MD5: 9a4b2042aaf4c8536693f6200c893723
SHA1: a773c2655cbdae316c2c393a660d1620abc71cbd
SHA256: f0c070544cb4285b6088d1d2915371aac5b52586db6b6bfaf07ad6bba2686045
SSDeep: 12288:hMJfszVHSlfLYnXvwlQkTwbFdzgm juHmbb43HQvywJx73EEKIA/Pb:hMJfshHSlfSXv2Kzl Gt5KNEEu7
Size: 626896 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: Premium Installer
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXPESX SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

fciv.exe:460
%original file name%.exe:1204

The Trojan injects its code into the following process(es):

%original file name%.exe:1212

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process fciv.exe:460 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1844237615-1960408961-1801674531-1003\c5b88721db08c824db69d0bbc702beb8_75ed9567-aa58-4c8e-a8ea-3cad7c47ab03 (44 bytes)

The process %original file name%.exe:1212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1413131_Setup.DAT (111268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1412805_Setup.CIS (3438 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158E9D.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\icc.dll (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1413268.flat (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\333511383.cfg (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1413015.flat (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158E3F.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\locale\EN.locale (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015AD7F.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\85670PUZ\icon_48x48_icon[1].png (740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\85670PUZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\bootstrap_41801.html (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\form.bmp.Mask (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1694545234.cfg (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Color_Button_Hover.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1413219_Setup.CIS (3838 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K5ABO5A7\Ropopi_Title[1].png (1224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1412946_Setup.EXE (34107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\images\progress-bg2.png (978 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\ProgressBar.png (958 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015B1F4.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Loader.gif (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Progress.png (191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K5ABO5A7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015ADCE.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\main.css (7 bytes)
%Program Files%\is1412000.log (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001593DD.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\images\button-bg.png (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\N0R5R69B\Seniser[1].png (3928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00159573.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K5ABO5A7\Ropopi_Title[2].png (1224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\ie6_main.css (1 bytes)
%Documents and Settings%\%current user%\Desktop\Continue Allmyapps Installation.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Grey_Button_Hover.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1193717562.cfg (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Grey_Button.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158EFB.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\893503576.cfg (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\999671859.cfg (226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1413207_Setup.CIS (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015B54F.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\images\progress-bg.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\fciv.exe (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00157CFA.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\N0R5R69B\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Close_Hover.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015ADED.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1413090.flat (1869 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\csshover3.htc (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\N0R5R69B\BG_bisli[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\browse.css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\sqlite3.dll (3716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\7za.exe (1868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\checkbox.css (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015AD8F.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00159E2E.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\button.css (417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\118970408.cfg (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\progress-bar.css (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Color_Button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AZMBWBO1\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1661536746.cfg (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AZMBWBO1\Memiticeper_BG[1].png (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\BG.png (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\RAM.dll (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\538601498.cfg (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\FooterInfo.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158E5F.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\bg.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ICReinstall_%original file name%.exe (3699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158EDC.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158E7E.log (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Close.png (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1412848_Setup.CIS (38 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1413325.flat (6314 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\0015B54F.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158E3F.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\001593DD.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\bootstrap_41801.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K5ABO5A7\Ropopi_Title[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015ADCE.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015AD7F.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1413015.flat (0 bytes)
%Program Files%\is1412000.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1413325.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158EDC.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158EFB.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00157CFA.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015ADED.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1413090.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158E7E.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015AD8F.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158E5F.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\isf_1413268.flat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00158E9D.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00159573.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\0015B1F4.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00159E2E.log (0 bytes)

Registry activity

The process fciv.exe:460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B 16 5C 24 B4 8B 88 A8 F9 7C B7 FB DC A8 A2 48"

The process %original file name%.exe:1212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "708992537"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 D5 67 09 4F 6B FB 92 D8 26 95 C5 F5 B0 D3 E9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:1204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 3A EB EA AE 40 5C 0C AD 11 D6 5C 36 C9 EB 99"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 3
e8288370f63401aa7b404f4746deb223
bc4ba05e57ae73f73bf0155b326e142c
71ec77faf5dd12968c24ade32594b676

URLs

URL	IP
hxxp://a767.dscms.akamai.net/download/5/B/C/5BC5DBB3-652D-4DCE-B14A-475AB85EEF6E/vcredist_x86.exe
hxxp://cdnus.allmyappscdn.com/app/Allmyapps/sha1_2.cis	199.58.87.155
hxxp://cdnus.allmyappscdn.com/app/Allmyapps/7Zip.cis	199.58.87.155
hxxp://os-slv-1323817372.us-west-2.elb.amazonaws.com/Allmyapps/?v=3.0&c=1605471116
hxxp://cdneu.allmyappscdn.com/app/Allmyapps/7Zip.cis	146.185.27.53
hxxp://cdneu.allmyappscdn.com/app/Allmyapps/sha1_2.cis	146.185.27.53
hxxp://ama-mig-front-wildssl-prod-123219767.us-east-1.elb.amazonaws.co/data/f/a/facebook-desktop/icon_48x48_icon.png
hxxp://static.binaries.allmyapps.com/data/desktop/Allmyapps.desktop_2.0.0.30.pk	184.173.134.99
hxxp://65.254.40.36/img/Seniser/Seniser.png
hxxp://65.254.40.36/img/Ruteropu/BG_bisli.png
hxxp://download.microsoft.com/download/5/B/C/5BC5DBB3-652D-4DCE-B14A-475AB85EEF6E/vcredist_x86.exe	184.84.243.32
hxxp://static.allmyapps.com/data/f/a/facebook-desktop/icon_48x48_icon.png	50.17.228.48
hxxp://os.allmyappscdn.com/Allmyapps/?v=3.0&c=1605471116	54.245.224.246
api.allmyapps.com	54.243.185.23

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack

Traffic

POST /Allmyapps/?v=3.0&c=1605471116 HTTP/1.1

Accept: */*

Host: os.allmyappscdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Content-Length: 772

Cache-Control: no-cache

0A0CzutD0AtC0ItC0ItC0HtB0UtC0TtC0EtC0EtC0BtN0U0I0DzutDtDtD0CtBzyyCyE0AtDtBtDyB0AtByDtN0W0VzuyDtFtCtN0W0S0PzutAtN0O0S0L1T1G1Nzu1P1GtN0E2V1P0C1M1J0S2Y1HzutDtN1L1B0A1Q1H1L1GzutCtN0T0KzutCyEtCtBtAzytDtN0U0I0DzutDtDtD0CtBzyyCyE0AtDtBtDyB0AtByDtN0S0D0TzutBtDtCyEtCtCtDyCtDzzyEzztCtAzyzzyEtN0V0M0Czu0V0M0WtN1L1B0V0M0D1P1OzutCtN0M0A0C1V0LzutDtDtD0CtBzyyCyE0AtDtBtDtN0P0E1V0M0O0D0Ezu0D0L0LtN0D0E0P1V0M0O0DzutBtN1L1B0A1Q1H1L1GzutCtN0R0N1T1H1Pzu1Rzx1Yzy1TyE1StBtDyEtB1T1T1OyE1RzzyDtAyCyCzytA1OyCtBtDtD1RzzzytAyBtBtAtF1P2V1PtN0O0S0L1T1G1Nzu1P1GtN0O0S0V1P1CzuyDtFtCtN0O0S0S0P0V1P1CzutAtN0O0S2VyCyEzutDtN0P0P0Nzu1B1T1G1Q1S1F2V1V1B2X1RtF1P2V1PtN0M1P1H0P1M0AzutAtDtDtN0M1P1H0P1M0TzuyDtCtCtN0M1P1H0V1L1C0AzutCzyyBtBtN0M1P1H0V1L1C0TzutBtDyEyBtN0P0R0O0D0U0C0T1V0T0I0T0L0Ezu1T1I1I1H2U1T1E1E1B

-...Ee.Ma....$.K..`*.F1X.%.Kx.M.)..,/.....3.n............;.L...Py.8QE.
Z(|...a...R. 0....e.ha..%6...........<...O...P V....&.J.^..HH`3.<
;B.C.,....>.....?..V.MN&'.n..j.i..).*6S'.:..Jm....j....@..!...(.&..
.....j.;?......O%c.IJ.kG.\[email protected].<..p,..}t..jk..'L.};B..LV..r_jBI.
 . .2p.4./aLl?KJZ......B...X.|...n.-T.,.....-...2 .=N.$...'....7Z.."B:
K:m.~w........ ../C...v.D.....7.r.._].$....%q.....t../W8)..b.....n|...
...m...R1......#?%1..L..d.27.;...R..g...!j.\Qg*)... ...P<...^.v.9 .
...........E<..`6.3.s...jks....a.K.O}..09......B.|x...M..Z)Y.=.d.6.
J~.]D?f.Ay.......s..[X.&.f.........~Z........_.....#.|NtI...w..k..9...
.........G.l..)...p....w...P.54......./..n..=..z..0.#...7.....(.o...#(
..U..o.m..iL.7.....o...........&w...|.....^.....X.D.q..R..Y...U...5..B
..);6.....-....Q.z../`kD8...;.u...A/[@L.....AG`/.....h(?~..h.:<..j.
..B...?..1..."...Q_.sH...p..w....9.{a2.t..\|......$.]c#.....ks....g..=
[email protected]..."[email protected].. .....d......-.h.`ILA..K.4.V.g.....Q.L.....p(M.a.r.
O.!}4...."...I.>...>f.T.}=A)p.7.o....;n{...a..m..5.......y.._.\.
...... ...=;^Y...K.#t.%c..z.....<.q..|...9 .^F'.z. ||...Q.....!. ..
......C..N..'}..\.oH4... ...#.........k...o...L..~.k..R....nU.Q.......
7J^B.:...|7..!.....N.#..$...H.....d..E.....U..(|....o..W.......s.5....
.t.8.....xl..Po..}f.SG.N0`m....(..;[email protected].\i.,X.
....x..xO2C^..?........p.E.l.l.2.l.]^...9.j....L...`s...F....."...s...
D#..w...L.....d<|B..B j.<>Q.O....Q........U..x.Gs.PB....1.A..
%y.m}[email protected] ...m....O~...d..-....2H..q...!.......$.
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=0-102399

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:11 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 0-102399/16670995
PK...........D.)...h6.x.o.....Allmyapps.exe.].xTG..M....]tC...%*.j.E.$
...iP.w!,h..R......%[email protected].!/iI5...mh)....9s_....Q.O
...w...9.9sf.M...82........c.C..;....t8F..7....z....3..uE.G...Z.../{..
.>............,....|<o.{f.}....y.....u..G.y...?.j......_..B.[.~.
......7O..._z.[QO..S....L]..o.z?...o...am.Z.q*.\..../.....x.:..3?..J..
7....1.9..l.;f..Z.........,0.C..........,....p8.8......O0._.X....h....
.x.K..B.-..:..k..Ge...?[?.......;..q:Z.e9r..U....d*.........T.q...,BH.
......o^.....;.....$...n.J....L.....S.8.cp...w..7/.w..q..V..5..kI*.e.,
...>q..y.......nw...?.............. ...sUW..].uM...7=;........?.~.,
.....ie...|<<b..g..YV:b....G..;........-...........].F....`G.(.q
.R.k.O..|g..<..K..w..%....u5.Gx.."......*."...)2|;.&#.6Y.E;.B.F....
u.R.V...E.).....Ew.s...K..(.Q.....Ds.....D-.f.I.$....{../?t.5]..N..V..
.z.C......r.......C.#.6.Zy.....L.n....z.a.h....d`^R4.8 :......P.V2c0 {
u...nTh..Z.......$..}!CF ..HZ."-T..,.._..b..*......JV.87V^.CY..I......
........}..E/......{s..ky..<.....m.....*.....?..M<.f.a.~...M...W
..{......6.Go..]....x..D..)<l.}g).R.L............I.......j....[..&g
t;..[ .. ...n.&.;..V.#j...K..u7...-....N..\-.w..m....W`.OZ:.Z.!...Z..A
....Wj..-...0jm..V>C..`..4.....7?.h....i.p.z.....J=....js<.m'...
..~7S.B[_7X.g....J.L.~...~2....i>p........b.._..j_..Cne.l.....k`.k.
......c[.@.<.M.a............o....}9..?.S. ..-.....(...hem........$.
Q.c....9d.....`....]..jNc..5m.%.~.V;N\.......C0..I...Or.!.L.z~.V.#j:..
.R.N.I\V...M..D...... !.:!.vBJ..48..9.DH.N.\mA......c.....Yh'..I.B
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=409600-716799

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:11 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 409600-716799/16670995
..*E..4O1..P....d.....<Dk..Uy.{..c..A...... 3.L\P.2#.y..... ..pi..6
.#!H..)..mZN....-fE..GM9....Z......I..Qgc..o...3G]..u.:....L<?. ...
.}...[...[.....Z2=.b&......5.w<.#.G..h.Uu..o..e.. ..VN..%..'..w>
t.j..Vq..?.;|.=.."...s....]..G^..."G..,?C.y..y@\.Y._E.....`.......[z..
.2P..zK...P............N].}..m..Xr.[...~."...'E....H8..4S...tI.D[.t...
j....W..b.K6..;..\...........cL.S.......;%.........:...;"d..T......&..
..3:..f.Eb3]..].O.;...?w....-;.G...M...T|'|S_|.....R...L.ln>.z.`c .
..`.....$.?.R.e`...t9F...\........M...Y.R.:a<}..y_.D..........(n.on
....u..5{V.......=..iH.j._..(.,.^.v.Bu.\.j...5..d.'.R.BN..WY.......V.S
[email protected]..{j.{CEJ..=.....D.{...X....9.5....p&.o.....e.."S.G|
....T.Q..Q.....0D...p...1.. S...LM..j..'V.o.9.-...#.........r....L.`.J
..).....QK...:.\..S..x?...A..>i.L..L..da.g$E-.&v.i3m].j....8.....3l
<[email protected]>.......LkE......VpXg.C.c...<...'z....
0.*..a.B...Y........6...s[b.......,..r.1Dx*&..dC@[......#...).9FXq.{=r
,P.R...7....Z.b.c%5YF...a"K..l.oG....n..[.C...x.@;2^,.k....&.....BUC..
....d..V..>..L%...[.b..}.....j..............(\.:..Q.n....}..'1..Z-3
..c{.1...Z.. ....D..K...F..h...*vG.O.4..>....r.*..q...._...y..q....
..T!./.........|[email protected]_...y.Kk]k..sQa.m j8...\q......
R&0..wl;..@......".Iz...|..H< ..&...M.....~*.|.c{.8n..n.d.V..&.g..z
.........v..J.N/R$R...h]........n..yjj.....<.[.y...V.iA<..5.<
$*.y..........$....x..p1T.x.q...p8.....B....a3.}-...>.X.}.R..x....$
.....X.....?T.9}...d..c-.W..M[.6..kA....c............JVw.j..C .ep.
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=1024000-1331199

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:12 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 1024000-1331199/16670995
Z.*..u..$H..2.W..M$..c.......c........&F63...\..9D.Pn........^.qV...W*
.iM....`.. ...{..w.V..".t.6:U.c....|.T.U...9JN\6.-.I`H.U..m.\@.).^.=.G
Wr.p.=..&]:..B...xn..k..Q.J.....(]$3-o<[ E...7I3..-..L....:[email protected]
r.br../}....z...e...1....J...*...~k[..`%.g..U...d{......k..`";..#.V.7.
p.;......04.x.\N..iw...<..=.(..........B........v..T.dm...-.M....n 
....^%........G.(..k....s.W.....9.V//..|z.=....inE..H...Lc.....&fs....
e.._..O.....VzS...i...2..q....y.......V..a.L(........:.K....0`:%Q...
...n?......;..9.....Q.K;8f.......H;.Jl..>.....c..,.......{....N..h_
Z....`...5p.A ...7VQ.W.A..Y....j..3...G.;..s.6t......K..sC..4C%Z6Q..q.
..'.$..Vr.v..T....Y........_....|.J.2.G'd...(Y..].H...8.3....{..&.zw..
c.e..v...'Yv, M..X.yk*...X2.([email protected]........{.......
%....`<..&.M...K..!......zQ.lD...!...i.......Y..N...b.~B.Y.~..7u...
.R]X*.Q"...0..I@/2'[email protected]......`.f'.#..=V!..R....9.p...
.......;.......D....H..x.."..gL.....}5R$...4.X.`....q.)z..).4.e.,...&y
.$.**.7......^.}...&...XU....K.g...=.KJ..^....\3..W....I...%Kh....(#..
..........>........t....*.....]..*8....q..5.Wa.. ..O..I.<.....Fh
..o.....~..G....{...a.P...F.n.U...:.7K.M.fy(..1.2.z5.]..(v..[..U.E....
r.h.-......[M.MC..#(.Wy%... c.....-}\5.H....GA....4...S..CH.ko.]..e...
..$.B.t..<.O..1....-2...2 ..H...Y....M.GtPcp.hX*/8...1k9I.....3].F-
..LkR..CB..6.F...j....0]..X.8...H..6...h.&;..qt...g..a.?.K..M...... t.
......Bp0.(...{[email protected]."B.;3yL.xu..Q`.
...d. .5.).t.)....0...#!......|.I......0..vp...=....Iz....$\..y.7.
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=1638400-1945599

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:12 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 1638400-1945599/16670995
z.T._..M...v.....9\'=O..R..F.....g.0r...E. ....m.`...LM...U.sa.c.. .S.
......=t..:..Ac3..L[.[....e..............H..-ZD.F~.0!.........Jk..6...
3'..%...oG.v.."..F...ccc.4N.<......F..\I6......;..`.c...[u.UbC.(.{.
.G....X..bSS.'.K..{G...~.U...B.........a.(.t..{.0e..92...9z...*[email protected].
.....`.i....{.M-&...KU...X....x.k^..^[email protected]...}'.s;..H[
.....U.X.A......^.....V.{.#........,............(......I.......r.Y..4.
.7.,.1$..>..,.L....EA.....?...>..]...?...9.I..U|[email protected]...).
.S..6.<0....`.4US...RB.sX...i.h(Ze._2].......j...... ...I...8.y.}..
...*....Y...%..B#.[mO. d...cTu4....bt<.N5^\....j.!..g.\;......m.v..
.'..E.......s.jW......".JW......i.....@.....'y.=T'.e...R..;. ..B.l....
.e....L..'....Y,......bo..u.. Q2P[..H...^..n......A...C....aCvF...vJ.'
a=.R....?. Mm".3Zos....'#[email protected]..'u...!..ut9.9.|.z.].w..Q.w...;..s..
x/$?t........`...())......_.....U..aX. d..w../.......?..g.......pDw.'.
x...........|.....l..m........e.f..hY{.....B.......N.X.}.;..(.G.1.c..r
/.}.....`.*....{..3Y.........mSum.......-(DFvN..........k.sNiF@.,.?...
..G.j.Da.Yz.9..]v.....n{.....i_.... 3...6W".....9.Q..Tu|A...-A.S.l`n..
......Z..<.L......=4..Y.c.I......MT L.:U.\..h0.....w.`..Z...w.b.D..
...d%I];F.*...-..VA1.1.ws.u..`./...<...::....c.QJQ....S1.4..^!...FE
..v[8.C&....! 5...  %..7......T...2PUY..,.k..N.$.ia.D...?0...l.D.0B...
6z..A..l.....o.qqLe.[7.c..j.y~.{....k.M.8Q..?...Z.4...h...y.>..tAA.
....-, N.G.\.....A..~8\.W..f..-../.j.F...I.....}}....u....b...]U.M..`.
.AHOI........)f.`.C..A^^....y.Z.J...3....`.G> f.....Db...u...m&
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=5939200-6246399

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:14 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 5939200-6246399/16670995
..=6.v?.....0y...b....}.y...F...1.>...v....K,VV...........6..A...v.
3..&Y"IQA4..w.W..H..>....' .z._.&<..a..;......G...3t.0y..k1x....
q..t...J.o...o$....>...g1^.......]{...\[email protected][email protected]&.\.V..N.h
.P......8P..l2...0..P......In|...m<.;.<..'Ur........M}.h./(..U6.
I.73.....MKL..~.Z..M.....D;H\:..l...A~(....6m.mj.....G.........\.5....
.O....Q....,.!....Q"...}.0{.-..z$...........W..)x.a....-.......14..a..
l}.5....#..J....F:......<....p..'.O.47.{...O.....S...[.K.....b..<
;........2.....~.i.an.B...f.D..A2.&o..6..d#..I.G5../.4/....Kw...q.T.a.
...0...i.7!QZ.....A....,K./..P.&..jJ#. ..I.V..)2..~..8.Q..WAk.........
"c8.s..h.....J.T.m;.8.....J.s..?7V"&..%..Z.1.*.......@J.>&.H!W}....
N!l...4........C...2k.@[email protected].=.Ud._....".......z....1...y..[..
..!,:..w1nC...=...R@EO...~^Ri......G....'..F.....o..a.&...t.........7.
'^..qH.f.:0{$....@.,..7 b....fd..#[email protected].?tW..6
....%...H.H6....7..}..{...AYsi.^ ..-.-....w..y ..wYe.8>..\..cq.....
6.xx..K..Rl.?d-.f.hyQ].r...r.....WzA......} .. ..Y1..L|...5...M......!
.)G.G..Ek.......z.j... .rb..O (.B.............E.i.?....Q.|...L&Z.k.*2.
*.........p?t..0/F..L.......`.0F.....Dq..T..........&..d..`[email protected]..
;..c....gk.3"KG.(..Klw....cqQ...?...[[.....;G....q'....p......=..0....
.....i...h...YB.:#.F.8#B...7r..Ws.....R...!1..p3W..}8Sg"..B.$....Q....
q.TU... YB...]6..1wWV$.j=,}.s#...K#../._w=dD.....q..,....3..z....5... 
...'7.9.Cr..9....."...p6..QT.E.........O..=b.y?FQ.S.o..3....i....h6%.P
....}COt5%ZB..#....}QO...]E..F..%b...n."J.G.NH....)..y..K..K.b.(..
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=11468800-11775999

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:16 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 11468800-11775999/16670995
...<......L`3.j".s`.Qa0..x....u.....;b.`.Y....Q.....L.C......t...V.
....-..Q.cN2.......q.'".e..~u.l/.g.0E........a..78..f."4.IOf...Y.....=
...(j.^..y.........B{n..B.....Z.....w*._.v.."..FoG.....~......,=\./.Z 
.........q....a......&b..........G..e..."..B..?uu...|....!~......s..."
..............Tcv h..l.................Q.2....].......t......?.......$
...r.l.de....^%[email protected]&....{.^.d...:.....da.8r&H.../ .#W....#..z
...jI..C.$....>.&l.!.....d.....I......{..".?|e...m[...?.)......../h
..Ml..2%...N..a.!........?.P...y...._e~.%..wj.........l......).....d.`
@.].....4.`..~.>_N.}>..~....`.M._..F.y..}k..........E...>*..V
\..x.d}.,$..|<0xNfu. ^...;.e}....;>....kW..,.J.m).x`.;.....!....
vQ<...4.x`'....V.]r.)nq<..?.A<..K...;..|<..C..O/..?....z..
..W./R.....2.U..Bo>..........;.T.&.4}2..j..n......M.|...F}I.!..$.%.
,.l...P.L..hx.K....o..D......r&.e.DA.b]]s..i.|;z..../....5\`..._/60T,.
..d.LP.X.v.Z...p....9(..N....Z]X...V.........b.......r..0..."2(.PT.L(.
.....eCQ.w.q..A8.\(*.o..`.YI..$..f?BQ...E5..E.|..Ee.......q....2/.....
[email protected]...%..;.C.<:(..'q0........Y.?.?...%.....
..._4...~..X._L.XM.x.c.~....u.R.........o.>).S.b.....o> P>..A
........V.....?l`...K.|...8.N..$1.&O...k..4...i..O..s|...<.V....K..
..;....v.3. ...&B.FoxI....-Go7..Mo.}.......N9......)5R{.....n....r<
'h....\.~..Z._.9..7.z........./.i.....t...|.=.O|i..f|..E...../..../..W
.b:S./?......?|.\xu...r...B|. ...}2.W|.o...#.i.|..Mc_.z|......d.....w|
....................`.[.4.8]e._....Ni..P.h......~.....U..~.}R.....
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=13926400-14233599

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:18 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 13926400-14233599/16670995
$.Y/.#..$$.>....J...Y.;...}:.<..7......Z.9....].........0}.Q..].
*._..i.......t}p.N...J......~.;H.....T.........7.T..$g.m.8}4..1.h.!O.&
gt;Z].~..3uG../[email protected]^vG......G.U..B..z9[.K.-V-.t..
r....9.....,o.l......%*U.m....4....h.q(Y.x.,...g~&......h.}......!(:..
...S.2t...z.m...c......._.F..s*.>..R.E....J..CC.p'..gg.Mh.,9.>N.
.V<7.q.... ..E..P!,.....<..T.....)^}m0t. 6U..2(.b........0BzV<
;q...R....6..B.. .b...g..#...]...|QU\L.j}.^..#.R.T]...Kg|.5D.}...\..".
A.r?..e..D......Ft.e.... h.I.2..KCEEJ..oEd%.. P.._..V...M. ..~.Rv.]...
...`.:.'.6...u.Q.......0#.&G.Et..i....T.P.p5..R.].&Uc.%{...."6.da.*SCS
L,.v..QD....C[..........(....B....GZ.:....".p..ze..M.....E:...........
<~J..........".@,..?...I...A1..s..RiE%....9.6.....l.0 .Wl.Q.....I..
....~.zH9..nnV. .(b...}M..[1.Aor...']Lu.(........&.2Z....2.E{.[..[....
..t.k....H..9.SY.yw....*....X...Z.v..d>...r....r...j,]E.2.G.1;.H...
....x.....ux.3...l..-["....Ni.........E.|...?4Z.....&..C^=.:...9z.`..:
....d..Y.e3u.S....6Q...M.Q.!{!..Z....X..9..... J....C..{U.-*.G FP\.v..
_5D vp..BZ.^u.'0\......oO|g-.....:......F.G%...[.......Fq....2cIt..B..
@B..N0..r\ .Y...1.......=.nwD..sx[...>duB:....$.b7........0_.......
.1.uj/..lm.R..W.)....Tk....o..kXjQ6.'...\.}.!........ax=".BS.*.'.....d
 .....k.\=ex..NGm.yw.f...vi...;...iF.4.-.H.fdh..]...<xz.F.c......`s
...t..^%....YB.~.A.[...F....%........la(.28...L.._<.>.O.!..0....
{.."._#"...b1*U#O.....-.7.y......G"..K...e.....7a...........)W........
$..?.;..m}aR....#..7i....):@...XZ....A..xD... ..Lo..5..`......Vf.W
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=14848000-15155199

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:18 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 14848000-15155199/16670995
.........!.......9...y...*.Nh..o.?BP0^.#..*.....n..."...~.. v|..su..-~
...q...c.. [email protected]..">....."8OPP..x..3........|$....!s......
.......t.'....^.x....3.}.\5..Y......3...Kk.Z'...(.(z.W.#z.....?.7...\=
.#.{.C)...pY/|....#S.LGA?Z.L.g..;[email protected]
g. ......S....x..`>.....gt.G..V:..}............1.......?E........d.
*s.....iF..M......3..6.....v.<..#...Z..........N........A...z.....v
.|....F.....wo......A.......f;[I.E".4.XaI......x(...2.J...V.. X.`}.w..
.......\O...T.........i."..}|..L.;r .... (.}P.g.'/........y.....nN....
....4..q..yF"[email protected]. ......w..-$.d..r.3I_.
U.Q,4.."q........e..d.V~0.p...I.......l.-......X....[ wj!..........E.~
.......fz.g.p..G5...3.|....~K..["n.}.>m.s.. .\.A.Ct. ...B.....W/yL.
s..Ny.u...u.R..ds=.\O.:..q.....a~obx.3.:.....G..^%........!..D.......Z
....w:.)_.n....vz......9^6....... ..^..^.e(w.....#_.^.....-E.%^..=..._
U....q..[..3...-L|.g...Z\....~.dcWa...K....".t........O...YPp.g....<
;\....7.f............2...s..\O3.S..\s=.\O2......z s=.\ob..O7..\..?n%..
o.:.....T..y....c_,.vE.W.$<..4...^...1....T...2v.......k..#o..k%.{.
....v.?z....W3.I....9....'.......*...H......P.}..V..D.....k.D]`.h.b.z/
......3..........5.......0........v.......@v4....\*.k.X.A|..b.A.>..
...I........S...c.]..!...l....&.}x....Kh......7'......U.x.............
.U.c.......e.6..4...ci2......<,....)FU q.?...z..3k.\Z..#YEt.......z
AN.X..c..]..U......?...y....[=.[[email protected]..;...HE............f.......
[email protected]..~.<...........zoA.........>...z...../:.X.w`..L.
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=15462400-15769599

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:18 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 15462400-15769599/16670995
 ..`..n.O10..Q.f...<...Z.Z)..6Iq..............d.N..J<e.....f.,..
....6..&..b....l[...t .c...a.A.I....'.?D..]x.k..B\8.....z..C....V.SQ..
.g...(..M.O=......I.....(.....#Ac}...........r...<~Y........;..JF..
...0...R..z..x....4......1$d..b.b!cW..u.k.k........(-.z(*...R...v..w..
n%......v.Q........e..c.\.3..*(.....s~...OR......FMY[]3.......}.OIy.q.
..L...ik.UO.s.....CW._.:.4..&.e1..f.=....N|...p&.O\K_.0...........p..6
P#.<<...2.Zz.w.>^...c..`...'e.....X.o......meM.Lq.A.t..~4.b=.
....xD...f3K....z*..Q...1..A....Q......o."..AL.E.)....56.G.3.....M....
9.M.K.J..."..n.....x....3..R.y....X.n@.....{...w.Q7...!.....QBztX9R)M)
dAb>[email protected]..(e<~.....K.D.....{
qh4y.e...g....;.....E.N..ki.....G......XF.R.a]yq.a...-..|...... ...P..
4...v..A....I.na..JIs.@?I..0.(.H.pf.J.;b.g$FD.YL;.....?....{.k..ly....
.U..;.c.......R.a.....IE...SO...._C......7....d.6.^g`........F....w../
%...H.%.&i.^*E.$....).Uz(..%./t/^..4..L..>...bv.p.j.0..,6...`4.y].N
^..z@>...1..T=..(./.......h.A)...j,F...^...|.ON.C.j.B).u.......4...
...=....J..7`#...*...D...\.2jL.3...@}.....\.....&..9.<..:.G...Eb...
...G.....D8.... ...o.E.W.............1P..H...1.......c.8..<\..i....
.a....%. ..S...d....[RXt..S.z,{.{.`h!.lO.....Qa.`.u..#`.J....[ .?V....
....[.....e1..L..-...(*.J...5.%.D...`.....15.....Z..uf......L...8....S
.z.g....`...ze..E..J.R...b...*...RG.%.........}....IC....?.].SzadR.s&.
2.Z3..............o..t.r..k.....{W(..x.h..l.BPEMA7B..]..C.C,..$...$$.{
..8 cg.MR.).)<U'..._{.9.[`.`^".h.....:~.2 .t4.z......l....&K>
<<< skipped >>>

GET /download/5/B/C/5BC5DBB3-652D-4DCE-B14A-475AB85EEF6E/vcredist_x86.exe HTTP/1.1

Range: bytes=102400-409599

Accept: */*

Host: download.microsoft.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Last-Modified: Fri, 19 Mar 2010 16:40:30 GMT

Accept-Ranges: bytes

ETag: "b36f22e382c7ca1:0"

Server: Microsoft-IIS/8.0

Content-Disposition: attachment

Date: Thu, 06 Nov 2014 11:54:08 GMT

Content-Range: bytes 102400-409599/5073240

Content-Length: 307200

Connection: close
.9.vJ./[email protected].$;B;..z.A&..t5c.J.....W..!45. iW...>q...C..g.
.ZS....n.a.n..dF.1ayP)...>........y......\./....M4...V.W..U.t^.....
..UaZ...(......[$...._.]v...<.{g."t..u/...5A.A.....y..{.Z...).X.B.[
 g^...1...>d....q-oU........b-..J.K.$.J.....D..Wj..9....G.;........
$E5W...|.2.......@..|.....";]..(?.........7....|;...y7.X...1.DC......;
....W..-..E...l.._..3.._P.<m.....j...T..\..ff.6...S(..9.......Ej.B.
Y.O2. .Q.a......!L.U...<.8.oA...I.....M.....F....8..n...5..........
.T.;.4O.1...i...#[email protected]..[......$.l...[(m...h..Mb0S.yl....V.e.....
...#"........%..vK..x.=....8..._.v...YT.J4.=...74....Ph...3j....ni.K..
.-t..A.gu.....d......Q......J.&.d]..!]..n.....kr.F...3l.7S.Q#....[....
i......i.p.s..N.yz.9.$.....N....#...a,z..r.a...'.......$)].?4:.O...S.w
=F.l....T..,.r;oL'].P.L........).N2lM.v....2...R#..*8q.}.....\......T.
..0&.)...PE. ...'.`9..q..j.....y.).)R.9.J.~%..)......-....... I.......
..H.#.n...X.X.L......C`>...W.....f.._.Ti.c=.'8B..w.).......XB....P.
...2S*YqBo.C.L%......O....(.*....t..<J.L%.....4[.d...K..nG...w.|.n.
.........m."3j0.6.5.#X.%K.;.wrV..i.%J:...A.........2.*..{-YL.wG....r..
.1...fq..{...7...u.F.....".....Z..Mif..E..t2e,_..Rc..&._gq...L..a..$..
...c.H.....e.......~..C...?.....l...*.T..j..7..(...tqN.&..y......5.t.c
A....QJ.....\......C.m_.Oza..ko.U..6.G......1..aj`z.!.....A...Bk.p...(
a..c.f.L.`8.?.!.M...4...."D...X...KV..F...D\o..:..&(."..R..a,%..\`.D.e
.../o.............!.E.m..$R...........t...&@".&....E.:.d.....{N.n=.:x.
.%..1..]1.....b....b...k...OE.Z..;Zr..a....6...p.d.....y9.......{.
<<< skipped >>>

GET /app/Allmyapps/sha1_2.cis HTTP/1.1

Range: bytes=0-102399

Accept: */*

Host: cdnus.allmyappscdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.0.10

Date: Thu, 06 Nov 2014 12:44:54 GMT

Content-Type: application/octet-stream

Content-Length: 38562

Connection: keep-alive

x-amz-id-2: a6j9hHHgrkJE28yhm9nAnrY8At/uHzlwDc12PkFfkBDrLrJbs3HQe4YBCodI9ekG

x-amz-request-id: 0FEF152647E4DA01

x-amz-meta-cb-modifiedtime: Mon, 08 Apr 2013 17:23:24 GMT

Last-Modified: Mon, 08 Apr 2013 17:24:43 GMT

x-amz-version-id: fbkemmRK1RvyfBDPrs7YJ3r2q2R2SeMS

ETag: "4b00398fb7430564b677dbaa84a18e41"

Content-Range: bytes 0-38561/38562
CIS................7...............P....... ..4.n.hG.O.]....xL..xL...#
a `K...&..8....".8..1.1..g.u.m..f....7!U....8.bk6..8g.".........r..i{.
b.....p...`.:b..o.X.....A.D...0.....O.......n......7.@-Z;....^.'..-...
...G...%..?W.t..7..V....!.b.....g..t.........A.j.#<./&..dL.P....Q..
...2...c{_.-rK...C.m.u..i..PK.2.R*[email protected].#Y......!....r
.#............<b.}...........i.....\.. ..6.G."..{)O...y)4..j..."...
;..D/=C.2dLj.G.(.Zj.....Q)V.Jf...r.q..}.....:i..|...[..w6.....C..c..i.
.........i.>x..... }z...T.,.5.q.8..ac.......*c.T]_....... O>.~.s
Bxy....w`%]....%.K...|....l!.......ZK.)..H.I.\.....LA...i....0.^n.....
y]..K8..;Zys.....X.Cw....J,..zsV=]3.{...f.. ..........zH...Z.....Db.xx
P1.....M.\.jX......?..g|.......%I.!w.3.>...FC...........[WXF.u.....
.!.i....}7H\.#.z...{zm,.B....=..m.....^..9......5.....8.l..{.g.....|..
[email protected]..{D..J...pH... .c'.5. n;O..u....C.~?~......2.E.......{N......p
.Ot5`.*... .<[email protected],.*.._*.g.8...kn!U.....t.....&
gt;~s3..h..dN;......R1O..GL..K.al...c....M..Nam....{[.k.}P........I5.Z
..L_....C..B..^....S..E..3....b..............R.i..t/:...|..j..q...}...
.....#..........G..htj.,.6.K...,.._..q./ ..K...y....Z.....J.....,~..1.
1..9."%$.........S,_....S.0.U.b........h...(..........-.j.........8.Ch
.KH..O..}k...{.......b%....U.V.V.. ..k...W.7UH..W.l.....j].%..C..s..f.
.,@..|...w....^.0.2.h.Y.4pG]......:.t..#....Y.....p..b. ....FHv....uu.
g...9.hae.i"...(..?.......|.W...1W..I.7|,AxD..).G....S....W.%.g...Q.zD
.s#.P......4..<..&.h.N..d....4~ k9..;..x.C......7t..p&F{M..P.D.
<<< skipped >>>

GET /app/Allmyapps/7Zip.cis HTTP/1.1

Range: bytes=204800-263940

Accept: */*

Host: cdnus.allmyappscdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.0.10

Date: Thu, 06 Nov 2014 12:44:55 GMT

Content-Type: application/octet-stream

Content-Length: 59141

Connection: keep-alive

x-amz-id-2: 4lpZhYizfFOzyw9x4xkL1Jk7zMvHFNlO 2M9FjzNW 31T2gRjlOFmJh2fbkD3w5Z

x-amz-request-id: 4A99CFC2CF61B7C1

x-amz-meta-cb-modifiedtime: Thu, 21 Feb 2013 14:51:56 GMT

Last-Modified: Thu, 21 Feb 2013 14:53:11 GMT

x-amz-version-id: tAQu68xaMb6StidOKL5SUeRYxNY8QfTW

ETag: "b214141107c658106e9bdf8743dca724"

Content-Range: bytes 204800-263940/263941
B.c.....&.k8"..o..^z...,A..*$.hfs..[.H2..w...........6......q...M.....
T.**..J..6.-.p.f.q...i......(......-......X....]...":..VL...}..#.Q....
=.5...9...t,....^.......~3....?....1..V.Ta.*<.....9.VY..`...<...
z.../{.h..J'....fs.K}...B\M^...f.Y'.$31.%v..<..P.._........G....1..
....l....'6.j..._...............9..V.._]....n....!j....i..O...!.w..s.~
..;.(....m;N... ....e.U...T.F.{#&......C..j.........,.H..)..X[g...."`.
GU]br.n.}..%..\.$!...4.%.(.=...%...3F..4..M.M.M!. ^...EL..x.e>a...7
..<..W&.-...}^|s.[.l~...F#.,..p.gm..|V>.)&2.5<.........=.....
O:.!..g..j..........A.....?'.I6.....U.?.....R.....f<.g.m;.;....h...
...e.L.}J.Y..?.kN&K.u...I=....U....p...q.....[C....N8...bA(H.`..I..e.9
.3Lh.U..B\.)..3.~.6......6=:.....W._..zU....A&..x....z....vdc%.9#.e`.t
2...xO.7....yUqU(...U.3......8.......#S....'>U...eT....c....M>.^
:T.7U..n.....z...8...t.=.b...;..g.c...o.. ..z0\....8.t..>. &.....e.
.......AL.gu*/..~5....?.Sj.rD.(...."[email protected]..*..Y
...Q..*.......!.c.....X.m..>.......o..gk.......g?.F..H.. .P....<
...dQ.Z.Y...m...,.......-N.....|u.vf..B$B...\lR.'.......<.k^...^w.d
.....7.y..........O..^b'K.$.[^....t&..:ne.`,,...18............\.M....|
..E.\..>..n"#N/i'%a.G........V..KH6....m.~v.....H...y...)...7%)=. W
.p7x37j..<...4...N,.......K...U......:...oun..l.......O.B]j?....r&l
@Q.&.E. .i.>j..M.. .G...0_.....w.}...>F#H..ie.4..5x..?@}.|..e.@.
.#..or.......[...r^..n....,X8%r.{~.........K.Q.{..`m>G...q.9...d...
...J...P..%)..W..e~...h.!he5..2dB;.3C.X[[...........(..B....u./c."
<<< skipped >>>

GET /app/Allmyapps/7Zip.cis HTTP/1.1

Range: bytes=204800-263940

Accept: */*

Host: cdnus.allmyappscdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.0.10

Date: Thu, 06 Nov 2014 12:44:55 GMT

Content-Type: application/octet-stream

Content-Length: 59141

Connection: keep-alive

x-amz-id-2: 4lpZhYizfFOzyw9x4xkL1Jk7zMvHFNlO 2M9FjzNW 31T2gRjlOFmJh2fbkD3w5Z

x-amz-request-id: 4A99CFC2CF61B7C1

x-amz-meta-cb-modifiedtime: Thu, 21 Feb 2013 14:51:56 GMT

Last-Modified: Thu, 21 Feb 2013 14:53:11 GMT

x-amz-version-id: tAQu68xaMb6StidOKL5SUeRYxNY8QfTW

ETag: "b214141107c658106e9bdf8743dca724"

Content-Range: bytes 204800-263940/263941
B.c.....&.k8"..o..^z...,A..*$.hfs..[.H2..w...........6......q...M.....
T.**..J..6.-.p.f.q...i......(......-......X....]...":..VL...}..#.Q....
=.5...9...t,....^.......~3....?....1..V.Ta.*<.....9.VY..`...<...
z.../{.h..J'....fs.K}...B\M^...f.Y'.$31.%v..<..P.._........G....1..
....l....'6.j..._...............9..V.._]....n....!j....i..O...!.w..s.~
..;.(....m;N... ....e.U...T.F.{#&......C..j.........,.H..)..X[g...."`.
GU]br.n.}..%..\.$!...4.%.(.=...%...3F..4..M.M.M!. ^...EL..x.e>a...7
..<..W&.-...}^|s.[.l~...F#.,..p.gm..|V>.)&2.5<.........=.....
O:.!..g..j..........A.....?'.I6.....U.?.....R.....f<.g.m;.;....h...
...e.L.}J.Y..?.kN&K.u...I=....U....p...q.....[C....N8...bA(H.`..I..e.9
.3Lh.U..B\.)..3.~.6......6=:.....W._..zU....A&..x....z....vdc%.9#.e`.t
2...xO.7....yUqU(...U.3......8.......#S....'>U...eT....c....M>.^
:T.7U..n.....z...8...t.=.b...;..g.c...o.. ..z0\....8.t..>. &.....e.
.......AL.gu*/..~5....?.Sj.rD.(...."[email protected]..*..Y
...Q..*.......!.c.....X.m..>.......o..gk.......g?.F..H.. .P....<
...dQ.Z.Y...m...,.......-N.....|u.vf..B$B...\lR.'.......<.k^...^w.d
.....7.y..........O..^b'K.$.[^....t&..:ne.`,,...18............\.M....|
..E.\..>..n"#N/i'%a.G........V..KH6....m.~v.....H...y...)...7%)=. W
.p7x37j..<...4...N,.......K...U......:...oun..l.......O.B]j?....r&l
@Q.&.E. .i.>j..M.. .G...0_.....w.}...>F#H..ie.4..5x..?@}.|..e.@.
.#..or.......[...r^..n....,X8%r.{~.........K.Q.{..`m>G...q.9...d...
...J...P..%)..W..e~...h.!he5..2dB;.3C.X[[...........(..B....u./c."
<<< skipped >>>

GET /download/5/B/C/5BC5DBB3-652D-4DCE-B14A-475AB85EEF6E/vcredist_x86.exe HTTP/1.1

Range: bytes=716800-1023999

Accept: */*

Host: download.microsoft.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Last-Modified: Fri, 19 Mar 2010 16:40:30 GMT

Accept-Ranges: bytes

ETag: "b36f22e382c7ca1:0"

Server: Microsoft-IIS/8.0

Content-Disposition: attachment

Date: Thu, 06 Nov 2014 11:54:08 GMT

Content-Range: bytes 716800-1023999/5073240

Content-Length: 307200

Connection: close
OtI<.........he.cn...#$xL.[............A.E..c..}.......H...l.....m.
......X.Mea..\.....i.p$....i...Y.[m.......U..PI..........?..v...8.....
...t6..y.7....(.*.P .D..=Q..vO.....XeC.i.~.....w....Z...k..'.".].<Q
..........".S..............pmG...K..$.L........%s ....;.M...*4y..`t.{E
.....<.Z.\...K.U'.Mu....r...$.f......G..B.V.OI.^O...E..3.4..xN....8
i".x..(...Bn()..X?.U..............4sX)V#.Ex.........[.l...<#D....n.
G.8r.Q..dT].)....K:...(.....D..G...xb0...Wq.!..fz...W...y.6..Q.~b...".
,....F.]F?.p.....Os8..".j....P:.......(...)DDV..3:.E.0..x.......n.B.M"
s..~.I.M...E.I.p=...#.0..9E..a..hr..8$.I*.pA..i......m.ZS.j.........j.
.5..ee.y....=.h...6.....q..Q...p.............................P........
B.BH......"..........]......!..(.'..\.........(!!.....m.(.>...l5`..
....E...z.p.........H.....5...GDr..Yl)z*y[$oG...h_L...u....Q.}..Q )..#
.P.r.L.R..?..R..as.........j.QP!.......D.......u.....A.0h."q.<.T...
....Bp.b....R,.Z.....gQ)..x.(.........w..."...D.m....E..............QG
.........)E......^8<.r0H....e....2{..b...#.".&.9.. .<....D{G.n,.
...,f..<...j.>.9@D,.X&..Q`Xj;O....dg.x.L.`.W..`.......).'hu.obE4
O....s.tb.......[Oxd,.. ."w'.d<....m. ...A...._.....].~G.....i...fM
..u..h2....CJ...n... 0/gW....0.A....U.:.c,..c*.....g.`..m<.&.......
[email protected].}..1....2..0.L.9.....z..a. A9....D....ByLBB...2c....Bd.
............XL..g......6=2.8.6k.!).!......g..).x.oC..c]A.Q.../.h...60.
uA.tv.J../.. .;S...w...1.a..Nz..O..Z..........Y..I.@c.$...<Z....pc1
,.,.P9!..0....<..*`..1........a.OX..P.w..X..`S......%.|...`L..S
<<< skipped >>>

GET /app/Allmyapps/7Zip.cis HTTP/1.1

Range: bytes=0-102399

Accept: */*

Host: cdnus.allmyappscdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.0.10

Date: Thu, 06 Nov 2014 12:44:54 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: 4lpZhYizfFOzyw9x4xkL1Jk7zMvHFNlO 2M9FjzNW 31T2gRjlOFmJh2fbkD3w5Z

x-amz-request-id: 4A99CFC2CF61B7C1

x-amz-meta-cb-modifiedtime: Thu, 21 Feb 2013 14:51:56 GMT

Last-Modified: Thu, 21 Feb 2013 14:53:11 GMT

x-amz-version-id: tAQu68xaMb6StidOKL5SUeRYxNY8QfTW

ETag: "b214141107c658106e9bdf8743dca724"

Content-Range: bytes 0-102399/263941
CIS................K...............P.......9=fDN.y........}...>DA.x
K..Y.4.?]....H...H....#a ..C./[email protected]. .Q.s$......t*.iFTl~_...o......7
...7DT.)s..... ...c.....P. ......`;>..&...<.Yh.....f&z_9}&t.\...
...K......../...21KF.r!.....P......%U..3k.....x.....b.N#'g.1/..C......
#.].|........l....h.dW.e......-].,0.Z..x8P..r.....W...........l.f..!.l
..(.W...&.3..I..<=..>.,.f...R$.t458e.V.j6.C41.*.?..,..X...p..b.W
Ma.C....=...,%.]~.gQ...........B..:.....,.b^.....f<..<......I. O
...H.....Wh....A......{.s.Y.....Cr.0........|TVGf...1.131..x..Gk..K...
_...y.!.a.G..Ba..FB......X.#x:.y...^....r9......{....3..."@r8.......U.
.aED.E..ef'.jd......(Y..K.G...2..|.%]ksz.?.v.Zu..iF.QVH..Y.....(h....'
D....b..|.0.GM.kIV.R....B...k..........E....-...$.Q...TLn..w.....:.h..
....G...e......$Z.\1....: .|.k@j...........(......5.........z^....x.'.
(U....".....z.[..... ;ue.G.q/.. eA...F.....[....D.C....x.<...S.."..
X{?.............v.K.Px.xkFKa......MV.x...d^.........uR.qSeyw:....U[_..
h.(C.F...x]...p}....".=....c#8.Dv3 g..C...'......&...Qd].Lc...#n .PI.F
.....~!...U..A.q.g}$..~S.`[email protected]!......:w.........I...N.}.....h
..Q.J..fT..;....3.....  R_.Q..m..x:...Gh.pD..K. .90M....h.......p(.D."
..-.?5....<...7.n".~D-..`.....V.../.*....4....wlM....h..d....gJ....
[email protected]*.."..$..yzf.&,...)..V..:Mp....:=e.,
.G.....4.........e0]o....k..`&" ......X./f6.Z.}V...|>X..3F.b.]".a[_
..-w.....:[email protected].`...jx...$&4...s..0..~.Nd
.....H.IR....EI.G.,....l......`C...t...ot; ...t...`Y.&1L.. y....Hl
<<< skipped >>>

GET /app/Allmyapps/7Zip.cis HTTP/1.1

Range: bytes=102400-204799

Accept: */*

Host: cdnus.allmyappscdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.0.10

Date: Thu, 06 Nov 2014 12:44:55 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: 4lpZhYizfFOzyw9x4xkL1Jk7zMvHFNlO 2M9FjzNW 31T2gRjlOFmJh2fbkD3w5Z

x-amz-request-id: 4A99CFC2CF61B7C1

x-amz-meta-cb-modifiedtime: Thu, 21 Feb 2013 14:51:56 GMT

Last-Modified: Thu, 21 Feb 2013 14:53:11 GMT

x-amz-version-id: tAQu68xaMb6StidOKL5SUeRYxNY8QfTW

ETag: "b214141107c658106e9bdf8743dca724"

Content-Range: bytes 102400-204799/263941
.8...J.Md.....7yK.......M|S.h...Z!h.:A.;......Z&a..^`..6:M.(.i.q....T.
...Y..V...x...]o?$K..$...v./,"?kK.f...o.:.x..o3..h...Y........Q..Ux.. 
r...%....D.S..wo:.....q.....n.z.O..,....y..F...Jj...M...!..?h...a.....
xz.q4T...^..Gg....u[p.. u...".IMp.....8e.....#.Y.....S`./.n.o$.M....m.
T.....K...nP....r..&..v......n....e'.eg..-&.A...of...*...L....VFu...*.
..4r.*%../x=g...D..A....X.1.....<Z;}kf.e....@......|./.....m..P\&..
...8. .....-......IF8.p.....Li......2............k..x.=.e...N..e..'...
.....l:X...9..!...[...p.EJ......xp....*`...k..)..I../.....^[email protected]...<
;..{:.'1`Y...Ti...&.h.Z~gl.qfi.`wVK<.NJ.8.......6.:.Oe...U.!l..Eq..
..w).2.$qb..s.........B...j_..:[T5...5..!./.._.MEm2...P.?7......_1)..4
d...`>..'...6.......0>.4r..#z...\U..71.{....d.Y~...C.....ms,....
........ ..U(N..(..\..x...A.F......n ...T..g'..b.zqB...j.!..b..g..8.s.
..8.6..o.....L..N...|R..0qAa.gA.3.v..`c....>.h .9...9gT......I..#.;
]z'...o,..9P^@.C6N......[....W...........xG......r.>r.[...x.&.;.n..
...P..<....00\...J.M..GA.aV.c ....._...._..Q..,[email protected].!|..u,m3.5&
lt;......J...M. ..).Y.......m_;.....O.n.1..$^.m...". ..;.db)Jq..q.6.F.
.........k..Sku.<'....t.^^.s....g.7 ....Lv...E..V..'../.4...v.#..8F
...h.@G)....6k.v..2.PZ......d.........n.......3.8Wo. .Yf.......m.F.2..
5....X......#ZxE.R........<.\./p1..T..4a.^.`...")....WJ...@z?....'Z
..!..(...~..w.):....L............7A..5...........c...Q.-$..j.A.]...(.&
gt;..R"..A..sEoCS.r.aY...'....W.J..z..;[.3......v ...5..'..5........hl
.....H1..?`P..V..{....>..`t..../7....2#.oj.....>!..K...5....
<<< skipped >>>

GET /download/5/B/C/5BC5DBB3-652D-4DCE-B14A-475AB85EEF6E/vcredist_x86.exe HTTP/1.1

Range: bytes=409600-716799

Accept: */*

Host: download.microsoft.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Last-Modified: Fri, 19 Mar 2010 16:40:30 GMT

Accept-Ranges: bytes

ETag: "b36f22e382c7ca1:0"

Server: Microsoft-IIS/8.0

Content-Disposition: attachment

Date: Thu, 06 Nov 2014 11:54:08 GMT

Content-Range: bytes 409600-716799/5073240

Content-Length: 307200

Connection: close
B..X...R ....t$...C..X..C.O...e......JC...MS:...!.U.3.....:#...t..T..:
H.....$..xp.&.h/.T..sd.....W..2.hy.[..w......(..-!.E.J6J..h........^y|
L=.....8..W ..3........@..<.$(........T.....dB!.r..R..fg. |...|..Q.
{...._^E.k-.x=.7W..[J..e.t....|..._..X....Y.x...........yb=>[.d..Wk
..U..R.s.....J.&1[....1.......C....t.\pd..po.c..W....m.T|g.ue.?.)9>
*.J..F)P..9%k...;9....V?.</W............d2.....".N.3.....M".8.)zm.r
......,.....Z....U..N(.rsQ..y_m."_...<Z.UO.Q..7....w...8g....../..a
....W?...4...>m~.[..z/.....5.&..v..)...).....j....Y/.....F....MT..N
......6....B...b.B.k-u...H...&.%....A1#i.../^..$1..7%..Q.:}....gw.....
...,..u...[TK\...... o...9..R.f.....QA.KF..}.b..>k.>a..c..y.`.v.
.o.,...z..21.....m....\.u.....(....L..h..e.Cue....y.:.(..`...k........
........A....ug.Qop.c/.}....w......N.|.JwV..x..p36..b8...r.xyw.O...F..
.R...k.MQ....R.F.....q.kv..i:.?(%J.;y2.J0...`..g..I2.^.."...^..I=Wk...
. .....2.T.1......%.1...2....J'0s...I..B..{.G...6cU..2f..u].d....g.[.G
..e...f.E'.....M........T|.."J:%.......X.$.B.{...e6..~.u%.}....oQ.....
.._ek......O..T...LG'([email protected]{...3....PPv..!....c18s.L..jf..
}..4m.H.MP....Y.2.......tw.%..:.;T.S.sA)..P,{X.l...o..7...>...(P0GP
..]..m.......P.6.d.......=..rAimx.o.v......l.. ..;~.sg8.Q.v...........
`.....q....m.F).....B.O....x...&..b.C.....>..........!W.A.=...%...j
..%....Iu3..c...I6...'4 [email protected]}3...;.!vo.Z...ek..C..aXr&YPf...
..z..:..d...u.Or.3E.....2B).=AV.....:8.\Eg-..b...W0...P.n_p...p....H..
[email protected].'4|......-[.......C[k@g"......F1.....We..2.F.Gb.."d..r....
<<< skipped >>>

GET /app/Allmyapps/7Zip.cis HTTP/1.1

Range: bytes=102400-204799

Accept: */*

Host: cdneu.allmyappscdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.0.10

Date: Thu, 06 Nov 2014 11:54:08 GMT

Content-Type: application/octet-stream

Content-Length: 102400

Connection: keep-alive

x-amz-id-2: U2wCkZrc8  /iO04R8teDKNH/kzbObkJYmILgt8swBsUsDdaaye NVUebX7wnVJ2

x-amz-request-id: 4B8453CC910D351A

x-amz-meta-cb-modifiedtime: Thu, 21 Feb 2013 14:51:56 GMT

Last-Modified: Thu, 21 Feb 2013 14:53:11 GMT

x-amz-version-id: tAQu68xaMb6StidOKL5SUeRYxNY8QfTW

ETag: "b214141107c658106e9bdf8743dca724"

Content-Range: bytes 102400-204799/263941
.8...J.Md.....7yK.......M|S.h...Z!h.:A.;......Z&a..^`..6:M.(.i.q....T.
...Y..V...x...]o?$K..$...v./,"?kK.f...o.:.x..o3..h...Y........Q..Ux.. 
r...%....D.S..wo:.....q.....n.z.O..,....y..F...Jj...M...!..?h...a.....
xz.q4T...^..Gg....u[p.. u...".IMp.....8e.....#.Y.....S`./.n.o$.M....m.
T.....K...nP....r..&..v......n....e'.eg..-&.A...of...*...L....VFu...*.
..4r.*%../x=g...D..A....X.1.....<Z;}kf.e....@......|./.....m..P\&..
...8. .....-......IF8.p.....Li......2............k..x.=.e...N..e..'...
.....l:X...9..!...[...p.EJ......xp....*`...k..)..I../.....^[email protected]...<
;..{:.'1`Y...Ti...&.h.Z~gl.qfi.`wVK<.NJ.8.......6.:.Oe...U.!l..Eq..
..w).2.$qb..s.........B...j_..:[T5...5..!./.._.MEm2...P.?7......_1)..4
d...`>..'...6.......0>.4r..#z...\U..71.{....d.Y~...C.....ms,....
........ ..U(N..(..\..x...A.F......n ...T..g'..b.zqB...j.!..b..g..8.s.
..8.6..o.....L..N...|R..0qAa.gA.3.v..`c....>.h .9...9gT......I..#.;
]z'...o,..9P^@.C6N......[....W...........xG......r.>r.[...x.&.;.n..
...P..<....00\...J.M..GA.aV.c ....._...._..Q..,[email protected].!|..u,m3.5&
lt;......J...M. ..).Y.......m_;.....O.n.1..$^.m...". ..;.db)Jq..q.6.F.
.........k..Sku.<'....t.^^.s....g.7 ....Lv...E..V..'../.4...v.#..8F
...h.@G)....6k.v..2.PZ......d.........n.......3.8Wo. .Yf.......m.F.2..
5....X......#ZxE.R........<.\./p1..T..4a.^.`...")....WJ...@z?....'Z
..!..(...~..w.):....L............7A..5...........c...Q.-$..j.A.]...(.&
gt;..R"..A..sEoCS.r.aY...'....W.J..z..;[.3......v ...5..'..5........hl
.....H1..?`P..V..{....>..`t..../7....2#.oj.....>!..K...5....
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=102400-409599

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:11 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 102400-409599/16670995
N.CI.'J..`..a.0?.j.n....=_..m4Q.........w...e..............:..W....:.f
3..cp.;...W)@].>... ..."j........^X%...;(w..{.....>..od.K..u....
.....h..X....a!.B..(.....v.e.vk..2%.X&.U....B..NI.T....{..9Jr.L^.$...%
{..V...5.v!.^%a..@....$.0[..-mPZ..Z.....V..=......2.......p_.Q.$...s..
(.....e.v.!l...T..ei.!........m...y...........Sf..a.....V.\.T'.R...g..
.....xg..#{..$.YW.j......<@.....".]...]>Z.b.?i.j.p..fm..~Q(.B..1
n....m\.q ...IF]...#.C.`._.6. ...X.P........s...E..R.B.U,x[..-...[T..f
.(...>..zKg.9\.. .PN.{E.u.S.F1.*.KI.v.i@7K.%V...8....Q^.w...>9..
...........:..~.y?}Z/?m..C..o"..H...N*..e.j.}.R.....h..z.?S,...Rr.....
........J..{.G...(...d.C....J.o.......M&1>d.#..C.U<..].u..%.....
.GO..R.....y.A...A:.qi.[8.I.b....Pg...i.o.q..n3...^.>.h)....O...H..
..VJ.....*\20.,...4..jA. B...3.... ..A..>wO......=......C.....1;U&l
t;..W..'.[..g.s."@.wa...0^........J.^9...._i..4........l/....W.>..S
..O..l.;..X.13....([email protected].)#........fnI.D5...tH...#c.._..:..Qz.
iK..l.....n...-D....G........P....{.....4j.......7.BB...A.....!.&..rP.
.d.......^...cA-AE.....D..eh....v.x.[./"..x..W......K..e..O..9........
.!.. .%?.*.Q>A.@....`.........l.'...dp......Fs.'n......,6.E....3..\
l....n...7...EV..j.........G.....Vw..-FU .M.T..J.....(....Pn..E.J.....
.1Vp............F..$..B......`..r..........uq...u..._...=c.....K~..G..
..}B\.32.....4[.Hj6Oc-.q..6...*.....MX/...*...../.A<#.%x:..s...:C#.
...@. ..........X....tA......H.*{<..J=....O.V.M...L..n=?j.{\.=....J
0'.....R.?.Gb....&..S..........9...0a..OO..rV.%W8..cj....FU.Nn....
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=716800-1023999

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:12 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 716800-1023999/16670995
....l...C..Y!k2.^....%......6..M.}6........f.....z(c..qB............!\
....fq..3'kL.Pbmz..j.......^.M.6._t.r.b. ....9.6G.`_KJl&r.0Q..r....A..
...[..-.....r.].B>uH.0.......IG..?.....{x.cG....Nu.8. N]Y.. ..9).*.
..Rm*..Y3...w.....Q.Qo.9.P.],...=yFC4..`....Y.DF.5...ar.2.wbX..E..)}f.
R.......c.).*2...D...T.9....[1.._.<....4..?....{.rP..5.F.@....[a...
...<,].\...._./V...b..[..Ex.p..w,..Xo.Z.$M.b..n.J.L....^v.S.mh/.`.n
....>&.y.....ii....m...f.<...6:f..X..K]k~S.n^.....v|..e.[.0.....
.K.3..K;..t..t.%....af....p..f............ 7..U%k....hj......../...*~d
S.*....U <.n.Ok..^.C>].....WB.._`. .|..6...-}.....^...L.U.d..l.D
K.9e.?...|..}.?u&q.( M.....E.# u...........4*.....}..l.D..bLC.....}.j.
.7.].{..J.T`o,|.}.nv..4..#..lS.?....`...........WY .....5....}o......{
.4M{..-a.7.....M. ....xX.W...#.d..q..;..{.x:..9..`]".8.=.....>....R
..)......MEm...9.-......../e.o...;....:..9Iu.e...W...x;....\..;9......
T2...s.....s..Hk.........GMep#....M..f|).)...2O.Z..Hs.......~~*.....e2
.K.r.9^.GF....(.#....l(<!..CvS..G........0.\L.;.b.y...x..^N....-..k
R/.-..y......C\.LvG..O.;....S>..lv...s.....D...B. v$...r.jT....Q...
h{[[email protected].`[email protected]&.H.;.A...b.,..<....J.}:I........^........
.....x....\w.^....hI..7"Z.BD.........?s.P..S.G.l.......v....1di....w.M
cUx<.8..:^.T.y.^>..R.(....G....T...4O..R0.*.l.@..._..#Q......-.'
.i..t.4.u.u.........l.c...A_^..j..!.b....-..&.A9.v.\&\{.U8W?.E..l..8}"
.7W.h<#.....]*...7.a..1A....2'.....:S....w.. ..N...=~....xg<.w..
..E.v.\..-u...,....G...q..k.$..7....m....o)0.....=9.......EHC.....
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=1331200-1638399

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:12 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 1331200-1638399/16670995
M...`/~[@...;....lDBd5...a...lp.....@?...........\d..B...;...l......&g
t;.=......|........x..7SR..U.k}%.'ic..T.....D.Jk..co.>.H..!u.,o...1
.9.....&......d...rX..F(....o..@.!dr0....^..s.=O...:..=.........$J .{.
.O.2.....s.ot.,..0.,[.[4.,.N...j.Na.x...f....N.. ..;.L.....m#...B.bI&|
...<.<....A.xz@."':d.!...9...%Jc....Y. .Z..R.n0.....;f.... /.d..
.Z;^9..b.P.K....p. ...7..n.....%.#...d6.. ..}...04.QCq.j..-....]P...I.
..1..~(._6B....\..rDE....on.....U.r.DJ....mL.z..|.yu_(..`.S1..*.K..*..
.f.v`..b.sk...6......}y...O*....;..ol..._..{.p....\[..@....@A....%?.My
.Yv... }V.4k.f..U.i#.......3f|.?...j.g...z.......[.'!..lpd...o..M..i..
.]4.@.$.....!.~.K..}d..02^(.H...7A.;&.NN..(.E .....I...8.y...rg&9#.H..
#......).<>..........]^.|.l,.X.....%.0....u.....UX.e\-...n.1....
.D%8...b./h6.H..&W.-B...C.......H.'.s...3hb.....0.N.1<...[....y....
..z.Jh..JE..Z........I..f\i..W...B4..xQ.$..:........P.R.2.i'......I...
...U...2.R.s;...A.........k.JrmU(...J...d...K<..A...M8..e..3..?A...
.d.5....... ..^.M ].mJ.P..M.oMK.....J2<......Q............B^...p.?.
........8....t.Z.......g...........@..*T......:.H....XT{....\.B.A..]w.
.....5.....D$oe)...X..P10...rL(;..Y.@....(Ow.Y..*.......w.c.-6.V.....d
t.#....t...*5.\x.8......H..... zn....KH...M..<.x.X....f............
..~O5!W{.5.hjhp...)~".......@..)5......i..>gpP.....E.&........`L)..
...;...M...y'.}.J....~c...z..K......2..[[A.N..Ny.bk......L..`g.....:..
Zx.03..{[.;.I..9...8.....l9j....t..5.Go.@..^1.w..O.fM.a............x#.
;J.6.Q...]........c.}../[h....j....5....0i......2. p.n.J.........&
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=1945600-2252799

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:12 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 1945600-2252799/16670995
....2%.B^UM.{..*..r.j~....96...3OR.r..;..G>r.s..W.....u:..SY:|y|e..
L...g%..R%3G..>S*.'....)..2t.YB.).@..|V.*....$.d....-.m...z5.~....{
O.5z.U.....K.-.Y"K:D.OI.p..4C..X...Pi.d.#.2d..*....Xd[..X.d.;.zI...q..
M.c&.<..un....L.... YZ.,.L:.&...V...t..(.~l...Z...1-...xRfn..2$c.V.
.B~?..O...m-...d..R...l...}...j< ...|...&...J9z...$'?Et'.V<.p.~.
~]...l....Ih ..n..lt......)....Z.).Ze$....Id.u...Nd.....R.*.......wk..
.]..R...Z.yhe*.4wc...Ov7.H.F..w............<.....u....V_.z".d"~_.X2
.J....=)2...s.;... Df............R.....(Ph...U...BEj.~&R.;.x.3..{...5.
<.`.i.......).B..?nN....;..TbM..B),%5XS...SR.J.N.L.*M...wMOS..M.IN~
.n2).............6(../..;.O....;.Mj.h ..S...w..j:ME...s.u2h....fR.5...
.I..w.T...O...D..1.....0...f>....~1u..J.a.Sk.O.H{u......yn..$'..(..
.A".`v.!E)m..b.V..2.2.....#......"...w^K.qI..[..VT.....o..\..%........
{1.H..K........c..(.|....*j0.$.c._)....Im.hp.]-.3...9.`C..l4.. .dj.TNg
...-...3.Y.cE.=g......;.........Y.....Qb./._y.._?..J6.K'.z.e.}....9.z.
I....?...% ........hK;..x.'o.-..d.......}..J..EYE9......?.6$....^.(.$'
9..!!...,....wV.We{...IF...Z...5...Ur:.|Lz5]*.Xj...D...?r.o:..3{>..
F...9).Ue...5..../r.Z...N.....r:....T...'3N.i].$..TLy[.....=.....Y....
C].5..kUTk:..k.d.Tf....4....s/s......L...z.E..h...Bn...>.<...ON%
Y.Y.<..W.N3?6.7.......i.)B..o.......s s.f.v....].gx>F|f..K...Y.\
...W...9.....x..u.....j.V.Y.....s..:HL..........7B$.b......\..y.w]bbb.
..y....>.."K....^.....F;W.\%....E...{..q.....W...WG=rJ........4Mx..
^=.waH|=IH.j.n...6D:.d;f.....7d.q...95....I).r[......f..J60k...=..
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=2560000-2867199

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:12 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 2560000-2867199/16670995
..I..8.S........r..p...F)..>FQlme$a.7W ..N......F.D...B,..c...M.z.u
..}8...J.;....|....E5..jk...W!....w......|....X.z5|..;..*a.lBnV...kCyi
...A..M.?8.GF..w.j.y=.....}X..l.).CCS'B.!....'.Ep.N.. .qh/.{F.b._..L.]
u.V.Z.%..........={......k/f`K.A.........`nm..6..6kWK'.V...p7...\..s..
..s.Y2..=.8......`..<.h.E_w...z.H/..3.....@3.._...>..:./q..`.._v
...[..V.E$........(.k.:.:.J... .c~E..7..8?...>...aT^..HAY..._...Xk.
..X.h......i^dO..e...............7...w7.....*...D#....nx.8....n....r.n
.Dbh..!........w........le... ...i..a.9..Z......,.....!.xQ.#.....%....
..x..~...A..c..a."#.iVN...1..X.....)..,...S..VU../.Js.......G:B...fW..
 ...Hh...X.4v.9...i.V......|Xx.|...cV../...............Q.Z.B.m.fU.....
W..fc%.1x.Y..(d.De.t...W"=......6c..9..(A~Q.*....B....P.....AIQ!. *...
...`R)...!,:{-b}....%.(.e.o.eW!........./@.[....3.P....l...(Z~..V. .}.
.o...dQH.-G.p.uWa....?....,[email protected]*....K
7.s.pt.V.ew....F..nl....k...7.a......|.b..s1.v.c....r......F."....{..6
...Y>...Z6}....o...e.Y..(....>.,......n.g..s.=..V..o.....|......
...k..e.%/...k.....l.T.f........Y..#{....D...&..k~....?...W....;|n....
.....k..w..]<...3).a?d!....PPV.o~.3xc..!u.......#<..o..o....B...
Q..|._.........~.....N/_....=...DU.wF....7....n....t ..C^....GQ\]...8^
d..m.1.b.<.......R.{N......I.!.Z.......otV..|,bg.................. 
......_.2.:.,[email protected]...#x.`..s......=/....o........b{..>..u.9ULe..8.
....{vn........o..s............;.....O...f...K..?...q..e..y ..........
.'............q...`.....A.f.....e.W.^..K..........F...X.....Y.V...
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=2867200-3174399

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:12 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 2867200-3174399/16670995
...;B*..xD....e.s...2....k W...c..:0.....WB....D...7Sl.%Or.W...5`h..).
|4..o.C.N.B.!t..jIRh...GJL...Ra....3ry....Et.... ..N.....0.f.s.S.68#&.
t6.Ep3.k....g..#..MZX............:..[-'t..oL.....$...t.9..0..i...XI<
;.........).......t..TEB;x...9.........Ep.s1....h.~...0{.|..Q.Vh..s.F.
.W......@.#....*...Ou.C..Rw...JS......uX...[s..O8... d.[.Wx....>q..
...a..O./.......d...'.....j...N.Kp..D...\...... 7.T.c.~...Z...#.'f..WJ
...].Q...J...${l..i4D.6......[.....4...,...<.=..............O....!I
..B.f............... ..XKu.a...r.......IA........!...`-. ...`6....p..2
)G,[email protected]{...&.....:...}95.Z....Z.....e.9.H......D .<k.Jn...B..[\
.&..A'.......9Gn...>.. ..T. K.....G"..[7..\.x^.C.xJ.!....z ...%k.7.
[email protected][[.\..1..X..L..Y.U.iR_.'....R....P.....p....C..^.Dj......
XA.K.:..1....g...l.K...s0.Ufh........c.....f..."=t.<.bB....I......Y
v.s....i._..r.7.b...h..V.....N......FK..6..xj.i.e..i...*h"...Y{u..Q...
..i..<...kml.n.....xa.3).Q$=....l..(K.>9.u...W...~..../87OP}.@j.
.j.Ym.<f.. ...~FR..=..S..I9....'.H....R..|........6..?.....$d......
.I.lP..7.....$. J.....'.......[...c..- a..S....|.[...5.z.............E
.E.5....)._\4.S....rL.....?.....[H....ja.B..d.................._h....!
..S.. ..u.......z........$}.z..7.`..v....7...........B..`.S.uV...6.? .
k.._P....b....*.C.`..R..2...F....9..).......?..>G.-{d...w.....y....
.p..?G<v.....{..w..z.O\>....2......%....H.....H...,......Qp.....
.........~(B$.....3Y..".!3...`5.M.......uD,.rt.J'.2.(.................
...K..n..../..-..;..~.....G'.z..'2.....N.L\..>..h...`&.>.8..
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=15155200-15462399

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:18 GMT

Content-Type: application/octet-stream

Content-Length: 307200

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 15155200-15462399/16670995
:.3...c.co...".%..h.K.....*.[..UN.AGT..8%Wx|.@.=..#....1._..5.M>AJ.
.,....x.}3..g...o.....90U.5.V....d&...I....s..=../L.di...I.b3..l..<
T....u.&..Y<3,..R.9.je....x.!&O....W....n....C..A......D(.`_.. ....
.z.;L.........o.....E;&..K.V......x..E.R......wd..I.mg....{..*..6.....
k..............4....uW....z:sZ.B.Z.N..r...0..........o.......b2..)O..9
B...2.Z*................:FaI56y..N......u;?....x.5W#kr.L.^-...L3K.$...
..-....r..~.}...7./....i_.gj....t.....9.........e.Z.&...........3..WN/
6.0N.....4f..;.I2..M....l.`.P..;._{r..^*y/[L ..:.#..-.R7..b[...'..Fp..
h]...I.6.>.....;..>.I.h_.|.t].93_=...Q..gi...s}..._C:.. ."...u..
. ..../.r.x.c...qr...9t.....9:=.=..^...v..>...e.v....-Z...L.$."k<
;%!.}........@-. ~/&M{./.){[...S..5.....^.tfC...o..nq.p..(.q.....G....
..c._.w..<...|....A%..X.~.!........G...Sc....m*..8D..6.P/..<...2
9,U.][email protected].....!.......l...#...vtf5..N..x.F...
..6&.7(R..Cr..Vy..P.T...Z:.0x...\....8..n..>;...o.......I..O...6.v.
........Y..!.nK.;.{....ms.1L....U..e'..6.....G.M4;...kRuH6G..-.C..Yp..
|............l....b..U..n3.z..Vf.....a.}.v.f....xuX[u.....a..<v'.}.
I-.5FhG..v4..m~m...-.m...L5.l..mW.CM....V:..&.CR.dE.; '......@5. .PJ..
....q.s.`..Hr.....P..U.G."..`..w..Y.....d.{K.|/......`y.K..#k.@.. .n4.
...s..O.F.,n..... [email protected]..=..l5.e4....;......
....^j......F..:k..g..$..n...4....m.;w.AzK...Y;... ...N.....,8$.....K8
..M.5...A..DY.....l...1..c...r......n`X..n.[$....m<.U.cW.... ......
...!...2.v.6.......\z...X..3..H.Z.......E.W. ..w......i..N..`.o...
<<< skipped >>>

GET /data/desktop/Allmyapps.desktop_2.0.0.30.pk HTTP/1.1

Range: bytes=16384000-16670994

Accept: */*

Host: static.binaries.allmyapps.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Server: nginx/1.6.0

Date: Thu, 06 Nov 2014 11:54:19 GMT

Content-Type: application/octet-stream

Content-Length: 286995

Connection: keep-alive

x-amz-id-2: xY8I49D6nQgKL ZPkJdV0zNbd9OU1sF8O/q1Di12J8H6ZsA J2QKUBNmeU WwQi4

x-amz-request-id: A594FAD4BC0F72BD

Last-Modified: Sun, 28 Sep 2014 18:08:37 GMT

ETag: "63bd9bf224f80c7073594e7741ca5993"

Content-Range: bytes 16384000-16670994/16670995
;j`)...,......c.~..V...........=z..Un..:.%.`\..QA.........d9.....O.}..
.....S-$.!z...<...C...K...%0.m..1.z...b.S.=....~3^..L..I:.....4....
fp.u....>e...........qV....E.3.....`#b....xL..........*..9......]1v
.)V..LP.41.4.h...^..Uw....3..\.#&...%.Y..^.R.... .v.\.......O6S.....W.
.W<#<...M...*..~D..Y\....c...M...].. .0.......&...dG5{.Q..?.uO.y
.2x.j..{z...;<.H...J..!...b....,...m-...F....m:..S%....2B5.F......v
.!.Q..j...~.N...........5(.Q...B....]*%...j...~.|.H.o...,.~..o...t.n\s
*.1v..rq....:..r.).u].6.B.c.&....t.>X...%..)>.n.x.....!......t..
../.J..4.Yx...0.....EZ\.C.Me,"....;Yu..b.C.....NL.......%.\...-.B...rp
.~._~<....,.^(..1..c....}...5...j.........>vd..u^...@...?.."..OH
k...w.....?V.........=....X.......E._<..6....L..q..F.M...$4..qP<
..?.H..c#O.X|.....B.U...~..D).'x..b.p.B.9.......B...Th..X.>`..P.]..
M...y.Y...s.(|....[1....x..........L..Z[.HM2.<...W.L.j......PN5T1!.
...b*. ....1. CG.%L...6...z..u....F.......].]...U.J.l.............B...
P.r..O.> ...-.6W.|..'jQ:...P...*...>.I.P..3.TA_.]X./l..x3>?}.
.Av.~.zU....^MO......7.<[email protected]..'.E.......q,....O.
..^..,3..o~S..~=H.I./..B.....U..(a3.(f*[email protected] ..P.....h{....I.
.....L)3.&..=.K.H...a..(.....>..'.0...?kn.t..iR5M..UZS.......e}....
c4.....RH>.....Z.<7<..9.....|~/C....W.1...<[email protected]#..0.
..Uc....(<7.....;...$.z.w..........z.<..".I....W....t|y......}t/
@W;.A##..Us.i....?b.4l...k.].n.....M....D.3...t).N...n._...;yz..B`.=.R
..).........%...n..~./.i!;./.X..x.....|..e..xnP.*...K !..T/..(....
<<< skipped >>>

GET /download/5/B/C/5BC5DBB3-652D-4DCE-B14A-475AB85EEF6E/vcredist_x86.exe HTTP/1.1

Range: bytes=0-102399

Accept: */*

Host: download.microsoft.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 206 Partial Content

Content-Type: application/octet-stream

Last-Modified: Fri, 19 Mar 2010 16:40:30 GMT

Accept-Ranges: bytes

ETag: "b36f22e382c7ca1:0"

Server: Microsoft-IIS/8.0

Content-Disposition: attachment

Date: Thu, 06 Nov 2014 11:54:08 GMT

Content-Range: bytes 0-102399/5073240

Content-Length: 102400

Connection: close
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........#pA.B...B..
[email protected]............
..............PE..L....jkG.............................c... ..........
. ..............................hzM.......... ........................
...........................RM.X........... "..........................
.....&..@............ ...............................text........ ....
.................. ..`[email protected]...
..........L.................@..@......................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................l...V...:...".............
..................|...................................(...r...d...T...
....*...........P...j...................<...................\......
.................................>...L...^...n.....................
......................2...L.......h...p...............................
........(...>...L...`...v...................................N...>
;...,...................d.............................................
..............z...,...<...J...\...|.......N...Z...d...n...@....
<<< skipped >>>

GET /app/Allmyapps/sha1_2.cis HTTP/1.1

Range: bytes=102400-204799

Accept: */*

Host: cdneu.allmyappscdn.com

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Connection: Keep-Alive

HTTP/1.1 416 Requested Range Not Satisfiable

Server: nginx/1.0.10

Date: Thu, 06 Nov 2014 11:54:08 GMT

Content-Type: text/html

Content-Length: 615

Connection: keep-alive

x-amz-id-2: QD78VDKXUp8HOT2YA1OM0KJ2YPBqKn4WuSsd40nbAquSaEFsf/6eZcnPLcU0ff0X

x-amz-request-id: 231017D0305A216E

x-amz-meta-cb-modifiedtime: Mon, 08 Apr 2013 17:23:24 GMT

x-amz-version-id: fbkemmRK1RvyfBDPrs7YJ3r2q2R2SeMS

ETag: "4b00398fb7430564b677dbaa84a18e41"

Content-Range: bytes */38562
<html>..<head><title>416 Requested Range Not Satisfi
able</title></head>..<body bgcolor="white">..<cen
ter><h1>416 Requested Range Not Satisfiable</h1></ce
nter>..<hr><center>nginx/1.0.10</center>..</bo
dy>..</html>..<!-- a padding to disable MSIE and Chrome fr
iendly error page -->..<!-- a padding to disable MSIE and Chrome
 friendly error page -->..<!-- a padding to disable MSIE and Chr
ome friendly error page -->..<!-- a padding to disable MSIE and 
Chrome friendly error page -->..<!-- a padding to disable MSIE a
nd Chrome friendly error page -->..<!-- a padding to disable MSI
E and Chrome friendly error page -->....

GET /data/f/a/facebook-desktop/icon_48x48_icon.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: static.allmyapps.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=2592000

Cache-Control: public

Content-Type: image/png

Date: Thu, 06 Nov 2014 11:54:10 GMT

ETag: "4c87b5c0-b41"

Expires: Sat, 06 Dec 2014 11:54:10 GMT

Last-Modified: Wed, 08 Sep 2010 16:11:44 GMT

Server: nginx/1.6.1

Content-Length: 2881

Connection: keep-alive
.PNG........IHDR...0...0.....W.......IDATh..ZK..W.=.VUw..|3v....Ol.8F!
$!.$....D..F. b.K.,X .........E.,FH....(.R.c$.%.$...;...d.g..S.{Y.WU..
g...=.5.....s....zHU..DDKKK.....i...z..^8....#D....3......T._.S.../...
.|.r....j.....'&&...{.........~.....v..]..O...\<p....j...OD..O.9..1
.....>."...........6.........'.../,--..H}U...~:H.d2.....5...4:.. .=
tz)..>.A....s.!.94.......].}....~.....LUc...(...s....}?SU.{d......t
..dP.O.%.P...E.d.pc..OX.kb.F..`.k....}..3g.$.n.}[email protected].).[..f...|..
T..8C.K..S.i...d^[email protected].>
;.Y.cAXc..?..=c.....x....l..Q..c....HR....k.....".Pp..x.Ek~..^..M.OC..
.........t.../L..G.......O6k....a..CT....i.. .<?.2.....q...e......@
7.ph.8~..#h6..~?N2.([email protected]... .fd......X.%......rT`
S..N..|....L.D.Q.G...\.|..._=.....nyZfF&.1.<.65....9$....-...\.....
V8.`r.<..?6{[email protected]..!f...j.TI@.>$.z...R.Us'..T}.f.....v5w
........_F....D..%c..%6.x..L.1..:.r...j......?....5<4B.....].......
<......Z9....u...n..F...-UA9I87..U..... ..>....x.b.....x...J...@
6.(...&...;{......o`c...^G.. 2P.y- .  ..\.....*..I*...6..&..I.uS."...h
.>.B.....h.o.............E.EX_k......5.5..6B..:..... D..(.(.....n..
.......L.{......c...6.(.........u.....1.....t.9S...L.bf01.4.......f...
.j.. @...j5.j5.>...[..........&..<B..4...........8.~....D..cx...
ls...Y.2..p..Lc.....0.M b......1.D.......V..g`.......`........d..d....
..`&.l.!.A.gE..x#_...CVf........../HY..!Y..LG...?...1..... *.|..".. ..
.D..._...,[email protected] ....p..g.........?..]
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

.idata

.rdata

P.reloc

P.rsrc

.dll3

kernel32.dll

.DEFAULT\Control Panel\International

File I/O error %d

lzma: Compressed data is corrupted (%d)

LzmaDecode failed (%d)

shell32.dll

/SL4 $%x "

" %d %d

Heke Setup Setup Data (5.1.13)

Heke Setup Messages (5.1.11)

user32.dll

oleaut32.dll

advapi32.dll

RegOpenKeyExA

RegCloseKey

GetWindowsDirectoryA

MsgWaitForMultipleObjects

ExitWindowsEx

comctl32.dll

<assemblyIdentity version="0.0.0.0" processorArchitecture="X86" name="Setup.exe" type="win32"/>

<requestedExecutionLevel level="asInvoker" uiAccess="false" />

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted%Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'

Invalid variant operation"Variant method calls not supported

External exception %x

%original file name%.exe_1212_rwx_00404000_00002000:

.dll3

%original file name%.exe_1212_rwx_009A1000_0012A000:

kernel32.dll

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

EVariantBadIndexError

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

.Owner

EInvalidGraphicOperation

USER32.DLL

comctl32.dll

UrlMon

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyword

crSQLWait

%s (%s)

IMM32.DLL

AutoHotkeys

BiDiModexE

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState

OnKeyDown

OnKeyPress

OnKeyUp 7

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

2301654879

A`bng`@ikc-4,uUxlxs-4,Ht.HA

Vh-0,Cd`jiVhlxwd-0,tLcibD.ZP

TThreadExecuter

TScanAllWindowsCallBackData

Portuguese

i\*.*2XE

i.dwcnhE

nmhpjhc03.fcclJL

i.ulzn1E

powrprof.dll

1.2.3

THttpTimeOutThread

THttpCallBackShell

Gx-21,\igh]ixyj-42,M.DJ

A`qjz``-0,ZkdkNgij.pc

Kcqjpc`-0,Aaj-1,gEdafa`.pM

hXXps://

hXXp://

https

SQL error or missing database

An internal logic error in SQLite

Operation terminated by sqlite3_interrupt()

Uses OS features not supported on host

2nd parameter to sqlite3_bind out of range

sqlite3_step() has another row ready

sqlite3_step() has finished executing

Unknown SQLite Error Code

sqlite3.dll

ESQLiteException

TSQLiteDatabase

TSQLiteTable

Error executing SQL

Could not prepare SQL statement

Error executing SQL statement

select [sql] from sqlite_master where [type] = 'table' and lower(name) = '

Could not prepare SQL statement

SQLite is Busy

SOFTWARE\Mozilla\Mozilla Firefox

session\urls_to_restore_on_startup

DoSetChromeHomePage AL=

SELECT value FROM meta WHERE key='Default Search Provider ID'

SELECT short_name FROM keywords WHERE id='

UPDATE keywords SET sync_guid='

UPDATE keywords SET instant_url='' WHERE id=

keywords_backup

DROP TABLE keywords_backup

CREATE TABLE keywords_backup AS SELECT * FROM keywords ORDER BY id ASC

autogenerate_keyword ||

SELECT id || short_name || keyword || favicon_url || url || safe_for_autoreplace || originating_url || date_created || usage_count || input_encodings || show_in_default_list || suggest_url || prepopulate_id ||

created_by_policy || instant_url || last_modified || sync_guid

FROM keywords ORDER BY id ASC

RemoveChromeSearchProvider - cannot remove

DELETE from keywords WHERE short_name='

RemoveChromeSearchProvider - exception:

SELECT id FROM keywords WHERE short_name='

Home URL

Amazon.com

eBay.com

Merriam-Webster

Suggest URL

Opera Preferences version 2.0

; Do not edit this file while Opera is running

Key=c

Suggest URL=

HNetCfg.FwMgr

HNetCfg.FwAuthorizedApplication

]DKizHi-4,exc-1,Hc`hk-3.GI

6?0N2=.Lq

;768>1-80

005345000000

000000000000

000000000010

000000000030

cabinet.dll

Reporting failed on first attempt, second attempt is cancelled (finallizing)! Url:

First report attempt failed, going for second! Url:

The report failed! Url:

Successfull report, Url:

TUninstallExecuter

TUninstallExecuter can be created only once.

CJ[hx.Xu

Downloading Bundles data from adServer on url:

BND_HTTP_CODE

&ExeChkSum=

Report main param:

Report param (pkg:

), exeName:

GENERIC_WINDOWS

NO_JAR_SUPPORT

ole32.dll

olepro32.dll

IWebBrowser

IWebBrowserApp

IWebBrowser2$8

TEWBWindowSetResizable

TEWBWindowSetLeft

TEWBWindowSetTop

TEWBWindowSetWidth

TEWBWindowSetHeight

bstrUrlContext

bstrUrl

OnWindowSetResizable

OnWindowSetLeft

OnWindowSetTop

OnWindowSetWidth4>

OnWindowSetHeightp>

grfKeyState

TComTargetExecEvent

CmdGroup

nCmdID

nCmdexecopt

hhctrl.ocx

URLMON.DLL

SHDOCLC.DLL

rcmDefault

rcmDebug

DontExecuteScripts

DontExecuteJava

DontExecuteActiveX

DisableUrlIfEncodingUTF8

EnableUrlIfEncodingUTF8

CheckFontSupportsCodePage

DisableSubmitUrlInUTF8

EnableSubmitUrlInUTF8

lpMsg

PMsg

pguidCmdGroup

TTranslateUrlEvent

pchURLIn

ppchURLOut

CmdID

pszUrl

pszUrlContext

szPassWord

ErrorUrl

OptionKeyPath

OverrideOptionKeyPath

OnTranslateUrl(k

OnCommandExec4U

'%s' is not supported.

TMsgEvent

TKeyEventEx

Port

Password

poPortrait

0.750000

3333333

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(

This object does not support this method (

Unsupported type for Parameter with Index %d

Method call unsuccessful. %s (%s).

eiOnKeyDown

eiOnKeyPress

eiOnKeyUp

OnKeyUp

Handler with EventID = %s already exists.

Error on IConnectionPoint.Advise

Source don't have connection point for [%s]

JS function sync-execution failed with message:

] execution failed with message:

.html

MAPI32.DLL

LeftPopup

TPipeServer

TPipeObject

TPipeServerListener

TPipeClientU

2.1.0.0

This exe was created with an old version of HtmlAppMaker.

irsoMsgDialog

irsoGetCurExePath

irsoJoinPath

irsoGetCmdLineParam

irsoGetCmdLineCount

irsoGetCmdLineIndexOf

irsoGetCmdLineParamValue

irsoGetCmdLineAll

irsoRegCreateKey

irsoRegCreateKeyTree

irsoRegDeleteKey

irsoIsRegKeyExists

irsoRegListKeyValues

irsoRegListKeyKeys

irsoRegSearchKeyKeys

irsoRegCopyKey

irsoHttpGetData

irsoHttpGetDataInThread

irsoLibraryExecuteProc

irsoLibraryExecuteProcW

irsoLibraryExecuteProcWithResult

!irsoLibraryExecuteProcWithResultW

irsoExecute

irsoIsMutexExists

irsoGetCurExeCheckSum

irsoSetSQLiteDll

irsoGetSQLiteDll

TExecArgsX

H-4,njBdi-2,o-4,r.vY

iexplore.exe

firefox.exe

chrome.exe

safari.exe

opera.exe

THtmlUIExeApp

irsoExecutePackage

irsoReportPackageError

irsoReportPackageSkip

irsoReportPackageQuit

irsoReportPackageSuccess

irsoReportPackageInfo

irsoGetPackageFilenameFromHttp

irsoGetPackageExecExitCode

irsoGetPackageExecResult

irsoSetPackageRelProgressShare

irsoIsFireFoxInstalled

irsoIsChromeInstalled

irsoIsOperaInstalled

irsoGetFireFoxHomePage

irsoGetChromeHomePage

irsoGetOperaHomePage

irsoSetFireFoxHomePage

irsoSetChromeHomePage

irsoSetOperaHomePage

irsoGetFireFoxDefaultSP

irsoGetChromeDefaultSP

irsoGetOperaDefaultSP

irsoAddFireFoxDefaultSPFromXML

irsoAddFireFoxDefaultSP

irsoSetFireFoxAddressBar

irsoAddOperaDefaultSP

irsoAddChromeDefaultSP

irsoGetFireFoxEXE

irsoGetIEEXE

irsoGetChromeEXE

irsoGetOperaEXE

irsoGetFireFoxVer

irsoGetChromeVer

irsoGetOperaVer

irsoLocateSQLite

irsoGetFireFoxCookie

irsoGetChromeCookie

irsoIsFireFoxExtensionInstalled

irsoInstallFireFoxAddon

irsoInstallChromeAddon

irsoUninstallAddExeCmd

irsoUninstallAddOpenBrowserCmd

irsoUninstallAddRegistryKey

irsoUninstallExecute

irsoReportStart

irsoReportInfo

irsoSetExclusiveExec

An attempt to download bundle data was denied: adServer domain name must remain the same! Url:

\fuj-1,w U,P\O U,qah`k,.nlvcbqff,-U>

/UnExeFile:

UnExeFile

z`o1caig2,.hf5b Q,0cfh)914`,,34`6;ia2f=ae-3,L1

1.2.1

inflate 1.2.1 Copyright 1995-2003 Mark Adler

?456789:;<=

!"#$%&'()* ,-./0123

333333333333333333

33333833

3333339

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

;;>%fh

z.uy<

3Go%uay

ef%C=

.Uy`49

A.Wzt

vkE.QR

!187{8_5[

$c=3%s

7^.ev

jexEo^

yY!!!KVfuT%sjK

.Lf"l_

KWindows

XisrWindowsEx

kisrSQLiteTable3

isrSQLite3

isrSQLiteUtils

hisrPipes

HtmlUIExeApp

WaitNamedPipeA

PeekNamedPipe

GetWindowsDirectoryW

GetCPInfo

DisconnectNamedPipe

CreatePipe

CreateNamedPipeA

ConnectNamedPipe

RegQueryInfoKeyA

RegOpenKeyExW

RegOpenKeyExA

RegFlushKey

RegEnumKeyW

RegEnumKeyExA

RegDeleteKeyW

RegDeleteKeyA

RegCreateKeyExW

RegCreateKeyExA

RegCloseKey

SetViewportOrgEx

ShellExecuteExW

ShellExecuteA

UnhookWindowsHookEx

SetWindowsHookExA

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

GetAsyncKeyState

EnumWindows

EnumThreadWindows

EnumChildWindows

ActivateKeyboardLayout

GetKeyboardType

"$ %),'8

38000=344

&W!%C-7

1 0 .'7(2':

- /*-( ,'.-!$$$&'('/*) ,*/.)*72-7)

&)"%&$&'&",,/- '

SSSHHHK`````````````````q}

#)'%%'%'%

.idata

.edata

P.reloc

P.rsrc

!,.XN

Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

http\shell\open\command

PathToExe

mozsqlite3.dll

cookies.sqlite

GetChromeDefaultSearchProviderFromDb - failed to get spid, returning default!

sqlGetQueryResultEx failed!

Opera\Opera

Opera

\operaprefs.ini

\profile\operaprefs.ini

\profile\opera6.ini

\opera6.ini

Software\Opera Software

locale\en\en.lng

\profile\search.ini

\search.ini

search.ini

\defaults\search.ini

DoRemoveOperaSearchProvider - cannot remove

" was sucessfully removed but references to its HexKey: "

TopResultURLFallback

FaviconURL

FaviconURLFallback

*.txt

Uninstall\Uninstall.exe

Uninstall\uninst.dat

uninst.dat

regsvr32.exe

Waiting for all the ongoing reports to complete...

_EXEXE_

errorUrl

Failed to launch htmlUI from the following url:

main.html

Remote mask loading is currently not supported. mask:

Please login as administrator and try again.

Installer Account Name altered after at least one report already sent.

.Uninstall\

No help found for %s#No context-sensitive help installed$No topic-based help system installed

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

OLE error %.8x%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form

!Control '%s' has no parent window

Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic

Unsupported clipboard format

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file %s

Cannot open file %s

Invalid stream format$''%s'' is not a valid component name

Ancestor for '%s' not found

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Invalid variant operation!Invalid variant operation ($%.8x)

Variant is not an array5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

!'%s' is not a valid integer value('%s' is not a valid floating point value"'%s' is not a valid currency value!'%g' is not a valid date and time

'%s' is not a valid GUID value

I/O error %d

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   fciv.exe:460
   %original file name%.exe:1204

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:
   

   %Documents and Settings%\%current user%\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1844237615-1960408961-1801674531-1003\c5b88721db08c824db69d0bbc702beb8_75ed9567-aa58-4c8e-a8ea-3cad7c47ab03 (44 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1413131_Setup.DAT (111268 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1412805_Setup.CIS (3438 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00158E9D.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\icc.dll (229 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\isf_1413268.flat (151 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\333511383.cfg (204 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\isf_1413015.flat (85 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00158E3F.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\locale\EN.locale (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0015AD7F.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\85670PUZ\icon_48x48_icon[1].png (740 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\85670PUZ\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\bootstrap_41801.html (156 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\form.bmp.Mask (244 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1694545234.cfg (222 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Color_Button_Hover.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1413219_Setup.CIS (3838 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K5ABO5A7\Ropopi_Title[1].png (1224 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1412946_Setup.EXE (34107 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\images\progress-bg2.png (978 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\ProgressBar.png (958 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0015B1F4.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Loader.gif (10 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Progress.png (191 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K5ABO5A7\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0015ADCE.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\main.css (7 bytes)
   %Program Files%\is1412000.log (10 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\images\progress-bg-corner.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\001593DD.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\images\button-bg.png (131 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\N0R5R69B\Seniser[1].png (3928 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00159573.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\K5ABO5A7\Ropopi_Title[2].png (1224 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\ie6_main.css (1 bytes)
   %Documents and Settings%\%current user%\Desktop\Continue Allmyapps Installation.lnk (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Grey_Button_Hover.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1193717562.cfg (196 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Grey_Button.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00158EFB.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\893503576.cfg (226 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\999671859.cfg (226 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1413207_Setup.CIS (68 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0015B54F.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\images\progress-bg.png (1 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\fciv.exe (84 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00157CFA.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\N0R5R69B\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Close_Hover.png (207 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0015ADED.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\isf_1413090.flat (1869 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\csshover3.htc (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\N0R5R69B\BG_bisli[1].png (392 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\browse.css (337 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\sqlite3.dll (3716 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\7za.exe (1868 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\checkbox.css (190 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\0015AD8F.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00159E2E.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\button.css (417 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\118970408.cfg (204 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\css\sdk-ui\progress-bar.css (506 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Color_Button.png (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AZMBWBO1\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1661536746.cfg (222 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AZMBWBO1\Memiticeper_BG[1].png (3656 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\BG.png (19 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\RAM.dll (151 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\538601498.cfg (196 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\FooterInfo.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00158E5F.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\bg.png (13 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ICReinstall_%original file name%.exe (3699 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00158EDC.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\00158E7E.log (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\ish1408296\images\Close.png (207 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is1218200230\1412848_Setup.CIS (38 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\isf_1413325.flat (6314 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.