Analysis Date2015-09-10 14:18:10
MD5767d432803d2e275be23c079816efb6c
SHA18e7edfbcc36fd83d63463dfa97011316161c4bee

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d4718d6645cb66c9ff6cd9369deaec81 sha1: e71612ff71929ceae15bc0e6d70ab5d7ad7ddc56 size: 25600
Section.rdata md5: c0e88fa96c2737e92fb7b3922fe3d915 sha1: 509c4560c92e11cb832d8d67b997ade6f28e02ed size: 31744
Section.data md5: d45730f49b7f0e972e1ba1a1e9792b5c sha1: 8de64d104b009391510afd46a643624dfb9b3ce4 size: 3584
Section.rsrc md5: 7a8eee7f5d9c20ae7e8e19cf7935d3f4 sha1: 5c73d87377a3e8f8ef7a640b167481946df39d37 size: 1536
Timestamp2013-07-01 16:11:04
PackerMicrosoft Visual C++ ?.?
PEhashfaa83d3c94e0c5660821a821f36c11dff6dfe420
IMPhash7a573b7a0a7c2732681ab64a56abad03
AVRisingno_virus
AVMcafeeRDN/Generic Downloader.x
AVAvira (antivir)TR/Dldr.Agent.63488.8
AVTwisterVirus.D9C14150A28C2CF6
AVAd-AwareGen:Variant.Graftor.106992
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Korplug.AY
AVGrisoft (avg)Downloader.Generic13.BETP
AVSymantecno_virus
AVFortinetW32/Korplug.A!tr
AVBitDefenderGen:Variant.Graftor.106992
AVK7Trojan ( 0045553b1 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Thoper.B
AVMicroWorld (escan)Gen:Variant.Graftor.106992
AVMalwareBytesno_virus
AVAuthentiumW32/S-88b48e9f!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan-Ransom.Win32.PornoAsset
AVEmsisoftGen:Variant.Graftor.106992
AVZillya!Trojan.Korplug.Win32.42
AVKasperskyTrojan.Win32.Agentb.acgv
AVTrend MicroBKDR_SHELL.SM
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)Trojan.Agentb
AVPadvishno_virus
AVBullGuardGen:Variant.Graftor.106992
AVArcabit (arcavir)Gen:Variant.Graftor.106992
AVCA (E-Trust Ino)no_virus
AVClamAVno_virus
AVDr. WebBackDoor.Poison.15958
AVF-SecureGen:Variant.Graftor.106992

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\All Users\intel.exe
Creates ProcessC:\Documents and Settings\All Users\intel.exe

Process
↳ C:\Documents and Settings\All Users\intel.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates Processnet stop SharedAccess
Creates MutexPST-2.0
Winsock DNS192.168.189.128

Process
↳ net stop SharedAccess

Creates Processnet1 stop SharedAccess

Process
↳ net1 stop SharedAccess

Network Details:

HTTP POSThttp://192.168.189.128:12345/011EE763FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/8681F27AFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/878F9E16FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/04F5462EFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/4F3A1883FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/D53B6F86FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/1FE5AE8CFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/D50C94DEFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/0A2537BEFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/B8A37766FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/D556A780FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/2CA5B17DFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/C26DD15FFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/62783D44FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/C753F7DEFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/A9823E16FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/CD0898FFFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/50816FF2FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/6DB8288FFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/022B92D4FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/03D58B6CFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/C9E2A1DCFFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/D9FBAAF2FFFFFFFF.aspx
User-Agent:
HTTP POSThttp://192.168.189.128:12345/55A276F8FFFFFFFF.aspx
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1036 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1037 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1038 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1039 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1040 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1041 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1042 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1043 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1044 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1045 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1046 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1047 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1048 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1049 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1050 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1051 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1052 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1053 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1054 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1055 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1056 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1057 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1058 ➝ 192.168.1.1:12345
Flows TCP192.168.1.1:1059 ➝ 192.168.1.1:12345

Raw Pcap
0x00000000 (00000)   504f5354 202f3031 31454537 36334646   POST /011EE763FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3836 38314632 37414646   POST /8681F27AFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3837 38463945 31364646   POST /878F9E16FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3034 46353436 32454646   POST /04F5462EFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3446 33413138 38334646   POST /4F3A1883FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f4435 33423646 38364646   POST /D53B6F86FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3146 45354145 38434646   POST /1FE5AE8CFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f4435 30433934 44454646   POST /D50C94DEFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3041 32353337 42454646   POST /0A2537BEFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f4238 41333737 36364646   POST /B8A37766FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f4435 35364137 38304646   POST /D556A780FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3243 41354231 37444646   POST /2CA5B17DFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f4332 36444431 35464646   POST /C26DD15FFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3632 37383344 34344646   POST /62783D44FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f4337 35334637 44454646   POST /C753F7DEFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f4139 38323345 31364646   POST /A9823E16FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f4344 30383938 46464646   POST /CD0898FFFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3530 38313646 46324646   POST /50816FF2FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3644 42383238 38464646   POST /6DB8288FFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3032 32423932 44344646   POST /022B92D4FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3033 44353842 36434646   POST /03D58B6CFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f4339 45324131 44434646   POST /C9E2A1DCFF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f4439 46424141 46324646   POST /D9FBAAF2FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   504f5354 202f3535 41323736 46384646   POST /55A276F8FF
0x00000010 (00016)   46464646 46462e61 73707820 48545450   FFFFFF.aspx HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a53 796d312e 303a2030 0d0a5379   *..Sym1.0: 0..Sy
0x00000040 (00064)   6d322e30 3a20300d 0a53796d 332e303a   m2.0: 0..Sym3.0:
0x00000050 (00080)   20363134 35360d0a 53796d34 2e303a20    61456..Sym4.0: 
0x00000060 (00096)   310d0a48 6f73743a 20313932 2e313638   1..Host: 192.168
0x00000070 (00112)   2e313839 2e313238 3a313233 34350d0a   .189.128:12345..
0x00000080 (00128)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000090 (00144)   300d0a43 6f6e6e65 6374696f 6e3a204b   0..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....


Strings