MD5: f851beeaa9065db1ee91294fc5689b2c
SHA1: 5bba3f979572c1200e02b334bc2a6ffebd85d33b
SHA256: 25bdcac96ec41c47a9f1e77873687bbcd41a14cf8e401fef2497bcc04443a7a5
SSDeep: 3072:h22ihA0m3BJf0v3z2FXwQVwIQuDv4gBZG97yj7hAahAFS6:CA0m3T0v3z2FXwVWQUI97yj7hAP
Size: 166736 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2010-12-17 11:14:12
Analyzed on: WindowsXP SP3 32-bit

Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Application creates the following process(es):

%original file name%.exe:1844

The Application injects its code into the following process(es):

biclient.exe:980

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process biclient.exe:980 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\The_Pirate_Bay_logo[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe (22288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula-sourceapp[1].html (1650 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.3 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\tokyo_sprite_full[1].png (3505 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.0 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (37040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.0 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.4 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.5 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.5 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.4 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.7 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.6 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula-sourceapp[1].htm (395 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.0 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.3 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.2 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\tokyoThreeWavesBG[1].jpg (510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.1 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.3 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.2 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.1 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.7 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.6 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.4 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.1 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.0 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.3 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.4 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.7 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.6 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.2 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\eula[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\eula[1].html (538 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.5 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\eula-istartsurf[1].htm (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.6 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.1 (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\eula[1].html (538 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.2 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe (70607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.5 (4152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\The_Pirate_Bay_logo[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\eula-istartsurf[1].html (535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.7 (9352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe (21724 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\The_Pirate_Bay_logo[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula-sourceapp[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.6 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.5 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.4 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.6 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\smt_istartsurf[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.5 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.4 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\SourceAppSetup[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.5 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.4 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.6 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.4 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.5 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.6 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.7 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Neon_Genesis_Evangelion_Platinum_Collection.8401676.TPB.torrent (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\eula-istartsurf[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.1 (0 bytes)

The process %original file name%.exe:1844 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\biclient.exe (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp (6501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\config.ini (154 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\config.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\biclient.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss1.tmp (0 bytes)

Registry activity

The process biclient.exe:980 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 91 57 7C CD 09 2D 1E 3A 31 91 D3 B4 4D 71 03"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:1844 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E 82 1B 33 B3 8B 79 A6 6B C1 16 99 AC BA 02 F6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\biclient.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.0.0.0
File Description: Powered by BetterInstaller
Comments:
Language: Language Neutral

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 3630
7f6d030a23f210ff0f767468fe3edd48
74fc1165f17d69e1205b8624e8b5fbbe
6deaaa49634d4ef6589fa2116f011a45
630e34598c05843fcf78ed9e87504e63
5325e620ec6cbf6918bc19bfc0ca49d0
9874d250393a5ca9bdb584349e6a11d4
99cbf9001892c6af0efad4afa94b2702
45cd604407f0af04cedd17c4d9bbba0d
4cef15098297e7c42991be3e40ad9bcf
192e76e660fabd4c5c4fc6056179fc86
6d6cadeac6ec451c70b3f47c7d794a34
56728519451e2b52f5f62c9fb6691d29
0d785d47b1c82023af9cf11d40f20704
50071def1d19b4a292932e38232d7b33
499a5a244e686961854cc81a6ac2f894
a777b08a4f3bd56dea2185c48cda4393
b18d4cd9c83d89116a7478da7a9d8b01
ca4a7cf7aaf0c145c06d67bb96a61da6
22f9e23fcc1e96fec45133be287a6bd5
6fad99e5944cf70690121a6aa6d64b82
e4e8d08fef9dae512def175605b37b30
330361ffef8a4c4690ec3d5e9acbee1d
15085ef3a04cc8da75e4e88c8e40360f
95d29a753a41d388af981f54013fa0e0
9fd81c119909308d540861e600a43bd3

URLs

URL	IP
hxxp://installer.betterinstaller.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC
hxxp://d3fih8vt5tnw32.cloudfront.net/images/Tokyo/tokyoThreeWavesBG.jpg	54.230.99.198
hxxp://d39a6n71ru013w.cloudfront.net/images/Tokyo/tokyo_sprite_full.png	54.230.98.196
hxxp://installer.betterinstaller.com/installer/ajax
hxxp://d3fih8vt5tnw32.cloudfront.net/sponsored/sourceapp/eula-sourceapp.html	54.230.99.198
hxxp://d3fih8vt5tnw32.cloudfront.net/affiliates/eula.html	54.230.99.198
hxxp://d3k2eoekmudqmk.cloudfront.net/affiliates/eula.html	54.230.99.69
hxxp://d3k2eoekmudqmk.cloudfront.net/sponsored/istartsurf/eula-istartsurf.html	54.230.99.69
hxxp://d1p2zvpeuweyai.cloudfront.net/affiliates/piratebaymirror/The_Pirate_Bay_logo.png
hxxp://www.girlliuxiaowei.com/home/smt_istartsurf.exe	208.43.230.100
hxxp://installer.betterinstaller.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=bb240ea4d92fcc6bc5ca46520f398adc&client_uid=da282e2bbb7e4e4483dc4da5b3e19aab&uniqid=f851beeaa9065db1ee91294fc5689b2c&affiliate_id=piratebaymirror&software_id=neongenesisevangelionplatinumcollection&sponsored_id=istartsurf&tokyo_csrf2_key=84803c5219e63d6e8599911dfc4f01e1&tokyo_csrf2_timestamp=1426208469&slot_number=1&index_in_screen=1&index_in_session=1&display_height=68&0.1199777363849811
hxxp://a1049.d.akamai.net/sd?is=sm
hxxp://dpo55t230unug.cloudfront.net/mirror/nerocrossrider/appshat_generic.exe	54.230.99.179
hxxp://s3-1-w.amazonaws.com/partner/gim394750002/release/live/InstallGenieo.exe
hxxp://install-cdn.sourceapp.info/sd?is=sm	212.30.134.169
hxxp://download.genieo.com/partner/gim394750002/release/live/InstallGenieo.exe	54.231.17.33
hxxp://bi.bisrv.com/installer/ajax	78.138.127.15
hxxp://downloadcdn.filebulldog.com/affiliates/piratebaymirror/The_Pirate_Bay_logo.png	54.230.98.79
hxxp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC	78.138.127.15
hxxp://bi.bisrv.com/pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=bb240ea4d92fcc6bc5ca46520f398adc&client_uid=da282e2bbb7e4e4483dc4da5b3e19aab&uniqid=f851beeaa9065db1ee91294fc5689b2c&affiliate_id=piratebaymirror&software_id=neongenesisevangelionplatinumcollection&sponsored_id=istartsurf&tokyo_csrf2_key=84803c5219e63d6e8599911dfc4f01e1&tokyo_csrf2_timestamp=1426208469&slot_number=1&index_in_screen=1&index_in_session=1&display_height=68&0.1199777363849811	78.138.127.15
piratebaydownload.co	52.1.146.44

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /sd?is=sm HTTP/1.1

Range: bytes=178497-

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Content-Range: bytes 178497-475991/475992

Content-Length: 297495

Connection: keep-alive
...rcn.{*[email protected]....._........3.D.r..I..XIPc-..g..V..\r....
[..\h.........Q.....,.)[.PIR......aq..?<R~".....H..B&..D1.A.,.d.<
;.....E...S.......4.u.}.9$!K..q..^..._S.Fb.h.g......f......k.D..ol....
".ZB<]......b..>-A....~p;t...p.!Q.gZi[:.c..?....t#1..2c..\.H.T.j
.T.W..y.....\V..BTqD..r...b.zd.....s...".k..z../..V.........5Rm.!....t
S.4..AI.`R.I.X ........V...g...........8......([3.O.).`5;.X.>[.....
rV..4lW..4#.~.1A...h.r..c.*..k~4....W:s.)........../.....5....].F.....
..P.Q..N....NX[kK.3..,.{...5.g...........7... .WI...b......5..._..i.Q|
!...x....o.A~....t....BS0F.........b-0/...,.. ....w.....f....FU...[*,f
~#...0..B.o..}....N....H.W.2.T.i.}......e........i.`..../...c.........
...}B*......Mu.......X..9Sq......l'g.....M..........*.W..'E..........Y
.....Z_j.@.....|@FM......=....(.f...NDV...f...*....Me..CU}.....NN .r..
S...HL.3y.uz...v.L.........F...S.u..  .$0h70..[...9..A..PxCy.w.-!....Y
f...8z.....F...4iMt5|.".k.J.P6f......*-/..M]....f..........0.g.C0:1.g.
..L.2X...g.rs...P........A.v...[<a5..>%..B..0.d...x...]?...ZJ...
{e.1..<7......".......".......%......Q....&3..'..<...KP../.....l
...iuS......q....i..O.../..Y..q..e.....WN.....[w..,M.'.....2....)U.8..
.J...`.3.Z.......[.&M...c.P....}6..u...<..sp.hE.H.........4z ...I..
.w........."q.f..w,B.mu.?...m.P..F~7..J,..p...|[email protected];x^...:.=.F.
.,...5.\..g....O........*....g.../....,.?..Z....Y..u.2E.o;.)q..L......
.-^.:i.s.aH..w.f3K~....nz.......2o..S3..R.E. .}&(HKRnB.&$I......}.Y...
..Fxx'=.....J..... .._../s....O.. .=7r.N.....~.<.....7.i.^.8y..
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Cache-Control: no-cache

HTTP/1.1 200 OK

x-amz-id-2: OmhLswUTpfiVMSdmOyv / L ubjOcIYhUwAc4MvrisZFgTuSX5l0lEeLHU79DTUQHiTu t3IfqE=

x-amz-request-id: F3EE81C1A09E83F7

Date: Fri, 13 Mar 2015 01:01:13 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Content-Length: 988408

Server: AmazonS3
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
.........P...............`............................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
rc...P............v..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

Range: bytes=0-

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 285558

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 0-285557/285558

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 95a477af435073615179b256d8101334.cloudfront.net (CloudFront)

X-Amz-Cf-Id: fU-BDVqbrsIVuEKn7pX3O5cYenKdB6NeUDIM0UQjngGijf5DezUWMg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
......@...............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
[email protected]..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>

GET /sd?is=sm HTTP/1.1

Range: bytes=297495-

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Content-Range: bytes 297495-475991/475992

Content-Length: 178497

Connection: keep-alive
f.k00. J.b)Q...g0..J1V.m.aC.I...N.=.j...b|.....S.(.A^.Ww&.uW....=>.
.0..{._J./)6.e..].....R..MVLn....{..5-%......\....d..S......X>e.\..
`...%.b..$..Cn....8.PKZ.Z.%..p...\....e=......h.v.h....U`.|...T...O..2
.v%.....3Lh0.C.q..~....sO\<..A.....W.....K..=..]V.UT......}..[..e..
..z...`Mw{....w...|.$l.0Ky..o.X.^.c...Pa.=%,.`q.cT*[email protected]!"
....4.q.]...|.%..1.5pB.7.6}..d..O..VoM.W(......b..G.M.u...f.].../C{:..
Dg...\...D...b...#k...o.K.Y5...J..3j....}.m._....P...-..d.....}..l..(.
.....@...........;.....,...^.L...(...  ..r..2..B...|u.a,.I.K.$.M.. .~.
8.P.J.".X... ....v.}.cn...=.\f;I..M..p~.!.^.....l0Bj[.4R...U......n^2\
.........A...). ..Ee..y.~..d....wx).....3.........Ke.f....G2].....g.Y.
.%..f.].>....=:.1...<l..ow...Z.....D{..#.p.."...P../\.IN.(....1.
$.d|......xJ.4e.I..~'..Dp....uS.1oW.W$..Y..A..)..%/J..a........0I=..o.
4.........>...3......M...9.......@./.n.X..,...7......h......R..w.&'
....<..{.#Aw..f.Vg....w.oBT..%.tU(X.4.w. /. E.'..n...!FE1.9\d.h..z.
..C}T..?..98......1...F. b.).....e....tw...b.*.U.W.d..r..S..c..4.k..M!
...........0..R#.M!...jf..... ..q..SK. ...v.VcT'vg.1...:.,....X.Z....0
^y...m...r.a8.Z..?w.........q.Y..7@$A=.Ju..v..r....c, ....S.V..j......
5.9.....}T;..Xi..&...M.c!t.z..5....|.m. ..'....:.j.b.......:...N.b...O
F..M.b.....|R9....m.. 0"!....B.]...CZ.!H..L.F......pA.j...s=.i>.6.2
P..y..._\3.0...<...CZt...YL....6...`.rs.-.h3....d..........^.7u....
..L.{.j._...%.6.......(B2&V.....C;...,e.?..Qp#.F..?`Q...s.m.5..j...7.B
H.k.]...>.{l.&..kD...g...*P@v..:kd.....e?..MY....O..5......q..U
<<< skipped >>>

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

Range: bytes=214170-

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 71388

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 214170-285557/285558

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 c1639d907cade557ebff29e5be78b0b6.cloudfront.net (CloudFront)

X-Amz-Cf-Id: kvsqd3J7qqIgXR-tqXzY_nK07jp_4hvDyE4VbgEs5nko0EreHzZF6w==
a...:X.h0...d...,Q..b:..... <o..^..z.nI...n..b..3........$.#....k..
m...L:M..^..b..j.*G.:c'^T... .k..|..?D...c....\..P.}[email protected].
...x.X..7.[.f...!......g...)aT......k.....1..K.....ou74.U..#.k3-...N..
.....t....u8n.7.c.2..7J... ...h..s......[.V..44.a..<.- .....x..O2oZ
*...u.....oY...T..k..r. z'._GC..B.W.9&1......'.~/].2 v~..:f.=.x<0.}
.e3F/5..b..<!..H...1)......V~G...7.........A..1VS..s.!6.k.J6...h.o.
..8..A^[email protected]>.[.Z...I..P..................Y..... .I."....s....6
d..<F-..[....\]^... C4w>..'j$.qT........J .{..\....X>........
......|EU.*................c..Q.<......Mk..%....1c...8.g:...=.d'.R.
..Im,O.o$..Q.....O..fS43.(...`..........M.s...Rx..[.|:...&.^.....c....
..)...>.6.C4c".%..O..r.Cg.........|._...9..m.h.6.;.Y.L.~).M..]A\...
e.u`...U....s.X....m.....1y|.....k......~..uEi.$...J..pK.:Xt.....z9.bu
*...1:.C....`.]..N.oR.....0..(.5U!.*....$.......3t.0..Vd6..H....6.9N,.
...)T....e.h.."..N6..nUE.......Z..d.........&.....`..1..............b9
..K..g..9Md...K...6q.?...MU.GW.c.C..Ppfw..u.{.."..]....wf|k./(BX......
V...p>...'.;..(..Q.....9.:...R.v";...zv\;..Ow.2...7.~.IT.D..mu.k.OG
w....<U.....x.. ...i.....W.5|w.#....DR.w.}..r......D...^Y..v.... 05
...K.:.{..}Q...t.Y......P..#Hl....2........&c.....C.*...D....l...v.K.v
D.wC..vK4..W.P.).X.....Z..;V2......,j....q./.q.i..d.........\..F.._a..
.U....T...m...d.....>....{z.tf.T..%...5.. NF.......).....:.b,..O.Yq
.....u/oT<.`[email protected].|T..mVLY.......C(
E.....F...e|...hu.\.\. .....~ ..Fi>..M.;..f.U$..!.&6 Y......s..
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

Range: bytes=0-

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

x-amz-id-2: Y5ULIsaIj700HSLzORofHH82Mi5arROrRKvtJLKwb7CGiaJxSZShy/4KgKn/b2yDtDlB5loA9WU=

x-amz-request-id: 65718E8B896215EE

Date: Fri, 13 Mar 2015 01:01:14 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Range: bytes 0-988407/988408

Content-Type: application/octet-stream

Content-Length: 988408

Server: AmazonS3
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
.........P...............`............................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
rc...P............v..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

Range: bytes=181500-

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 108900

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Content-Range: bytes 181500-290399/290400
ZHH.$.B.CHS...B.ZHI...B.CHT...B.NLB...B.ENU...B.ENA...B.ENL...B.ENC...
B.ENB...B.ENI...B.ENJ.t.B.ENZ.\[email protected].(.B.ENU...B.ENU.
..B.FRB...B.FRC...B.FRL...B.FRS...B.DEA...B.DEC...B.DEL...B.DES...B.EN
I.p.B.ITS.d.B.NOR.P.B.NOR.<.B.NON.$.B.PTB...B.ESS...B.ESB...B.ESL..
.B.ESO...B.ESC...B.ESD...B.ESF...B.ESE.t.B.ESG.`[email protected]
.,.B.ESI...B.ESA...B.ESZ...B.ESR...B.ESU...B.ESY...B.ESV...B.SVF...B.D
ES...B.ENG...B.ENU...B.ENU...B.USA...B.GBR...B.CHN.|.B.CZE.t.B.GBR.d.B
.GBR.\[email protected].(.B.CHN...B.PRI...B.SVK..
.B.ZAF...B.KOR...B.ZAF...B.KOR...B.TTO...B.GBR...B.GBR...B.USA...B.USA
.......6...-.........OCP.ACP.Norwegian-Nynorsk...c.c.s...U.T.F.-.8...U
.T.F.-.1.6.L.E.....U.N.I.C.O.D.E... Complete Object Locator'... Class 
Hierarchy Descriptor'.... Base Class Array'.. Base Class Descriptor at
 (. Type Descriptor'...`local static thread guard'.`managed vector cop
y constructor iterator'..`vector vbase copy constructor iterator'....`
vector copy constructor iterator'..`dynamic atexit destructor for '...
.`dynamic initializer for '..`eh vector vbase copy constructor iterato
r'.`eh vector copy constructor iterator'...`managed vector destructor 
iterator'....`managed vector constructor iterator'...`placement delete
[] closure'....`placement delete closure'..`omni callsig'.. delete[]..
. new[]..`local vftable constructor closure'.`local vftable'.`RTTI...`
EH.`udt returning'.`copy constructor closure'..`eh vector vbase constr
uctor iterator'..`eh vector destructor iterator'.`eh vector constr
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 290400

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......M.C...-R..-R
..-R...R..-R...R6.-R...R..-R...R..-R...R..-R..,Rt.-R...R..-R.E.R..-R..
.R..-RRich..-R........PE..L....<.T............................ 8...
.........@.......................................@....................
.............08.......................R..`....p..L...`................
...............h...@............................................text..
.#........................... ..`.rdata..f...........................@
[email protected]...$K...P...*[email protected]................\.....
.........@[email protected].../...p...0..."[email protected].................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..3.j.P.u..F......F...
...>.....]...U......V..M..;...i..... .;E.s..E..M..I....s..M.S... ].
.. M.;.w.h..B..b....M. E..M..E.;.s.j.Q...'....]..F.;.tR...r..........r
........u....M....E.QP.........{..r....~..r........u...SP.B(........U.
j.[;U.wG;.r.......;.r.......RQ..P......F....;.r.......;.r........u....
M....E..F;.r.......;.r........u....M...Q..P.d....F....;.r.......;.r...
.....u...QP.>....M.....~...N.[r.................h..B..p....U..Q.}..
.M.u.;A.viS.Y.VW;.sY .9].wR3.B U....y..r......M....SQ.E.P.&.M..}..
<<< skipped >>>

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

Range: bytes=142780-

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 142778

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 142780-285557/285558

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 5f32e0f17e78c0bfe70226dd05074c92.cloudfront.net (CloudFront)

X-Amz-Cf-Id: iii6CV_ytH9oiFgHkIgrrRBVCGRJLq8R5ABuDlUVCIl1lXTKaYlBsg==
..<......O.. ..o...U ...h..y.O..X..C............2.[..,..."m...~b...
.......V:...!.......;n .f.P..i?.|...B..w..?5w{...z9.].8*..3..(x...z/E_
...oz...#.".2:...z-.&ng...&y.......H|.q$...Y.....G..M..E.*N...&..z...U
.`....t.?T5.m..<.<...BK..nY_#[....YI?.4...!h.Y..>.....c.M....
F..j..Ht7.gN...z..(..l..\u.~...].Ub...M!..<{.P.M.MM.ne?..<.:....
O.,=.h.....Z.b.........Y....R.s.e.I).i..fpk.j.O0........].2|.0.C``....
...m_z.=W..^...C:............Q...xbR.....t...eF.V.....aR..2o..w.>..
r!U......Xs%.Wm.&.LbX0{.P........@..\w.......>.../.bW........X....^
e8......Lq...[.3a...n*..........2..!c_ .......{...Z.lf...z..o...~*..l.
...G..2.w.8.#.*........DH..-df.][email protected]...'k.... ....m.
=....X..J........e.... .R.7.........!..\..C..G/./..y..*=.......,..V..f
.%....LF.|......T..g..fPs.............-6.".l.t 5..'B.....=.}K.9.%.j.1.
.J.\u&...mg!..Y(...U./?q=B{.z..Q...>....<..B.|keIL.c;........N..
..n....*K...F..~.5.2......K...'n..,&rt...N.G.59.]k....N..3....P...)...
...M w..........6.G.2T......L...B0.#.R....5..,.N..|#..%.lN...9.j...j.2
x....R....Mh..-...D.2...l....*....9c..m.9.e....].j....a.2.7...\....E.B
iu.Bf....a..Oh..r... ...(2n..7BD7.D/........D...T..*.q...u.J..4...v...
I..u.Wr......*.......b....`[email protected]@...zrR..Z..Um....Z.D>\..
........3C.b.._XI.[s..t.......].R..p.=.&E..Z4<....z...=..%.Y..>.
.CF.,]tp..C.iV..z.dh.pI?c\7..4!2..^.M....GDiK..*.=...!.?.......H......
.)]...(..@..(..{..E^yVP ......%M,..O...S2........d^....T..VE.....j.y..
.....}..GqN....E7rG{.E.....y...N/.WG..,...QV.GC.m.gY..........4...
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

Range: bytes=72600-

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 217800

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Content-Range: bytes 72600-290399/290400
.....^]...U...u.j..u..u..u..o......]...U...E.S.].f.;.W..tC...f..t9.. .
.M.f..t....f..t .... .u....f9..u.f.9.t..........f..u.3._[].......U...U
.VW..t..}...u...1..j.^.0.gl.....3.E...u....... [email protected]......
1..j"Y......3._^]...U..V.u.W..t..}...u..|1..j.^.0..l...._^]..M...u.3.f
......f.:.t....Ou...t. ....f......f..t.Ou.3...u.f...*1..j"Y........U..
V.u.W..t..}...u...1..j.^.0..k...._^]..E...u.f...... ....f......f..t.Ou
.3...u.f....0..j"Y......j.h..C......3..}.3..u.;....;.u...0.........%k.
.........V.....Y.}[email protected]..
A$.u)...t....t.................C.....YC..@$.t...0..........j...M..9}.u
..N.x......A....V.N...Y.E..E...........E..i.....u.V.d...Y.j.h..C......
3..}.3..u.;....;.u.../.........1j..........V.....Y.}[email protected]
....t...................C.....YC..A$.u)...t....t.................C....
.YC..@$.t..#/..........i...M..9}.u!.N.x....E..........V.u..`Z..YY.E..E
[email protected].;.t....t
...................C......A$.u%;.t....t.................C......@$.t..]
...........h...._^[]..].;.t..F...u...y...u..~..u.V.w...Y..;F.u..~..u.@
[email protected][email protected]...%......j.h0.C..-...3.9E......u
...-.........Yh......,.u......Y.e...u..u......YY.E..E...........E.. ..
...u......Y...U..j.j..u.........]...U.... SW3.j.3.Y.}..]...9].u..I-...
.......g......i.E.;.t.V.u..E..u..E..u..E.P.E.B....E..............M...x
..E....E....E.PS.ZX..YY.M.x..E......E.PS.BX..YY..^_[....U...u.j..u..u.
.K......]..@RC... .C.Vj.^..u........;.}.... .C.j.P.W ..YY...C...u.
<<< skipped >>>

GET /images/Tokyo/tokyoThreeWavesBG.jpg HTTP/1.1

Accept: */*

Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: d3fih8vt5tnw32.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Content-Length: 15368

Connection: keep-alive

Server: nginx

Date: Tue, 10 Mar 2015 15:26:31 GMT

Last-Modified: Tue, 10 Mar 2015 13:40:32 GMT

ETag: "54fef450-3c08"

Expires: Tue, 10 Mar 2015 15:36:31 GMT

Cache-Control: max-age=600

Accept-Ranges: bytes

X-Cache: RefreshHit from cloudfront

Via: 1.1 95a477af435073615179b256d8101334.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Ec0jRv_InmseArx5n6HF4Eu6dCNsnsi6s8E-uOAQBixQMKZmVXHOHA==
......Exif..II*.................Ducky.......2.....mhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:20C8E87541DAE111B
4BB9504935C1EDB" xmpMM:DocumentID="xmp.did:9221A174EAAF11E18FF38F26F77
384E1" xmpMM:InstanceID="xmp.iid:9221A173EAAF11E18FF38F26F77384E1" xmp
:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom s
tRef:instanceID="xmp.iid:5CE23EFD5CE7E11188929FF0DC9AD62D" stRef:docum
entID="xmp.did:20C8E87541DAE111B4BB9504935C1EDB"/> </rdf:Descrip
tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
....Adobe.d...........................................................
#"""#''''''''''..................................................!! !!
''''''''''........D.."................................................
......................................!1.AQ.aq.."2...BRb#....r.....3c$
CSs.....Dt....4...6.......................!1.AQaq..."2...BR#...r..b.3.
..S4T..............?............................@...... ........B.....
V@.. ..U.^[email protected].'............)...........b.....
......................B.....................2.......FR0 ....%l...6
<<< skipped >>>

GET /sponsored/sourceapp/eula-sourceapp.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: d3fih8vt5tnw32.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Server: nginx

Date: Sun, 08 Mar 2015 06:44:47 GMT

Last-Modified: Sun, 02 Nov 2014 08:13:44 GMT

Expires: Sun, 08 Mar 2015 06:54:47 GMT

Cache-Control: max-age=600

Content-Encoding: gzip

Vary: Accept-Encoding

X-Cache: RefreshHit from cloudfront

Via: 1.1 95a477af435073615179b256d8101334.cloudfront.net (CloudFront)

X-Amz-Cf-Id: rXLp9U6SDUNyb5mma7HQOQbZh5oaQs0Jq3pz6MA3Rf4TGNzxE97zqQ==
36ec.............}.r....sU..C..cLE."U.m[. ."A.6I...d..#.$IT.H..Q......
....Yk.}....|..vtGQ@..........=...>^....tR\].=...{.....?9>>..
..z?.8/^..,..r........../.....j...........zqw<....X..c..p...h......
....t2[.~.0.~......lU..|....jU...r..V..[.n......a.z.T..q^.~oU}^...K~..
M=z....7.zR/^......;~4-.w.......p?^U..y9.^..z1-'..........O_...N......
.u...............wz%'b ..p..a9............)?-..an....^....r.....5s~:.g
..N......;...o.....G..c....5.x...j=)...a.....i_....v..-./......n_./...
w......E..?h..w........=.|h..........t..Y....A..{.....O....A.{.?(>.
....x'...x.e.....z-~..}P.......>..........>>.\`..3|......6..k
.;.....o.;.......Q....8~....dS-....U..V..xV.....=...8..|<.f..h.-.jZ
.V........(.EU...H..,..zV....E.^/.Uk>...b........A..P.....[/1....L.
;...#M.kL..0.5&.,.......X.......c.X._xw1.OA.#.......%.mR.6..TeS.Y..\..
.]=p.6...s....^...;.....?U...u...|9.X.W...r.X\...../.?....b^/JN.?[T...
.. |..j3..r...r<)o.....IBf.},......>....<.0..#-.s.._U.0..x9..
....d=....\.....r6...... l..g.....N.........k.....^d.....\...XK|...pF8
...Jk......ZL.9......Z....|.....r...N....' <..,k..A.H.h...CQ......j
t.....C./[email protected]...$<y..
.... ....|X.....Z.w...2H.c..4...).......... l3F.o3.,....qVc...Z.SmP...
.02&.....Y.j...s.bR...(.. ...;..K.lb(g.z.Z.G.a....`>...1......K2...
/.hg.....9e...H.gU.Zc.,z......2f.........7..R.AYX.'.....`.I...B..4p...
....x..@.\..5U..x.......*..z.=r.6.'.s\H.9.!.N.;......g....gq.O.. .Y...
...[.X%........ L.........9..E..............`.I1.F.......0|.h...".
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

Range: bytes=217800-

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 72600

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Content-Range: bytes 217800-290399/290400
....................h.u.........................................t.w...
..................................z.h.................................
........d.e.....................................d.e...................
......................a.t.....................................d.e.....
....................................a.u...............................
......e.n.........................................i.t.................
....................i.t.........................................e.g...
..................................a.r.................................
........r.o.....................................r.o...................
......................s.a.....................................a.r.....
....................................d.k...............................
......d.a.........................................m.a.................
....................a.r......................................D..m.y...
..................................e.n.................................
....U...m.m.....................................m.m...................
......................p.t.....................................p.t.....
....................................f.r...............................
......f.r.............................................................
..............................................B......?AV?$_Node_str@D@
tr1@std@@.......B......?AV?$_Node_class@DV?$regex_traits@D@tr1@std@@@t
r1@std@@......B......?AVcodecvt_base@std@@....B......?AV?$codecvt@DDH@
std@@...B......?AUIHttpNegotiate@@......B......?AUIServiceProvider
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

Range: bytes=145200-

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 145200

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Content-Range: bytes 145200-290399/290400
.......}..t...'....]...U...E..h.C.]...............U...M..MZ..f9.t.3.].
.A<...8PE..u.3......f9H......]..............U...E..H<....A.SV..q
.3.W.D....t..}..H.;.r..X...;.r.B..(;.r.3._^[]...............U..j.h.$C.
h..A.d.....P...SVW.tVC.1E.3.P.E.d......e..E.....h..@..*........tT.E.-.
[email protected][email protected]:.@$.........E......M.d......Y_^[..]..E...3..9....
.......e..E.....3..M.d......Y_^[..]...U....$.tVC.3..E..E.S.E..E.VW.E..
.p...e...=l.C...E.u}h4.B...T.B............= .B.h(.B.S...........5..B.P
..h..B.S.l.C...P..h..B.S.p.C...P..h..B.S.t.C...P...|.C...t.h..B.S..P..
.x.C..x.C..M..5..B.;.tG9.|.C.t?P...5|.C.........t,..t(....t..M.Qj..M.Q
j.P....t..E..u..M... ..3.p.C.;E.t)P....t"...E...t..t.C.;E.t.P....t..u.
...E..5l.C.....t..u..u..u..u.....3..M._^3.[.........U...E.f.....f..u. 
E...H]...U...M...x....~....u...{C.]...{C....{C.].............;N.....].
[email protected].=|.B.3.VV.u..E..u......M.;.u.3......~Ej.
3.X.....r9.D..=....w........;.t............P.....Y;.t..............3.;
.t..u.S.u..u.....t VV9u.u.VV...u..u.j.SV.u...<.B...S.....Y...e._^[.
M.3..W.......U......u..M.......u..E..u..u..u.P.........}..t..M..ap....
.........U..SVWUj.j.h.GB..u...O..]_^[..]..L$..A..........t2.D$..H.3...
...U.h..P(R.P$R........].D$..T$.........SVW.D$.UPj.h.GB.d.5.....tVC.3.
P.D$.d......D$(.X..p....t:.|$,.t.;t$,v-.4v....L$..H..|...u.h.....D...I
....D..._......L$.d........._^[.3.d.......y..GB.u..Q..R.9Q.u.......SQ.
.bC...SQ..bC..L$..K..C..k.UQPXY]Y[........U...E.VW..xY;...C.sQ........
...<...C.......<..u5.=.TC..S.].u....t.Ht.Hu.Sj...Sj...Sj....
<<< skipped >>>

GET /images/Tokyo/tokyo_sprite_full.png HTTP/1.1

Accept: */*

Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: d39a6n71ru013w.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Content-Length: 26401

Connection: keep-alive

Server: nginx

Date: Tue, 10 Mar 2015 13:50:19 GMT

Last-Modified: Tue, 10 Mar 2015 13:40:32 GMT

ETag: "54fef450-6721"

Expires: Tue, 10 Mar 2015 14:00:19 GMT

Cache-Control: max-age=600

Accept-Ranges: bytes

Age: 59

X-Cache: Hit from cloudfront

Via: 1.1 9d3cc62eeee5c3d8d5e74dc52327bf12.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 4Um8bl3UQAgq82s0pR0RknNSh9ALTAp8voXujwLceI-Eyn5h4VqMkQ==
.PNG........IHDR...............-)....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:080CC8DDBD6511E3B018CC78
0203A0F9" xmpMM:DocumentID="xmp.did:080CC8DEBD6511E3B018CC780203A0F9"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:080CC8DBBD6511E3B0
18CC780203A0F9" stRef:documentID="xmp.did:080CC8DCBD6511E3B018CC780203
A0F9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>..!C..c.IDATx......G}.....9....,....;...Mx.
1..!.l...`............{..%.q...o..qp ...1.flA0..E.d......vW..W/S..3..I
gF:....5=..=}..3....._.B>......!...%.....RJr....e...m......M...uW*.
.v..j.J.b.~.w.7QI/....{.@...)]....}.Ugf......eM.u..].N."c%.,.V...;.5..
}.v.......A...l>.;.>O....Lo..ku^......3.8....x./M.G]5y.(P....p..
.X..^.z.....R._ ..m..u/|.......:D.Z....\........;\....k.....|x>7\."
....RLi.$.%ZWo\......o.]]q...|.r.......Y.3.mal...d{{..W.....fQ.-......
.j5..e.....6............k(......b^k.....|miA....A$..(;o.??D.p.S5S'..KW
.......=....>..H..f.5....N.t...6 .......0w.0.`.......x.y....S{.
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

Range: bytes=247102-

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

x-amz-id-2: mIIbQquEwYDXE0otso5JbZMpXv1pljmqYBV08yJHLzxQeiWmfiFqOtfA5FPaJlEyg4KhE2vvMyU=

x-amz-request-id: 3A4FBC598373E204

Date: Fri, 13 Mar 2015 01:01:14 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Range: bytes 247102-988407/988408

Content-Type: application/octet-stream

Content-Length: 741306

Server: AmazonS3
-s...R.... .e.>7........... )..51.n4..@..)....ck.../.01-. Z?L....k.
...O..<2Ma....7..r.2....j....O.".A......dK..&G..Hj6.(.P....ZxVA.>
;...Sr.l:.86....6bq.....>.d-p~R{..jI.L..M. .8O....q..[..J4...T..l..
...m.......)e.C..A....I,cPy2|.."-...".M.O..v...=Q......|.......'..Z..I
}....Dw.....f.i...m.~.o..H'.j.....&.agE.`._`.>...[.:O...^4......3..
.7.{[email protected]...<......BY..4C.}..Qf.'(.....rRf?...q.=|....|....
[........E..Gu...oD2 ...E/....2$..k......o......E.. h.....s7..ouq...N.
.".o.....L.....%.8-...zG.._.|.B{.e(w.iy.....ALA.}.,.cf1%ZE-.U.....oa.F
.~|o.":,.N.s...N.^x....GT..(.!..oy'.N..?.L....7...)..f1nS.P.6....._v..
....._)S......`....qe0.d.DI............sq..su...{j..Y..'...;..6.{..@..
Os3p4T8.z...8....L.Q.F...H../...b...(..k._..z.a...f...0......}.......P
.|-.3.g...<.,w=P.tk_$..p..\,...K..*..........S.....l&..^C.q.J...OD.
..$..T..x...`........:Ea#"...fv....p.u.YWE.........m..E...CV....=sR...
=W.DC..jQ..o.74;9 .5y^.H&f.3..|X.......w. ..^./E...X..lC.|.hR.. ...._J
r..v...E..X~.D.Q.......5.>...A..v ...a~=..F ..{a"....yj F..].n.....
.=1H<.Z...n}.1.;.!7U3..........G..N...T......A.........m .....PcC\C
ek.w.........J.a....{*.>.u..]9.....2K.}.G@........$-H....=9....f&f.
.6l...M...u ..k.N).O..8J.~........i ..`5.........r..g`..../...E.....R.
..P......l$r.GTJ...\...v9..Y.D.!&e..aq...)%.'.[.....Pgx..../.PQ..yv..D
...#...m.|P!.l..s.$.q&=..d6T.jQ...]d....7c ...ll.s...X..`T.(Da.P..b..!
....A>..n."..H.....Rrc...C.T..J]Jx\*.....l...q2..q...R......?9..4l.
....F..3`{..x.`..d^.g............C..t.G.'xdA>y...m....m~..."..~
<<< skipped >>>

GET /sd?is=sm HTTP/1.1

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Cache-Control: no-cache

HTTP/1.1 200 OK

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Content-Length: 475992

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z....... ...0.......p....@.........
........................$S.......................................s....
...p..............h*..................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
.....p..............@....ndata.......p...........................rsrc.
.......p.......t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G...
..t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>

GET /sd?is=sm HTTP/1.1

Range: bytes=356994-

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Content-Range: bytes 356994-475991/475992

Content-Length: 118998

Connection: keep-alive
....j..bY-?..xx.J.s.:wN.-.UD..2.Z..6..g..R.H.......v*....->..f..yn.
.y... ..~..t9...'J..i..Yy... ..i.//L..'....X.....{.I..../jK.m.Gd......
X.....sJ.(".(.5J.. $.,....W..kj.B..V4H....CW..R..D.y.....)/./.x......v
..#.....s....Y.<.w.D&.w..N...>fZ.f.#GF...(&.....-.....Ep..b....e
1....3.....n.T..'y....t.x.@@l...3..<..%...j......Y.{33.q.^..F..X.z.
TU.......|...2...R....H....M[Vs#_6... ..n@]....m<^....e.......<n
. (n....w.)..1K.0.u.s....;.....u]...._.}:-.C...H..[!.%.......J7.#..*i.
y.9.B..s....%e......2.K...=w.......U6....i....u.v.1...)..[y...M'vHG.^H
^93.<1bifU].._b.U.8k..W.m.........}%s.V..]H.Z&c...4g........J...M..
...\...[...|...Q.5]..L..!.M'B..F..8..=V..p.."[email protected].,.2...S....%CN.jE
.].../..h.M#...\k.y..Rt..[F..&}..].95.?.@ .........&....1ul.3 ....X..3
..._......P.G.l..*".M....}.. O. ..fb~;)...sXm..<.".*.|Q.vZ.,...M..M
[email protected].....\..C......Jl.... #.z....1.EA...
R).u..d.!=..|...L..|9......:....D.a.i....m..>.....S...........P(.e&
gt;.,..LI.M.U.C........'?W7..$....R...8...g66..}..74..H.r.{..5..K@vGx.
~.:&e.......=.~...].2,.5..r.......9Dy.pD.....%P.J..s....9b.E..(.......
].......g.'F*....~..7/....8....C.kg."`;......B.,E..E.(.!.w.hN...H;....
.n...DQLK.......n.Z..]..Oz.\xW...`._.I...h.9c$t....x...~.J.".%j..5....
.E.#..G.H.b.......>..i5...H.;=B...t*5.pXZ...;...x......od.C.<'n 
..V0T.[%..f....N8....e....O....X..........h. ..PDJ9. .l....3....;t....
.44..A.Ss5....m,.yk..1qX.m..|..a..:i.....a..H.....V.OPi..........:?fN.
.......c.....q.X.c....5.3....i.$f...T4.W=....Q...hb.....{p.C.._1..
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

Range: bytes=123551-

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

x-amz-id-2: UR jPMoB20rNAlRZOtN6q1JCsozx4Buz3j5AKlcz VhniI3DErqU3gjW9VVEYG FbYWHQwSgOgo=

x-amz-request-id: 761BAF852748A891

Date: Fri, 13 Mar 2015 01:01:14 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Range: bytes 123551-988407/988408

Content-Type: application/octet-stream

Content-Length: 864857

Server: AmazonS3
.[J.w...qYt\M.Fz.4.*.......o.....1K.pE..2....CpY%...~45...'...E...o.$.
...H.h..;o.r.~.98....'...Y.E........r.....C....'!^....i.=.*.(.........
.."...s...v..u..-."...Nm2\[email protected]>.-..\....I....z
.n?.......2...^..?/...a'..".A...D6P....Q.F....<.B6.a<{\..1V..' .
..3/...a.*..MkJ.....$ ...=b.z..5...#..O.W......^O..K...s....>..6.f!
<.S.{. '..Ich...h...f...8<\<`..ff.Y;.<=......:E.f|.Aj..*nN
/....[.S.l.....U....\........k....#p........>.Nvg....c..Q.....k...p
..q....;..<.....l..<..\y....{...fH...F..... [....B...Y.'..T..w.a
..9.....cCW.'S.k.......7.CY.t.....(.)IX...W...........T.......M/......
.uzfBNU.y.....s...W,&.>B....{E...^.v...%<...R...w........<.E=
c.. [email protected]..%..M][email protected]#R..X2X.5uUZ.Q.....
.tM.k.u.O.....G.Vz...,.JZ&J.'[email protected]
[email protected]..=v.....s;.Y...Zfy..e..m.G..0..i=.Y.$..ok...I .V...,.A
...K.gB..c..,.AEfS\....;.9.J..{//>.x_.t5i.6k}....I......I....R.....
..O..d..Y6eD.kG.Aj..,.....u...2Be....WRU?.36...9..N....l;.m..y....\...
...g.m'.Q..%f.#../......Yoe.......j."&.-.WB..'W.J|2..R^p\.2}.S^.[j.3..
3M.d..}1....}.X;[..f?o.h..W...[N..Q.P.JI...fc...E..bkhW.;&.f..........
AY.p...t.....3UP.^-'G..7.e.nL .!i\q{...M.'..=.K&.-..!.9<......p.bhX
.......[Tz1.k..n.QD.....>F..$.$9x.Q..f.e_.0...j.<...d.Y..MKL....
..8.;h.w.g...Q.{q..B..f4.O...hk.bf;.[)..._...DE8C.(I/..*..z.:.....s.#O
...[)(.lA.zC...b}..P.S.X..o....Z..0.....Y.$....mu..C...J..p....I.s~z..
Kr...Y..c:....Y..a.....z%. 7L...8t^..w..d..df...Yt...9.......Ru...
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

Range: bytes=108900-

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 181500

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Content-Range: bytes 108900-290399/290400
.......pl..u.j .....Y...%....j...2..Y.e...5.XC...lV.Y...YY.E..E.......
.....j...1..Y.u..j.....B....d.B......V.5.XC...h.B.....u..5..C.....B...
V.5.XC...l.B...^...XC....t.P.5..C.....B......XC....XC....t.P..p.B....X
C...-0..j.h."C......hh.B.....B..u..F\..B..f..3.G.~..~p......C..K...C.F
h.\C.j...1..Y.e...vh....B..E......>...j...0..Y.}..E..Fl..u...XC..Fl
.vl.....Y.E................3.G.u.j.../..Y.j.../..Y...VW..d.B..5.XC....
..........uNh....j........YY..t:V.5.XC..5..C.....B.....t.j.V.....YY..x
.B..N......V..f..Y3.W..t.B._..^...V.........u.j......Y..^.j.h."C......
.u..........F$..t.P..e..Y.F,..t.P..e..Y.F4..t.P..e..Y.F<..t.P..e..Y
[email protected].|e..Y.FD..t.P.ne..Y.FH..t.P.`e..Y.F\=..B.t.P.Oe..Yj.../..Y.e.
..~h..t.W..`.B...u....\C.t.W."e..Y.E......W...j..L/..Y.E......~l..t#W.
....Y;=.XC.t....XC.t..?.u.W.*...Y.E..........V..d..Y.........u.j......
Y..u.j......Y...Whh.B.....B.....u..4...3._.V.5 .B.h..B.W..h..B.W...C..
.h..B.W...C...h..B.W...C....=..C...5l.B....C.t..=..C..t..=..C..t...u$.
h.B....C..p.B.....C...A..5..C....C...d.B...XC...........5..C.P........
........5..C..5..B....5..C....C....5..C....C....5..C....C......C..c,..
..tc.=..B.h..A..5..C.......XC....tDh....j........YY..t0V.5.XC..5..C...
....t.j.V.,[email protected].^_...U.........tVC.3..E..}...E
.SVW.}...x...........t....h......|.....Q.u..u.P............ub..d.B...z
uxVV.u..u...x.............p.....tXFVP.*.....YY..tH..p.....t...S.u..u..
.x....l..........t.j.V.......3.YY;.u!9.t...t.S.Tb..Y....M._^3.[..Z....
.N.QSVP.Gi.......u.9.t...t.S. b..Y3...WWWWW......}..uH.5|.B.3.PP.u
<<< skipped >>>

GET /sd?is=sm HTTP/1.1

Range: bytes=59499-

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Content-Range: bytes 59499-475991/475992

Content-Length: 416493

Connection: keep-alive
...3l. ....i;....51...6E..Q.o7.9.<~...&o.`7D..z......7.y.lp........
3.`1...96X...f...g@.').%..q.[..S/.....E...%../ ..;!cc.=r.s?..J...{R%..
0<q].$...b.......Yn..A~'.fx..71....L..7.....j.^.l]b..#&O<6.pV\m{
"".y..Y...0.f ...B.._h.T..6..O.<......NJ..{il.....9.~........%...._
[email protected]...]............F.;._.... .[......}g&.1....SU.
....4VU..i....g...S&YX...Hx.....}c..;..j.m.(........'.).wZ..0.j..J....
.....C...=..^W...............Z..rN..?.,.{..C......3:..G.rQ...Z$..?.3m3
L.......eY.k..x.{i.........e5..t.%~8...8.........N.l..!.j*.,....B..C..
.s......L.. X.#...4..&.;..?...0..z.3..9i.o.'....17)0o........8........
].. 2dt.]=,9..{......&.W(..r..9,...F...z].J.L...~......l.x.*G....)b.Ej
.....Mc.H]....k.;.....2.V...t.......x(Z.*gE.e.2....s.}........W..?...X
....?~7..bY.?..&p.I......O..~y..../....U....qP..v/[email protected].
..r..k.......z..0.º.0....ldl..TI.x..3.. ..>M.I...hx......C.. d..-
.......;.....{.].t..i0.T...%.|b..#VL[.z...\..?u.K.........}.q...)..&..
*..z.......9...o.9s..,..h..,..O.H........95.]......A..;....:.Lw.c.G..4
. w;......p.}(...}d.Eq.5..*....c.4E~...f..fZ.kbF].........)..O..A.....
...ND....]A......a`I...iP...[..6:-.,.../0..!.....2..a...-.;...p..^gL..
.^.F[..@.)_.a`K......qu..v.C ..p@.)...q..J...l;..#....Q9,G.......i.\.G
..o}....&.s..Nz..fP.0.....F..M-.$D.....0}....99....y.Z..d..(.j...f(...
fEW...,..8.._.4Y1.y...eq....d.t.%6....]$..KE......k.&6j`.pJ.2^.2x.t.&l
t;..>l.......&..)<...w....0%:...d.......G.^.'I&........A........
..s.NE9.s.^.....<x./..4.'..=T.(&....Y....`,....l...7...rz...6.q
<<< skipped >>>

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

Range: bytes=71389-142779

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 71391

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 71389-142779/285558

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 c1639d907cade557ebff29e5be78b0b6.cloudfront.net (CloudFront)

X-Amz-Cf-Id: XdsAdeUuFWvSC_qbO6r8hh8y9xoXY4FhIcb7tVkhhpIswJ2DvRqb_Q==
...IK.#.ikv7..=....\z....if.J^.;,5!.._...MR..w.OX..&.....p:.........5.
L.iT.L.O.....7D.]b..........3.. 2=v.a.....^k....xp .`..y.1>...A.Q!.
.._.J.D.......j..].8v....>.P.\ei%..OU[.V.p.*ky..E*.D0).-l.B.....*..
aG.b^..T.yqu8.Np.'.Z&V`..-..2l..Bu.l ........4X.U..9p..}E|..J...".m..:
[email protected]$h...8D.s"..]......3.. .$..H.Sf.z.....q.Ke.....b......
.IO[[email protected].....].<.........g.mG
..as..ez|.C.......=p.^U|.`s6.).\).]........2j.....N....a...i\.m.<..
....8......z....=....i.s.2...r...n.=h.D".O.MN..a.S..f. .S.i....N>.O
;...>..4%.{.L....... m.....%.Hw.U<...."...ns.Z....).)`o:....O...
.0..SDt..|V.G...iU.d P..x..{`i[.X.Uh..@..`C...;6.\..y.]-W.... ...G9`.%
i~.G.......r#`...`...G....Z..KQA~'vL2XAM..(o......jU.....3........7...
[email protected].`....u...G......H.N.|..;#..G.n]J.Kx......t.i
f.8u.^....L..L..;..# 6...p ...........U..KU%....F...>....L.sZ.Cm.!.
.cllj...&.:......p..y.....ds_.....W..t2.,.I...Z..c.T?/&O...8..q..<:
Cp.....7&.D7.....e,2.)..G..FP.l. .N....(......I.......4&...8.1;...M...
=.2..%;.V).>[email protected].!..GHUZ.nnh..........n#.....F.v.S...
Zy.m..........;..k...3..(. .k.............,H.D.L.....K...`[.. C..7X.uq
.zV.t...m..`..H.....s.e..R.7...4.F..`.b!..N.pY...=%K...s.Tt*9.rR..A...
.xt.hR.k..25...=`...7.........&=....vK.A...4.d7y.....(....7.(..l.k...h
.C.w|..yP..#...lNI..\8....c...I&.h.[.=p... ...._......).;.>"@.....@
.n@..)...,....80.W......kh..z8.......W3S..E...3..H....^.t.L.\........3
G..b.....!.^....U........
<<< skipped >>>

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

Range: bytes=0-

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 285558

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 0-285557/285558

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 1bf0d882921b31997e2650c5d2719973.cloudfront.net (CloudFront)

X-Amz-Cf-Id: y7O2Y1wPhIiOP64hFKZCDSw2PwXypjG_juQ87yk4gVfMuR1WS-mJiQ==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
......@...............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
[email protected]..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>

GET /sd?is=sm HTTP/1.1

Range: bytes=118998-237996

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Content-Range: bytes 118998-237996/475992

Content-Length: 118999

Connection: keep-alive
........{i......EdZ$.. ...?.Cbp....k..?.pLH....j.J1...W.0\NjWF2...A2.8
N...~........u...../...i..#[email protected]..."./jl....W...........?.
5.i....QFK...b.>....wt<..L9........t...i..;.l...g0....8.......uK
t..^.N....76.6s.I...d._.w......}[email protected]..
.n6!.u.i....[.U.G..F...*vY..K'.....7NTW,..ZD..@I#sngXI.....".{.Q......
~...5`.#.......S....QD...........G...R........Y.|...?Cc.w....R|..QZ...
@.\.'[email protected].`.<.$g..U...H]. ....-. [email protected]..".}=P..B_.}.$f.j.k.
Q.u...(.Fa.sJ...x.3.ri.E..:.;_H<...z.x.w........l..l...T......A.d.(
Q..s:.a^......i;.8.../..c..T...o..V..H....i_\}...iJ.....u....'i..".4..
.....7.x.e.R..5.U.=.....VTE-R#Oi....b.t..#...W,L..;M...`.....r.."C../$
.......].A...S.$^........@..!T_../l.I..I`......I-.w.J..r..>8.H.Q.Hd
.@.[[email protected]....\d..C1....%...=*/...d.... ...aN..,.
.7"...C!94..;.8.O'.3B..D.B..\%......\3.F..4B.....o..B0.1.z]......%..wS
...6...f.H..K..r.4....&7|.o\.%.Rx...I..w&....V..O..}......;.%.K...".z.
.....&.L...4h'A.v{,1....e:[email protected]}..5t.....T...U.E.q.......N.Z|.b.F
Rj..3....O....Xdp..p.:[email protected]~.&Q.>7SO3.o.8.....).n|.}.x....u7
&.=kO..[...Fj...tq..v..(.9.7......P%..>....C....YM.V.u."yk.{..E..0_
......o..w..C........~L...7...q..#.T..n.y0.....J..nb..\..u....9....YN.
.....x.9..&.d.sN~..5m....J3....D..L'..0 . !Q...2L...G....s..D..r......
Z..Df....sN..o]".& ..L.>HE...T7...u.(..!.Jkn....Z..$h.J2.....m..1.#
[email protected][email protected]!..M,..q......
P......R..[V.ieo_.j5Nl....h%.>...W..6i..s......#~...$.........m
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

Range: bytes=0-

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

x-amz-id-2: YDfoA9PCw4GoEMSNgZ1OC0zyYwkphxQ31330LNVRYvWJwp7 V8dIzshmUn4MFXzuUqFLSc8uigw=

x-amz-request-id: 44DC3AB5B4F9EE6E

Date: Fri, 13 Mar 2015 01:01:14 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Range: bytes 0-988407/988408

Content-Type: application/octet-stream

Content-Length: 988408

Server: AmazonS3
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
.........P...............`............................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
rc...P............v..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t..

GET /affiliates/eula.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: d3k2eoekmudqmk.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Server: nginx

Date: Sun, 08 Mar 2015 05:10:31 GMT

Last-Modified: Sun, 26 Oct 2014 17:23:05 GMT

Expires: Sun, 08 Mar 2015 05:20:31 GMT

Cache-Control: max-age=600

Content-Encoding: gzip

Vary: Accept-Encoding

X-Cache: RefreshHit from cloudfront

Via: 1.1 a7ff8407dd3b3befd5f1244b3435b471.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 4Wp6OE_NXmBd3bYxgslvH_SplwBhjz4OE-uZxSjHXTbpo_YvGqvUxA==
1500.............Zks.F......N.......|.-y."!...P.P.... .)".....1S..{...
.R.g.Jl...}.{...>....F7..ZV.T]NO..Pu....?...Q4R..G.c...VEE..I..Y...
...:..Z........?...n...G......o......w>.o.d..U.../......4..`..?~{T.
.d]..i..;.~......y.Q....7i<,..<.....d...|...l.?..t..F.OeU$.....:
Xl..U;8...Q.~.vGw......E.I.....z.7S....q.I..f.q.DW.....U....|..(.u.1..
.z..3..|....A.....:.............P....X$..*.w..........s.;..]..........
u.?..%f...~....S..b...,..........5.(,Qm...w .NK...Y>......u.......}
n..C......8$....)..R..4IuwS....h...*...f.e.q7...<y...I.....:8...s#Z
/M./...B...s..|}[email protected]..)t..uJ.WR..._.LTvz. yV._.L.tz..6 ......
..e.......6.....#b.j.A..yw.[.p.a...6n.6;(u40..8.....&..DT.....EQ..k..J
D.C....zDq....W...X...f.W..D....I.:............~..........f..a.QZ....&
gt;f%.(..n....z.v.u.mCc..].......u$..S..UK<...."T.......dhR.U7i.3..
.....4.K.....6..-..]......'$Y..9$.....U>Et....y....M..M.2x.....`An|
.^.t'O.. !..m>.:8.KZ.........$C...f..Ll...4.<ZGm.$H{Q...........
z..m................p........|C.......i^.W.}'.>..*.....z .=,..7..L.
WY^..T./..zS&...w....g.x..O.U\$q.S....Y.S%*.7..................W..,^'8
......o..W..Z....Q.U.7bp...l5.E....=P....A.D;45....d.q...Jg....."...&l
t;._&...>(VQ..<......Q..v.....?@,...h...P8..i.<N.......fs5.u.
8...8v..-. .....OG..'O.....3{*1u....P..?TK...!..:...e.......6.N./.....
C...'...V&.].....|.b...\.D..J...Y...n-.j.j...u..G.....B.h.Z......s..dw
...9.\...D....]w.n..r&#...~..q4.St........&..3RC'pO.....p.C.2R..."7..6
x8.'#/..I..S......vd..r......I.9..79..B.4..^}ur....S..s...u2."...~
<<< skipped >>>

GET /affiliates/piratebaymirror/The_Pirate_Bay_logo.png HTTP/1.1

Accept: */*

Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: downloadcdn.filebulldog.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Content-Length: 3955

Connection: keep-alive

Server: nginx

Date: Fri, 13 Mar 2015 01:01:09 GMT

Last-Modified: Mon, 04 Feb 2013 18:04:54 GMT

ETag: "510ff846-f73"

Expires: Fri, 13 Mar 2015 01:11:09 GMT

Cache-Control: max-age=600

Accept-Ranges: bytes

X-Cache: Miss from cloudfront

Via: 1.1 82cdda900e097a19d365892f62aa31dd.cloudfront.net (CloudFront)

X-Amz-Cf-Id: lNqgr8Cbru17FtYMqqd7iRJ4-zyTh88cqgShlD7TsSqEaj_-czrOzw==
.PNG........IHDR...0...0.....W.......sRGB.........gAMA......a.....pHYs
..........o.d....tIME......0..w.....tEXtSoftware.Paint.NET v3.5.100.r.
....IDAThC...x.W..e.K..Id.=..._....KD.!...P...-..m....jM.v...>S....
.S.6.t..U.UKH... .F..$m.<.y....s..s.=w.:th... g.p.M.vP...H.r..u.p.c
........d...vP......e[...m.P.....6Z.....%.~\.. .Fz..:..T.....fYm4....'
.t..........?kh..t...MZZ......a.wl_.m.6:=0~LV. .;Q..&#...a...D?..Y...I
~.{.6.k...r.#'....d..h.....N..HK..}"[........\~o.........7..T~h...a.&.
....s................<u@D....."....9 .gT...T....oN.<......d^....
.....)....\..1T...[N..m.}....b..AQ..AQ..... *}.....5 ..........w..<
.....v2...f.....*.^.u)S.....0..7m..!......y...s....Cc%.K....O t.)*..N"
fL*..'.........)...H.kT%s.cj..)jTd....9.?..%.....E./.%.YCb..J.....O...
..1......>..S..[.....6....^xk..X.rr~........p..6(.s~I....... ..*..&
\..S(.=I.n..r.X.....AM..9<;..n..:[email protected]{......v4.7}.0bZA.....
..,......w[R..s..d.\..42.z....!D!.........H...{t....feT...^}.!..D....d
.nd.......L .J....A...xc..,.J.-etzP.....eU)..AN.$HD.C.Q..K...ow ]ke.`R
..{*.#. .S.....1.HC..>sH. ..iT..3$.....*V.J.x.\E..>dN0q...(...."
V4....*i.....j.V..D<[email protected]......,=)....2..U%.|
yt.xiTj}i.o.....XE.lo...d.-w[3....8...j......'e..i...}i`B?]<....".g
..... .....D5.y.4>zUu. 2.......&.."...R..T2.=.>...j....P........
[email protected]`-..6....w.).EDe..[..6..uc2......Y..$.....?.Qk6Y.Y.J.G.
..*.._][email protected]..&i.>.....R..V!.. Z{.sw.={HL>^
....2.............."i]s.x........5..cx^..6.._.Fy...5.....K.kk2....
<<< skipped >>>

GET /sd?is=sm HTTP/1.1

Range: bytes=118998-

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Content-Range: bytes 118998-475991/475992

Content-Length: 356994

Connection: keep-alive
........{i......EdZ$.. ...?.Cbp....k..?.pLH....j.J1...W.0\NjWF2...A2.8
N...~........u...../...i..#[email protected]..."./jl....W...........?.
5.i....QFK...b.>....wt<..L9........t...i..;.l...g0....8.......uK
t..^.N....76.6s.I...d._.w......}[email protected]..
.n6!.u.i....[.U.G..F...*vY..K'.....7NTW,..ZD..@I#sngXI.....".{.Q......
~...5`.#.......S....QD...........G...R........Y.|...?Cc.w....R|..QZ...
@.\.'[email protected].`.<.$g..U...H]. ....-. [email protected]..".}=P..B_.}.$f.j.k.
Q.u...(.Fa.sJ...x.3.ri.E..:.;_H<...z.x.w........l..l...T......A.d.(
Q..s:.a^......i;.8.../..c..T...o..V..H....i_\}...iJ.....u....'i..".4..
.....7.x.e.R..5.U.=.....VTE-R#Oi....b.t..#...W,L..;M...`.....r.."C../$
.......].A...S.$^........@..!T_../l.I..I`......I-.w.J..r..>8.H.Q.Hd
.@.[[email protected]....\d..C1....%...=*/...d.... ...aN..,.
.7"...C!94..;.8.O'.3B..D.B..\%......\3.F..4B.....o..B0.1.z]......%..wS
...6...f.H..K..r.4....&7|.o\.%.Rx...I..w&....V..O..}......;.%.K...".z.
.....&.L...4h'A.v{,1....e:[email protected]}..5t.....T...U.E.q.......N.Z|.b.F
Rj..3....O....Xdp..p.:[email protected]~.&Q.>7SO3.o.8.....).n|.}.x....u7
&.=kO..[...Fj...tq..v..(.9.7......P%..>....C....YM.V.u."yk.{..E..0_
......o..w..C........~L...7...q..#.T..n.y0.....J..nb..\..u....9....YN.
.....x.9..&.d.sN~..5m....J3....D..L'..0 . !Q...2L...G....s..D..r......
Z..Df....sN..o]".& ..L.>HE...T7...u.(..!.Jkn....Z..$h.J2.....m..1.#
[email protected][email protected]!..M,..q......
P......R..[V.ieo_.j5Nl....h%.>...W..6i..s......#~...$.........m
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

Range: bytes=494204-

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

x-amz-id-2: U6WzL5ZVMkiTYFgaaRNgiDNXWIX1UnLSeACUu0lRjbHILy7 UXJGPEflVwfK4IPu1r4850OC5zc=

x-amz-request-id: F776F0D2F7E9E215

Date: Fri, 13 Mar 2015 01:01:14 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Range: bytes 494204-988407/988408

Content-Type: application/octet-stream

Content-Length: 494204

Server: AmazonS3
.;M@{..M.?..4R.[v. .-..bIcw.......b.....!..rf.P.........0.....{......y
..WL.D*^[email protected].)4......V.P!s...!pW6$~......T
..i...kQ.X..-.V.&...;.`...._B..-*.V.*[.S..?...)$\....i...E;........|p.
B|ON......:...@,.qX.vb8.%.<@..z.>_.RB..y.n.oX.AW1(....YU.4..O...
.Q...........A.z[.G..-z#......4/...X..N..l|.p..5!'hV.._.n..c..^.k...E.
....p..5B.......HEm.dh.4.sGUh..WP7.#...........:Z.].K"............B]W.
V...L0q~.].AB.`.trp.eW..J##..[.r,.(.&...."..G..B........#o..`....p...]
5{w.......%z......P}......Wj. M)^...5...Y.C._.7..*........'.. jI.c...t
..@$.X.ty...1.He...eV....}.l.R.2....A.P.....q....#"..58.Yg.f...(...1).
....,......|.#.KB...3H$..N...r...r.)...^.ST.$..?\.... 8,d....{ M...u..
:C........e..FL.j....S...MMd....%.N.i.....y.c..M..H....v.~5........:.f
DI...#.....0.(TH...sWso...:.#~....p....B!.....D."m..Xt..c,.m...e....z.
F*..m.Ci.Qt.....j.m*<...n.7...M..J......(..{....z......y.v.."@kNX.k
3{.m.[.._m\....(...Rz.ka..Qwb....3.\o.?.x..6........j..Do..j....)q....
]Q..}.. ....9....x.. b#Q/ .g.._.-Y.ZZ..r>2.e.\zu....d:w..].j..ma.0D
[........9..2.=...<....j..h.D.3Z..0.f.{$......i..tm..y.J.>.$.kz.
......_.....z...Q.K.(..=.7..I....C.9R_.z...w...B.... ..y...2.j..@'q.m.
.zs..}.........z...r).~....%.............]..rY0..Y.sgE...B.e.....|.<
;h..q.tLPw.....MD....z.....z..3..jP.KQ6>.I..#.{...gyf...@|..#....|.
.,t..m....q*.r.OLX`"B.....k....!n.Q;n......2vn....... a....{..|z...H..
..C.!.eGn.#.....-..m.R...N...._..e..k.&../p......b.....jq.L.-.c..q/..O
/b.......m....~.....:D.A&..Y...`...z..c..U...F...jZ.G.s....*..AI..
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

Range: bytes=72600-145200

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 72601

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Content-Range: bytes 72600-145200/290400
.....^]...U...u.j..u..u..u..o......]...U...E.S.].f.;.W..tC...f..t9.. .
.M.f..t....f..t .... .u....f9..u.f.9.t..........f..u.3._[].......U...U
.VW..t..}...u...1..j.^.0.gl.....3.E...u....... [email protected]......
1..j"Y......3._^]...U..V.u.W..t..}...u..|1..j.^.0..l...._^]..M...u.3.f
......f.:.t....Ou...t. ....f......f..t.Ou.3...u.f...*1..j"Y........U..
V.u.W..t..}...u...1..j.^.0..k...._^]..E...u.f...... ....f......f..t.Ou
.3...u.f....0..j"Y......j.h..C......3..}.3..u.;....;.u...0.........%k.
.........V.....Y.}[email protected]..
A$.u)...t....t.................C.....YC..@$.t...0..........j...M..9}.u
..N.x......A....V.N...Y.E..E...........E..i.....u.V.d...Y.j.h..C......
3..}.3..u.;....;.u.../.........1j..........V.....Y.}[email protected]
....t...................C.....YC..A$.u)...t....t.................C....
.YC..@$.t..#/..........i...M..9}.u!.N.x....E..........V.u..`Z..YY.E..E
[email protected].;.t....t
...................C......A$.u%;.t....t.................C......@$.t..]
...........h...._^[]..].;.t..F...u...y...u..~..u.V.w...Y..;F.u..~..u.@
[email protected][email protected]...%......j.h0.C..-...3.9E......u
...-.........Yh......,.u......Y.e...u..u......YY.E..E...........E.. ..
...u......Y...U..j.j..u.........]...U.... SW3.j.3.Y.}..]...9].u..I-...
.......g......i.E.;.t.V.u..E..u..E..u..E.P.E.B....E..............M...x
..E....E....E.PS.ZX..YY.M.x..E......E.PS.BX..YY..^_[....U...u.j..u..u.
.K......]..@RC... .C.Vj.^..u........;.}.... .C.j.P.W ..YY...C...u.
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

Range: bytes=617755-

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

x-amz-id-2: Ur/0DlqWP66Ok1G5COX8gPrdRTgtsoiBUdTH8lrPT4TUeccliMjzbscfDwETzB1Edavve pPiC0=

x-amz-request-id: 05351A7EDDE2FAA1

Date: Fri, 13 Mar 2015 01:01:14 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Range: bytes 617755-988407/988408

Content-Type: application/octet-stream

Content-Length: 370653

Server: AmazonS3
...m$......"4C..HA.e...P.V.9J.2.E...."X..!X...>.U.oL{$.!.......5..h
.9\...Ua.M.%....... .5.}[email protected].'...'..My.......3i.........e..SPNO.ka
..R...f...5Mm..............c....W..%z`..U........D.h]...\q.....vyr..2.
.$.[.8M..6...=.*..g...J. N-k....w........G....s......6.3?>...).>
D..J.^.c/.N....u.6.....s...{....L..n......:........'...,...^..mg...BO.
>..}H#..N.'.F...%.....p..#....t...zV.,.\9.......D...B...B.:.[.IYZ..
.c..^K..[(d....H.......FwD.......z..L....-.i(.......I.....x.*..s[.....
b.H0DR..<"......d..w.{..v%e.8n......6t..P..>VK.e...4...B(7...>
;.a....K..A...Z.%.x."...:O...!...".p`......t.....q..Z...".....t...s;."
.[h.#z..ZG....&A.(.....@..........}...?g..u(.M..[.dD..h.7C4HS......I.-
....'.....|O......X[.....2"6.lR..(......m_....f...........u...n....Y..
i.9.......5..5..<7 ...0.c...|.i..zHh8..B'.........B.~1..;....A.T.H.
.FT.....8.9L..i`,..t.!C...B.<..lQ..W...F[....|T\..o.f...e.....H.o..
..9U....p.ReW.z.wJ.....A.!.#.../0.......E..v...X.M.(.:p[...b9.{#N.....
0...%6..AsI....'.........9.H%}6.0..'.;..R5.........4.j.Vw..g..N$...q..
..........s.}.)........\.2..^P..f....UA.bQK...o.~B..D...F...W.....)L..
./.wL]>[email protected]^.x......&G.Z........G..2.WuO......&.....T.W..
.)(..D.e.........C .Bl.U{...hC..ml0.......x......3...............h|...
.d.0`3.6$l.)Q...e.....BPo|-..@..<,K.0t.....2g.o./4..(.q$.M..M..X(J}
..F.Y.%Z..9.'.n...WR.V.V..I:.S`..uA.(h9FN.c..X.........4..........kD..
....>7.6%..n..`.v..R..w.u:.n.......u5f.!K*....6:...tK..n...k.%...AJ
.".../..}p.g...3.2.m.[..6....g..F...C......G_..B]*..i.<PX./gMI.
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

Range: bytes=0-

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 290400

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Content-Range: bytes 0-290399/290400
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......M.C...-R..-R
..-R...R..-R...R6.-R...R..-R...R..-R...R..-R..,Rt.-R...R..-R.E.R..-R..
.R..-RRich..-R........PE..L....<.T............................ 8...
.........@.......................................@....................
.............08.......................R..`....p..L...`................
...............h...@............................................text..
.#........................... ..`.rdata..f...........................@
[email protected]...$K...P...*[email protected]................\.....
.........@[email protected].../...p...0..."[email protected].................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..3.j.P.u..F......F...
...>.....]...U......V..M..;...i..... .;E.s..E..M..I....s..M.S... ].
.. M.;.w.h..B..b....M. E..M..E.;.s.j.Q...'....]..F.;.tR...r..........r
........u....M....E.QP.........{..r....~..r........u...SP.B(........U.
j.[;U.wG;.r.......;.r.......RQ..P......F....;.r.......;.r........u....
M....E..F;.r.......;.r........u....M...Q..P.d....F....;.r.......;.r...
.....u...QP.>....M.....~...N.[r.................h..B..p....U..Q.}..
.M.u.;A.viS.Y.VW;.sY .9].wR3.B U....y..r......M....SQ.E.P.&.M..}..
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

Range: bytes=36300-

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 254100

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Content-Range: bytes 36300-290399/290400
[email protected]<3.9s4.OT.wP.K4....Od...O`.K..Oh.w.;.u..w$.w(.w,
[email protected]@.GX.CD.G\.C0$..Gl.C0.....t..C9...C?........Gl.
.......G|.E..Op..xV4..Gt.gE#.Gx.xV4.E.;.t..E.....t..X....E.u..Cx.M..D.
..G<.w..{|3._^[..U......U.SV3.W.u..u.;.t....;.u.j.X......x|;.t.97u.
j...;.u.3.......E..G..G\.O.;.v..G.9w..........U............GX.........
.@..;.s.......y....Wh.W<.G`3..].......q....w`j.S.7.............X...
._<)[email protected].%................E....2.0.U..;...
.U..E..E...29].r..G|.O.;.v.....t%.W..4..V.)G\ .)G|.O..w.u.:...........
..d.u_.G..w.;.s...3...t..O.....W....@;.r.._..GP.........)w\)w.)w..w..w
..u..GP.G\..._...uN.E...tG....B.G.._..E..G..%....w..M..E..GP ........)
w\.u..}...GP.G\t>..t:.}..u.......j....}..t..E._^[....../.......'...
.....j.......E...t.....E...U..QW3..}.;.u.j.X.PV.s|;.u.j.X.B9~\u..FP;FT
t..E.......;.t.P.C...Y.>.>[email protected].~@.(....E.Y.{|^_...j...
...h.......RP...........U..Q.>.SWu~.~..ux..D...S.....W..H.B....H.f.
....f..u. ......FB.....\t.../t.h..C.WS.........E.P.u..5...YY..u..E...P
...........%....Y............_[Y]...U..SW.u........D...SW...........H.
f.....f..u. ......FB.....\t.../t.h..C.SW.;......_3.[]...U.........tVC.
3..E..E.SVW.....................d.....;C...Y....~..t..F....E..N..;.8..
[email protected]............................
..... .....$.....(.....,.......;A.}...............E...9A.}..6.........
.....M.......9H.|......S......Pj...T...P.6..............P......P......
P.6..........t.......\.............3........t.......=..........>
<<< skipped >>>

GET /affiliates/piratebaymirror/The_Pirate_Bay_logo.png HTTP/1.1

Accept: */*

Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: downloadcdn.filebulldog.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/png

Content-Length: 3955

Connection: keep-alive

Server: nginx

Date: Fri, 13 Mar 2015 01:01:09 GMT

Last-Modified: Mon, 04 Feb 2013 18:04:54 GMT

ETag: "510ff846-f73"

Expires: Fri, 13 Mar 2015 01:11:09 GMT

Cache-Control: max-age=600

Accept-Ranges: bytes

X-Cache: Miss from cloudfront

Via: 1.1 82cdda900e097a19d365892f62aa31dd.cloudfront.net (CloudFront)

X-Amz-Cf-Id: E5nJfzKu7lbVGtg9eRIJ59AwQs3wq73GTI_qf3WqmvURj3Yva0blyA==
.PNG........IHDR...0...0.....W.......sRGB.........gAMA......a.....pHYs
..........o.d....tIME......0..w.....tEXtSoftware.Paint.NET v3.5.100.r.
....IDAThC...x.W..e.K..Id.=..._....KD.!...P...-..m....jM.v...>S....
.S.6.t..U.UKH... .F..$m.<.y....s..s.=w.:th... g.p.M.vP...H.r..u.p.c
........d...vP......e[...m.P.....6Z.....%.~\.. .Fz..:..T.....fYm4....'
.t..........?kh..t...MZZ......a.wl_.m.6:=0~LV. .;Q..&#...a...D?..Y...I
~.{.6.k...r.#'....d..h.....N..HK..}"[........\~o.........7..T~h...a.&.
....s................<u@D....."....9 .gT...T....oN.<......d^....
.....)....\..1T...[N..m.}....b..AQ..AQ..... *}.....5 ..........w..<
.....v2...f.....*.^.u)S.....0..7m..!......y...s....Cc%.K....O t.)*..N"
fL*..'.........)...H.kT%s.cj..)jTd....9.?..%.....E./.%.YCb..J.....O...
..1......>..S..[.....6....^xk..X.rr~........p..6(.s~I....... ..*..&
\..S(.=I.n..r.X.....AM..9<;..n..:[email protected]{......v4.7}.0bZA.....
..,......w[R..s..d.\..42.z....!D!.........H...{t....feT...^}.!..D....d
.nd.......L .J....A...xc..,.J.-etzP.....eU)..AN.$HD.C.Q..K...ow ]ke.`R
..{*.#. .S.....1.HC..>sH. ..iT..3$.....*V.J.x.\E..>dN0q...(...."
V4....*i.....j.V..D<[email protected]......,=)....2..U%.|
yt.xiTj}i.o.....XE.lo...d.-w[3....8...j......'e..i...}i`B?]<....".g
..... .....D5.y.4>zUu. 2.......&.."...R..T2.=.>...j....P........
[email protected]`-..6....w.).EDe..[..6..uc2......Y..$.....?.Qk6Y.Y.J.G.
..*.._][email protected]..&i.>.....R..V!.. Z{.sw.={HL>^
....2.............."i]s.x........5..cx^..6.._.Fy...5.....K.kk2....
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

Range: bytes=254100-

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 36300

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Content-Range: bytes 254100-290399/290400
.Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q
'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'.
.Q'..Q'..H#..P'..Q'..Q'..Q'..Q'..........Q&..R&..R&..R'..R&..R&..R&..R
&..R&..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'.
.Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q'..Q
'..Q'..Q'..R'..........R&.............................................
......................................................................
...............................................................S&.....
.....S%...............................................................
......................................................................
.............................................S$..........U$...........
......................................................................
......................................................................
...........................U#..........V".............................
......................................................................
......................................................................
.........V"..........W!...............................................
......................................................................
.............................................................X .......
...Y..................................................................
......................................................................
...........................................X ..........Z..........
<<< skipped >>>

GET /sd?is=sm HTTP/1.1

Range: bytes=0-

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Content-Range: bytes 0-475991/475992

Content-Length: 475992

Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z....... ...0.......p....@.........
........................$S.......................................s....
...p..............h*..................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
.....p..............@....ndata.......p...........................rsrc.
.......p.......t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G...
..t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>

GET /sponsored/istartsurf/eula-istartsurf.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: d3k2eoekmudqmk.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Server: nginx

Date: Sun, 08 Mar 2015 05:10:31 GMT

Last-Modified: Sun, 26 Oct 2014 17:24:16 GMT

Expires: Sun, 08 Mar 2015 05:20:31 GMT

Cache-Control: max-age=600

Content-Encoding: gzip

Age: 245

Vary: Accept-Encoding

X-Cache: Hit from cloudfront

Via: 1.1 3fe63ad2ae5f5b8c327f7cf3001228e0.cloudfront.net (CloudFront)

X-Amz-Cf-Id: UzW2fN3xiO2R8NKPoGZipngAiWLzFLE_-z_kMiBpPhB-YIC_WcWMYA==
139c.............Z.s...... ..4.Z....m......g..........#y.>X|.b:....
....R.f&q........]<...o......Y.En.~....s39...}|>..q.....W_]....s
U.....J.........m7....v;.~<.......-.:....'.h.,k........"/..{.9...Ou
...l.?........;......oo.>....M\......G/.....S...f.....V..k..]...\._
...eW......d.1....{z.v....vy....r\...4.zvVvy~..}6........im..z.Y....k.
..Y.6.M.t...........O..O?.....a...M.V....nk.q.W.....w.....7..7.....~..
..>.....V....u.4.).RK....[...B....z....h....;H.....^Ze..o^.W..*].b.
.....~.5?>.?z..,.lw..\;....n...r..5A....*..lK.......|weW_..M......'
.z.......i.l......>....f.k_.p.E....v.$.4...x...y.^9I.zr.4..e.`...Q.
..f7.Wf.k.gS..~.:.....n.....W>..;J..&:...P......<.k..x........k[
C#g..].......(c...)~x......................^...y"...}.N.....)....<_
Ve{......ts;<[....g..`.4..K..#.]?.#.rE.%.{fR...Ilu....'..S..c.l....
'..=.{od...H....=>...}fN.r..G...H.............Ac.../.|........Cc.S.
...Z..\..h.....;.&iL.v..Sf........>..v ...6H.%.....j.\.....t.....7%
<[email protected]>.a/Bi|..1[[email protected]....]..)..|......X^.....<.G\.B..*3I
68..R.f....-.w...........u....E.2...w&u....q...... [email protected]..._...B.
rgZ_....U......>.j.m2....w.C...Z...M...w.^g. .....HO1....g.r... ..6
.P.o...... i.......z.B...9../[email protected]_....2....7.%
. .B....^.[.?N.....w.74........ 6.E_.j["kB..k..x.2'.L.N..Z6..ZN.E\!.7}
z....T...MyJp.aoY.1....x.\...iP.t.....3*.)...4.p...4.l.li.kD.W.......J
...n.=......f"..O@s|n.....m<B.J".Y.<....C.....!;#7.p..2..&.A.{.K
.....s.mp1.g.K.{P.. M....@....]]../.H.z.!X".b.....hL.W.e....vM...)
<<< skipped >>>

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Cache-Control: no-cache

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 285558

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 111d7d2d6210ffae0900ad3d2e66bc5e.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 7PysVT31wEjjkA1F3vz8AyMPaLEkMCgHuYctw8qi16MkzZ-EsIG9fg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................\..........<2.......p....@......
....................................................................s.
......@...............................................................
................p...............................text...ZZ.......\.....
............. ..`.rdata.......p.......`..............@[email protected]........
[email protected][email protected]
[email protected]..............@..@.................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....>[email protected].>[email protected].
P.u...Pr@..}[email protected]... M.......M....3.....FQ.....N
U..M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected]@[email protected] [email protected]..
.\r@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i.....
.D.......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[..
<<< skipped >>>

GET /sd?is=sm HTTP/1.1

Range: bytes=416493-

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Content-Range: bytes 416493-475991/475992

Content-Length: 59499

Connection: keep-alive
.....o....^(.l.X..W......^Hk r... .jy "..<....../..3I(.c<...=...
.yR..`EJ...C...=..F....t....yx...!....D"..kOE...6......q`[email protected]......
..'......<4.QIh.y.....% z....y...VL...*z......K.......:..:...R.F...
....../...s\....Wk.Q3*wZ.......P...61.[.g<...9..Ra4..].......h...!k
........_..h...~t`T/....`.:d....\)%"[email protected]%...".M......j..X'..I...
...../.6s<.[..S.-........*xk....p.a.2VK.B\...v...G....J...Oc..6..3.
.0........,..e|KL3....~.F^s........lU.....o...$.Q.......]..{aB...Pr.s.
.$......_.4.....l...v ..0?M1b&......I.$C.fl.d........k...N.g^...bb.x..
v..~....:...jT......S....:......G...un.r.IP.T.. ...$>.....#U.B.' ..
....y=ZB......_..r?.r.5...=..{(.}.e..{.n..:S.a!.:....Pk_.E...{u.UJ...l
....T|....AV....3>Y..=}....G.X%...aTg...8~.X...9.....C.9.....2z.vh.
....R..z.s.w...j.t..........&...:...g......3d.Zf.%&P|J...x.Z..>.2zb
K.....>B.6..0.A.).....O.h.....v..zP.wj..J.ng...%Hz......tV..(......
.p.A...p.A.2JN...@..<....P...I..{}0....p.0.`GW.....xA)A.h..1.b.....
.......qQ.b_`n....2.....L.`#...:E.o...H....|..../[email protected]<A.0..j....w.
p.....60...).V.q..;BD.v.zuHM.....M.M6..$.U....*.........HI4....m|0rO.*
....o;..:.y...P.......34.0.....D.wx.......R.C1A.....=..........Tz...9%
...R.x.&......2./..X.sC.Ps.8...{...c......k.....$$....T.y...E|..H)(...
.l.]....q.3#K....H..b...40..."..c._..d...M.Y.UZ....Q......d..).!^.....
....G...q4a..R.&U..._.....LY...'a... .~.NpA....4... ....8.H;3.\..!..k6
.e.....~N8.. $/.7....(.[.L.rkU...%Z1#..'$m..atp./wT..=i..{.L]...$.....
p.....W..gJQ<..I..Lp%k&T...3.:........3.TA..*cB...[D._..?l (.!.
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

Range: bytes=864857-

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

x-amz-id-2: AsfOVK1IHuc7mLqhQt6ewOB 8WIACEwqgR8ME9cpeadCc/19oGQEWB Fsv oHkdvvgw/GYskQ1U=

x-amz-request-id: EDB4698CE09AD0AB

Date: Fri, 13 Mar 2015 01:01:14 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Range: bytes 864857-988407/988408

Content-Type: application/octet-stream

Content-Length: 123551

Server: AmazonS3
7f..]....|.5...[HZ-.....{\..Y......?...DQ....5Wp.!./...,LGv....- .....
.zw..x..B%9{..#....x.. Rp..by....KZ...k.t..y......8*.<.........L.d.
[email protected]..,...}..l....g....s.6*...".....F..f&.0.p..-....q....UN..
...^...-S.3.....@ /2.;......v.(.#....2.......Z.un....:....U.J4.......l
.....S.........Y....".W.1..r.-.!./.a.......v....6.......l..a.!.^.;..8.
t.]qeq..u..7'/..I.fEd.m....ij....L..R..$......0..1O.......D.C.........
n...^...eC~...>ec...xU?4......Y-s.F...y,..cM.....'.b.w-..z>U....
 .9.K.!4..y..&N...Y..$...R*........b....V....\6l...H..`.{.....4.Z.....
.X?.q.2Y.D..J.Z.z..~..p.JP(...v.#..P...._ ....G.s $..x[.e..$<V!....
h...I.h9O%,....R'S..F...*.G......I.Sp.1]....#|K.G..S........."=.XZ....
9.......S.DR..)9..x....:.....$......=....n.....{.J.......I..[..VLm.6l.
!=..Q.v.....f*....".)>..D.1......t..:9.....d5.).y|w..Z.(.=~....2Ix.
.o_;..........'..J.2Ds.!q.v.-.....#."..iq.:1A[d...]....,....-(.^Q..R.&
gt;..-=...[=.M.c...%.\hu.t...M...h.WC:r......|x)....[~k.[....d......@F
....X.....*..7YQ..Kai.m7.....Y...D.2.o.P......(J&>z..\[email protected]
#r`o.h.....c)y...=.x..%...%...A_.r.Po...}.........Uq...V.r....i.m].!..
.)d.....I..R.$..)*..V.z..O.).n.15.qP.]t.9..'.J2y..9?..S.....4C....a..%
.I....?g...5..M..cy.....o...........<...P.S3c.M../[=u.#.g.m.V._H=..
...E.>U.R..3"..u.|j.n..\...r*.....o.b...;.j\.H......g#..S........hv
..<..H!.(.......q.g .....Bc..u.E......./5.Qo....j....@^......J.....
_=.Iy..K.`.W..E.t...m.w.K..[<..e*.g(.T.fD=.........xeD.g....&.._.b.
.Lc.zvkn.Q.O..0NI...~.5.b%k...**.f...sk..)z[.0..JY.u:lJ?...'.M~.k.
<<< skipped >>>

GET /sd?is=sm HTTP/1.1

Range: bytes=0-

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Content-Range: bytes 0-475991/475992

Content-Length: 475992

Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z....... ...0.......p....@.........
........................$S.......................................s....
...p..............h*..................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
.....p..............@....ndata.......p...........................rsrc.
.......p.......t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h [email protected]...\r@._^3.
[.....L$...nD...Si.. ..VW.T.....tO.q.3.;5.nD.sB..i.. ...D.......t.G...
..t...O..t .....u...3....3...F.. ..;5.nD.r._^[...U..QQ.U.SV..i.. .
<<< skipped >>>

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

Range: bytes=249864-

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 35694

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 249864-285557/285558

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 5f32e0f17e78c0bfe70226dd05074c92.cloudfront.net (CloudFront)

X-Amz-Cf-Id: xvkNAkXafdcHi7TToWdLi460swN3oFqUL2C5iTQYv2b0JBvHzfhbyQ==
..X..9f.q...%.@_e../xo....nFE5..b:.....I..}..ELr.......b.....=..Bq.G._
...|.eh:..B_]...'.q.T..XMz4N.@.....?.....Kg.I....f&.\.B6...........f..
Ff...,...i0E["...A/#.).....P..]..,.[..$.../..Q..>'...F.1.=.h.C ..l.
..Vc..^K]....z.Dp.<6.. .=..%$`.G...'..h..'"#......!^..}F7g..[.K..n~
.s..4fo%.K.....M...-......GM|V.......N..o...(.,........1...=...J{....~
v..C...HwM'rg=...Y..Y>Rj.[....=Xh%P.F(...Ph.D&..S.....EF..7....\.Z.
&/`..1q......(./..A.WWs.....L...:^.`....:......z.7.m.c.Xj(...z.....z._
.Y.Z.<..m....-F..-r.......yV....;\~....P...`qR..ue..Pad"..8.f&1/.w%
.e...m.....M].c..C.}.%_.s.WQxQ..1.WO.Ea.76.~..r.&..9..%8.0.......xE..$
..a/..*z.;khi.k".<}.....v....0)..a.&..Z..n..a|P.gjT....C.....[..W.g
.4.k|a.Zw-....k...?.{.......ZM......_.>i.@.`<#...y.S.<.;..kf.
.u.....6....$..}2..6.....h.U#.......j..=.{.4..}....@)..K...%...z^cxR."
.b....j.....T....U?is.3..L.D-v..{P....P....\...*..........NI.n.y...M..
..@...?d`N..k^...}....o5U.(..:'..|.c..wQ....)..T..y..uz.8......H...A..
..'}5....W.....u...@ ...s)........x..d.X.zz.p.....(.......c1..g.......
S..Q....Ae..&P;7./...A...%)'....~.q.T.3..j2..1..S.C..Dq.`...c.yZOpP..1
...z...D.3.f.__.F:.H......I..@.~...t..c.p.W.U."...1].>9..d:...i.6..
.....G{.mh..'...d..|{....:<.TZ..2I...._yI.fpG....S.??,[email protected]=r
.....{z.Q...Q.~.......t......1.]..Sf(.QD...6.%...5\.&HW......h.n*.j.cn
k..]....fz....W@... ..w...}.8...h.`n...........9>o.0.....pa.....U..
\e..%J.....`....OF.{.P &.....v..bk..n.c.M&..(.....8e.YZMw..R.M]Qa....o
.p.$g.D._.C...5........F.Pu{..n6...[.....T.&..N^[email protected].`2.
<<< skipped >>>

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

Range: bytes=178475-

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 107083

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 178475-285557/285558

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 111d7d2d6210ffae0900ad3d2e66bc5e.cloudfront.net (CloudFront)

X-Amz-Cf-Id: rG5Zg5jt2I3paAKoz7_hltUJ9Qxr-CkA34tNkWparKOtOcRk1-ATDw==
w.N>.Pq..A)...[N......B.x../.>[email protected]..
N.Z......j..&...h....A.hO..\....'.....sj.`.....H.S.|.s=.......I.)L>
...c....i.>.....G.u..H.D....P......qC0<.(...m..y.dm.\1N.m...v.T`
- .Ss. .G2..rk.......N{[email protected].......}......6P$....2
.52..!.x....L.R. [email protected],.].\...a..........k
.....A.....P....u`..I.///....b~.y..^...P...z..p..:.d.....R.4....U. ...
../.M]..~.........(...... y.).. ..In.I.)..ua.*..N!Q.......1.e..b)F5...
x.bS..f..|q.H..K...V.`.^...x!Su4_"?...uc.tY.m...%....r..be.z. ....0.^.
....]y........)... .u_/..V..6).v..\.7n-z.q.............Y.w.oBk..f..}..
[email protected]. .*.b.;..).....|.\@c..)......H.P..;......!"...gN.......9W..
.. ......NJJJ....N|..)T..aU..1....5~.G...=d.m..Qfl..?.yO|e...`.sXm$Op;
."p................t=V.........Q....f.r0.........i...M......E....Y.../
....N.7/.;.....|..R...(./.4..{)..~.M....).......f.w...6.^.0TB...H..c..
.....^-a.G`0ub..|a;.C..T.<..N/......^..>."....f..$..d.=.X0..x4R.
..W...=.....`..w.$\a/.~R.~<.....jS.q.es....-.....#W#.D.4H...tw...&.
A.w/...t...[H"D....9E].....A....B<D.7[.2.3.!.......P.......R..R._.I
...y........([email protected].\D.k.2....3..".".......
.p...?_X.........$v.....,......\.V..EV.G...........Z.DO....B..V...%.D.
...].n..`...H.!..=<.. Y.*l..].j.u.d.o.M.i...>..m........$K..@...
..]~.H.z.p.O.?.i.&.U.....U."<..o.S#..x.....s..g.[.....A.6~'-.1D....
....`Pim2....;.xsV2.'7.#..jlW.1-..4......h ..~...oV..."...]|..i=.....V
(.....e..!..EU.d....ui..9).....^P.o.g..e..H.1x.....\.#..D....G.w.p
<<< skipped >>>

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

Range: bytes=107085-

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 178473

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 107085-285557/285558

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 5f32e0f17e78c0bfe70226dd05074c92.cloudfront.net (CloudFront)

X-Amz-Cf-Id: BQ4KRgien6T-8UjSRGXQQy-p_pXzHrB5yOfgES-6COfTHS6gb94jxg==
...^]..)..;....h.d1...5^1...B...Q...z.N....WC'./..h......U.S....[...*.
>P.^jM..%i.3T5..w..$.X......?u.U...!.0..s.../..F.....i...k........9
M?.....p..3....J.Q.../s............8.0w2J"h..1...W.#[email protected].,Kao.@..:Kl
...Pk./%[email protected](j8&R..;..KE.UZ..&..........B.Y...'3D.
....K....>..6/......DM.....5B...k.I5.&....3....2..oe\[email protected]...
?...0r..J..ko...Kr.3.?A....um..r6..k......3....tX.....hQV.'.`.....X.3u
[email protected]"}.e..W.......BP.i...(GG%...P.]3".q<.A.l{.
......u..J.J.J.6Z(..-.w......)....nI\Z.B.>.xi#p. .9._(..m......"..c
...AnY.~......;..W....(..".d...EF...2..V....D..I .._..z.Y..o.......^..
.i2.c....'J...0B?............<...TM....T..)....Y../..Xg......>|m
C....O.......-7.z 9A..U..<U......Z.Q.X...i...C...D.s_...^..r..aJ...
.mm......p.......W.......'.*....LA".P......Y5np.z..../ro..>..\.$d-.
i_.g..=...*.]0$.Z:r...D. ..O*i.......B.%..K..^@...6Z....%....c...q...z
.R!].w(}.e.....R}7.c.......-...0/..i.....;..... ...'...tf.=....g>.N
...A........\..vHz.........{5.."s.........R...\.p.xj}...~=..w.V..$%...
.,o..Xa>...8.Q..E.....b.qL.K..a.....o0{...CEd/......J_n.......0T...
.#. .x...k0.....M'yr.X.U..E...oF.z.rE.oX....E...q...M..l*....q...~.`b.
.\..#..kJ..Mlt".P9..B.Y..r.j....Q.Y.1..w...%.x..nH....Mg-....#RZ.g..c.
..`no~.~.=.7y.....cI...jM;.....8.4O.Y...w..5..RZ.}..`..V..z/.{.....t..
y#Vr.9_;.-.G....s..\l^..h.]...{.^...{..`...oae....A...\&|....4.z......
....t.0...MzJ'...!.iW`x.xG#.T.Q...p..<.7...S...... q.6n=m2....o..aW
[email protected]{h;k.o....#.H.".c..<I#.b......].
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

Range: bytes=741306-

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

x-amz-id-2: iqPfZ1H5T1POK5TtP3eG9azfyPG42k/qdceyImbCZERNJohATp07H xEI/Sx/YnFCF0JumlorqA=

x-amz-request-id: B22F5CD1FB0A9883

Date: Fri, 13 Mar 2015 01:01:14 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Range: bytes 741306-988407/988408

Content-Type: application/octet-stream

Content-Length: 247102

Server: AmazonS3
......yM.[....~.....8.^..$5*iD..8.'.~N.1.Dfm.Pz.\..M.a.. .h#....H..&..
.@..............*P......\..d....#V..Q...p7.sY....8FX.....k...~...P....
[email protected].].....y..N.k.%U..L......8..?.....8..x.v...{.e.. .p.Zp..O...JBe.H.
.M.\(..y.d.&.B....H*........5...........uZ...JfY(..;.x.......k..w1....
..>.n.&$I....~K...M......w..#A....D..ms.z...zx.a6.5.BY..k.f...$....
.H|..^.....9...F.m.u-...'...H.w.eYA......{5....R."..d#..z:..0......H..
.....su..........t.5.....8.t....T1...C7.9y......_wO_...b.....)/....^..
....NH...7.;i...U..o...u..k#o....\Z..Ha^..T.H"'......s.........1...U.{
g..r..*o...^.....t%B....o.DV......!...8.....V @j....P.4o.z\..B.8S $z8.
/.x...~sw?ol..f.0}...a..`u.A...(n..o...:.).Ga..h^.jZ.'.c...q..^$..)...
..n.....y~~s[50...E.. ...S._A.F.}...F.e.shd<.4fL...j....|E...'U..e.
B.....Q.!J...K..Q._......6ME....b...`8.!.5.E..........'1.....2.D.SA.Lo
.]../..d.........SP......-n..g*.k.../....G]{..R...6s.....j.;..M.4.....
..s8.Q~.jbx.o.!..G.O... ..C....).:..........n".c.=.q].e..2.D....J..lFn
y../-....e....?......3`.|.......n.A...|h$;.....wu...1...4z9.t..#..f.&g
t;....A.).._..J..Bs/5.b_....C.}.....&...nU?n...Lb.hH....H.o...........
.RE.{...=.v.sjw.m!4f..AC).....1..F..A*..s.......;z^NMQ.P..D.SEf.......
AM........$.qzgM......=.....A.8..y...,......{..|......!...Q....u......
........m...8?......q...t.w...M.yE.D.K.h.........).......|....#...3...
.[.6.G......C..e..T.....!......k=...JuEzV./.w..."Cj.0......~T.N.......
.O.[..G5o..........Q...V.c..H.......'z..mX1.......}w.NE.K....j.1T=.)}.
....zS..9...v......A....$...........r..dc.."r.0..l..h..H.......;..
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

Range: bytes=370653-

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

x-amz-id-2: b/kyKsJw vJizvwQ8VMG2kbqSCInyzdI7beTqRi2  s9DItLUEtH4fhnCIDv 1TT8vWLN8yhRgY=

x-amz-request-id: 6198B39B5D94F432

Date: Fri, 13 Mar 2015 01:01:14 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Range: bytes 370653-988407/988408

Content-Type: application/octet-stream

Content-Length: 617755

Server: AmazonS3
.......F....T2Y..B..U7...r....yR.5e..v.l.....a:{r.Ju.$..F}R..7Ul.4...N
i]H"x.O.....7..<...._*.;.....}U.).@k?jCE.4C.6|..{E.......1..t.^.<
;..F..z..>[email protected]&.e.......7u.(.q.1....=jm...e....- .......S>.
E.:.Qk..../l..n.J....R..^s... Q72.....Z.....X..IK.D}.. ..1?r~.. ..O..y
...y.7..\.h.Q..w..E...I-._....[.....K.jG.....q.5.*?...R\.f....u..P.?.i
.>l.9`..g..Q...p.f....k.m)...dK..N..).P.............w....!.......e.
.`.:...n..Bp2.jr...td.....~....wi-.P..?j8.j,.....].....K.<H...n....
.2.?".?.....4...QR...<R......c.\....._.%..v.dg.N. ...e.Xe.,&7,MY...
:,e.Z...,% .\.hK.....Y....^T. . ....<.A4.....6.(._x>........V...
...Sx.M.b)5)....Q.....V(..,..<t2.v.b..H.C...K......f];...a.R..14...
#Y..u.Aj....8<...... (.....l.DsaM#..$[_.IM|.WK.[%..[u?~...4.n.%..a.
...."...h/..i...`M.../...............X.\F.q.......;#....f....x.h."....
m..3nK.Jp(k..8.1.../.r.|...(.....#.,.....&%0.y..,......)..5.~.,...V...
;d.Vu...H.4G.#l....gL.j...y..?o...>I..)...g...H.!.;}/.Z..5.j...5...
..uR.......PM{....=...O..hDI...=H.6.PL..a6.!uz(.A........T.w...../..X.
.`\.x.7.'........>[email protected]
.@.^r#U.F...qv..D...j..%....8......r.%...K.....v$...i.t.....c.E......o
1e.Z>."..._4.UM$Keg..D...F...:.-1.ak.........-..|Y..A.#].g3...7..4.
.....Z..-.Q..yS._.uL.nK.e.M..Y"...p0OX...s2$w1....y.....06.)...(..C...
\.gX..>.h&..-.q&1....C..lI..>.W..T.J..MS..l.u.m81.R2..03R..3.<
;.....=X.........m.$wNp(3....D2.5.i..D4E.G..Z..?....eO.R.e......(l.Y..
. .....PE..!.|[email protected]..[XY.dz.;.u....U..r.... a
<<< skipped >>>

GET /home/smt_istartsurf.exe HTTP/1.1

Range: bytes=0-

User-Agent: Better Installer(Mozilla)

Host: VVV.girlliuxiaowei.com

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: application/octet-stream

Content-Length: 290400

Last-Modified: Tue, 10 Mar 2015 01:55:04 GMT

Connection: keep-alive

Expires: Mon, 16 Mar 2015 01:01:10 GMT

Cache-Control: max-age=259200

Content-Range: bytes 0-290399/290400
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......M.C...-R..-R
..-R...R..-R...R6.-R...R..-R...R..-R...R..-R..,Rt.-R...R..-R.E.R..-R..
.R..-RRich..-R........PE..L....<.T............................ 8...
.........@.......................................@....................
.............08.......................R..`....p..L...`................
...............h...@............................................text..
.#........................... ..`.rdata..f...........................@
[email protected]...$K...P...*[email protected]................\.....
.........@[email protected].../...p...0..."[email protected].................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..3.j.P.u..F......F...
...>.....]...U......V..M..;...i..... .;E.s..E..M..I....s..M.S... ].
.. M.;.w.h..B..b....M. E..M..E.;.s.j.Q...'....]..F.;.tR...r..........r
........u....M....E.QP.........{..r....~..r........u...SP.B(........U.
j.[;U.wG;.r.......;.r.......RQ..P......F....;.r.......;.r........u....
M....E..F;.r.......;.r........u....M...Q..P.d....F....;.r.......;.r...
.....u...QP.>....M.....~...N.[r.................h..B..p....U..Q.}..
.M.u.;A.viS.Y.VW;.sY .9].wR3.B U....y..r......M....SQ.E.P.&.M..}..
<<< skipped >>>

GET /sd?is=sm HTTP/1.1

Range: bytes=237996-

User-Agent: Better Installer(Mozilla)

Host: install-cdn.sourceapp.info

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Pragma: no-cache

Content-Type: application/octet-stream

Server: Microsoft-IIS/7.5

Content-Disposition: attachment; filename=SourceAppSetup.exe

X-AspNet-Version: 4.0.30319

SVR: SP004C2

X-Powered-By: ASP.NET

p3p: CP="CAO PSA OUR"

Cache-Control: private, max-age=86400

Expires: Sat, 14 Mar 2015 01:01:11 GMT

Date: Fri, 13 Mar 2015 01:01:11 GMT

Content-Range: bytes 237996-475991/475992

Content-Length: 237996

Connection: keep-alive
.d.....o.0Z.`....u.=1..0&.D.........7J.0O.o.7..n....Ay....`[email protected].
.^!U... ......7d....f0....#....|....'[.>..v.[Q.v.zG.YV...kc2.e.(-.h
...^...5..:ai...)..FHf..%.T..Rp..5..\x..-..3........F...=....(....}..K
..... ..,.@\`).x5.....x.......(.D....Qc.....p...#.*....o.:ZW...Q.:j...
.r6A...a|.UhN{/$.9.w.D..F.`..=Z.l..:.gpHu.3.X3#.....n?...^.....n-w ...
....n......9hE..j.._.,....K ..R.e..?.<J.~P....W<.*....7.h.i..q.}
x...&....F..D,T..=.Z.T.v.u../..].n...........p....j.. .<.......W...
....4..y......E..VveH. 0...n.p....-.C.....m..t.5....j([email protected]....
7..b.7!.....y..4.......I....=....a3rW.......T.F2p......VEH..:....@...&
lt;F8.'z.v.5...j...C1.d.}..[....r.R..H..s...jM.c........q%.j.".A..l>
;7_.Z..#.c.z..6<.Y..]Y.-....K.........|U..Uh...V...v..,='l...a.y9..
...S....$I/.H...\.f..#8....h..q....g......:z.cq...|9Lk#..../H-.sKo.t..
....,7;.}...6....}U]n.1....m.l.'.s.X.#g.Y(..eW|O .o.....;.:.X...F^....
r .q...B>.n...D....).5...<..d..{tv.`......[[email protected]...&
..Y.C.d.mj..]......W..4./O$:Q9...(...)...he..U...X{....S.....a.Z7..2..
.oo...4..E..G.....q.&.....N....x-!. [email protected]._f@#'a.%r..$7Xq..._...)..
..NW.;q(A...;u..j..X8..$5.F.l..q..f..2...fG..S.s\>.D.jh......|...#.
.}h....`2R.a....<...Ct..3.0.-/!......z.N.U.T...q....A<..........
U...n[:..h....;.8>..y.l...>......m...._..l..^e.A`...f.).(C.l.R.J
...zj......u.i..-..6..../...O......K....Fx.a.........{l..9....}...8.|.
...L..n.....X.q.........!O.H<..i.TB.<...zR. W..h.;}[email protected].
...L..U.`V.....v...d........4P5(Vj..#........3..g5..bw.S.c. .._...
<<< skipped >>>

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

Range: bytes=71390-

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 214168

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 71390-285557/285558

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 5f32e0f17e78c0bfe70226dd05074c92.cloudfront.net (CloudFront)

X-Amz-Cf-Id: bXVvNaKoOJIgvyYPIKtuZzHvm0EDukKClyXhgelSuVF-WNWU40DKnw==
..IK.#.ikv7..=....\z....if.J^.;,5!.._...MR..w.OX..&.....p:.........5.L
.iT.L.O.....7D.]b..........3.. 2=v.a.....^k....xp .`..y.1>...A.Q!..
._.J.D.......j..].8v....>.P.\ei%..OU[.V.p.*ky..E*.D0).-l.B.....*..a
G.b^..T.yqu8.Np.'.Z&V`..-..2l..Bu.l ........4X.U..9p..}E|..J...".m..:.
[email protected]$h...8D.s"..]......3.. .$..H.Sf.z.....q.Ke.....b.......
IO[[email protected].....].<.........g.mG.
.as..ez|.C.......=p.^U|.`s6.).\).]........2j.....N....a...i\.m.<...
...8......z....=....i.s.2...r...n.=h.D".O.MN..a.S..f. .S.i....N>.O;
...>..4%.{.L....... m.....%.Hw.U<...."...ns.Z....).)`o:....O....
0..SDt..|V.G...iU.d P..x..{`i[.X.Uh..@..`C...;6.\..y.]-W.... ...G9`.%i
~.G.......r#`...`...G....Z..KQA~'vL2XAM..(o......jU.....3........7...o
[email protected].`....u...G......H.N.|..;#..G.n]J.Kx......t.if
.8u.^....L..L..;..# 6...p ...........U..KU%....F...>....L.sZ.Cm.!..
cllj...&.:......p..y.....ds_.....W..t2.,.I...Z..c.T?/&O...8..q..<:C
p.....7&.D7.....e,2.)..G..FP.l. .N....(......I.......4&...8.1;...M...=
.2..%;.V).>[email protected].!..GHUZ.nnh..........n#.....F.v.S...Z
y.m..........;..k...3..(. .k.............,H.D.L.....K...`[.. C..7X.uq.
zV.t...m..`..H.....s.e..R.7...4.F..`.b!..N.pY...=%K...s.Tt*9.rR..A....
xt.hR.k..25...=`...7.........&=....vK.A...4.d7y.....(....7.(..l.k...h.
C.w|..yP..#...lNI..\8....c...I&.h.[.=p... ...._......).;.>"@.....@.
n@..)...,....80.W......kh..z8.......W3S..E...3..H....^.t.L.\........3G
..b.....!.^....U......d..k.X...84P..%V........O._.rg.7.g..`G4.$u.x
<<< skipped >>>

GET /partner/gim394750002/release/live/InstallGenieo.exe HTTP/1.1

Range: bytes=247102-494204

User-Agent: Better Installer(Mozilla)

Host: download.genieo.com

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

x-amz-id-2: PxuHQflRmAPLjlQLtJfQT4AR/1TG4VJJG8Qn6TwgRfOLG5wXsGN 9oZdg2NFYKdo3pjvHIjXxdE=

x-amz-request-id: C5B3648613C5C4BB

Date: Fri, 13 Mar 2015 01:01:14 GMT

Last-Modified: Mon, 20 Oct 2014 09:54:42 GMT

ETag: "d65611fbc4da8cea4e886076bec82d1e"

Accept-Ranges: bytes

Content-Range: bytes 247102-494204/988408

Content-Type: application/octet-stream

Content-Length: 247103

Server: AmazonS3
-s...R.... .e.>7........... )..51.n4..@..)....ck.../.01-. Z?L....k.
...O..<2Ma....7..r.2....j....O.".A......dK..&G..Hj6.(.P....ZxVA.>
;...Sr.l:.86....6bq.....>.d-p~R{..jI.L..M. .8O....q..[..J4...T..l..
...m.......)e.C..A....I,cPy2|.."-...".M.O..v...=Q......|.......'..Z..I
}....Dw.....f.i...m.~.o..H'.j.....&.agE.`._`.>...[.:O...^4......3..
.7.{[email protected]...<......BY..4C.}..Qf.'(.....rRf?...q.=|....|....
[........E..Gu...oD2 ...E/....2$..k......o......E.. h.....s7..ouq...N.
.".o.....L.....%.8-...zG.._.|.B{.e(w.iy.....ALA.}.,.cf1%ZE-.U.....oa.F
.~|o.":,.N.s...N.^x....GT..(.!..oy'.N..?.L....7...)..f1nS.P.6....._v..
....._)S......`....qe0.d.DI............sq..su...{j..Y..'...;..6.{..@..
Os3p4T8.z...8....L.Q.F...H../...b...(..k._..z.a...f...0......}.......P
.|-.3.g...<.,w=P.tk_$..p..\,...K..*..........S.....l&..^C.q.J...OD.
..$..T..x...`........:Ea#"...fv....p.u.YWE.........m..E...CV....=sR...
=W.DC..jQ..o.74;9 .5y^.H&f.3..|X.......w. ..^./E...X..lC.|.hR.. ...._J
r..v...E..X~.D.Q.......5.>...A..v ...a~=..F ..{a"....yj F..].n.....
.=1H..

GET /mirror/nerocrossrider/appshat_generic.exe HTTP/1.1

Range: bytes=35695-

User-Agent: Better Installer(Mozilla)

Host: dpo55t230unug.cloudfront.net

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 249863

Connection: keep-alive

Date: Sun, 08 Mar 2015 05:10:01 GMT

x-amz-version-id: zdbgB_7owwl7Hq6LIKQBG0yBaPWISKtC

x-amz-meta-s3cmd-attrs: uid:500/gname:www/uname:www/gid:500/mode:33204/mtime:1415096893/atime:1415097003/ctime:1415096894

Cache-Control: max-age=3600

Last-Modified: Tue, 04 Nov 2014 11:01:28 GMT

ETag: "518879abe3170dabd172dfffcd165598"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 35695-285557/285558

Age: 699

X-Cache: Hit from cloudfront

Via: 1.1 f16aaf9742c058884a37f43c56e4a874.cloudfront.net (CloudFront)

X-Amz-Cf-Id: GM5I-epK_FWbXFFhP_zuqxfsKOzGHMwW3VhypaJa9HHvSP8RBxFjNg==
[email protected].>>>.555.,,,.&&%.!!!.............
....................$"".)''..,,.200./--.*((.866.QOP.qpp....=..........
......................................................................
........................................776.........%##.=<<.ecc.
............ihf.OON.>>>.444.   .&%%.#!!......................
...........%##.,'(.0...100. )).-  .@>>.XVW.~}|..................
......................................................................
.....................................AA@.   .....&$$.<::._]].......
......kih.POO.>>>.444.   .%%%.#!!............................
.#%%.''&.-)).1...0//.*((.200.HFF.`^^..................................
......................................................................
........................_JJI.##$.....##$.<<<._^^.............
kih.POO.>>>.444.   .%%%.!  .........................!!!.$&%.(
((.-**.3.0./--.*((.644.LJJ.ecc....k...................................
......................................................................
..................9UVU.&&&.....!!!.999.___.............lki.PPO.>>
;>.555.,,,.&''.!##..  ......................  ."&%.())./ ,.4/0./  .
 )).:88.RPP.hee....3..................................................
......................................................................
...!`_^.,  .....   .444.YYY.............kmi.OQN.>>>.545., ,.&
%&.#!#.......................... ..#"!.)&&./,-.310.,)(.-**.><<
;.SRR.nnm.........................................................
<<< skipped >>>

GET /piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bi.bisrv.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 13 Mar 2015 01:01:07 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Vary: Accept-Encoding
1fc0..<!doctype html>..<head>..  <meta charset="utf-8"&
gt;..  <script type="text/javascript">Tokyo = {};.              
            Tokyo.installer_type='tokyo-visible-save-or-install';.    
                      Tokyo.debug_mode=false;.                        
  Tokyo.debug_pings=false;.                          Tokyo.debug_event
s=false;.                          Tokyo.debug_post_checks=false;.    
                      Tokyo.debug_write_log=false;.                   
       Tokyo.debug_automated_test=false;.                          Tok
yo.debug_unit_test=false;.                          Tokyo.tokyo_track_
ga=false;.                          Tokyo.tokyo_track_aw=false;.      
                    Tokyo.tokyo_max_offers=4;.                        
  Tokyo.tokyo_software_slug='';.                          Tokyo.tokyo_
software_name='Neon Genesis Evangelion Platinum Collection';.         
                 Tokyo.tokyo_installer_options={"skip":"Grey","vm_rest
rictions":"Full","max_number_of_offers_to_show":"4","revenue_optimizat
ion":"90","max_skipped_offers":"2","use_recommended_software_name":tru
e,"folding_sponsored_options":true,"progress_bar_percent":true,"displa
y_organic_filesize":false,"disable_master_switch_toggles":true,"send_p
ings_separately":true,"store_muid":true,"check_muid":true,"always_incl
ude_sdp":false,"sponsored_installs_in_sub_process":true,"randomize_ins
taller_file":false,"anti_fraud_download_country_filter":true,"enable_a
v_filter":true,"optimus_log":true,"simple_exit_confirmation":true,
<<< skipped >>>

POST /installer/ajax HTTP/1.1

x-requested-with: XMLHttpRequest

Accept-Language: en-us

Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC

Accept: application/json, text/javascript, */*; q=0.01

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bi.bisrv.com

Content-Length: 2694

Connection: Keep-Alive

Cache-Control: no-cache

country=UA&uid_orig=da282e2bbb7e4e4483dc4da5b3e19aab&uid=da282e2bbb7e4e4483dc4da5b3e19aab&affid=piratebaymirror&sid=neongenesisevangelionplatinumcollection&cli_id=&softwareName=Neon Genesis Evangelion Platinum Collection&installerVersion=2.0&osVersion=5.1.2600 Service Pack 3 32bit&ieVersion=4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)&defaultBrowser="C:Program FilesInternet Exploreriexplore.exe" -nohome&defaultBrowserName=ie&originBrowser=ie&hostBrowser=ie&tzo=MTIw&muid=bb240ea4d92fcc6bc5ca46520f398adc&cu=false&cd=false&tokyo_csrf_key=08a915df8ec9ff5ca07fa1197a3235ac&tokyo_csrf_timestamp=1426208467&unique_id=f851beeaa9065db1ee91294fc5689b2c&clientIp=193.138.244.231&ffInstalled=false&dfz=false&avdr=lDKrp/3VMDh61tuJfJlrKXs1VI6ezbhGnJBKbIRjXeIYfcyodTGERY6ZOIkepjCAJ6l5ti1eroI6fZ94jJ7hVTGSxjM0U9E7
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 13 Mar 2015 01:01:09 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Vary: Accept-Encoding
1fce..{"dictionary":{"Finalizing installation, Please wait.":"Finalizi
ng installation, Please wait.","Exiting now will cancel the installati
on of %software_name% \nAre you sure you want to exit?":"Exiting now w
ill cancel the installation of %software_name% \nAre you sure you want
 to exit?","If you accept the terms of the agreement, click Next to co
ntinue. You must accept the agreement to install %software_name%":"If 
you accept the terms of the agreement, click Next to continue. You mus
t accept the agreement to install %software_name%","There appears to b
e a network download problem. Try again?":"There appears to be a netwo
rk download problem. Try again?","There seems to be a connection probl
em, please try again later":"There seems to be a connection problem, p
lease try again later","Abort installation":"Abort installation","To c
ancel the installation click abort":"To cancel the installation click 
abort","To install without bundled offers click skip":"To install with
out bundled offers click skip","Otherwise click continue to proceed":"
Otherwise click continue to proceed","Resume download on next windows 
startup":"Resume download on next windows startup","Abort":"Abort","Sk
ip":"Skip","Continue":"Continue","Decline":"Decline","Confirm":"Confir
m","Optional offers":"Optional offers","Read more":"Read more","Pressi
ng the \"Skip All\" button will skip all the optional bundled offers":
"Pressing the \"Skip All\" button will skip all the optional bundled o
ffers","while allowing you to continue installing":"while allowing
<<< skipped >>>

GET /pinger?event_type=offer_shown&installer_source=better_installer&software_type=sponsored&muid=bb240ea4d92fcc6bc5ca46520f398adc&client_uid=da282e2bbb7e4e4483dc4da5b3e19aab&uniqid=f851beeaa9065db1ee91294fc5689b2c&affiliate_id=piratebaymirror&software_id=neongenesisevangelionplatinumcollection&sponsored_id=istartsurf&tokyo_csrf2_key=84803c5219e63d6e8599911dfc4f01e1&tokyo_csrf2_timestamp=1426208469&slot_number=1&index_in_screen=1&index_in_session=1&display_height=68&0.1199777363849811 HTTP/1.1

Accept: */*

Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: bi.bisrv.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 13 Mar 2015 01:01:10 GMT

Content-Type: image/jpeg

Transfer-Encoding: chunked
0..HTTP/1.1 200 OK..Server: nginx..Date: Fri, 13 Mar 2015 01:01:10 GMT
..Content-Type: image/jpeg..Transfer-Encoding: chunked..0..

GET /affiliates/eula.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://bi.bisrv.com/piratebaymirror/neongenesisevangelionplatinumcollection/da282e2bbb7e4e4483dc4da5b3e19aab?v=2.0&muid=BB240EA4D92FCC6BC5CA46520F398ADC

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: d3fih8vt5tnw32.cloudfront.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Server: nginx

Date: Sun, 08 Mar 2015 05:10:31 GMT

Last-Modified: Sun, 26 Oct 2014 17:23:05 GMT

Expires: Sun, 08 Mar 2015 05:20:31 GMT

Cache-Control: max-age=600

Content-Encoding: gzip

Vary: Accept-Encoding

X-Cache: RefreshHit from cloudfront

Via: 1.1 f16aaf9742c058884a37f43c56e4a874.cloudfront.net (CloudFront)

X-Amz-Cf-Id: ZuuLyCQ5zNHrZfQPSCiDVPfIq75avXQTTIMFiRM0FO_eFdLpzRVZGg==
1500.............Zks.F......N.......|.-y."!...P.P.... .)".....1S..{...
.R.g.Jl...}.{...>....F7..ZV.T]NO..Pu....?...Q4R..G.c...VEE..I..Y...
...:..Z........?...n...G......o......w>.o.d..U.../......4..`..?~{T.
.d]..i..;.~......y.Q....7i<,..<.....d...|...l.?..t..F.OeU$.....:
Xl..U;8...Q.~.vGw......E.I.....z.7S....q.I..f.q.DW.....U....|..(.u.1..
.z..3..|....A.....:.............P....X$..*.w..........s.;..]..........
u.?..%f...~....S..b...,..........5.(,Qm...w .NK...Y>......u.......}
n..C......8$....)..R..4IuwS....h...*...f.e.q7...<y...I.....:8...s#Z
/M./...B...s..|}[email protected]..)t..uJ.WR..._.LTvz. yV._.L.tz..6 ......
..e.......6.....#b.j.A..yw.[.p.a...6n.6;(u40..8.....&..DT.....EQ..k..J
D.C....zDq....W...X...f.W..D....I.:............~..........f..a.QZ....&
gt;f%.(..n....z.v.u.mCc..].......u$..S..UK<...."T.......dhR.U7i.3..
.....4.K.....6..-..]......'$Y..9$.....U>Et....y....M..M.2x.....`An|
.^.t'O.. !..m>.:8.KZ.........$C...f..Ll...4.<ZGm.$H{Q...........
z..m................p........|C.......i^.W.}'.>..*.....z .=,..7..L.
WY^..T./..zS&...w....g.x..O.U\$q.S....Y.S%*.7..................W..,^'8
......o..W..Z....Q.U.7bp...l5.E....=P....A.D;45....d.q...Jg....."...&l
t;._&...>(VQ..<......Q..v.....?@,...h...P8..i.<N.......fs5.u.
8...8v..-. .....OG..'O.....3{*1u....P..?TK...!..:...e.......6.N./.....
C...'...V&.].....|.b...\.D..J...Y...n-.j.j...u..G.....B.h.Z......s..dw
...9.\...D....]w.n..r&#...~..q4.St........&..3RC'pO.....p.C.2R..."7..6
x8.'#/..I..S......vd..r......I.9..79..B.4..^}ur....S..s...u2."...~
<<< skipped >>>

The Application connects to the servers at the folowing location(s):

.text

`.rdata

@.data

.rsrc

@.reloc

PSShP

SSSSh

RegDeleteKeyExW

FtpCommandW

XXXXXXXXXXXX

kernel32.dll

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

GetProcessWindowStation

USER32.DLL

operator

d:\mTech\somoto\new_svn\BetterInstaller\BetterInstaller\Release\BetterInstaller.pdb

HttpSendRequestW

HttpQueryInfoW

HttpAddRequestHeadersW

HttpOpenRequestW

InternetCrackUrlW

WININET.dll

PSAPI.DLL

IPHLPAPI.DLL

GetProcessHeap

KERNEL32.dll

CreateDialogIndirectParamW

USER32.dll

GDI32.dll

COMDLG32.dll

CryptSetKeyParam

CryptImportKey

CryptDestroyKey

RegDeleteKeyW

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

ADVAPI32.dll

ShellExecuteW

ShellExecuteExW

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

USERENV.dll

GetCPInfo

GetConsoleOutputCP

.?AUIHTMLOMWindowServices@@

.?AV?$CAtlExeModuleT@VCBetterInstallerModule@@@ATL@@

'BetterInstaller.EXE'

Created by MIDL version 7.00.0500 at Tue Nov 08 16:10:48 2011

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

1"2-2:2]2

:!:&:0:>:~:

: <'<-<`<

{C85A8C97-E040-4924-8E1D-693560EE116E}

WAdvapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

@Mscoree.dll

OLEAUT32.DLL

A%u kB

%u bytes

Range: bytes=%d-%d

Range: bytes=%d-

%d:d:d

%s - %s

Wwininet.dll

r%s.%d

@"%s" %s

@%s (%d)%s

*.TXT

%d.%d.%d %s %sbit

<memory>%d</memory>

%DOCUMENTS%

ÞSKTOP%

hXXp://installer.filebulldog.com

%s\Mozilla\Firefox\%s\prefs.js

%s\Mozilla\Firefox\profiles.ini

biDeleteRegistryKey

biGetExecutionArguments

biCreateRegistryKey

biExistRegistryKey

Better Installer(Mozilla)

%s/%s/%s/%s?v=%s&muid=%s

%s/downloader/%s/%s/%s?v=%s&muid=%s

Preparing %s...

ekernel32.dll

mscoree.dll

KERNEL32.DLL

Open URL Error

URL Parts Error

FtpCreateDir failed (550)

Error FTP path (550)

bi.bisrv.com

ler.filebulldog.com

hXXp://piratebaydownload.co/8401676/Neon_Genesis_Evangelion_Platinum_Collection.8401676.TPB.torrent

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Neon_Genesis_Evangelion_Platinum_Collection.8401676.TPB.torrent

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\biclient.exe

{8856F961-340A-11D0-A96B-00C04FD705A2}

2.0.0.0

BetterInstaller.exe

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   %original file name%.exe:1844

2. Delete the original Application file.
   
3. Delete or disinfect the following files created/modified by the Application:
   

   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\The_Pirate_Bay_logo[1].png (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe (22288 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula-sourceapp[1].html (1650 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.3 (9352 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\tokyo_sprite_full[1].png (3505 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.0 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (37040 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.0 (9352 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.4 (9352 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.5 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.5 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.4 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.7 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.6 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.0 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.3 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.2 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\tokyoThreeWavesBG[1].jpg (510 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.1 (9352 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.3 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.2 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.1 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.7 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.6 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\smt_istartsurf.exe.4 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.1 (4152 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.0 (4152 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.3 (4152 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\W1256BWJ\eula[1].htm (12 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.4 (4152 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.7 (4152 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.6 (4152 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.2 (9352 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\eula[1].htm (12 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\eula[1].html (538 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.5 (9352 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\eula-istartsurf[1].htm (11 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.6 (9352 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\appshat_generic.exe.1 (2696 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JL3UHQQ\eula[1].html (538 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.2 (4152 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\4.tmp.5 (4152 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YFLCO7YQ\The_Pirate_Bay_logo[1].png (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S1IF2PYL\eula-istartsurf[1].html (535 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\InstallGenieo.exe.7 (9352 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\biclient.exe (8184 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp (6501 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\config.ini (154 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.