h.U#.......j..=.{.4..}....@)..K...%...z^cxR.".b....j.....T....U?is.3..L.D-v..{P....P....\...*..........NI.n.y...M....@...?d`N..k^...}....o5U.(..:'..|.c..wQ....)..T..y..uz.8......H...A....'}5....W.....u...@ ...s)........x..d.X.zz.p.....(.......c1..g.......S..Q....Ae..&P;7./...A...%)'....~.q.T.3..j2..1..S.C..Dq.`...c.yZOpP..1...z...D.3.f.__.F:.H......I..@.~...t..c.p.W.U."...1].>9..d:...i.6.......G{.mh..'...d..|{....:<.TZ..2I...._yI.fpG....S.??,.A.z7.@.gkP=r.....{z.Q...Q.~.......t......1.]..Sf(.QD...6.%...5\.&HW......h.n*.j.cnk..]....fz....W@... ..w...}.8...h.`n...........9>o.0.....pa.....U..\e..%J.....`....OF.{.P &.....v..bk..n.c.M&..(.....8e.YZMw..R.M]Qa....o.p.$g.D._.C...5........F.Pu{..n6...[.....T.&..N^.@.B.z.....hMQ.`2.
<<< skipped >>>
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=178475-
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 107083
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 178475-285557/285558
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 111d7d2d6210ffae0900ad3d2e66bc5e.cloudfront.net (CloudFront)
X-Amz-Cf-Id: rG5Zg5jt2I3paAKoz7_hltUJ9Qxr-CkA34tNkWparKOtOcRk1-ATDw==
w.N>.Pq..A)...[N......B.x../.>GGya.k....3@.T..V.......b...j.5f..N.Z......j..&...h....A.hO..\....'.....sj.`.....H.S.|.s=.......I.)L>...c....i.>.....G.u..H.D....P......qC0<.(...m..y.dm.\1N.m...v.T`- .Ss. .G2..rk.......N{t.1ts..t@Z..y6..u...04..Q.......}......6P$....2.52..!.x....L.R. ..v.@...n......vc......Z....8..PT,.].\...a..........k.....A.....P....u`..I.///....b~.y..^...P...z..p..:.d.....R.4....U. ...../.M]..~.........(...... y.).. ..In.I.)..ua.*..N!Q.......1.e..b)F5...x.bS..f..|q.H..K...V.`.^...x!Su4_"?...uc.tY.m...%....r..be.z. ....0.^.....]y........)... .u_/..V..6).v..\.7n-z.q.............Y.w.oBk..f..}...M..@uF.Sp. .*.b.;..).....|.\@c..)......H.P..;......!"...gN.......9W.... ......NJJJ....N|..)T..aU..1....5~.G...=d.m..Qfl..?.yO|e...`.sXm$Op;."p................t=V.........Q....f.r0.........i...M......E....Y.../....N.7/.;.....|..R...(./.4..{)..~.M....).......f.w...6.^.0TB...H..c.......^-a.G`0ub..|a;.C..T.<..N/......^..>."....f..$..d.=.X0..x4R...W...=.....`..w.$\a/.~R.~<.....jS.q.es....-.....#W#.D.4H...tw...&.A.w/...t...[H"D....9E].....A....B<D.7[.2.3.!.......P.......R..R._.I...y........(.V.WH..t.U.NG...5.l@.Pr.......L.k.\D.k.2....3.."."........p...?_X.........$v.....,......\.V..EV.G...........Z.DO....B..V...%.D....].n..`...H.!..=<.. Y.*l..].j.u.d.o.M.i...>..m........$K..@.....]~.H.z.p.O.?.i.&.U.....U."<..o.S#..x.....s..g.[.....A.6~'-.1D........`Pim2....;.xsV2.'7.#..jlW.1-..4......h ..~...oV..."...]|..i=.....V(.....e..!..EU.d....ui..9).....^P.o.g..e..H.1x.....\.#..D....G.w.p
<<< skipped >>>
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=107085-
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 178473
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 107085-285557/285558
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 5f32e0f17e78c0bfe70226dd05074c92.cloudfront.net (CloudFront)
X-Amz-Cf-Id: BQ4KRgien6T-8UjSRGXQQy-p_pXzHrB5yOfgES-6COfTHS6gb94jxg==
...^]..)..;....h.d1...5^1...B...Q...z.N....WC'./..h......U.S....[...*.>P.^jM..%i.3T5..w..$.X......?u.U...!.0..s.../..F.....i...k........9M?.....p..3....J.Q.../s............8.0w2J"h..1...W.#R@iQ.Y.,Kao.@..:Kl...Pk./%.$.G..WF......i@....Px.-(j8&R..;..KE.UZ..&..........B.Y...'3D.....K....>..6/......DM.....5B...k.I5.&....3....2..oe\7...@.....Y...?...0r..J..ko...Kr.3.?A....um..r6..k......3....tX.....hQV.'.`.....X.3uM...6...J...O...@...z..OC"}.e..W.......BP.i...(GG%...P.]3".q<.A.l{.......u..J.J.J.6Z(..-.w......)....nI\Z.B.>.xi#p. .9._(..m......"..c...AnY.~......;..W....(..".d...EF...2..V....D..I .._..z.Y..o.......^...i2.c....'J...0B?............<...TM....T..)....Y../..Xg......>|mC....O.......-7.z 9A..U..<U......Z.Q.X...i...C...D.s_...^..r..aJ....mm......p.......W.......'.*....LA".P......Y5np.z..../ro..>..\.$d-.i_.g..=...*.]0$.Z:r...D. ..O*i.......B.%..K..^@...6Z....%....c...q...z.R!].w(}.e.....R}7.c.......-...0/..i.....;..... ...'...tf.=....g>.N...A........\..vHz.........{5.."s.........R...\.p.xj}...~=..w.V..$%....,o..Xa>...8.Q..E.....b.qL.K..a.....o0{...CEd/......J_n.......0T....#. .x...k0.....M'yr.X.U..E...oF.z.rE.oX....E...q...M..l*....q...~.`b..\..#..kJ..Mlt".P9..B.Y..r.j....Q.Y.1..w...%.x..nH....Mg-....#RZ.g..c...`no~.~.=.7y.....cI...jM;.....8.4O.Y...w..5..RZ.}..`..V..z/.{.....t..y#Vr.9_;.-.G....s..\l^..h.]...{.^...{..`...oae....A...\&|....4.z..........t.0...MzJ'...!.iW`x.xG#.T.Q...p..<.7...S...... q.6n=m2....o..aW.xp..s@......Ueu.nI2D.........H{h;k.o....#.H.".c..<I#.b......].
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
Range: bytes=741306-
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: iqPfZ1H5T1POK5TtP3eG9azfyPG42k/qdceyImbCZERNJohATp07H xEI/Sx/YnFCF0JumlorqA=
x-amz-request-id: B22F5CD1FB0A9883
Date: Fri, 13 Mar 2015 01:01:14 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Range: bytes 741306-988407/988408
Content-Type: application/octet-stream
Content-Length: 247102
Server: AmazonS3
......yM.[....~.....8.^..$5*iD..8.'.~N.1.Dfm.Pz.\..M.a.. .h#....H..&...@..............*P......\..d....#V..Q...p7.sY....8FX.....k...~...P....Y@.G.].....y..N.k.%U..L......8..?.....8..x.v...{.e.. .p.Zp..O...JBe.H..M.\(..y.d.&.B....H*........5...........uZ...JfY(..;.x.......k..w1......>.n.&$I....~K...M......w..#A....D..ms.z...zx.a6.5.BY..k.f...$.....H|..^.....9...F.m.u-...'...H.w.eYA......{5....R."..d#..z:..0......H.......su..........t.5.....8.t....T1...C7.9y......_wO_...b.....)/....^......NH...7.;i...U..o...u..k#o....\Z..Ha^..T.H"'......s.........1...U.{g..r..*o...^.....t%B....o.DV......!...8.....V @j....P.4o.z\..B.8S $z8./.x...~sw?ol..f.0}...a..`u.A...(n..o...:.).Ga..h^.jZ.'.c...q..^$..).....n.....y~~s[50...E.. ...S._A.F.}...F.e.shd<.4fL...j....|E...'U..e.B.....Q.!J...K..Q._......6ME....b...`8.!.5.E..........'1.....2.D.SA.Lo.]../..d.........SP......-n..g*.k.../....G]{..R...6s.....j.;..M.4.......s8.Q~.jbx.o.!..G.O... ..C....).:..........n".c.=.q].e..2.D....J..lFny../-....e....?......3`.|.......n.A...|h$;.....wu...1...4z9.t..#..f.>....A.).._..J..Bs/5.b_....C.}.....&...nU?n...Lb.hH....H.o............RE.{...=.v.sjw.m!4f..AC).....1..F..A*..s.......;z^NMQ.P..D.SEf.......AM........$.qzgM......=.....A.8..y...,......{..|......!...Q....u..............m...8?......q...t.w...M.yE.D.K.h.........).......|....#...3....[.6.G......C..e..T.....!......k=...JuEzV./.w..."Cj.0......~T.N........O.[..G5o..........Q...V.c..H.......'z..mX1.......}w.NE.K....j.1T=.)}.....zS..9...v......A....$...........r..dc.."r.0..l..h..H.......;..
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
Range: bytes=370653-
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: b/kyKsJw vJizvwQ8VMG2kbqSCInyzdI7beTqRi2 s9DItLUEtH4fhnCIDv 1TT8vWLN8yhRgY=
x-amz-request-id: 6198B39B5D94F432
Date: Fri, 13 Mar 2015 01:01:14 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Range: bytes 370653-988407/988408
Content-Type: application/octet-stream
Content-Length: 617755
Server: AmazonS3
.......F....T2Y..B..U7...r....yR.5e..v.l.....a:{r.Ju.$..F}R..7Ul.4...Ni]H"x.O.....7..<...._*.;.....}U.).@k?jCE.4C.6|..{E.......1..t.^.<..F..z..>....-@Y.j&.e.......7u.(.q.1....=jm...e....- .......S>.E.:.Qk..../l..n.J....R..^s... Q72.....Z.....X..IK.D}.. ..1?r~.. ..O..y...y.7..\.h.Q..w..E...I-._....[.....K.jG.....q.5.*?...R\.f....u..P.?.i.>l.9`..g..Q...p.f....k.m)...dK..N..).P.............w....!.......e..`.:...n..Bp2.jr...td.....~....wi-.P..?j8.j,.....].....K.<H...n.....2.?".?.....4...QR...<R......c.\....._.%..v.dg.N. ...e.Xe.,&7,MY...:,e.Z...,% .\.hK.....Y....^T. . ....<.A4.....6.(._x>........V......Sx.M.b)5)....Q.....V(..,..<t2.v.b..H.C...K......f];...a.R..14...#Y..u.Aj....8<...... (.....l.DsaM#..$[_.IM|.WK.[%..[u?~...4.n.%..a....."...h/..i...`M.../...............X.\F.q.......;#....f....x.h."....m..3nK.Jp(k..8.1.../.r.|...(.....#.,.....&%0.y..,......)..5.~.,...V...;d.Vu...H.4G.#l....gL.j...y..?o...>I..)...g...H.!.;}/.Z..5.j...5.....uR.......PM{....=...O..hDI...=H.6.PL..a6.!uz(.A........T.w...../..X..`\.x.7.'........>..............?.......h..2.U9..J.=k..a..qo@....af.@.^r#U.F...qv..D...j..%....8......r.%...K.....v$...i.t.....c.E......o1e.Z>."..._4.UM$Keg..D...F...:.-1.ak.........-..|Y..A.#].g3...7..4......Z..-.Q..yS._.uL.nK.e.M..Y"...p0OX...s2$w1....y.....06.)...(..C...\.gX..>.h&..-.q&1....C..lI..>.W..T.J..MS..l.u.m81.R2..03R..3.<.....=X.........m.$wNp(3....D2.5.i..D4E.G..Z..?....eO.R.e......(l.Y... .....PE..!.|....M....@7...u...gm.hO.WP..[XY.dz.;.u....U..r.... a
<<< skipped >>>
GET /home/smt_istartsurf.exe HTTP/1.1
Range: bytes=0-
User-Agent: Better Installer(Mozilla)
Host: VVV.girlliuxiaowei.com
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: application/octet-stream
Content-Length: 290400
Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT
Connection: keep-alive
Expires: Mon, 16 Mar 2015 01:01:10 GMT
Cache-Control: max-age=259200
Content-Range: bytes 0-290399/290400
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.C...-R..-R..-R...R..-R...R6.-R...R..-R...R..-R...R..-R..,Rt.-R...R..-R.E.R..-R...R..-RRich..-R........PE..L....<.T............................ 8............@.......................................@.................................08.......................R..`....p..L...`...............................h...@............................................text...#........................... ..`.rdata..f...........................@..@.data...$K...P...*...2..............@....rsrc................\..............@..@.reloc.../...p...0..."..............@..B........................................................................................................................................................................................................................................................................................................................................................U..3.j.P.u..F......F......>.....]...U......V..M..;...i..... .;E.s..E..M..I....s..M.S... ]... M.;.w.h..B..b....M. E..M..E.;.s.j.Q...'....]..F.;.tR...r..........r........u....M....E.QP.........{..r....~..r........u...SP.B(........U.j.[;U.wG;.r.......;.r.......RQ..P......F....;.r.......;.r........u....M....E..F;.r.......;.r........u....M...Q..P.d....F....;.r.......;.r........u...QP.>....M.....~...N.[r.................h..B..p....U..Q.}...M.u.;A.viS.Y.VW;.sY .9].wR3.B U....y..r......M....SQ.E.P.&.M..}..
<<< skipped >>>
GET /sd?is=sm HTTP/1.1
Range: bytes=237996-
User-Agent: Better Installer(Mozilla)
Host: install-cdn.sourceapp.info
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Pragma: no-cache
Content-Type: application/octet-stream
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=SourceAppSetup.exe
X-AspNet-Version: 4.0.30319
SVR: SP004C2
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 01:01:11 GMT
Date: Fri, 13 Mar 2015 01:01:11 GMT
Content-Range: bytes 237996-475991/475992
Content-Length: 237996
Connection: keep-alive
.d.....o.0Z.`....u.=1..0&.D.........7J.0O.o.7..n....Ay....`JP@..m..Nd..^!U... ......7d....f0....#....|....'[.>..v.[Q.v.zG.YV...kc2.e.(-.h...^...5..:ai...)..FHf..%.T..Rp..5..\x..-..3........F...=....(....}..K..... ..,.@\`).x5.....x.......(.D....Qc.....p...#.*....o.:ZW...Q.:j....r6A...a|.UhN{/$.9.w.D..F.`..=Z.l..:.gpHu.3.X3#.....n?...^.....n-w .......n......9hE..j.._.,....K ..R.e..?.<J.~P....W<.*....7.h.i..q.}x...&....F..D,T..=.Z.T.v.u../..].n...........p....j.. .<.......W.......4..y......E..VveH. 0...n.p....-.C.....m..t.5....j(.....@....qp....7..b.7!.....y..4.......I....=....a3rW.......T.F2p......VEH..:....@...<F8.'z.v.5...j...C1.d.}..[....r.R..H..s...jM.c........q%.j.".A..l>7_.Z..#.c.z..6<.Y..]Y.-....K.........|U..Uh...V...v..,='l...a.y9.....S....$I/.H...\.f..#8....h..q....g......:z.cq...|9Lk#..../H-.sKo.t......,7;.}...6....}U]n.1....m.l.'.s.X.#g.Y(..eW|O .o.....;.:.X...F^....r .q...B>.n...D....).5...<..d..{tv.`......[.7.@...O.......Oz...&..Y.C.d.mj..]......W..4./O$:Q9...(...)...he..U...X{....S.....a.Z7..2...oo...4..E..G.....q.&.....N....x-!. .o.@.e.8._f@#'a.%r..$7Xq..._...)....NW.;q(A...;u..j..X8..$5.F.l..q..f..2...fG..S.s\>.D.jh......|...#..}h....`2R.a....<...Ct..3.0.-/!......z.N.U.T...q....A<..........U...n[:..h....;.8>..y.l...>......m...._..l..^e.A`...f.).(C.l.R.J...zj......u.i..-..6..../...O......K....Fx.a.........{l..9....}...8.|....L..n.....X.q.........!O.H<..i.TB.<...zR. W..h.;}.Z...@....Z1....L..U.`V.....v...d........4P5(Vj..#........3..g5..bw.S.c. .._...
<<< skipped >>>
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=71390-
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 214168
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 71390-285557/285558
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 5f32e0f17e78c0bfe70226dd05074c92.cloudfront.net (CloudFront)
X-Amz-Cf-Id: bXVvNaKoOJIgvyYPIKtuZzHvm0EDukKClyXhgelSuVF-WNWU40DKnw==
..IK.#.ikv7..=....\z....if.J^.;,5!.._...MR..w.OX..&.....p:.........5.L.iT.L.O.....7D.]b..........3.. 2=v.a.....^k....xp .`..y.1>...A.Q!..._.J.D.......j..].8v....>.P.\ei%..OU[.V.p.*ky..E*.D0).-l.B.....*..aG.b^..T.yqu8.Np.'.Z&V`..-..2l..Bu.l ........4X.U..9p..}E|..J...".m..:.....@..8auM.wLc$h...8D.s"..]......3.. .$..H.Sf.z.....q.Ke.....b.......IO[......U....l..-.!2......2.ed...M...@..s..K.....].<.........g.mG..as..ez|.C.......=p.^U|.`s6.).\).]........2j.....N....a...i\.m.<......8......z....=....i.s.2...r...n.=h.D".O.MN..a.S..f. .S.i....N>.O;...>..4%.{.L....... m.....%.Hw.U<...."...ns.Z....).)`o:....O....0..SDt..|V.G...iU.d P..x..{`i[.X.Uh..@..`C...;6.\..y.]-W.... ...G9`.%i~.G.......r#`...`...G....Z..KQA~'vL2XAM..(o......jU.....3........7...o.q...9...@....dO.r..c.KO.`....u...G......H.N.|..;#..G.n]J.Kx......t.if.8u.^....L..L..;..# 6...p ...........U..KU%....F...>....L.sZ.Cm.!..cllj...&.:......p..y.....ds_.....W..t2.,.I...Z..c.T?/&O...8..q..<:Cp.....7&.D7.....e,2.)..G..FP.l. .N....(......I.......4&...8.1;...M...=.2..%;.V).>..5e...I...@D....0.!..GHUZ.nnh..........n#.....F.v.S...Zy.m..........;..k...3..(. .k.............,H.D.L.....K...`[.. C..7X.uq.zV.t...m..`..H.....s.e..R.7...4.F..`.b!..N.pY...=%K...s.Tt*9.rR..A....xt.hR.k..25...=`...7.........&=....vK.A...4.d7y.....(....7.(..l.k...h.C.w|..yP..#...lNI..\8....c...I&.h.[.=p... ...._......).;.>"@.....@.n@..)...,....80.W......kh..z8.......W3S..E...3..H....^.t.L.\........3G..b.....!.^....U......d..k.X...84P..%V........O._.rg.7.g..`G4.$u.x
<<< skipped >>>
GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1
Range: bytes=247102-494204
User-Agent: Better Installer(Mozilla)
Host: download.genieo.com
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: PxuHQflRmAPLjlQLtJfQT4AR/1TG4VJJG8Qn6TwgRfOLG5wXsGN 9oZdg2NFYKdo3pjvHIjXxdE=
x-amz-request-id: C5B3648613C5C4BB
Date: Fri, 13 Mar 2015 01:01:14 GMT
Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT
ETag: "d65611fbc4da8cea4e886076bec82d1e"
Accept-Ranges: bytes
Content-Range: bytes 247102-494204/988408
Content-Type: application/octet-stream
Content-Length: 247103
Server: AmazonS3
-s...R.... .e.>7........... )..51.n4..@..)....ck.../.01-. Z?L....k....O..<2Ma....7..r.2....j....O.".A......dK..&G..Hj6.(.P....ZxVA.>...Sr.l:.86....6bq.....>.d-p~R{..jI.L..M. .8O....q..[..J4...T..l.....m.......)e.C..A....I,cPy2|.."-...".M.O..v...=Q......|.......'..Z..I}....Dw.....f.i...m.~.o..H'.j.....&.agE.`._`.>...[.:O...^4......3...7.{.a@.m...9..bH...<......BY..4C.}..Qf.'(.....rRf?...q.=|....|....[........E..Gu...oD2 ...E/....2$..k......o......E.. h.....s7..ouq...N..".o.....L.....%.8-...zG.._.|.B{.e(w.iy.....ALA.}.,.cf1%ZE-.U.....oa.F.~|o.":,.N.s...N.^x....GT..(.!..oy'.N..?.L....7...)..f1nS.P.6....._v......._)S......`....qe0.d.DI............sq..su...{j..Y..'...;..6.{..@..Os3p4T8.z...8....L.Q.F...H../...b...(..k._..z.a...f...0......}.......P.|-.3.g...<.,w=P.tk_$..p..\,...K..*..........S.....l&..^C.q.J...OD...$..T..x...`........:Ea#"...fv....p.u.YWE.........m..E...CV....=sR...=W.DC..jQ..o.74;9 .5y^.H&f.3..|X.......w. ..^./E...X..lC.|.hR.. ...._Jr..v...E..X~.D.Q.......5.>...A..v ...a~=..F ..{a"....yj F..].n......=1H..
GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1
Range: bytes=35695-
User-Agent: Better Installer(Mozilla)
Host: dpo55t230unug.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
Content-Type: application/octet-stream
Content-Length: 249863
Connection: keep-alive
Date: Sun, 08 Mar 2015 05:10:01 GMT
x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC
x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894
Cache-Control: max-age=3600
Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT
ETag: "518879abe3170dabd172dfffcd165598"
Accept-Ranges: bytes
Server: AmazonS3
Content-Range: bytes 35695-285557/285558
Age: 699
X-Cache: Hit from cloudfront
Via: 1.1 f16aaf9742c058884a37f43c56e4a874.cloudfront.net (CloudFront)
X-Amz-Cf-Id: GM5I-epK_FWbXFFhP_zuqxfsKOzGHMwW3VhypaJa9HHvSP8RBxFjNg==
.CA@.khh.............hfe.ONM.>>>.555.,,,.&&%.!!!.................................$"".)''..,,.200./--.*((.866.QOP.qpp....=........................................................................................................................776.........%##.=<<.ecc.............ihf.OON.>>>.444. .&%%.#!!.................................%##.,'(.0...100. )).- .@>>.XVW.~}|.............................................................................................................................AA@. .....&$$.<::._]].............kih.POO.>>>.444. .%%%.#!!.............................#%%.''&.-)).1...0//.*((.200.HFF.`^^................................................................................................................................_JJI.##$.....##$.<<<._^^.............kih.POO.>>>.444. .%%%.! .........................!!!.$&%.(((.-**.3.0./--.*((.644.LJJ.ecc....k...........................................................................................................................9UVU.&&&.....!!!.999.___.............lki.PPO.>>>.555.,,,.&''.!##.. ...................... ."&%.())./ ,.4/0./ . )).:88.RPP.hee....3...........................................................................................................................!`_^., ..... .444.YYY.............kmi.OQN.>>>.545., ,.&%&.#!#.......................... ..#"!.)&&./,-.310.,)(.-**.><<.SRR.nnm.........................................................
<<< skipped >>>
GET /piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Mar 2015 01:01:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
<<< skipped >>>
<<< skipped >>>
POST /installer/ajax HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bi.bisrv.com
Content-Length: 2694
Connection: Keep-Alive
Cache-Control: no-cache
country=UA&uid_orig=da282e2bbb7e4e4483dc4da5b3e19aab&uid=da282e2bbb7e4e4483dc4da5b3e19aab&affid=piratebaymirror&sid=neongenesisevangelionplatinumcollection&cli_id=&softwareName=Neon Genesis Evangelion Platinum Collection&installerVersion=2.0&osVersion=5.1.2600 Service Pack 3 32bit&ieVersion=4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)&defaultBrowser="C:Program FilesInternet Exploreriexplore.exe" -nohome&defaultBrowserName=ie&originBrowser=ie&hostBrowser=ie&tzo=MTIw&muid=bb240ea4d92fcc6bc5ca46520f398adc&cu=false&cd=false&tokyo_csrf_key=08a915df8ec9ff5ca07fa1197a3235ac&tokyo_csrf_timestamp=1426208467&unique_id=f851beeaa9065db1ee91294fc5689b2c&clientIp=193.138.244.231&ffInstalled=false&dfz=false&avdr=lDKrp/3VMDh61tuJfJlrKXs1VI6ezbhGnJBKbIRjXeIYfcyodTGERY6ZOIkepjCAJ6l5ti1eroI6fZ94jJ7hVTGSxjM0U9E7
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Mar 2015 01:01:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
1fce..{"dictionary":{"Finalizing installation, Please wait.":"Finalizing installation, Please wait.","Exiting now will cancel the installation of %software_name% \nAre you sure you want to exit?":"Exiting now will cancel the installation of %software_name% \nAre you sure you want to exit?","If you accept the terms of the agreement, click Next to continue. You must accept the agreement to install %software_name%":"If you accept the terms of the agreement, click Next to continue. You must accept the agreement to install %software_name%","There appears to be a network download problem. Try again?":"There appears to be a network download problem. Try again?","There seems to be a connection problem, please try again later":"There seems to be a connection problem, please try again later","Abort installation":"Abort installation","To cancel the installation click abort":"To cancel the installation click abort","To install without bundled offers click skip":"To install without bundled offers click skip","Otherwise click continue to proceed":"Otherwise click continue to proceed","Resume download on next windows startup":"Resume download on next windows startup","Abort":"Abort","Skip":"Skip","Continue":"Continue","Decline":"Decline","Confirm":"Confirm","Optional offers":"Optional offers","Read more":"Read more","Pressing the \"Skip All\" button will skip all the optional bundled offers":"Pressing the \"Skip All\" button will skip all the optional bundled offers","while allowing you to continue installing":"while allowing
<<< skipped >>>
GET /pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=bb240ea4d92fcc6bc5ca46520f398adc&client_uid=da282e2bbb7e4e4483dc4da5b3e19aab&uniqid=f851beeaa9065db1ee91294fc5689b2c&affiliate_id=piratebaymirror&software_id=neongenesisevangelionplatinumcollection&sponsored_id=istartsurf&tokyo_csrf2_key=84803c5219e63d6e8599911dfc4f01e1&tokyo_csrf2_timestamp=1426208469&slot_number=1&index_in_screen=1&index_in_session=1&display_height=68&0.1199777363849811 HTTP/1.1
Accept: */*
Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bi.bisrv.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Mar 2015 01:01:10 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Fri, 13 Mar 2015 01:01:10 GMT..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..
GET /affiliates/eula.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d3fih8vt5tnw32.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 08 Mar 2015 05:10:31 GMT
Last-Modified: Sun, 26 Oct 2014 17:23:05 GMT
Expires: Sun, 08 Mar 2015 05:20:31 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: RefreshHit from cloudfront
Via: 1.1 f16aaf9742c058884a37f43c56e4a874.cloudfront.net (CloudFront)
X-Amz-Cf-Id: ZuuLyCQ5zNHrZfQPSCiDVPfIq75avXQTTIMFiRM0FO_eFdLpzRVZGg==
1500.............Zks.F......N.......|.-y."!...P.P.... .)".....1S..{....R.g.Jl...}.{...>....F7..ZV.T]NO..Pu....?...Q4R..G.c...VEE..I..Y......:..Z........?...n...G......o......w>.o.d..U.../......4..`..?~{T..d]..i..;.~......y.Q....7i<,..<.....d...|...l.?..t..F.OeU$.....:Xl..U;8...Q.~.vGw......E.I.....z.7S....q.I..f.q.DW.....U....|..(.u.1...z..3..|....A.....:.............P....X$..*.w..........s.;..]..........u.?..%f...~....S..b...,..........5.(,Qm...w .NK...Y>......u.......}n..C......8$....)..R..4IuwS....h...*...f.e.q7...<y...I.....:8...s#Z/M./...B...s..|}.........@..T..)t..uJ.WR..._.LTvz. yV._.L.tz..6 ........e.......6.....#b.j.A..yw.[.p.a...6n.6;(u40..8.....&..DT.....EQ..k..JD.C....zDq....W...X...f.W..D....I.:............~..........f..a.QZ....>f%.(..n....z.v.u.mCc..].......u$..S..UK<...."T.......dhR.U7i.3.......4.K.....6..-..]......'$Y..9$.....U>Et....y....M..M.2x.....`An|.^.t'O.. !..m>.:8.KZ.........$C...f..Ll...4.<ZGm.$H{Q...........z..m................p........|C.......i^.W.}'.>..*.....z .=,..7..L.WY^..T./..zS&...w....g.x..O.U\$q.S....Y.S%*.7..................W..,^'8......o..W..Z....Q.U.7bp...l5.E....=P....A.D;45....d.q...Jg....."...<._&...>(VQ..<......Q..v.....?@,...h...P8..i.<N.......fs5.u.8...8v..-. .....OG..'O.....3{*1u....P..?TK...!..:...e.......6.N./.....C...'...V&.].....|.b...\.D..J...Y...n-.j.j...u..G.....B.h.Z......s..dw...9.\...D....]w.n..r...~..q4.St........&..3RC'pO.....p.C.2R..."7..6x8.'#/..I..S......vd..r......I.9..79..B.4..^}ur....S..s...u2."...~
<<< skipped >>>
Map
The Application connects to the servers at the folowing location(s):
Strings from Dumps
biclient.exe_980:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
PSShP
PSShP
SSSSh
SSSSh
RegDeleteKeyExW
RegDeleteKeyExW
FtpCommandW
FtpCommandW
XXXXXXXXXXXX
XXXXXXXXXXXX
kernel32.dll
kernel32.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
d:\mTech\somoto\new_svn\BetterInstaller\BetterInstaller\Release\BetterInstaller.pdb
d:\mTech\somoto\new_svn\BetterInstaller\BetterInstaller\Release\BetterInstaller.pdb
HttpSendRequestW
HttpSendRequestW
HttpQueryInfoW
HttpQueryInfoW
HttpAddRequestHeadersW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpOpenRequestW
InternetCrackUrlW
InternetCrackUrlW
WININET.dll
WININET.dll
PSAPI.DLL
PSAPI.DLL
IPHLPAPI.DLL
IPHLPAPI.DLL
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
CreateDialogIndirectParamW
CreateDialogIndirectParamW
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
COMDLG32.dll
COMDLG32.dll
CryptSetKeyParam
CryptSetKeyParam
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
RegOpenKeyW
RegOpenKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
USERENV.dll
USERENV.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
.?AUIHTMLOMWindowServices@@
.?AUIHTMLOMWindowServices@@
.?AV?$CAtlExeModuleT@VCBetterInstallerModule@@@ATL@@
.?AV?$CAtlExeModuleT@VCBetterInstallerModule@@@ATL@@
'BetterInstaller.EXE'
'BetterInstaller.EXE'
Created by MIDL version 7.00.0500 at Tue Nov 08 16:10:48 2011
Created by MIDL version 7.00.0500 at Tue Nov 08 16:10:48 2011
1"2-2:2]2
1"2-2:2]2
:!:&:0:>:~:
:!:&:0:>:~:
:
:
{C85A8C97-E040-4924-8E1D-693560EE116E}
{C85A8C97-E040-4924-8E1D-693560EE116E}
WAdvapi32.dll
WAdvapi32.dll
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
@Mscoree.dll
@Mscoree.dll
OLEAUT32.DLL
OLEAUT32.DLL
A%u kB
A%u kB
%u bytes
%u bytes
Range: bytes=%d-%d
Range: bytes=%d-%d
Range: bytes=%d-
Range: bytes=%d-
%d:d:d
%d:d:d
%s - %s
%s - %s
Wwininet.dll
Wwininet.dll
r%s.%d
r%s.%d
@"%s" %s
@"%s" %s
@%s (%d)%s
@%s (%d)%s
*.TXT
*.TXT
%d.%d.%d %s %sbit
%d.%d.%d %s %sbit
%d
%d
%DOCUMENTS%
%DOCUMENTS%
ÞSKTOP%
ÞSKTOP%
hXXp://installer.filebulldog.com
hXXp://installer.filebulldog.com
%s\Mozilla\Firefox\%s\prefs.js
%s\Mozilla\Firefox\%s\prefs.js
%s\Mozilla\Firefox\profiles.ini
%s\Mozilla\Firefox\profiles.ini
biDeleteRegistryKey
biDeleteRegistryKey
biGetExecutionArguments
biGetExecutionArguments
biCreateRegistryKey
biCreateRegistryKey
biExistRegistryKey
biExistRegistryKey
Better Installer(Mozilla)
Better Installer(Mozilla)
%s/%s/%s/%s?v=%s&muid=%s
%s/%s/%s/%s?v=%s&muid=%s
%s/downloader/%s/%s/%s?v=%s&muid=%s
%s/downloader/%s/%s/%s?v=%s&muid=%s
Preparing %s...
Preparing %s...
ekernel32.dll
ekernel32.dll
mscoree.dll
mscoree.dll
KERNEL32.DLL
KERNEL32.DLL
Open URL Error
Open URL Error
URL Parts Error
URL Parts Error
FtpCreateDir failed (550)
FtpCreateDir failed (550)
Error FTP path (550)
Error FTP path (550)
bi.bisrv.com
bi.bisrv.com
ler.filebulldog.com
ler.filebulldog.com
hXXp://piratebaydownload.co/8401676/Neon_Genesis_Evangelion_Platinum_Collection.8401676.TPB.torrent
hXXp://piratebaydownload.co/8401676/Neon_Genesis_Evangelion_Platinum_Collection.8401676.TPB.torrent
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Neon_Genesis_Evangelion_Platinum_Collection.8401676.TPB.torrent
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Neon_Genesis_Evangelion_Platinum_Collection.8401676.TPB.torrent
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\biclient.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\biclient.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}
{8856F961-340A-11D0-A96B-00C04FD705A2}
2.0.0.0
2.0.0.0
BetterInstaller.exe
BetterInstaller.exe