Analysis Date2015-09-11 15:08:39
MD564b726c1b40c72806d3af11247de4953
SHA17ca68c75186b0b8c629b08295bbd5b24977b785d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 75c12fd8ce974793b52fbe647f31faa6 sha1: 2b01f655caed10e49593b33fe5514cf8f181d8b2 size: 79360
Section.rdata md5: 9801eb08e41d66b346cd2bbd796ae122 sha1: b1507c60edbe7425b415ec0b8dc592db27934cb6 size: 25088
Section.data md5: 55fde0cd90178dff413edd83bf276869 sha1: 9b049d8dbb8f59f1a026064d08e303c92c050b72 size: 6144
Section.san md5: 3f3ff8aa37d4e464ee256784f33a5782 sha1: aced1ac8b4765a1268304bb55c990cadde4d2758 size: 203776
Section.kada md5: 3a24bdd59bf0fec263c90177c30671b0 sha1: bfe6360a948960a732a638e2f274b468a0660407 size: 10240
Section.grd md5: 0a795d2b188f80f3cf50df2aa8bde889 sha1: 143613b18815759131494697611f6a98000167d1 size: 76288
Section.rela md5: 064198b05142a31b72d97813463fcf9d sha1: 28c03d2d1ce4d1ea0170a689631eb832dca4d082 size: 11776
Section.rsrc md5: b940ae479c69d5533392568f1326e22b sha1: 77044d17f35a7bfdf6696f45bbca41b1c41b3cef size: 32256
Section.reloc md5: 232a1e03aa4f96816a272adf696ffc31 sha1: ca9a1bb08c985a8dd932a4dc7e45c6715cdd43c8 size: 11264
Timestamp2015-08-23 12:23:40
Pdb pathZ:\this\animations\analysis\Thoses.pdb
VersionLegalCopyright: Copyright © 2002-2008 Canneverbe Limited
Assembly Version: 4.5.5.5571
InternalName: cdbxpp.exe
FileVersion: 4.5.5.5571
CompanyName: Canneverbe Limited
Comments: An application to burn audio and data discs
ProductName: CDBurnerXP
ProductVersion: 4.5.5.5571
FileDescription: CDBurnerXP
OriginalFilename: cdbxpp.exe
PackerMicrosoft Visual C++ ?.?
PEhash03f139fd6c774214a1a3e7019fab410dfe023782
IMPhash1e547c03995c1562ea9c03288db132b9
AVAvira (antivir)TR/Crypt.Xpack.276696
AVArcabit (arcavir)Gen:Variant.Symmi.53786
AVMicrosoft Security Essentialsno_virus
AVVirusBlokAda (vba32)no_virus
AVSymantecno_virus
AVIkarusTrojan.Win32.Kovter
AVCA (E-Trust Ino)no_virus
AVClamAVWin.Trojan.Symmi-1432
AVKasperskyno_virus
AVGrisoft (avg)Pakes.RCV
AVFrisk (f-prot)no_virus
AVZillya!Downloader.Upatre.Win32.51352
AVBullGuardGen:Variant.Symmi.53786
AVFortinetW32/Kovter.D!tr
AVBitDefenderGen:Variant.Symmi.53786
AVAd-AwareGen:Variant.Symmi.53786
AVMicroWorld (escan)Gen:Variant.Symmi.53786
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVMcafeeGenericR-EIE!64B726C1B40C
AVF-SecureGen:Variant.Symmi.53786
AVEmsisoftGen:Variant.Symmi.53786
AVTwisterW32.Kovter.D.qilj
AVCAT (quickheal)no_virus
AVPadvishno_virus
AVK7Trojan ( 004c61ee1 )
AVEset (nod32)Win32/Kovter.D
AVMalwareBytesTrojan.Fileless.DR
AVAuthentiumW32/S-9611e276!Eldorado
AVDr. Webno_virus
AVRisingno_virus
AVTrend Microno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Processregsvr32.exe

Process
↳ regsvr32.exe

Creates Processregsvr32.exe

Process
↳ regsvr32.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\2a89521acd\c984f294 ➝
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\\x00
RegistryHKEY_LOCAL_MACHINE\software\2a89521acd\7bf7927d ➝
869\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\regsvr32.exe ➝
8888
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\software\2a89521acd\7bf7927d ➝
869\\x00
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1206 ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1206 ➝
NULL
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\regsvr32.exe ➝
8888
RegistryHKEY_CURRENT_USER\SOFTWARE\2a89521acd\c984f294 ➝
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\coquwe\coquwe.exe
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\124.253.234[1].htm
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\microsoft[1].htm
Creates File\Device\Afd\Endpoint
Deletes Filec:\malware.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\124.253.234[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\microsoft[1].htm
Creates Process"C:\WINDOWS\system32\regsvr32.exe"
Creates Process"C:\WINDOWS\system32\regsvr32.exe"
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates MutexDE7B2F08C5C35678
Creates MutexGlobal\A0B9737978FF60B0
Winsock DNSmicrosoft.com
Winsock DNS124.253.234.72

Process
↳ "C:\WINDOWS\system32\regsvr32.exe"

Creates Mutex5734B585673D7847

Process
↳ "C:\WINDOWS\system32\regsvr32.exe"

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\2a89521acd\c984f294 ➝
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\\x00
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\F44EE623E1C9D05FC88\71A8FD135B14A9233BD ➝
71A8FD135B14A9233BD\\x00
RegistryHKEY_CURRENT_USER\SOFTWARE\2a89521acd\c984f294 ➝
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\C78C4B453664F880506C\030133095426478C1 ➝
030133095426478C1\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\NetFx20SP1_x86.exe
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Process"C:\Documents and Settings\Administrator\Local Settings\Temp\NetFx20SP1_x86.exe" /quiet /norestart
Winsock DNSdownload.microsoft.com

Process
↳ "C:\Documents and Settings\Administrator\Local Settings\Temp\NetFx20SP1_x86.exe" /quiet /norestart

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\TEMP\scs2.tmp
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\WINDOWS\TEMP\scs1.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\TEMP\NETFX2~1.EXE
Deletes FileC:\WINDOWS\TEMP\scs1.tmp
Deletes FileC:\WINDOWS\TEMP\scs2.tmp

Network Details:

DNSmicrosoft.com
Type: A
134.170.188.221
DNSmicrosoft.com
Type: A
134.170.185.46
DNSa767.dscms.akamai.net
Type: A
23.3.98.11
DNSa767.dscms.akamai.net
Type: A
23.3.98.10
DNSdownload.microsoft.com
Type: A
HTTP GEThttp://microsoft.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://124.253.234.72/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://download.microsoft.com/download/0/8/c/08c19fa4-4c4f-4ffb-9d6c-150906578c9e/NetFx20SP1_x86.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1033 ➝ 124.253.234.72:80
Flows TCP192.168.1.1:1032 ➝ 147.255.189.237:80
Flows TCP192.168.1.1:1031 ➝ 105.251.69.51:80
Flows TCP192.168.1.1:1033 ➝ 124.253.234.72:80
Flows TCP192.168.1.1:1034 ➝ 134.170.188.221:80
Flows TCP192.168.1.1:1035 ➝ 96.11.222.136:80
Flows TCP192.168.1.1:1036 ➝ 144.115.23.29:80
Flows TCP192.168.1.1:1037 ➝ 124.253.234.72:80
Flows TCP192.168.1.1:1038 ➝ 203.61.161.140:80
Flows TCP192.168.1.1:1039 ➝ 145.8.77.152:80
Flows TCP192.168.1.1:1040 ➝ 87.195.117.22:80
Flows TCP192.168.1.1:1041 ➝ 76.190.92.166:80
Flows TCP192.168.1.1:1042 ➝ 14.135.250.3:443
Flows TCP192.168.1.1:1043 ➝ 23.3.98.11:80
Flows TCP192.168.1.1:1044 ➝ 45.146.132.5:80
Flows TCP192.168.1.1:1045 ➝ 201.84.136.144:443
Flows TCP192.168.1.1:1046 ➝ 11.234.5.96:80
Flows TCP192.168.1.1:1047 ➝ 26.177.33.101:443
Flows TCP192.168.1.1:1048 ➝ 83.86.110.243:80
Flows TCP192.168.1.1:1049 ➝ 21.12.91.80:80
Flows TCP192.168.1.1:1050 ➝ 221.246.33.170:80
Flows TCP192.168.1.1:1051 ➝ 81.144.196.119:80
Flows TCP192.168.1.1:1052 ➝ 108.115.239.189:80
Flows TCP192.168.1.1:1053 ➝ 146.35.51.206:80
Flows TCP192.168.1.1:1054 ➝ 37.202.217.171:80
Flows TCP192.168.1.1:1055 ➝ 121.78.56.38:80
Flows TCP192.168.1.1:1056 ➝ 181.174.15.124:80
Flows TCP192.168.1.1:1057 ➝ 206.245.103.185:80

Raw Pcap
0x00000000 (00000)   a3                                    .

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000020 (00032)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000030 (00048)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000040 (00064)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000050 (00080)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x00000060 (00096)   2e353037 3237290d 0a486f73 743a206d   .50727)..Host: m
0x00000070 (00112)   6963726f 736f6674 2e636f6d 0d0a4361   icrosoft.com..Ca
0x00000080 (00128)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x00000090 (00144)   63616368 650d0a0d 0a6cc7b3 968823ee   cache....l....#.
0x000000a0 (00160)   f81fe494 70244f                       ....p$O

0x00000000 (00000)   a0                                    .

0x00000000 (00000)   95                                    .

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a436f6e 74656e74 2d547970 653a2061   .Content-Type: a
0x00000020 (00032)   70706c69 63617469 6f6e2f78 2d777777   pplication/x-www
0x00000030 (00048)   2d666f72 6d2d7572 6c656e63 6f646564   -form-urlencoded
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a204d6f   ..User-Agent: Mo
0x00000050 (00080)   7a696c6c 612f342e 30202863 6f6d7061   zilla/4.0 (compa
0x00000060 (00096)   7469626c 653b204d 53494520 362e303b   tible; MSIE 6.0;
0x00000070 (00112)   2057696e 646f7773 204e5420 352e313b    Windows NT 5.1;
0x00000080 (00128)   20535631 3b202e4e 45542043 4c522032    SV1; .NET CLR 2
0x00000090 (00144)   2e302e35 30373237 290d0a48 6f73743a   .0.50727)..Host:
0x000000a0 (00160)   20313234 2e323533 2e323334 2e37320d    124.253.234.72.
0x000000b0 (00176)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x000000c0 (00192)   20343136 0d0a4361 6368652d 436f6e74    416..Cache-Cont
0x000000d0 (00208)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x000000e0 (00224)   0a63546b 57334d4a 7342394b 68414172   .cTkW3MJsB9KhAAr
0x000000f0 (00240)   33457a50 75344d76 736d7134 7641412f   3EzPu4Mvsmq4vAA/
0x00000100 (00256)   71365850 4a6f6137 6a637a76 704c3136   q6XPJoa7jczvpL16
0x00000110 (00272)   55445743 5171654d 596a6965 33767439   UDWCQqeMYjie3vt9
0x00000120 (00288)   4d6d674c 6e723047 6a363137 73666472   MmgLnr0Gj617sfdr
0x00000130 (00304)   414c6458 434c5250 4b70346c 385a7048   ALdXCLRPKp4l8ZpH
0x00000140 (00320)   6b705976 4277452b 36394848 37665963   kpYvBwE+69HH7fYc
0x00000150 (00336)   4e635a78 532b5841 356f6455 44434e68   NcZxS+XA5odUDCNh
0x00000160 (00352)   6a2b7777 6e6b4e62 6b756672 59523673   j+wwnkNbkufrYR6s
0x00000170 (00368)   56306563 36433744 4b504a6d 31377847   V0ec6C7DKPJm17xG
0x00000180 (00384)   7151595a 514b3445 715a5a7a 6b76746b   qQYZQK4EqZZzkvtk
0x00000190 (00400)   47546f79 53394177 75397a47 776e7172   GToyS9Awu9zGwnqr
0x000001a0 (00416)   6667574d 6a2f396e 61496a64 34634162   fgWMj/9naIjd4cAb
0x000001b0 (00432)   61766a52 45454458 64513331 4c4c6b61   avjREEDXdQ31LLka
0x000001c0 (00448)   7364796e 35616c6f 35713731 6c2b3673   sdyn5alo5q71l+6s
0x000001d0 (00464)   676a5270 3037484c 317a5967 6630712b   gjRp07HL1zYgf0q+
0x000001e0 (00480)   48314c77 57654851 53463367 304a6151   H1LwWeHQSF3g0JaQ
0x000001f0 (00496)   306d7470 50544d4d 57386474 6c2f4879   0mtpPTMMW8dtl/Hy
0x00000200 (00512)   716f746b 314b4775 6846652b 7a416857   qotk1KGuhFe+zAhW
0x00000210 (00528)   674c646d 44394c36 4d79456d 4d6e3251   gLdmD9L6MyEmMn2Q
0x00000220 (00544)   7674344f 326e4a4d 6a434233 6667464d   vt4O2nJMjCB3fgFM
0x00000230 (00560)   71635459 36564c77 76682f73 54354e47   qcTY6VLwvh/sT5NG
0x00000240 (00576)   4e456158 33704463 5a305673 4f65654b   NEaX3pDcZ0VsOeeK
0x00000250 (00592)   50674679 50776547 74334a54 70707a78   PgFyPweGt3JTppzx
0x00000260 (00608)   30305168 53303161 58562b58 2b437a42   00QhS01aXV+X+CzB
0x00000270 (00624)   7739324e 41397035 45324a6d 36633351   w92NA9p5E2Jm6c3Q
0x00000280 (00640)   3d                                    =

0x00000000 (00000)   68                                    h

0x00000000 (00000)   6a                                    j

0x00000000 (00000)   aa                                    .

0x00000000 (00000)   be                                    .

0x00000000 (00000)   4f                                    O

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 642f302f   GET /download/0/
0x00000010 (00016)   382f632f 30386331 39666134 2d346334   8/c/08c19fa4-4c4
0x00000020 (00032)   662d3466 66622d39 6436632d 31353039   f-4ffb-9d6c-1509
0x00000030 (00048)   30363537 38633965 2f4e6574 46783230   06578c9e/NetFx20
0x00000040 (00064)   5350315f 7838362e 65786520 48545450   SP1_x86.exe HTTP
0x00000050 (00080)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000060 (00096)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000070 (00112)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000080 (00128)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x00000090 (00144)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x000000a0 (00160)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x000000b0 (00176)   6f73743a 20646f77 6e6c6f61 642e6d69   ost: download.mi
0x000000c0 (00192)   63726f73 6f66742e 636f6d0d 0a436163   crosoft.com..Cac
0x000000d0 (00208)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000e0 (00224)   61636865 0d0a0d0a 7342394b 68414172   ache....sB9KhAAr
0x000000f0 (00240)   33457a50 75344d76 736d7134 7641412f   3EzPu4Mvsmq4vAA/
0x00000100 (00256)   71365850 4a6f6137 6a637a76 704c3136   q6XPJoa7jczvpL16
0x00000110 (00272)   55445743 5171654d 596a6965 33767439   UDWCQqeMYjie3vt9
0x00000120 (00288)   4d6d674c 6e723047 6a363137 73666472   MmgLnr0Gj617sfdr
0x00000130 (00304)   414c6458 434c5250 4b70346c 385a7048   ALdXCLRPKp4l8ZpH
0x00000140 (00320)   6b705976 4277452b 36394848 37665963   kpYvBwE+69HH7fYc
0x00000150 (00336)   4e635a78 532b5841 356f6455 44434e68   NcZxS+XA5odUDCNh
0x00000160 (00352)   6a2b7777 6e6b4e62 6b756672 59523673   j+wwnkNbkufrYR6s
0x00000170 (00368)   56306563 36433744 4b504a6d 31377847   V0ec6C7DKPJm17xG
0x00000180 (00384)   7151595a 514b3445 715a5a7a 6b76746b   qQYZQK4EqZZzkvtk
0x00000190 (00400)   47546f79 53394177 75397a47 776e7172   GToyS9Awu9zGwnqr
0x000001a0 (00416)   6667574d 6a2f396e 61496a64 34634162   fgWMj/9naIjd4cAb
0x000001b0 (00432)   61766a52 45454458 64513331 4c4c6b61   avjREEDXdQ31LLka
0x000001c0 (00448)   7364796e 35616c6f 35713731 6c2b3673   sdyn5alo5q71l+6s
0x000001d0 (00464)   676a5270 3037484c 317a5967 6630712b   gjRp07HL1zYgf0q+
0x000001e0 (00480)   48314c77 57654851 53463367 304a6151   H1LwWeHQSF3g0JaQ
0x000001f0 (00496)   306d7470 50544d4d 57386474 6c2f4879   0mtpPTMMW8dtl/Hy
0x00000200 (00512)   716f746b 314b4775 6846652b 7a416857   qotk1KGuhFe+zAhW
0x00000210 (00528)   674c646d 44394c36 4d79456d 4d6e3251   gLdmD9L6MyEmMn2Q
0x00000220 (00544)   7674344f 326e4a4d 6a434233 6667464d   vt4O2nJMjCB3fgFM
0x00000230 (00560)   71635459 36564c77 76682f73 54354e47   qcTY6VLwvh/sT5NG
0x00000240 (00576)   4e456158 33704463 5a305673 4f65654b   NEaX3pDcZ0VsOeeK
0x00000250 (00592)   50674679 50776547 74334a54 70707a78   PgFyPweGt3JTppzx
0x00000260 (00608)   30305168 53303161 58562b58 2b437a42   00QhS01aXV+X+CzB
0x00000270 (00624)   7739324e 41397035 45324a6d 36633351   w92NA9p5E2Jm6c3Q
0x00000280 (00640)   3d                                    =

0x00000000 (00000)   7f                                    .

0x00000000 (00000)   85                                    .

0x00000000 (00000)   3b                                    ;

0x00000000 (00000)   b3                                    .

0x00000000 (00000)   a4                                    .

0x00000000 (00000)   3b                                    ;

0x00000000 (00000)   5b                                    [

0x00000000 (00000)   80                                    .

0x00000000 (00000)   80                                    .

0x00000000 (00000)   ac                                    .

0x00000000 (00000)   4e                                    N

0x00000000 (00000)   a4                                    .

0x00000000 (00000)   84                                    .

0x00000000 (00000)   3b                                    ;

0x00000000 (00000)   7a                                    z

0x00000000 (00000)   a7                                    .


Strings