Analysis Date2014-08-03 06:26:37
MD54258497806210b81adc850998d06c9ec
SHA113e238594c57ee419ffd9455ad2f6e108c1fc030

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d0ab7964e533d0b222c99c25f5967390 sha1: 81745c137f659e06a7be4c9bafa5381781c94916 size: 42496
Section.rdata md5: 0f68419111da98b80252ca0fc3fd03e4 sha1: dcf60e7bd76315272b6da387a489e334d8b90277 size: 10240
Section.data md5: 5625d32df5e7f3290c3b072f9e3bb993 sha1: db1511056bbac858f2e8576c31a47a68ce7f85d9 size: 6656
Section.rsrc md5: a10195527136aef94ddc3454023740cb sha1: 96b91fc00e8bfd4bd1e1d9b79f99c228a6c6fed6 size: 25088
Timestamp2014-07-24 07:37:57
VersionLegalCopyright: PortableApps.com Installer Copyright 2007-2009 PortableApps.com.
InternalName: UltraCompare Portable
FileVersion: 1.2.3.4
CompanyName: PortableApps.com
LegalTrademarks: PortableApps.com is a registered trademark of Rare Ideas, LLC.
Comments: For additional details, visit PortableApps.com
ProductName: UltraCompare Portable
PortableApps.comInstallerVersion: 0.12.4.0
ProductVersion: 1.2.3.4
FileDescription: UltraCompare Portable
OriginalFilename: UltraComparePortable.paf.exe
PackerMicrosoft Visual C++ ?.?
PEhash95e28d8e4613086c9dfa6435022e3a3b2381f104
IMPhash04c94cd7f674585d55b1c8b58315f656
AVK7no_virus
AV360 SafeTrojan.GenericKD.1775115
AVAd-AwareTrojan.GenericKD.1775115
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.VJUT-3967
AVAvira (antivir)TR/Dldr.Lerspeng.B.15
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftTrojan.GenericKD.1775115
AVEset (nod32)Win32/TrojanDownloader.Small.PSD
AVFortinetW32/Yakes.FKDE!tr
AVFrisk (f-prot)W32/Trojan3.JOF (exact)
AVF-SecureTrojan.GenericKD.1775115
AVGrisoft (avg)Generic36.XJH
AVIkarusTrojan-Spy.Zbot
AVKasperskyTrojan.Win32.Yakes.fkde
AVMalwareBytesTrojan.Yakes
AVMcafeeGeneric Downloader.z
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Lerspeng.B
AVNormanwinpe/Troj_Generic.VBRHL
AVRisingno_virus
AVSophosTroj/Zbot-IRO
AVSymantecDownloader
AVTrend MicroTROJ_LERSPENG.D
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Winsock DNSwww.huework.com
Winsock DNSmadrasahhusainiyahkl.com
Winsock DNSfbcashmethod.ru
Winsock DNSwww.zag.com.ua
Winsock DNSwww.martijnvanhout.nl
Winsock DNSsexyfoxy.ts6.ru
Winsock DNSbrandsalted.com
Winsock DNSsiliconharbourng.com
Winsock DNSwww.ricebox.biz
Winsock DNSexpositoresrollup.es
Winsock DNSdaisyblue.ru
Winsock URLhttp://www.ricebox.biz/333
Winsock URLhttp://madrasahhusainiyahkl.com/333
Winsock URLhttp://expositoresrollup.es/333
Winsock URLhttp://daisyblue.ru/333
Winsock URLhttp://www.zag.com.ua/333
Winsock URLhttp://fbcashmethod.ru/333
Winsock URLhttp://sexyfoxy.ts6.ru/333
Winsock URLhttp://siliconharbourng.com/333
Winsock URLhttp://www.huework.com/333
Winsock URLhttp://www.martijnvanhout.nl/333
Winsock URLhttp://brandsalted.com/333

Network Details:

DNSzag.com.ua
Type: A
91.206.31.36
DNSdaisyblue.ru
Type: A
90.156.201.94
DNSdaisyblue.ru
Type: A
90.156.201.15
DNSdaisyblue.ru
Type: A
90.156.201.41
DNSdaisyblue.ru
Type: A
90.156.201.53
DNSwww.ricebox.biz
Type: A
84.22.162.21
DNSbrandsalted.com
Type: A
90.156.201.54
DNSbrandsalted.com
Type: A
90.156.201.60
DNSbrandsalted.com
Type: A
90.156.201.70
DNSbrandsalted.com
Type: A
90.156.201.15
DNSfbcashmethod.ru
Type: A
198.23.48.170
DNSexpositoresrollup.es
Type: A
82.98.160.242
DNSmadrasahhusainiyahkl.com
Type: A
119.81.70.26
DNSsexyfoxy.ts6.ru
Type: A
91.223.216.59
DNShuework.com
Type: A
192.254.186.173
DNSsiliconharbourng.com
Type: A
192.185.140.27
DNSmartijnvanhout.nl
Type: A
81.169.145.163
DNSwww.zag.com.ua
Type: A
DNSwww.huework.com
Type: A
DNSwww.martijnvanhout.nl
Type: A
HTTP GEThttp://www.zag.com.ua/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.zag.com.ua/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://daisyblue.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.ricebox.biz/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://daisyblue.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://daisyblue.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.ricebox.biz/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://daisyblue.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://brandsalted.com/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://fbcashmethod.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://expositoresrollup.es/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://madrasahhusainiyahkl.com/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://sexyfoxy.ts6.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.huework.com/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://siliconharbourng.com/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.martijnvanhout.nl/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://daisyblue.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://daisyblue.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.martijnvanhout.nl/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://daisyblue.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://daisyblue.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.ricebox.biz/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.ricebox.biz/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://daisyblue.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://expositoresrollup.es/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://brandsalted.com/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://siliconharbourng.com/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://madrasahhusainiyahkl.com/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://fbcashmethod.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://sexyfoxy.ts6.ru/333
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 91.206.31.36:80
Flows TCP192.168.1.1:1033 ➝ 91.206.31.36:80
Flows TCP192.168.1.1:1034 ➝ 90.156.201.94:80
Flows TCP192.168.1.1:1035 ➝ 84.22.162.21:80
Flows TCP192.168.1.1:1036 ➝ 90.156.201.94:80
Flows TCP192.168.1.1:1037 ➝ 90.156.201.94:80
Flows TCP192.168.1.1:1038 ➝ 84.22.162.21:80
Flows TCP192.168.1.1:1039 ➝ 90.156.201.94:80
Flows TCP192.168.1.1:1040 ➝ 90.156.201.54:80
Flows TCP192.168.1.1:1041 ➝ 198.23.48.170:80
Flows TCP192.168.1.1:1042 ➝ 82.98.160.242:80
Flows TCP192.168.1.1:1043 ➝ 119.81.70.26:80
Flows TCP192.168.1.1:1044 ➝ 91.223.216.59:80
Flows TCP192.168.1.1:1045 ➝ 192.254.186.173:80
Flows TCP192.168.1.1:1046 ➝ 192.185.140.27:80
Flows TCP192.168.1.1:1047 ➝ 81.169.145.163:80
Flows TCP192.168.1.1:1048 ➝ 90.156.201.94:80
Flows TCP192.168.1.1:1049 ➝ 90.156.201.94:80
Flows TCP192.168.1.1:1050 ➝ 81.169.145.163:80
Flows TCP192.168.1.1:1051 ➝ 90.156.201.94:80
Flows TCP192.168.1.1:1052 ➝ 90.156.201.94:80
Flows TCP192.168.1.1:1053 ➝ 84.22.162.21:80
Flows TCP192.168.1.1:1054 ➝ 84.22.162.21:80
Flows TCP192.168.1.1:1055 ➝ 90.156.201.94:80
Flows TCP192.168.1.1:1056 ➝ 82.98.160.242:80
Flows TCP192.168.1.1:1057 ➝ 90.156.201.54:80
Flows TCP192.168.1.1:1058 ➝ 192.185.140.27:80
Flows TCP192.168.1.1:1059 ➝ 119.81.70.26:80
Flows TCP192.168.1.1:1060 ➝ 198.23.48.170:80
Flows TCP192.168.1.1:1061 ➝ 91.223.216.59:80

Raw Pcap
0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2077   .50727)..Host: w
0x000000a0 (00160)   77772e7a 61672e63 6f6d2e75 610d0a43   ww.zag.com.ua..C
0x000000b0 (00176)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000c0 (00192)   416c6976 650d0a0d 0a                  Alive....

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2077   .50727)..Host: w
0x000000a0 (00160)   77772e7a 61672e63 6f6d2e75 610d0a43   ww.zag.com.ua..C
0x000000b0 (00176)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000c0 (00192)   416c6976 650d0a0d 0a                  Alive....

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2064   .50727)..Host: d
0x000000a0 (00160)   61697379 626c7565 2e72750d 0a436f6e   aisyblue.ru..Con
0x000000b0 (00176)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000c0 (00192)   6976650d 0a0d0a0d 0a                  ive......

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2077   .50727)..Host: w
0x000000a0 (00160)   77772e72 69636562 6f782e62 697a0d0a   ww.ricebox.biz..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2064   .50727)..Host: d
0x000000a0 (00160)   61697379 626c7565 2e72750d 0a436f6e   aisyblue.ru..Con
0x000000b0 (00176)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000c0 (00192)   6976650d 0a0d0a0a 0d0a                ive.......

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2064   .50727)..Host: d
0x000000a0 (00160)   61697379 626c7565 2e72750d 0a436f6e   aisyblue.ru..Con
0x000000b0 (00176)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000c0 (00192)   6976650d 0a0d0a0a 0d0a                ive.......

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2077   .50727)..Host: w
0x000000a0 (00160)   77772e72 69636562 6f782e62 697a0d0a   ww.ricebox.biz..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2064   .50727)..Host: d
0x000000a0 (00160)   61697379 626c7565 2e72750d 0a436f6e   aisyblue.ru..Con
0x000000b0 (00176)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000c0 (00192)   6976650d 0a0d0a0a 0d0a                ive.......

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2062   .50727)..Host: b
0x000000a0 (00160)   72616e64 73616c74 65642e63 6f6d0d0a   randsalted.com..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2066   .50727)..Host: f
0x000000a0 (00160)   62636173 686d6574 686f642e 72750d0a   bcashmethod.ru..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2065   .50727)..Host: e
0x000000a0 (00160)   78706f73 69746f72 6573726f 6c6c7570   xpositoresrollup
0x000000b0 (00176)   2e65730d 0a436f6e 6e656374 696f6e3a   .es..Connection:
0x000000c0 (00192)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a206d   .50727)..Host: m
0x000000a0 (00160)   61647261 73616868 75736169 6e697961   adrasahhusainiya
0x000000b0 (00176)   686b6c2e 636f6d0d 0a436f6e 6e656374   hkl.com..Connect
0x000000c0 (00192)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2073   .50727)..Host: s
0x000000a0 (00160)   65787966 6f78792e 7473362e 72750d0a   exyfoxy.ts6.ru..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a416c 6976650d   -Alive....Alive.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2077   .50727)..Host: w
0x000000a0 (00160)   77772e68 7565776f 726b2e63 6f6d0d0a   ww.huework.com..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a416c 6976650d   -Alive....Alive.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2073   .50727)..Host: s
0x000000a0 (00160)   696c6963 6f6e6861 72626f75 726e672e   iliconharbourng.
0x000000b0 (00176)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x000000c0 (00192)   204b6565 702d416c 6976650d 0a0d0a0d    Keep-Alive.....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2077   .50727)..Host: w
0x000000a0 (00160)   77772e6d 61727469 6a6e7661 6e686f75   ww.martijnvanhou
0x000000b0 (00176)   742e6e6c 0d0a436f 6e6e6563 74696f6e   t.nl..Connection
0x000000c0 (00192)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2064   .50727)..Host: d
0x000000a0 (00160)   61697379 626c7565 2e72750d 0a436f6e   aisyblue.ru..Con
0x000000b0 (00176)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000c0 (00192)   6976650d 0a0d0a41 6c697665 0d0a0d0a   ive....Alive....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2064   .50727)..Host: d
0x000000a0 (00160)   61697379 626c7565 2e72750d 0a436f6e   aisyblue.ru..Con
0x000000b0 (00176)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000c0 (00192)   6976650d 0a0d0a41 6c697665 0d0a0d0a   ive....Alive....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2077   .50727)..Host: w
0x000000a0 (00160)   77772e6d 61727469 6a6e7661 6e686f75   ww.martijnvanhou
0x000000b0 (00176)   742e6e6c 0d0a436f 6e6e6563 74696f6e   t.nl..Connection
0x000000c0 (00192)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2064   .50727)..Host: d
0x000000a0 (00160)   61697379 626c7565 2e72750d 0a436f6e   aisyblue.ru..Con
0x000000b0 (00176)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000c0 (00192)   6976650d 0a0d0a41 6c697665 0d0a0d0a   ive....Alive....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2064   .50727)..Host: d
0x000000a0 (00160)   61697379 626c7565 2e72750d 0a436f6e   aisyblue.ru..Con
0x000000b0 (00176)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000c0 (00192)   6976650d 0a0d0a41 6c697665 0d0a0d0a   ive....Alive....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2077   .50727)..Host: w
0x000000a0 (00160)   77772e72 69636562 6f782e62 697a0d0a   ww.ricebox.biz..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a7665 0d0a0d0a   -Alive....ve....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2077   .50727)..Host: w
0x000000a0 (00160)   77772e72 69636562 6f782e62 697a0d0a   ww.ricebox.biz..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a7665 0d0a0d0a   -Alive....ve....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2064   .50727)..Host: d
0x000000a0 (00160)   61697379 626c7565 2e72750d 0a436f6e   aisyblue.ru..Con
0x000000b0 (00176)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000c0 (00192)   6976650d 0a0d0a0a 0d0a7665 0d0a0d0a   ive.......ve....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2065   .50727)..Host: e
0x000000a0 (00160)   78706f73 69746f72 6573726f 6c6c7570   xpositoresrollup
0x000000b0 (00176)   2e65730d 0a436f6e 6e656374 696f6e3a   .es..Connection:
0x000000c0 (00192)   204b6565 702d416c 6976650d 0a0d0a0a    Keep-Alive.....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2062   .50727)..Host: b
0x000000a0 (00160)   72616e64 73616c74 65642e63 6f6d0d0a   randsalted.com..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a650d 0a0d0a0a   -Alive....e.....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2073   .50727)..Host: s
0x000000a0 (00160)   696c6963 6f6e6861 72626f75 726e672e   iliconharbourng.
0x000000b0 (00176)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x000000c0 (00192)   204b6565 702d416c 6976650d 0a0d0a0a    Keep-Alive.....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a206d   .50727)..Host: m
0x000000a0 (00160)   61647261 73616868 75736169 6e697961   adrasahhusainiya
0x000000b0 (00176)   686b6c2e 636f6d0d 0a436f6e 6e656374   hkl.com..Connect
0x000000c0 (00192)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2066   .50727)..Host: f
0x000000a0 (00160)   62636173 686d6574 686f642e 72750d0a   bcashmethod.ru..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a416c 6976650d   -Alive....Alive.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f333333 20485454 502f312e   GET /333 HTTP/1.
0x00000010 (00016)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000020 (00032)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000030 (00048)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000070 (00112)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000080 (00128)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000090 (00144)   2e353037 3237290d 0a486f73 743a2073   .50727)..Host: s
0x000000a0 (00160)   65787966 6f78792e 7473362e 72750d0a   exyfoxy.ts6.ru..
0x000000b0 (00176)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000c0 (00192)   2d416c69 76650d0a 0d0a416c 6976650d   -Alive....Alive.
0x000000d0 (00208)   0a0d0a                                ...


Strings
t
\
.CC
 
.
t
000004e4
0.12.4.0
1.2.3.4
April
August
Comments
CompanyName
dddd, MMMM dd, yyyy
December
February
FileDescription
FileVersion
For additional details, visit PortableApps.com
Friday
                                 H
         (((((                  H
         h((((                  H
HH:mm:ss
ICON
InternalName
January
July
June
kernel32.dll
KERNEL32.DLL
kernelbase.dll
KERNELBASE.DLL
LegalCopyright
LegalTrademarks
March
MM/dd/yy
Monday
November
October
OriginalFilename
PortableApps.com
PortableApps.com Installer Copyright 2007-2009 PortableApps.com.
PortableApps.comInstallerVersion
PortableApps.com is a registered trademark of Rare Ideas, LLC.
ProductName
ProductVersion
Saturday
September
StringFileInfo
Sunday
Thursday
Translation
Tuesday
UltraCompare Portable
UltraComparePortable.paf.exe
VarFileInfo
VS_VERSION_INFO
Wednesday
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
;,0FPo
0SSSSS
!>4LQT
4Z5e7L
#;<7{:9D
7\>=IO
}7j:j'j>
9 )114
a75h>N
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
AddFontResourceExW
An application has made an attempt to load the C runtime library incorrectly.
AngleArc
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
B/[}.{
b*?0-$
bed`_ba
CancelIo
ChangeClipboardChain
ClientToScreen
ColorAdjustLuma
ColorHLSToRGB
ConvertThreadToFiber
CopyImage
CorExitProcess
CreateCompatibleBitmap
CreateFiberEx
- CRT not initialized
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
DeleteColorSpace
DeleteCriticalSection
DeleteDC
}Dj-jP
DOMAIN error
E1)2W<R
E7L{(|f8
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
ExcludeUpdateRgn
ExitProcess
ExtSelectClipRgn
ExtTextOutA
February
FillPath
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
fOW|zy4	
FrameRect
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
:]g\:B5
GDI32.dll
GetACP
GetActiveWindow
GetBitmapBits
GetBkColor
GetClassWord
GetClipboardData
GetClipCursor
GetCommandLineA
GetCPInfo
GetCurrentObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDCBrushColor
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetFontUnicodeRanges
GetGlyphIndicesW
GetGlyphOutlineA
GetGraphicsMode
GetKeyboardLayoutNameW
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetMonitorInfoW
GetNearestColor
GetObjectA
GetObjectW
GetOEMCP
GetPolyFillMode
GetPriorityClass
GetProcAddress
GetProcessId
GetProcessWindowStation
GetRawInputDeviceInfoW
GetRegisteredRawInputDevices
GetROP2
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharset
GetTextCharsetInfo
GetTextFaceW
GetThreadContext
GetTickCount
GetUserObjectInformationA
GetVersionExA
g.l5q5
:]gL:B5
:]gY:B5
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HH:mm:ss
I|Dq+f
|<?IGF
I|)jajOj+
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
Invalid parameter passed to C runtime function.
IsCharAlphaNumericA
IsDlgButtonChecked
IsGUIThread
IsWindowEnabled
IsWindowUnicode
IsZoomed
JanFebMarAprMayJunJulAugSepOctNovDec
January
jcIXG<
j;j>j<
jJjcjC
_jJomd'
j$j _W
:JM[:J5
:JML:T5
:JM]:S5
KERNEL32.dll
KwwwQoooWiii[ddd_bbba```c___e^^^e^^^e^^^g^^^e^^^e___e```cbbbaccc_hhh]lllYuuuS}}}M
k+ZsI7
LCMapStringA
LCMapStringW
LeaveCriticalSection
LineTo
LoadLibraryExA
LocalShrink
LockResource
LPtoDP
m-?387
MapWindowPoints
MenuItemFromPoint
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
MonitorFromWindow
mscoree.dll
MultiByteToWideChar
{*]n^\
nFWLIP
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
npsqx/
October
oELNYWV
OemKeyScan
OpenIcon
OpenProcess
o}}}swwwyrrr
OutputDebugStringA
PathToRegion
p-DD=|
PjGjRj$
Please contact the application's support team for more information.
PostMessageW
PPPPPPPP
PrepareTape
Program: 
<program name unknown>
- pure virtual function call
PurgeComm
Qj1jXj
QueryPerformanceCounter
`.rdata
ReleaseCapture
RemoveFontMemResourceEx
RemoveFontResourceExA
RequestWakeupLatency
:RichC5
R{[p*e
RtlUnwind
runtime error 
Runtime Error!
rut1Qttn
RYt_TS
Saturday
SelectObject
SendMessageCallbackW
September
SetCaretBlinkTime
SetCommMask
SetCommState
SetHandleCount
SetLastError
SetMapperFlags
SetPixelFormat
SetPriorityClass
SetThreadStackGuarantee
SetTimer
SetUnhandledExceptionFilter
SetWinEventHook
SHAutoComplete
SHCreateShellPalette
SHELL32.dll
SHLWAPI.dll
ShowScrollBar
SHReleaseThreadRef
SHSetThreadRef
SING error
Sunday
SunMonTueWedThuFriSat
t4GB?>
TerminateProcess
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
< tI<	tE
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t+SSVPV
t$<"u	3
Tuesday
;t$,v-
t!VV9u u
=t)WSR
,u+jWj'
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UpdateColors
UQPXY]Y[
URPQQh
USER32.dll
USER32.DLL
UserHandleGrantAccess
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
v	N+D$
W}1j%j8
Wednesday
WideCharToMultiByte
WriteFile
w(trq+
wwwy}}}s
]y:2m+
zzz!ooo+bbb1]]]3ZZZ5XXX7XXX7ZZZ5^^^3fff/vvv)xxx