Analysis Date2015-10-09 02:03:56
MD562d3d717a06da669dcaa7da3fe6fb30c
SHA1dc01e08b38488970c31618a91735d3b12266f7fe

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.nfJBg86 md5: 70e52a566d01dbc9dee5bf47d8733aef sha1: eb8410850ac1a2c3abc248716fa50880ea9521f0 size: 512
Section.nfJBg86 md5: 56a8e6edac368420e923363122a160b9 sha1: c1d23761872b4c8485d68f021bb6da5aaf3c5e76 size: 1371459
Timestamp2015-09-24 08:49:23
VersionLegalCopyright: 上海蚩1鄙软件有限公司。保留所有权利。
InternalName: 精益文件夹空间统计工具
FileVersion: 1, 5, 0, 7
CompanyName: 上海蚩1鄙软件有限公司
ProductName: 文件夹空间统计
ProductVersion: 1, 0, 0, 7
FileDescription: 文件夹空间统计工具
OriginalFilename: 精益软件
PackerEXECryptor v1.4.0.1
PEhash5a6dcfd9b479cbd5992fbd194f0d5d17d216e974
IMPhash469b1bae2575baede5bf1f06a01b4767
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVF-Secureno_virus
AVDr. Webno_virus
AVClamAVno_virus
AVArcabit (arcavir)no_virus
AVBullGuardno_virus
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyno_virus
AVZillya!Trojan.DipleGenS.Win32.1
AVEmsisoftno_virus
AVIkarusno_virus
AVFrisk (f-prot)no_virus
AVAuthentiumno_virus
AVMalwareBytesTrojan.Agent
AVMicroWorld (escan)no_virus
AVMicrosoft Security Essentialsno_virus
AVK7no_virus
AVBitDefenderno_virus
AVFortinetRiskware/Tool
AVSymantecno_virus
AVGrisoft (avg)no_virus
AVEset (nod32)no_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-Awareno_virus
AVTwisterno_virus
AVAvira (antivir)no_virus
AVMcafeeno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\All Users\Desktop\\\xe6\\x96\\x87\\xe4\\xbb\\xb6\\xe5\\xe4\\xb9\\xe7\\xfb\\x9f\\xe8\\xae\\xa1\\xe5\\xf7\\xa5\\xe5\\xc5\\xb7.lnk
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\\\xe7\\xf2\\xbe\\xe7\\xdb\\x8a\\xe8\\xbd\\xaf\\xe4\\xbb\\xb6\\\xe5\\xcd\\xb8\\xe8\\xbd\\xbd.lnk
Creates FilePIPE\srvsvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Program Files\JYSoft\DirSize.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\\\xe7\\xf2\\xbe\\xe7\\xdb\\x8a\\xe8\\xbd\\xaf\\xe4\\xbb\\xb6\\\xe6\\x96\\x87\\xe4\\xbb\\xb6\\xe5\\xe4\\xb9\\xe7\\xfb\\x9f\\xe8\\xae\\xa1\\xe5\\xf7\\xa5\\xe5\\xc5\\xb7.lnk
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Program Files\JYSoft\UnInstall.exe
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSint.dpool.sina.com.cn
Winsock DNScount.hnbftz.com

Network Details:

DNSint.dpool.sina.com.cn
Type: A
180.149.136.219
DNScount.hnbftz.com
Type: A
122.226.102.82
HTTP GEThttp://int.dpool.sina.com.cn/iplookup/iplookup.php?format=json
User-Agent: http://int.dpool.sina.com.cn/iplookup/iplookup.php?format=json
HTTP GEThttp://count.hnbftz.com/player/statistics.php?op=install&ri=malware.exe&mc=XX-XX-XX-XX-XX-XX&vs=5.2.7.0&tm=1444367029&key=368BB8360F85C1AB2463663772A2630D&bar=0
User-Agent: http://count.hnbftz.com/player/statistics.php?op=install&ri=malware.exe&mc=XX-XX-XX-XX-XX-XX&vs=5.2.7.0&tm=1444367029&key=368BB8360F85C1AB2463663772A2630D&bar=0
HTTP GEThttp://count.hnbftz.com/setup/getGg.php?ri=malware.exe&equipment=2
User-Agent: http://count.hnbftz.com/setup/getGg.php?ri=malware.exe&equipment=2
HTTP GEThttp://count.hnbftz.com/setup/az_jg.php?op=click_install&ri=malware.exe&mc=XX-XX-XX-XX-XX-XX&vs=5.2.7.0&tm=1444367037&key=B744FE6E0D396631643359CCC24BD80B&sd=&dq=<html>%20%20<head>%20%20%20%20<title>404%20Not%20Found</title>%20%20</head>%20%20<body>%20%20%20%20<h1>Not%20Found</h1>%20%20%20%20<p>Your%20browser%20sent%20a%20request%20that%20this%20server%20could%20not%20understand.</p>%20%20%20%20<p>No%20such%20file%20or%20directory.</p>%20%20<hr%20/>%20%20<address>Microsoft-IIS/7.0</address>%20%20</body></html>&sc=1024*768&os=5.1.2600
User-Agent: http://count.hnbftz.com/setup/az_jg.php?op=click_install&ri=malware.exe&mc=XX-XX-XX-XX-XX-XX&vs=5.2.7.0&tm=1444367037&key=B744FE6E0D396631643359CCC24BD80B&sd=&dq=<html>
HTTP GEThttp://count.hnbftz.com/setup/az_jg.php?op=click_install&ri=malware.exe&mc=XX-XX-XX-XX-XX-XX&vs=5.2.7.0&tm=1444367047&key=EB0BBFE4C0B0398827C00194FDA0478B&sd=&dq=<html>%20%20<head>%20%20%20%20<title>404%20Not%20Found</title>%20%20</head>%20%20<body>%20%20%20%20<h1>Not%20Found</h1>%20%20%20%20<p>Your%20browser%20sent%20a%20request%20that%20this%20server%20could%20not%20understand.</p>%20%20%20%20<p>No%20such%20file%20or%20directory.</p>%20%20<hr%20/>%20%20<address>Microsoft-IIS/7.0</address>%20%20</body></html>&sc=1024*768&os=5.1.2600
User-Agent: http://count.hnbftz.com/setup/az_jg.php?op=click_install&ri=malware.exe&mc=XX-XX-XX-XX-XX-XX&vs=5.2.7.0&tm=1444367047&key=EB0BBFE4C0B0398827C00194FDA0478B&sd=&dq=<html>
Flows TCP192.168.1.1:1031 ➝ 180.149.136.219:80
Flows TCP192.168.1.1:1032 ➝ 122.226.102.82:80
Flows TCP192.168.1.1:1033 ➝ 122.226.102.82:80
Flows TCP192.168.1.1:1034 ➝ 122.226.102.82:80
Flows TCP192.168.1.1:1035 ➝ 122.226.102.82:80

Raw Pcap
0x00000000 (00000)   47455420 2f69706c 6f6f6b75 702f6970   GET /iplookup/ip
0x00000010 (00016)   6c6f6f6b 75702e70 68703f66 6f726d61   lookup.php?forma
0x00000020 (00032)   743d6a73 6f6e2048 5454502f 312e310d   t=json HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20687474   .User-Agent: htt
0x00000040 (00064)   703a2f2f 696e742e 64706f6f 6c2e7369   p://int.dpool.si
0x00000050 (00080)   6e612e63 6f6d2e63 6e2f6970 6c6f6f6b   na.com.cn/iplook
0x00000060 (00096)   75702f69 706c6f6f 6b75702e 7068703f   up/iplookup.php?
0x00000070 (00112)   666f726d 61743d6a 736f6e0d 0a486f73   format=json..Hos
0x00000080 (00128)   743a2069 6e742e64 706f6f6c 2e73696e   t: int.dpool.sin
0x00000090 (00144)   612e636f 6d2e636e 0d0a4361 6368652d   a.com.cn..Cache-
0x000000a0 (00160)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x000000b0 (00176)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f706c61 7965722f 73746174   GET /player/stat
0x00000010 (00016)   69737469 63732e70 68703f6f 703d696e   istics.php?op=in
0x00000020 (00032)   7374616c 6c267269 3d646330 31653038   stall&ri=dc01e08
0x00000030 (00048)   62333834 38383937 30633331 36313861   b38488970c31618a
0x00000040 (00064)   39313733 35643362 31323236 36663766   91735d3b12266f7f
0x00000050 (00080)   652e6578 65266d63 3d58582d 58582d58   e.exe&mc=XX-XX-X
0x00000060 (00096)   582d5858 2d58582d 58582676 733d352e   X-XX-XX-XX&vs=5.
0x00000070 (00112)   322e372e 3026746d 3d313434 34333637   2.7.0&tm=1444367
0x00000080 (00128)   30323926 6b65793d 33363842 42383336   029&key=368BB836
0x00000090 (00144)   30463835 43314142 32343633 36363337   0F85C1AB24636637
0x000000a0 (00160)   37324132 36333044 26626172 3d302048   72A2630D&bar=0 H
0x000000b0 (00176)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x000000c0 (00192)   656e743a 20687474 703a2f2f 636f756e   ent: http://coun
0x000000d0 (00208)   742e686e 6266747a 2e636f6d 2f706c61   t.hnbftz.com/pla
0x000000e0 (00224)   7965722f 73746174 69737469 63732e70   yer/statistics.p
0x000000f0 (00240)   68703f6f 703d696e 7374616c 6c267269   hp?op=install&ri
0x00000100 (00256)   3d646330 31653038 62333834 38383937   =dc01e08b3848897
0x00000110 (00272)   30633331 36313861 39313733 35643362   0c31618a91735d3b
0x00000120 (00288)   31323236 36663766 652e6578 65266d63   12266f7fe.exe&mc
0x00000130 (00304)   3d58582d 58582d58 582d5858 2d58582d   =XX-XX-XX-XX-XX-
0x00000140 (00320)   58582676 733d352e 322e372e 3026746d   XX&vs=5.2.7.0&tm
0x00000150 (00336)   3d313434 34333637 30323926 6b65793d   =1444367029&key=
0x00000160 (00352)   33363842 42383336 30463835 43314142   368BB8360F85C1AB
0x00000170 (00368)   32343633 36363337 37324132 36333044   2463663772A2630D
0x00000180 (00384)   26626172 3d300d0a 486f7374 3a20636f   &bar=0..Host: co
0x00000190 (00400)   756e742e 686e6266 747a2e63 6f6d0d0a   unt.hnbftz.com..
0x000001a0 (00416)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000001b0 (00432)   6f2d6361 6368650d 0a0d0a              o-cache....

0x00000000 (00000)   47455420 2f736574 75702f67 65744767   GET /setup/getGg
0x00000010 (00016)   2e706870 3f72693d 64633031 65303862   .php?ri=dc01e08b
0x00000020 (00032)   33383438 38393730 63333136 31386139   38488970c31618a9
0x00000030 (00048)   31373335 64336231 32323636 66376665   1735d3b12266f7fe
0x00000040 (00064)   2e657865 26657175 69706d65 6e743d32   .exe&equipment=2
0x00000050 (00080)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000060 (00096)   4167656e 743a2068 7474703a 2f2f636f   Agent: http://co
0x00000070 (00112)   756e742e 686e6266 747a2e63 6f6d2f73   unt.hnbftz.com/s
0x00000080 (00128)   65747570 2f676574 47672e70 68703f72   etup/getGg.php?r
0x00000090 (00144)   693d6463 30316530 38623338 34383839   i=dc01e08b384889
0x000000a0 (00160)   37306333 31363138 61393137 33356433   70c31618a91735d3
0x000000b0 (00176)   62313232 36366637 66652e65 78652665   b12266f7fe.exe&e
0x000000c0 (00192)   71756970 6d656e74 3d320d0a 486f7374   quipment=2..Host
0x000000d0 (00208)   3a20636f 756e742e 686e6266 747a2e63   : count.hnbftz.c
0x000000e0 (00224)   6f6d0d0a 43616368 652d436f 6e74726f   om..Cache-Contro
0x000000f0 (00240)   6c3a206e 6f2d6361 6368650d 0a0d0a69   l: no-cache....i
0x00000100 (00256)   3d646330 31653038 62333834 38383937   =dc01e08b3848897
0x00000110 (00272)   30633331 36313861 39313733 35643362   0c31618a91735d3b
0x00000120 (00288)   31323236 36663766 652e6578 65266d63   12266f7fe.exe&mc
0x00000130 (00304)   3d58582d 58582d58 582d5858 2d58582d   =XX-XX-XX-XX-XX-
0x00000140 (00320)   58582676 733d352e 322e372e 3026746d   XX&vs=5.2.7.0&tm
0x00000150 (00336)   3d313434 34333637 30323926 6b65793d   =1444367029&key=
0x00000160 (00352)   33363842 42383336 30463835 43314142   368BB8360F85C1AB
0x00000170 (00368)   32343633 36363337 37324132 36333044   2463663772A2630D
0x00000180 (00384)   26626172 3d300d0a 486f7374 3a20636f   &bar=0..Host: co
0x00000190 (00400)   756e742e 686e6266 747a2e63 6f6d0d0a   unt.hnbftz.com..
0x000001a0 (00416)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000001b0 (00432)   6f2d6361 6368650d 0a0d0a              o-cache....

0x00000000 (00000)   47455420 2f736574 75702f61 7a5f6a67   GET /setup/az_jg
0x00000010 (00016)   2e706870 3f6f703d 636c6963 6b5f696e   .php?op=click_in
0x00000020 (00032)   7374616c 6c267269 3d646330 31653038   stall&ri=dc01e08
0x00000030 (00048)   62333834 38383937 30633331 36313861   b38488970c31618a
0x00000040 (00064)   39313733 35643362 31323236 36663766   91735d3b12266f7f
0x00000050 (00080)   652e6578 65266d63 3d58582d 58582d58   e.exe&mc=XX-XX-X
0x00000060 (00096)   582d5858 2d58582d 58582676 733d352e   X-XX-XX-XX&vs=5.
0x00000070 (00112)   322e372e 3026746d 3d313434 34333637   2.7.0&tm=1444367
0x00000080 (00128)   30333726 6b65793d 42373434 46453645   037&key=B744FE6E
0x00000090 (00144)   30443339 36363331 36343333 35394343   0D396631643359CC
0x000000a0 (00160)   43323442 44383042 2673643d 2664713d   C24BD80B&sd=&dq=
0x000000b0 (00176)   3c68746d 6c3e2532 30253230 3c686561   <html>%20%20<hea
0x000000c0 (00192)   643e2532 30253230 25323025 32303c74   d>%20%20%20%20<t
0x000000d0 (00208)   69746c65 3e343034 2532304e 6f742532   itle>404%20Not%2
0x000000e0 (00224)   30466f75 6e643c2f 7469746c 653e2532   0Found</title>%2
0x000000f0 (00240)   30253230 3c2f6865 61643e25 32302532   0%20</head>%20%2
0x00000100 (00256)   303c626f 64793e25 32302532 30253230   0<body>%20%20%20
0x00000110 (00272)   2532303c 68313e4e 6f742532 30466f75   %20<h1>Not%20Fou
0x00000120 (00288)   6e643c2f 68313e25 32302532 30253230   nd</h1>%20%20%20
0x00000130 (00304)   2532303c 703e596f 75722532 3062726f   %20<p>Your%20bro
0x00000140 (00320)   77736572 25323073 656e7425 32306125   wser%20sent%20a%
0x00000150 (00336)   32307265 71756573 74253230 74686174   20request%20that
0x00000160 (00352)   25323074 68697325 32307365 72766572   %20this%20server
0x00000170 (00368)   25323063 6f756c64 2532306e 6f742532   %20could%20not%2
0x00000180 (00384)   30756e64 65727374 616e642e 3c2f703e   0understand.</p>
0x00000190 (00400)   25323025 32302532 30253230 3c703e4e   %20%20%20%20<p>N
0x000001a0 (00416)   6f253230 73756368 25323066 696c6525   o%20such%20file%
0x000001b0 (00432)   32306f72 25323064 69726563 746f7279   20or%20directory
0x000001c0 (00448)   2e3c2f70 3e253230 2532303c 68722532   .</p>%20%20<hr%2
0x000001d0 (00464)   302f3e25 32302532 303c6164 64726573   0/>%20%20<addres
0x000001e0 (00480)   733e4d69 63726f73 6f66742d 4949532f   s>Microsoft-IIS/
0x000001f0 (00496)   372e303c 2f616464 72657373 3e253230   7.0</address>%20
0x00000200 (00512)   2532303c 2f626f64 793e3c2f 68746d6c   %20</body></html
0x00000210 (00528)   3e267363 3d313032 342a3736 38266f73   >&sc=1024*768&os
0x00000220 (00544)   3d352e31 2e323630 30204854 54502f31   =5.1.2600 HTTP/1
0x00000230 (00560)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000240 (00576)   68747470 3a2f2f63 6f756e74 2e686e62   http://count.hnb
0x00000250 (00592)   66747a2e 636f6d2f 73657475 702f617a   ftz.com/setup/az
0x00000260 (00608)   5f6a672e 7068703f 6f703d63 6c69636b   _jg.php?op=click
0x00000270 (00624)   5f696e73 74616c6c 2672693d 64633031   _install&ri=dc01
0x00000280 (00640)   65303862 33383438 38393730 63333136   e08b38488970c316
0x00000290 (00656)   31386139 31373335 64336231 32323636   18a91735d3b12266
0x000002a0 (00672)   66376665 2e657865 266d633d 58582d58   f7fe.exe&mc=XX-X
0x000002b0 (00688)   582d5858 2d58582d 58582d58 58267673   X-XX-XX-XX-XX&vs
0x000002c0 (00704)   3d352e32 2e372e30 26746d3d 31343434   =5.2.7.0&tm=1444
0x000002d0 (00720)   33363730 3337266b 65793d42 37343446   367037&key=B744F
0x000002e0 (00736)   45364530 44333936 36333136 34333335   E6E0D39663164335
0x000002f0 (00752)   39434343 32344244 38304226 73643d26   9CCC24BD80B&sd=&
0x00000300 (00768)   64713d3c 68746d6c 3e0a2020 3c686561   dq=<html>.  <hea
0x00000310 (00784)   643e0a20 2020203c 7469746c 653e3430   d>.    <title>40
0x00000320 (00800)   34204e6f 7420466f 756e643c 2f746974   4 Not Found</tit
0x00000330 (00816)   6c653e0a 20203c2f 68656164 3e0a2020   le>.  </head>.  
0x00000340 (00832)   3c626f64 793e0a20 2020203c 68313e4e   <body>.    <h1>N
0x00000350 (00848)   6f742046 6f756e64 3c2f6831 3e0a2020   ot Found</h1>.  
0x00000360 (00864)   20203c70 3e596f75 72206272 6f777365     <p>Your browse
0x00000370 (00880)   72207365 6e742061 20726571 75657374   r sent a request
0x00000380 (00896)   20746861 74207468 69732073 65727665    that this serve
0x00000390 (00912)   7220636f 756c6420 6e6f7420 756e6465   r could not unde
0x000003a0 (00928)   72737461 6e642e3c 2f703e0a 20202020   rstand.</p>.    
0x000003b0 (00944)   3c703e4e 6f207375 63682066 696c6520   <p>No such file 
0x000003c0 (00960)   6f722064 69726563 746f7279 2e3c2f70   or directory.</p
0x000003d0 (00976)   3e0a2020 3c687220 2f3e0a20 203c6164   >.  <hr />.  <ad
0x000003e0 (00992)   64726573 733e4d69 63726f73 6f66742d   dress>Microsoft-
0x000003f0 (01008)   4949532f 372e303c 2f616464 72657373   IIS/7.0</address
0x00000400 (01024)   3e0a2020 3c2f626f 64793e0a 3c2f6874   >.  </body>.</ht
0x00000410 (01040)   6d6c3e0a 2673633d 31303234 2a373638   ml>.&sc=1024*768
0x00000420 (01056)   266f733d 352e312e 32363030 0d0a486f   &os=5.1.2600..Ho
0x00000430 (01072)   73743a20 636f756e 742e686e 6266747a   st: count.hnbftz
0x00000440 (01088)   2e636f6d 0d0a4361 6368652d 436f6e74   .com..Cache-Cont
0x00000450 (01104)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000460 (01120)   0a                                    .

0x00000000 (00000)   47455420 2f736574 75702f61 7a5f6a67   GET /setup/az_jg
0x00000010 (00016)   2e706870 3f6f703d 636c6963 6b5f696e   .php?op=click_in
0x00000020 (00032)   7374616c 6c267269 3d646330 31653038   stall&ri=dc01e08
0x00000030 (00048)   62333834 38383937 30633331 36313861   b38488970c31618a
0x00000040 (00064)   39313733 35643362 31323236 36663766   91735d3b12266f7f
0x00000050 (00080)   652e6578 65266d63 3d58582d 58582d58   e.exe&mc=XX-XX-X
0x00000060 (00096)   582d5858 2d58582d 58582676 733d352e   X-XX-XX-XX&vs=5.
0x00000070 (00112)   322e372e 3026746d 3d313434 34333637   2.7.0&tm=1444367
0x00000080 (00128)   30343726 6b65793d 45423042 42464534   047&key=EB0BBFE4
0x00000090 (00144)   43304230 33393838 32374330 30313934   C0B0398827C00194
0x000000a0 (00160)   46444130 34373842 2673643d 2664713d   FDA0478B&sd=&dq=
0x000000b0 (00176)   3c68746d 6c3e2532 30253230 3c686561   <html>%20%20<hea
0x000000c0 (00192)   643e2532 30253230 25323025 32303c74   d>%20%20%20%20<t
0x000000d0 (00208)   69746c65 3e343034 2532304e 6f742532   itle>404%20Not%2
0x000000e0 (00224)   30466f75 6e643c2f 7469746c 653e2532   0Found</title>%2
0x000000f0 (00240)   30253230 3c2f6865 61643e25 32302532   0%20</head>%20%2
0x00000100 (00256)   303c626f 64793e25 32302532 30253230   0<body>%20%20%20
0x00000110 (00272)   2532303c 68313e4e 6f742532 30466f75   %20<h1>Not%20Fou
0x00000120 (00288)   6e643c2f 68313e25 32302532 30253230   nd</h1>%20%20%20
0x00000130 (00304)   2532303c 703e596f 75722532 3062726f   %20<p>Your%20bro
0x00000140 (00320)   77736572 25323073 656e7425 32306125   wser%20sent%20a%
0x00000150 (00336)   32307265 71756573 74253230 74686174   20request%20that
0x00000160 (00352)   25323074 68697325 32307365 72766572   %20this%20server
0x00000170 (00368)   25323063 6f756c64 2532306e 6f742532   %20could%20not%2
0x00000180 (00384)   30756e64 65727374 616e642e 3c2f703e   0understand.</p>
0x00000190 (00400)   25323025 32302532 30253230 3c703e4e   %20%20%20%20<p>N
0x000001a0 (00416)   6f253230 73756368 25323066 696c6525   o%20such%20file%
0x000001b0 (00432)   32306f72 25323064 69726563 746f7279   20or%20directory
0x000001c0 (00448)   2e3c2f70 3e253230 2532303c 68722532   .</p>%20%20<hr%2
0x000001d0 (00464)   302f3e25 32302532 303c6164 64726573   0/>%20%20<addres
0x000001e0 (00480)   733e4d69 63726f73 6f66742d 4949532f   s>Microsoft-IIS/
0x000001f0 (00496)   372e303c 2f616464 72657373 3e253230   7.0</address>%20
0x00000200 (00512)   2532303c 2f626f64 793e3c2f 68746d6c   %20</body></html
0x00000210 (00528)   3e267363 3d313032 342a3736 38266f73   >&sc=1024*768&os
0x00000220 (00544)   3d352e31 2e323630 30204854 54502f31   =5.1.2600 HTTP/1
0x00000230 (00560)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000240 (00576)   68747470 3a2f2f63 6f756e74 2e686e62   http://count.hnb
0x00000250 (00592)   66747a2e 636f6d2f 73657475 702f617a   ftz.com/setup/az
0x00000260 (00608)   5f6a672e 7068703f 6f703d63 6c69636b   _jg.php?op=click
0x00000270 (00624)   5f696e73 74616c6c 2672693d 64633031   _install&ri=dc01
0x00000280 (00640)   65303862 33383438 38393730 63333136   e08b38488970c316
0x00000290 (00656)   31386139 31373335 64336231 32323636   18a91735d3b12266
0x000002a0 (00672)   66376665 2e657865 266d633d 58582d58   f7fe.exe&mc=XX-X
0x000002b0 (00688)   582d5858 2d58582d 58582d58 58267673   X-XX-XX-XX-XX&vs
0x000002c0 (00704)   3d352e32 2e372e30 26746d3d 31343434   =5.2.7.0&tm=1444
0x000002d0 (00720)   33363730 3437266b 65793d45 42304242   367047&key=EB0BB
0x000002e0 (00736)   46453443 30423033 39383832 37433030   FE4C0B0398827C00
0x000002f0 (00752)   31393446 44413034 37384226 73643d26   194FDA0478B&sd=&
0x00000300 (00768)   64713d3c 68746d6c 3e0a2020 3c686561   dq=<html>.  <hea
0x00000310 (00784)   643e0a20 2020203c 7469746c 653e3430   d>.    <title>40
0x00000320 (00800)   34204e6f 7420466f 756e643c 2f746974   4 Not Found</tit
0x00000330 (00816)   6c653e0a 20203c2f 68656164 3e0a2020   le>.  </head>.  
0x00000340 (00832)   3c626f64 793e0a20 2020203c 68313e4e   <body>.    <h1>N
0x00000350 (00848)   6f742046 6f756e64 3c2f6831 3e0a2020   ot Found</h1>.  
0x00000360 (00864)   20203c70 3e596f75 72206272 6f777365     <p>Your browse
0x00000370 (00880)   72207365 6e742061 20726571 75657374   r sent a request
0x00000380 (00896)   20746861 74207468 69732073 65727665    that this serve
0x00000390 (00912)   7220636f 756c6420 6e6f7420 756e6465   r could not unde
0x000003a0 (00928)   72737461 6e642e3c 2f703e0a 20202020   rstand.</p>.    
0x000003b0 (00944)   3c703e4e 6f207375 63682066 696c6520   <p>No such file 
0x000003c0 (00960)   6f722064 69726563 746f7279 2e3c2f70   or directory.</p
0x000003d0 (00976)   3e0a2020 3c687220 2f3e0a20 203c6164   >.  <hr />.  <ad
0x000003e0 (00992)   64726573 733e4d69 63726f73 6f66742d   dress>Microsoft-
0x000003f0 (01008)   4949532f 372e303c 2f616464 72657373   IIS/7.0</address
0x00000400 (01024)   3e0a2020 3c2f626f 64793e0a 3c2f6874   >.  </body>.</ht
0x00000410 (01040)   6d6c3e0a 2673633d 31303234 2a373638   ml>.&sc=1024*768
0x00000420 (01056)   266f733d 352e312e 32363030 0d0a486f   &os=5.1.2600..Ho
0x00000430 (01072)   73743a20 636f756e 742e686e 6266747a   st: count.hnbftz
0x00000440 (01088)   2e636f6d 0d0a4361 6368652d 436f6e74   .com..Cache-Cont
0x00000450 (01104)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000460 (01120)   0a                                    .


Strings