Analysis Date2014-07-06 19:49:13
MD52b83d862b0394f03f73263a2f09b51e7
SHA1fb57ec646d36c3a851deed513cbbf0b431d469de

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 223e0a3de854d291c9893140cba1e8de sha1: c147a3effed25e11cf95f88b2513a646d68b9e73 size: 1024
Section.rdata md5: 5e001465d8cd3c885bc984c952e08cb6 sha1: 32ee3ee5d774fd02de6c2a88102ae2ee5e5e4e06 size: 1024
Section.data md5: fc7eb756c1f4b17f16449816cc3cec81 sha1: 2617518e49202d532dae1af9ba05aecfefd1e75b size: 512
Section.rsrc md5: 393b0a8bf10c32efae051b7a7af14971 sha1: babf39c98ba15c395c3c0bdac17431a9935846ac size: 58368
Timestamp2014-06-24 19:37:20
PEhashb4f483da6ed48ce7fc8d956757473c5257e20a82
IMPhash4ca0a0adb97211d9334271ded971bdde
AV360 SafeGen:Variant.Kazy.327123
AVAd-AwareGen:Variant.Kazy.327123
AVAlwil (avast)Cutwail-CM [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Dropper.Gen
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.MulDrop3.14959
AVEmsisoftno_virus
AVEset (nod32)Win32/Kryptik.CFFF
AVFortinetW32/Cutwail.CFFF!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.327123
AVGrisoft (avg)no_virus
AVIkarusTrojan.Win32.Kryptik
AVK7no_virus
AVKasperskyTrojan.Win32.Cutwail.dcp
AVMalwareBytesno_virus
AVMcafeeRDN/Generic.dx!dd3
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Kazy.327123
AVNormanwinpe/EMailWorm.IAB
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus
AVMicrosoft Security Essentialsno_virus
AVRisingno_virus
AVMcafeeRDN/Generic.dx!dd3
AVMicroWorld (escan)Gen:Variant.Kazy.327123
AVMalwareBytesno_virus
AVAvira (antivir)TR/Dropper.Gen
AVNormanwinpe/EMailWorm.IAB
AVIkarusTrojan.Win32.Kryptik
AVFrisk (f-prot)no_virus
AVEmsisoftno_virus
AVAuthentiumno_virus
AVAd-AwareGen:Variant.Kazy.327123
AVTrend Microno_virus
AV360 SafeGen:Variant.Kazy.327123
AVAlwil (avast)Cutwail-CM [Trj]
AVEset (nod32)Win32/Kryptik.CFFF
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVGrisoft (avg)no_virus
AVSymantecno_virus
AVArcabit (arcavir)no_virus
AVFortinetW32/Cutwail.CFFF!tr
AVClamAVno_virus
AVK7no_virus
AVDr. WebTrojan.MulDrop3.14959
AVF-SecureGen:Variant.Kazy.327123
AVKasperskyTrojan.Win32.Cutwail.dcp
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\banilgoweqpi ➝
C:\Documents and Settings\Administrator\banilgoweqpi.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\nisekotourism[1].htm
Creates FileC:\Documents and Settings\Administrator\banilgoweqpi.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\emailsherri[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\fhgc[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\heigl-holz[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\acsalescorp[1].htm
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\leads.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\computerprose[1].htm
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\agro-pro[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\allisoriginals[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\gsprinters[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\fruzel[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\zon-business[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\oshf[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\wingup-pt[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\industrieundhandelsverlag[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\belleaire[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ellislawpc[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\sigmaflex[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\samcons[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\deringharborrealty[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\nisekotourism[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\emailsherri[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\fhgc[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\heigl-holz[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\acsalescorp[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\leads.com[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\computerprose[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\agro-pro[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\gsprinters[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\allisoriginals[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\fruzel[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\zon-business[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\oshf[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\wingup-pt[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\industrieundhandelsverlag[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\belleaire[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\sigmaflex[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\samcons[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\deringharborrealty[1].htm
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexbanilgoweqpi
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSgsprinters.com
Winsock DNSellislawpc.com
Winsock DNSoshf.ca
Winsock DNScomputerprose.com
Winsock DNSagro-pro.com
Winsock DNSwingup-pt.com
Winsock DNSfhgc.com
Winsock DNSderingharborrealty.com
Winsock DNSbelleaire.org
Winsock DNSleads.com.my
Winsock DNSsigmaflex.com
Winsock DNSzon-business.com
Winsock DNSemailsherri.com
Winsock DNSallisoriginals.com
Winsock DNSindustrieundhandelsverlag.de
Winsock DNSnisekotourism.com
Winsock DNSsamcons.com
Winsock DNSacsalescorp.com
Winsock DNSfruzel.com
Winsock DNSheigl-holz.at

Network Details:

DNSsmtp.glbdns2.microsoft.com
Type: A
65.55.176.126
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
63.250.193.228
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
98.138.105.21
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
98.139.211.125
DNSgsprinters.com
Type: A
50.193.47.120
DNSemailsherri.com
Type: A
206.169.220.151
DNSfhgc.com
Type: A
64.90.41.75
DNSderingharborrealty.com
Type: A
74.208.170.123
DNSsigmaflex.com
Type: A
80.74.157.68
DNSsmtp.live.com
Type: A
DNSsmtp.mail.yahoo.com
Type: A
DNSbelleaire.org
Type: A
HTTP POSThttp://gsprinters.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://emailsherri.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://fhgc.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 65.55.176.126:25
Flows TCP192.168.1.1:1032 ➝ 63.250.193.228:25
Flows TCP192.168.1.1:1034 ➝ 50.193.47.120:80
Flows TCP192.168.1.1:1035 ➝ 206.169.220.151:80
Flows TCP192.168.1.1:1038 ➝ 64.90.41.75:80

Raw Pcap
0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203533   ntent-Length: 53
0x00000070 (00112)   340d0a55 7365722d 4167656e 743a204d   4..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a206773   ; SV1)..Host: gs
0x000000c0 (00192)   7072696e 74657273 2e636f6d 0d0a436f   printers.com..Co
0x000000d0 (00208)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000e0 (00224)   6c697665 0d0a4361 6368652d 436f6e74   live..Cache-Cont
0x000000f0 (00240)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000100 (00256)   0a51566f 65723462 77465267 5850362b   .QVoer4bwFRgXP6+
0x00000110 (00272)   536f5935 33734b6b 626a4c66 6d574333   SoY53sKkbjLfmWC3
0x00000120 (00288)   69477433 46674474 3577675a 48677947   iGt3FgDt5wgZHgyG
0x00000130 (00304)   6a4f574d 4d2b5935 36695050 65355835   jOWMM+Y56iPPe5X5
0x00000140 (00320)   6b0d0a76 68743149 635a4957 654d577a   k..vht1IcZIWeMWz
0x00000150 (00336)   72465147 6350776d 6b6b2f30 342b664a   rFQGcPwmkk/04+fJ
0x00000160 (00352)   72527977 554c4f72 6d755233 65785038   rRywULOrmuR3exP8
0x00000170 (00368)   74354864 4a386c79 747a4863 4378766d   t5HdJ8lytzHcCxvm
0x00000180 (00384)   336d4d0d 0a6a4b36 45765a4e 6d337549   3mM..jK6EvZNm3uI
0x00000190 (00400)   3234525a 7a645238 332f5651 59447577   24RZzdR83/VQYDuw
0x000001a0 (00416)   3538676d 72772f57 37784633 33347532   58gmrw/W7xF334u2
0x000001b0 (00432)   5741734e 6448654b 35416869 47615348   WAsNdHeK5AhiGaSH
0x000001c0 (00448)   48775538 710d0a53 4e70756e 45616467   HwU8q..SNpunEadg
0x000001d0 (00464)   57657555 67544c6f 48695863 6e2b4734   WeuUgTLoHiXcn+G4
0x000001e0 (00480)   37305679 4a433677 37655230 596b594c   70VyJC6w7eR0YkYL
0x000001f0 (00496)   724b3565 31705463 31506d72 674a5637   rK5e1pTc1PmrgJV7
0x00000200 (00512)   33742b56 4b61480d 0a534442 6f614f4d   3t+VKaH..SDBoaOM
0x00000210 (00528)   37476b36 56594834 32736738 73513778   7Gk6VYH42sg8sQ7x
0x00000220 (00544)   66666678 7152636d 62696e6c 74777350   fffxqRcmbinltwsP
0x00000230 (00560)   6e5a5a30 36636272 2b747573 586f4336   nZZ06cbr+tusXoC6
0x00000240 (00576)   67436a43 50795734 360d0a6c 75317176   gCjCPyW46..lu1qv
0x00000250 (00592)   4f6b4855 316a312b 47567747 4363394c   OkHU1j1+GVwGCc9L
0x00000260 (00608)   526c7a4d 45386137 6d6a5036 542b555a   RlzME8a7mjP6T+UZ
0x00000270 (00624)   7a5a6a67 42455830 4d554b65 6d55374f   zZjgBEX0MUKemU7O
0x00000280 (00640)   6b4a3851 336c4641 4871370d 0a78566a   kJ8Q3lFAHq7..xVj
0x00000290 (00656)   68436862 42466d6b 4b596561 65576e43   hChbBFmkKYeaeWnC
0x000002a0 (00672)   7166417a 72564850 6e663252 2b564362   qfAzrVHPnf2R+VCb
0x000002b0 (00688)   6b51656b 6b776d50 3077664d 75636448   kQekkwmP0wfMucdH
0x000002c0 (00704)   34486c6e 59677650 6b6c2b4f 720d0a58   4HlnYgvPkl+Or..X
0x000002d0 (00720)   6b4f4143 6f744e4a 39433362 46686844   kOACotNJ9C3bFhhD
0x000002e0 (00736)   7a784348 344d3552 3344784c 39474b4f   zxCH4M5R3DxL9GKO
0x000002f0 (00752)   46335943 4d743456 4b784c4f 624e3541   F3YCMt4VKxLObN5A
0x00000300 (00768)   45426d74 53424c47 66446a4f 4366550d   EBmtSBLGfDjOCfU.
0x00000310 (00784)   0a754f79 340d0a                       .uOy4..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203532   ntent-Length: 52
0x00000070 (00112)   380d0a55 7365722d 4167656e 743a204d   8..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a20656d   ; SV1)..Host: em
0x000000c0 (00192)   61696c73 68657272 692e636f 6d0d0a43   ailsherri.com..C
0x000000d0 (00208)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000e0 (00224)   416c6976 650d0a43 61636865 2d436f6e   Alive..Cache-Con
0x000000f0 (00240)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x00000100 (00256)   0d0a734b 51576135 47597742 656b676d   ..sKQWa5GYwBekgm
0x00000110 (00272)   50434d48 6770464f 722b414a 4e504254   PCMHgpFOr+AJNPBT
0x00000120 (00288)   544c5654 42444872 4a4e3446 357a6c65   TLVTBDHrJN4F5zle
0x00000130 (00304)   462b7936 6c715344 50412f74 69786f4f   F+y6lqSDPA/tixoO
0x00000140 (00320)   42320d0a 4e336d51 534e3059 696b767a   B2..N3mQSN0Yikvz
0x00000150 (00336)   33494639 4e437556 6873304b 382f5355   3IF9NCuVhs0K8/SU
0x00000160 (00352)   46694254 4f307846 6458727a 33544348   FiBTO0xFdXrz3TCH
0x00000170 (00368)   53395454 76327a2b 4e5a364a 63626a37   S9TTv2z+NZ6Jcbj7
0x00000180 (00384)   742f586f 0d0a2f78 63767330 6b445a2f   t/Xo../xcvs0kDZ/
0x00000190 (00400)   754c3542 3975352b 68543436 764b346a   uL5B9u5+hT46vK4j
0x000001a0 (00416)   3573646f 6b303334 566d3245 714e725a   5sdok034Vm2EqNrZ
0x000001b0 (00432)   394a3033 304c4c6e 76654641 6b38726c   9J030LLnveFAk8rl
0x000001c0 (00448)   2f4d7176 4e310d0a 45634b63 5a6d6b4e   /MqvN1..EcKcZmkN
0x000001d0 (00464)   66464153 444f6b62 67643374 384f3437   fFASDOkbgd3t8O47
0x000001e0 (00480)   53542f53 63334242 4f5a3743 2b595675   ST/Sc3BBOZ7C+YVu
0x000001f0 (00496)   63593549 71577870 64586f6d 55717871   cY5IqWxpdXomUqxq
0x00000200 (00512)   6e4c6434 536f6464 0d0a4f63 49707a5a   nLd4Sodd..OcIpzZ
0x00000210 (00528)   486b4f56 32582f59 70525138 454d6546   HkOV2X/YpRQ8EMeF
0x00000220 (00544)   38594968 58636138 716b5653 6c304977   8YIhXca8qkVSl0Iw
0x00000230 (00560)   6c636143 5a747752 71574f70 63646436   lcaCZtwRqWOpcdd6
0x00000240 (00576)   4755364e 556b6e4f 58720d0a 5a4f4e77   GU6NUknOXr..ZONw
0x00000250 (00592)   6b47786e 4f756c62 3645634f 464c7168   kGxnOulb6EcOFLqh
0x00000260 (00608)   582b544a 59465a74 69664946 52464961   X+TJYFZtifIFRFIa
0x00000270 (00624)   50536234 7630514e 6d596365 4b65496a   PSb4v0QNmYceKeIj
0x00000280 (00640)   4c447178 79693937 78687a39 0d0a6e77   LDqxyi97xhz9..nw
0x00000290 (00656)   6a746d55 39793536 72303735 6a596d75   jtmU9y56r075jYmu
0x000002a0 (00672)   50647736 6334395a 49303650 5637476a   Pdw6c49ZI06PV7Gj
0x000002b0 (00688)   4266307a 51786339 39626536 594c384b   Bf0zQxc99be6YL8K
0x000002c0 (00704)   52344572 70377863 566c5842 43330d0a   R4Erp7xcVlXBC3..
0x000002d0 (00720)   4b367746 506e6472 5650634b 506d4149   K6wFPndrVPcKPmAI
0x000002e0 (00736)   76743556 4c4a6b6b 3738504e 616d7970   vt5VLJkk78PNamyp
0x000002f0 (00752)   6a685a59 5a795036 664e374d 5a493453   jhZYZyP6fN7MZI4S
0x00000300 (00768)   304e5252 50595472 7a5a3073 4f31453d   0NRRPYTrzZ0sO1E=
0x00000310 (00784)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203439   ntent-Length: 49
0x00000070 (00112)   320d0a55 7365722d 4167656e 743a204d   2..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a206668   ; SV1)..Host: fh
0x000000c0 (00192)   67632e63 6f6d0d0a 436f6e6e 65637469   gc.com..Connecti
0x000000d0 (00208)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000e0 (00224)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000f0 (00240)   6f2d6361 6368650d 0a0d0a4b 444e4851   o-cache....KDNHQ
0x00000100 (00256)   64787164 4263534f 56756342 77686f50   dxqdBcSOVucBwhoP
0x00000110 (00272)   322f4773 62333071 48666830 506c5350   2/Gsb30qHfh0PlSP
0x00000120 (00288)   6a476655 6b516845 45674e55 34686348   jGfUkQhEEgNU4hcH
0x00000130 (00304)   2f6f7a31 54715359 4e36660d 0a2f6159   /oz1TqSYN6f../aY
0x00000140 (00320)   3477796e 62727a4b 765a5451 49474956   4wynbrzKvZTQIGIV
0x00000150 (00336)   5a596939 76795975 734f774d 65563439   ZYi9vyYusOwMeV49
0x00000160 (00352)   57443465 794e4d55 63787678 77797967   WD4eyNMUcxvxwyyg
0x00000170 (00368)   4e64756a 7064502b 5247626f 660d0a51   NdujpdP+RGbof..Q
0x00000180 (00384)   46486148 6b44424f 7a61656f 30593148   FHaHkDBOzaeo0Y1H
0x00000190 (00400)   476b4159 627a6d50 4c6a7341 33723273   GkAYbzmPLjsA3r2s
0x000001a0 (00416)   4558744f 62555345 42727369 50395466   EXtObUSEBrsiP9Tf
0x000001b0 (00432)   624f4845 796d7762 32506836 50624b0d   bOHEymwb2Ph6PbK.
0x000001c0 (00448)   0a455436 47766c34 376f3947 35723837   .ET6Gvl47o9G5r87
0x000001d0 (00464)   6e333035 6a425434 70387951 4132744a   n305jBT4p8yQA2tJ
0x000001e0 (00480)   4a4f5330 36665774 56354477 316e6e38   JOS06fWtV5Dw1nn8
0x000001f0 (00496)   68563654 476c6a6d 6e7a3268 706a3175   hV6TGljmnz2hpj1u
0x00000200 (00512)   680d0a79 6939364f 5a4f7536 51536161   h..yi96OZOu6QSaa
0x00000210 (00528)   37542f69 594f6a33 57697152 7736444f   7T/iYOj3WiqRw6DO
0x00000220 (00544)   6d492b50 71775151 2b4a7356 66567230   mI+PqwQQ+JsVfVr0
0x00000230 (00560)   49642f77 372f756e 4a4b6633 4c694747   Id/w7/unJKf3LiGG
0x00000240 (00576)   6c69490d 0a664130 684e4832 6c35306d   liI..fA0hNH2l50m
0x00000250 (00592)   6e615436 6e515153 684a6e36 472b4179   naT6nQQShJn6G+Ay
0x00000260 (00608)   71642f4e 42615932 3361426f 7a347168   qd/NBaY23aBoz4qh
0x00000270 (00624)   72763351 62785566 574d7970 69393869   rv3QbxUfWMypi98i
0x00000280 (00640)   58373277 4b0d0a63 7a4d7852 4f416e75   X72wK..czMxROAnu
0x00000290 (00656)   77574d51 2f2b4735 6469662f 69537359   wWMQ/+G5dif/iSsY
0x000002a0 (00672)   7177486f 366c4866 2b75694e 34583532   qwHo6lHf+uiN4X52
0x000002b0 (00688)   3466506d 44555943 71354e64 71315a2b   4fPmDUYCq5Ndq1Z+
0x000002c0 (00704)   624a5566 3672450d 0a495630 39424b48   bJUf6rE..IV09BKH
0x000002d0 (00720)   77424c34 4c70352b 744c6e46 4a546e51   wBL4Lp5+tLnFJTnQ
0x000002e0 (00736)   45504174 720d0a                       EPAtr..


Strings