Analysis Date2014-10-07 22:20:23
MD5543efe71536f990d73be738508a4a04f
SHA1eb2d28a3005b37de43b8f64fb056c515b87afc60

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 735261b806f0187b2798ce916a324697 sha1: 9b7a2bf5133decef0ff781b3bd6cf6c078855884 size: 512
Section.rdata md5: d8f1229d527c6bfc493069dbdd1a8824 sha1: 40ed4cde6410d12150004acc0d865b23ef595ed8 size: 512
Section.data md5: 5c30f2448da617573bb2c90e7166c5a1 sha1: 85a47c87578b4607e0affd6c1b99aa52a9be6815 size: 512
Section.rsrc md5: b9f7744d9432e56810b412eee35dcbb6 sha1: c1f438c1060ebdf1bb5a04c1f2d762a5bce42ec0 size: 35840
Timestamp2006-02-09 11:54:39
VersionLegalCopyright: Copyright © 1987-1996 Microsoft Corp.
InternalName: WebImage.Ocx
FileVersion: 5.00.2810
CompanyName: My Company Name
LegalTrademarks: Put Legal TradeMarks here ...
Comments: April 10, 1996
ProductName: WebImage Object Library
ProductVersion: 5.00.2810
FileDescription: WebImage
PEhash898dbe0e08853d2b1feba3186721fd861e088a9a
IMPhash39982c2c6f59b765468fffd144de1506
AV360 SafeTrojan.GenericKDZ.22757
AVAd-AwareTrojan.GenericKDZ.22757
AVAlwil (avast)Kryptik-MGI [Trj]
AVArcabit (arcavir)Backdoor.Pushdo.qkv
AVAuthentiumno_virus
AVAvira (antivir)TR/Dropper.Gen
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)TrojanDownloader.CutWail.BS5
AVClamAVno_virus
AVDr. WebBackDoor.Bulknet.958
AVEmsisoftTrojan.GenericKDZ.22757
AVEset (nod32)Win32/Kryptik.BKEI
AVFortinetW32/Pushdo.JW!tr.bdr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.GenericKDZ.22757
AVGrisoft (avg)Generic_s.BOM
AVIkarusTrojan-Downloader.Win32.Cutwail
AVK7Backdoor ( 04c511631 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesBackdoor.Pushdo
AVMcafeeBackDoor-FAYA!543EFE71536F
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BS
AVMicroWorld (escan)Trojan.GenericKDZ.22757
AVNormanwinpe/Pushdo.AC
AVRising0x5569c601
AVSophosMal/MDrop-JW
AVSymantecTrojan.Pandex!gen3
AVTrend MicroTROJ_SPNR.1AG313
AVVirusBlokAda (vba32)BScope.Trojan.Pushdo
AVYara APTno_virus
AVZillya!no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\jizrahebpibe ➝
C:\Documents and Settings\Administrator\jizrahebpibe.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\sympatico[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\sify[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\hotmale[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\robvivian[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\msu[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\dr[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\rogers[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\youtube[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\24[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\intuit[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\go2[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\gravityboard[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\surfglobal[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\apollo[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\rogers[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\t-mobel[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\excite[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\trib[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\aussiestockforums[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\metallica[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\conwaycorp[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\aon[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\virginia[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\intuit[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\zdnetonebox[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\axelero[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\stupid[1].htm
Creates FileC:\Documents and Settings\Administrator\jizrahebpibe.exe
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexjizrahebpibe
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSt-mobel.com
Winsock DNSgo2.pl
Winsock DNSdr.dk
Winsock DNSgravityboard.com
Winsock DNSrogers.com
Winsock DNSvirginia.edu
Winsock DNSintuit.com
Winsock DNSsympatico.ca
Winsock DNSmsu.edu
Winsock DNSaxelero.hu
Winsock DNSsurfglobal.net
Winsock DNSsify.com
Winsock DNSzdnetonebox.com
Winsock DNSconwaycorp.net
Winsock DNShotmale.com
Winsock DNSstupid.com
Winsock DNS24.com
Winsock DNSavinalarf.co.uk
Winsock DNSapollo.lv
Winsock DNSexcite.it
Winsock DNSrobvivian.com
Winsock DNSethansalwen.com
Winsock DNSaon.at
Winsock DNSmetallica.com
Winsock DNSyoutube.com
Winsock DNSaol.de
Winsock DNStrib.com
Winsock DNSaussiestockforums.com

Network Details:

DNScrosspaths.net
Type: A
162.39.145.20
DNSusintouch.com
Type: A
70.34.34.93
DNSconwaycorp.net
Type: A
24.144.0.51
DNSexcite.it
Type: A
80.239.202.51
DNSapollo.lv
Type: A
78.28.227.182
DNSvol.com
Type: A
209.86.62.44
DNSsurfglobal.net
Type: A
72.71.201.2
DNStelepac.pt
Type: A
213.13.145.45
DNSgravityboard.com
Type: A
66.85.130.90
DNStrib.com
Type: A
192.104.182.109
DNStrib.com
Type: A
192.104.182.209
DNSvirginia.edu
Type: A
128.143.21.99
DNSvirginia.edu
Type: A
128.143.22.36
DNSvirginia.edu
Type: A
128.143.22.79
DNSmetallica.com
Type: A
190.93.240.5
DNSmetallica.com
Type: A
190.93.241.5
DNSmetallica.com
Type: A
190.93.242.5
DNSmetallica.com
Type: A
190.93.243.5
DNSmetallica.com
Type: A
141.101.112.6
DNSrogers.com
Type: A
207.245.252.27
DNSdr.dk
Type: A
159.20.6.38
DNSstupid.com
Type: A
198.144.18.61
DNSstupid.com
Type: A
198.144.18.62
DNSstupid.com
Type: A
198.144.18.63
DNSstupid.com
Type: A
198.144.18.64
DNSstupid.com
Type: A
75.126.29.212
DNSasteriks.be
Type: A
DNSzdnetonebox.com
Type: A
HTTP POSThttp://gravityboard.com/?ptrxcz_m7Ro8m8R3h4h2MfzIbvEXrATm6Pi2L
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://virginia.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://trib.com/?ptrxcz_Oi3Mf0JcxGZtDWqPvFZtCWq9Sl6Pi2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://metallica.com/?ptrxcz_EYtDWrAUo8Sl6Pj3Ng1KezIcwGZuDX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://dr.dk/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://rogers.com/?ptrxcz_bwGZuEXsBUp8Rl5Oi2LeZ7Sm7Qk4Nh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://stupid.com/?ptrxcz_MfQrEawFYsBUpzMg0J8WsCVp8Rj3Mf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1037 ➝ 209.86.62.44:25
Flows TCP192.168.1.1:1038 ➝ 24.144.0.51:25
Flows TCP192.168.1.1:1039 ➝ 70.34.34.93:25
Flows TCP192.168.1.1:1041 ➝ 80.239.202.51:25
Flows TCP192.168.1.1:1042 ➝ 78.28.227.182:25
Flows TCP192.168.1.1:1040 ➝ 162.39.145.20:25
Flows TCP192.168.1.1:1043 ➝ 72.71.201.2:25
Flows TCP192.168.1.1:1044 ➝ 213.13.145.45:25
Flows TCP192.168.1.1:1045 ➝ 66.85.130.90:80
Flows TCP192.168.1.1:1046 ➝ 128.143.21.99:80
Flows TCP192.168.1.1:1047 ➝ 192.104.182.109:80
Flows TCP192.168.1.1:1048 ➝ 190.93.240.5:80
Flows TCP192.168.1.1:1049 ➝ 159.20.6.38:80
Flows TCP192.168.1.1:1050 ➝ 207.245.252.27:80
Flows TCP192.168.1.1:1051 ➝ 198.144.18.61:80

Raw Pcap
0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203234   ntent-Length: 24
0x00000070 (00112)   300d0a55 7365722d 4167656e 743a204d   0..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a207669   ; SV1)..Host: vi
0x000000c0 (00192)   7267696e 69612e65 64750d0a 436f6e6e   rginia.edu..Conn
0x000000d0 (00208)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000e0 (00224)   76650d0a 43616368 652d436f 6e74726f   ve..Cache-Contro
0x000000f0 (00240)   6c3a206e 6f2d6361 6368650d 0a0d0aad   l: no-cache.....
0x00000100 (00256)   adb6f3b1 a6b2f5a8 3995f7ac 3291f9a3   ........9...2...
0x00000110 (00272)   c573fba7 be6ffd8c 771703eb 3ac505ef   .s...o..w...:...
0x00000120 (00288)   33c10755 6e41146b 4ede2b6f 47da2d66   3..UnA.kN.+oG.-f
0x00000130 (00304)   dabc2f6a d3b8316e ccb43365 5f973569   ../j..1n..3e_.5i
0x00000140 (00320)   58933760 eb753964 e4713b93 77543d82   X.7`.u9d.q;.wT=.
0x00000150 (00336)   70503f86 694c41ea                     pP?.iLA.

0x00000000 (00000)   504f5354 202f3f70 74727863 7a5f4d66   POST /?ptrxcz_Mf
0x00000010 (00016)   51724561 77465973 4255707a 4d67304a   QrEawFYsBUpzMg0J
0x00000020 (00032)   38577343 56703852 6a334d66 20485454   8WsCVp8Rj3Mf HTT
0x00000030 (00048)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000040 (00064)   2f2a0d0a 41636365 70742d4c 616e6775   /*..Accept-Langu
0x00000050 (00080)   6167653a 20656e2d 75730d0a 436f6e74   age: en-us..Cont
0x00000060 (00096)   656e742d 54797065 3a206170 706c6963   ent-Type: applic
0x00000070 (00112)   6174696f 6e2f6f63 7465742d 73747265   ation/octet-stre
0x00000080 (00128)   616d0d0a 436f6e74 656e742d 4c656e67   am..Content-Leng
0x00000090 (00144)   74683a20 3231330d 0a557365 722d4167   th: 213..User-Ag
0x000000a0 (00160)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000b0 (00176)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000c0 (00192)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000d0 (00208)   4e542035 2e313b20 53563129 0d0a486f   NT 5.1; SV1)..Ho
0x000000e0 (00224)   73743a20 73747570 69642e63 6f6d0d0a   st: stupid.com..
0x000000f0 (00240)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x00000100 (00256)   2d416c69 76650d0a 43616368 652d436f   -Alive..Cache-Co
0x00000110 (00272)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x00000120 (00288)   0a0d0a41 300eef81 dbcc6f2f 6daf718e   ...A0.....o/m.q.
0x00000130 (00304)   0192738d 8ca0f65d 27577711 bb397998   ..s....]'Ww..9y.
0x00000140 (00320)   e969fb94 f96efda8 5a05                .i...n..Z.

0x00000000 (00000)   504f5354 202f3f70 74727863 7a5f6d37   POST /?ptrxcz_m7
0x00000010 (00016)   526f386d 38523368 3468324d 667a4962   Ro8m8R3h4h2MfzIb
0x00000020 (00032)   76455872 41546d36 5069324c 20485454   vEXrATm6Pi2L HTT
0x00000030 (00048)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000040 (00064)   2f2a0d0a 41636365 70742d4c 616e6775   /*..Accept-Langu
0x00000050 (00080)   6167653a 20656e2d 75730d0a 436f6e74   age: en-us..Cont
0x00000060 (00096)   656e742d 54797065 3a206170 706c6963   ent-Type: applic
0x00000070 (00112)   6174696f 6e2f6f63 7465742d 73747265   ation/octet-stre
0x00000080 (00128)   616d0d0a 436f6e74 656e742d 4c656e67   am..Content-Leng
0x00000090 (00144)   74683a20 3138320d 0a557365 722d4167   th: 182..User-Ag
0x000000a0 (00160)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000b0 (00176)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000c0 (00192)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000d0 (00208)   4e542035 2e313b20 53563129 0d0a486f   NT 5.1; SV1)..Ho
0x000000e0 (00224)   73743a20 67726176 69747962 6f617264   st: gravityboard
0x000000f0 (00240)   2e636f6d 0d0a436f 6e6e6563 74696f6e   .com..Connection
0x00000100 (00256)   3a204b65 65702d41 6c697665 0d0a4361   : Keep-Alive..Ca
0x00000110 (00272)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x00000120 (00288)   63616368 650d0a0d 0ae5aa5b af6c3f15   cache......[.l?.
0x00000130 (00304)   3063d2f7 315a01ed b409e1e0 b695e698   0c..1Z..........
0x00000140 (00320)   37494ee9 b942177e 3b3cac60 3d313d43   7IN..B.~;<.`=1=C
0x00000150 (00336)   3f28d025 418f115f c3235c04 451befe6   ?(.%A.._.#\.E...
0x00000160 (00352)   461182c9 48e72f1c cbffb469 07453b71   F...H./....i.E;q
0x00000170 (00368)   4eedcd53 501c6136 520b5a32 5402ed14   N..SP.a6R.Z2T...
0x00000180 (00384)   566684f7 573c7048 bfc9a5bc 5b07a80d   Vf..W<pH....[...
0x00000190 (00400)   c3b2cb81 5f8973ee 617d5860 638df1c3   ...._.s.a}X`c...
0x000001a0 (00416)   e1b67d25 67921208 6985a378 6ca336cd   ..}%g...i..xl.6.
0x000001b0 (00432)   6c3fc3d8 ef73ade7 6b9c68f1 f209e182   l?...s..k.h.....
0x000001c0 (00448)   f5187465 f71f085f f9a28d54 75412f0d   ..te..._...TuA/.
0x000001d0 (00464)   fd012609 ff40b902 016f489c 8184ad     ..&..@...oH....

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203132   ntent-Length: 12
0x00000070 (00112)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a206472   ; SV1)..Host: dr
0x000000c0 (00192)   2e646b0d 0a436f6e 6e656374 696f6e3a   .dk..Connection:
0x000000d0 (00208)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x000000e0 (00224)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000f0 (00240)   61636865 0d0a0d0a 55ec5e08 2a821889   ache....U.^.*...
0x00000100 (00256)   e079148b d70df78c 1ea40510 209ad590   .y.......... ...
0x00000110 (00272)   e921e413 0dc09a94 c4bec217 bb4a7998   .!...........Jy.
0x00000120 (00288)   b2dd5b9a 2685ae1c ad693a9e b26236a0   ..[.&....i:..b6.
0x00000130 (00304)   a8f518a2 5f33379f c1234726 e914daa7   ...._37..#G&....
0x00000140 (00320)   91a7bca9 cda0b8ab af339bad b32c97af   .........3...,..
0x00000150 (00336)   17c479b1 edafca18 894b58b5 c54da91c   ..y......KX..M..
0x00000160 (00352)   70711db9 547fa3bb 3bfefbbc 58fd783b   pq..T...;...X.x;
0x00000170 (00368)   81                                    .

0x00000000 (00000)   504f5354 202f3f70 74727863 7a5f6277   POST /?ptrxcz_bw
0x00000010 (00016)   475a7545 58734255 7038526c 354f6932   GZuEXsBUp8Rl5Oi2
0x00000020 (00032)   4c655a37 536d3751 6b344e68 20485454   LeZ7Sm7Qk4Nh HTT
0x00000030 (00048)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000040 (00064)   2f2a0d0a 41636365 70742d4c 616e6775   /*..Accept-Langu
0x00000050 (00080)   6167653a 20656e2d 75730d0a 436f6e74   age: en-us..Cont
0x00000060 (00096)   656e742d 54797065 3a206170 706c6963   ent-Type: applic
0x00000070 (00112)   6174696f 6e2f6f63 7465742d 73747265   ation/octet-stre
0x00000080 (00128)   616d0d0a 436f6e74 656e742d 4c656e67   am..Content-Leng
0x00000090 (00144)   74683a20 3232340d 0a557365 722d4167   th: 224..User-Ag
0x000000a0 (00160)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000b0 (00176)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000c0 (00192)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000d0 (00208)   4e542035 2e313b20 53563129 0d0a486f   NT 5.1; SV1)..Ho
0x000000e0 (00224)   73743a20 726f6765 72732e63 6f6d0d0a   st: rogers.com..
0x000000f0 (00240)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x00000100 (00256)   2d416c69 76650d0a 43616368 652d436f   -Alive..Cache-Co
0x00000110 (00272)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x00000120 (00288)   0a0d0a33 1861cdc7 12344ebe a51650c2   ...3.a...4N...P.
0x00000130 (00304)   9e1252b9 31f553bd 2af155c1 23ed57b8   ..R.1.S.*.U.#.W.
0x00000140 (00320)   b6cf5919 7d2e6a9f 72286da3 6b246f2f   ..Y.}.j.r(m.k$o/
0x00000150 (00336)   1377f1ab 5d1c73a3 f0fe74a6 e9fa76aa   .w..].s...t...v.
0x00000160 (00352)   e2f678ae dbf27a01 d5ee7ca9 67d17ee5   ..x...z...|.g.~.
0x00000170 (00368)   60cd80d4 59c982d8 52c58449 50c1861f   `...Y...R..IP...
0x00000180 (00384)   3c12eeb6 d79f8a04 400af269 f1dd9181   <.......@..i....
0x00000190 (00400)   97c99475 7c3b9692 7bb814c8 6d339ab1   ...u|;..{...m3..
0x000001a0 (00416)   682f9cb1 5f419fdc 5827a085 4b4c23b9   h/.._A..X'..KL#.
0x000001b0 (00432)   755c9ffc bc972686 064329a2 ff3e2ba6   u\....&..C)..>+.
0x000001c0 (00448)   8e512d36 ba61a9f2 ec3231b2 e32e33ee   .Q-6.a...21...3.
0x000001d0 (00464)   7141352a 3789b24c 325e38fa 630cba36   qA5*7..L2^8.c..6
0x000001e0 (00480)   22573c0e bc163fce b21241d2 41254323   "W<...?...A.A%C#
0x000001f0 (00496)   fc68441f a00dc653 b1794827 ab754a5c   .hD....S.yH'.uJ\
0x00000200 (00512)   6503cc                                e..

0x00000000 (00000)   504f5354 202f3f70 74727863 7a5f4559   POST /?ptrxcz_EY
0x00000010 (00016)   74445772 41556f38 536c3650 6a334e67   tDWrAUo8Sl6Pj3Ng
0x00000020 (00032)   314b657a 49637747 5a754458 20485454   1KezIcwGZuDX HTT
0x00000030 (00048)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000040 (00064)   2f2a0d0a 41636365 70742d4c 616e6775   /*..Accept-Langu
0x00000050 (00080)   6167653a 20656e2d 75730d0a 436f6e74   age: en-us..Cont
0x00000060 (00096)   656e742d 54797065 3a206170 706c6963   ent-Type: applic
0x00000070 (00112)   6174696f 6e2f6f63 7465742d 73747265   ation/octet-stre
0x00000080 (00128)   616d0d0a 436f6e74 656e742d 4c656e67   am..Content-Leng
0x00000090 (00144)   74683a20 3231300d 0a557365 722d4167   th: 210..User-Ag
0x000000a0 (00160)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000b0 (00176)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000c0 (00192)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000d0 (00208)   4e542035 2e313b20 53563129 0d0a486f   NT 5.1; SV1)..Ho
0x000000e0 (00224)   73743a20 6d657461 6c6c6963 612e636f   st: metallica.co
0x000000f0 (00240)   6d0d0a43 6f6e6e65 6374696f 6e3a204b   m..Connection: K
0x00000100 (00256)   6565702d 416c6976 650d0a43 61636865   eep-Alive..Cache
0x00000110 (00272)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000120 (00288)   68650d0a 0d0af949 c7108d44 9a91913d   he.....I...D...=
0x00000130 (00304)   96939536 9295992f 8e9790c2 7099f08a   ...6.../....p...
0x00000140 (00320)   fd171b57 fa199bad 649fa0a6 60a15445   ...W....d...`.TE
0x00000150 (00336)   79aed738 864688ea 44c88de3 40ca90dc   y..8.F..D...@...
0x00000160 (00352)   3ccc94d5 86d0b354 e1d2de61 17d2935a   <......T...a...Z
0x00000170 (00368)   13d4cf53 0fd6db96 14e031ed a4e4af50   ...S......1....P
0x00000180 (00384)   bae69f08 3e4ec906 e3eb8cfe 2d5692ec   ....>N......-V..
0x00000190 (00400)   53f38360 f3f57745 65f79444 e275ca36   S..`..wEe..D.u.6
0x000001a0 (00416)   5dfbb331 59fdb328 0b01de21 51018714   ]..1Y..(...!Q...
0x000001b0 (00432)   7684344e 7503b813 218b1adc dd8d36d5   v.4Nu...!.....6.
0x000001c0 (00448)   d98f62e5 da91f290 f90d86c2 cd9546b9   ..b...........F.
0x000001d0 (00464)   c997aac8 ca99e68d 1217f6ae aca01977   ...............w
0x000001e0 (00480)   3f23629b a3a512b4 74a8df10 8aaa0b21   ?#b.....t......!
0x000001f0 (00496)   8bac4f75 b5ad3d38                     ..Ou..=8

0x00000000 (00000)   504f5354 202f3f70 74727863 7a5f4f69   POST /?ptrxcz_Oi
0x00000010 (00016)   334d6630 4a637847 5a744457 71507646   3Mf0JcxGZtDWqPvF
0x00000020 (00032)   5a744357 7139536c 36506932 20485454   ZtCWq9Sl6Pi2 HTT
0x00000030 (00048)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000040 (00064)   2f2a0d0a 41636365 70742d4c 616e6775   /*..Accept-Langu
0x00000050 (00080)   6167653a 20656e2d 75730d0a 436f6e74   age: en-us..Cont
0x00000060 (00096)   656e742d 54797065 3a206170 706c6963   ent-Type: applic
0x00000070 (00112)   6174696f 6e2f6f63 7465742d 73747265   ation/octet-stre
0x00000080 (00128)   616d0d0a 436f6e74 656e742d 4c656e67   am..Content-Leng
0x00000090 (00144)   74683a20 37300d0a 55736572 2d416765   th: 70..User-Age
0x000000a0 (00160)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x000000b0 (00176)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x000000c0 (00192)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x000000d0 (00208)   5420352e 313b2053 5631290d 0a486f73   T 5.1; SV1)..Hos
0x000000e0 (00224)   743a2074 7269622e 636f6d0d 0a436f6e   t: trib.com..Con
0x000000f0 (00240)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x00000100 (00256)   6976650d 0a436163 68652d43 6f6e7472   ive..Cache-Contr
0x00000110 (00272)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x00000120 (00288)   0c4d10b2 02e0f2b3 82f8ee75 fd6bd1b7   .M.........u.k..
0x00000130 (00304)                                         


Strings
=
.
..

040904B0
 1987-1996 Microsoft Corp.
5.00.2810
April 10, 1996
Comments
CompanyName
Copyright 
FileDescription
FileVersion
General Properties+General properties for the WebImage control
Image URL:
InternalName
LegalCopyright
LegalTrademarks
MS Sans Serif
My Company Name
ProductName
ProductVersion
Put Legal TradeMarks here ...
StringFileInfo
Translation
TYPELIB
VarFileInfo
VS_VERSION_INFO
WebImage
WebImage Object Library
WebImage.Ocx
WebImage Properties
?=~~0.
|@-0:Z
16}D8En
1^Abq$
1MT)2o
:27/-B-
2B=mu3
3CWI]Vv
3^?!DG\
3;+ni[
4}6,JC:
6#c%{X
72F8oZ[
7#}HB9
\9d?0?
9jVDKr
@aAf){l
AboutBox
aJTX:6wvK
B8Alo(
Cu+hcQ
#C]Wt7
$d1pl^
@.data
d[g-Qv:
[dH56Y
DWebImageEventsW
^>eGAjk
ExitProcess
gdi32.dll
GetModuleHandleA
GetObjectW
GetProcAddress
GetVersion
+GoGTA
hA)AWC
hbN5|	
Hs0u"q
;h'"]S\fu~
i3>&4}Z
]I#,g$
ImageWWW
IWebImageWWWd
kernel32.dll
KKe,S]
kspercentDoneW
l6eaCs
LoadImageA
M!cx9Za
MlNTq^-
n1+BZ`
nJ$[#x
NWebImage
+O ~/`
%okhKf
OnProgressWW
oo&bGmL
OpSgeMA
=P%	F7
p*	U<u:^jI
q5+Q>%
~QG"-W1=
qkE3|*
`.rdata
RXp ^T	
S>0j81
Scrambled
?-Sh9i
/$sQe~6
!This program cannot be run in DOS mode.
Up,.R-
user32.dll
uw9i6N
v/=33_
V6TY[c
vK&#=<-
vL0[kS
{_VQ4\$
WebImage Control LibraryWW
WebImage ControlWW
W-H$*E
wK.IG(e 
.@wN^L
(}W(s+
WTWebImageObjectsW
$x>1Ik
XIkLBl
xT$h+U"!
Z5]7[jo
Z]k:wA
zV_`>U