Analysis Date2015-08-01 21:41:50
MD5310a44eb03f629a6b80e83d883c52d7e
SHA16c9cd681d89a4b37acf2e352a00322838d586ec7

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5a59233e31f744e9b70273a059ac1882 sha1: b4ad298129cc82b1c4b02454ac1c381c23f95d29 size: 148992
Section.rdata md5: c6a271c43a5ca6f6d80b3809e7be65f9 sha1: 62b9c62698d92b93540776ed317c8b0e268d61eb size: 37376
Section.data md5: 707c0d0ba28fa02d757ed7a95e1fdcb1 sha1: 5376a02ae7a96569cbd3cc604cc7a36b070827d9 size: 92160
Section.rsrc md5: b0f19fdacffea18b73fa2af9fe13efcf sha1: 25650eb441450a2e4056bb26e2c938064afeb04b size: 51200
Section.reloc md5: ded78f023ca923390893c486699fa9ec sha1: 55222ccf8d4df47e60d9191703ba3663d9180540 size: 30208
Timestamp2015-07-28 09:09:00
Pdb pathC:\唐盛武\work\DownUi2.0\Release\demo5.pdb
PackerMicrosoft Visual C++ ?.?
PEhash6450870f3c1833c223ed118a9270e8c0eeb0c7b5
IMPhash88b541bcc7d8adfb47c45bb6721c59b7
AVIkarusno_virus
AVDr. Webno_virus
AVClamAVno_virus
AVAd-AwareGen:Variant.Mikey.20590
AVBitDefenderGen:Variant.Mikey.20590
AVMicroWorld (escan)Gen:Variant.Mikey.20590
AVVirusBlokAda (vba32)BScope.Malware-Cryptor.Ngrbot
AVK7Riskware ( 004c980d1 )
AVPadvishno_virus
AVF-SecureGen:Variant.Mikey.20590
AVAuthentiumno_virus
AVArcabit (arcavir)Gen:Variant.Mikey.20590
AVSymantecDownloader.Upatre
AVTrend Microno_virus
AVGrisoft (avg)Win32/DH{gRKBEyAiJT02}
AVFortinetRiskware/Chindo
AVFrisk (f-prot)no_virus
AVEmsisoftGen:Variant.Mikey.20590
AVTwisterno_virus
AVMcafeeno_virus
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVKasperskyno_virus
AVZillya!no_virus
AVMalwareBytesTrojan.Downloader
AVCAT (quickheal)no_virus
AVBullGuardGen:Variant.Mikey.20590
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVAvira (antivir)no_virus
AVMicrosoft Security Essentialsno_virus
AVEset (nod32)Win32/RiskWare.Chindo.M

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates Mutexmalware.exe
Creates MutexDBWinMutex
Winsock DNSt.cn
Winsock URLhttp://t.cn/RLo9MTs
Winsock URLhttp://t.cn/RL5BJq0
Winsock URLhttp://t.cn/R2ZWjsD
Winsock URLhttp://t.cn/R2AaFYc
Winsock URLhttp://t.cn/RL6BPix
Winsock URLhttp://t.cn/R2AShwm
Winsock URLhttp://t.cn/RL6PTIl
Winsock URLhttp://t.cn/RLUdXVa
Winsock URLhttp://t.cn/RLvMya2
Winsock URLhttp://t.cn/RLfZ04R
Winsock URLhttp://t.cn/RLAcowy
Winsock URLhttp://t.cn/RLoiQt1
Winsock URLhttp://t.cn/RLoKHWJ
Winsock URLhttp://t.cn/RLxjt89

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutex_SHuassist.mtx
Creates MutexShell.CMruPidlList

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Network Details:

DNSint.dpool.sina.com.cn
Type: A
180.149.136.219
DNSt.cn
Type: A
114.134.80.138
HTTP GEThttp://int.dpool.sina.com.cn/iplookup/iplookup.php
User-Agent: WinInetGet/0.1
HTTP GEThttp://t.cn/R2AaFYc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLvMya2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/R2AShwm
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLAcowy
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/R2ZWjsD
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RL5BJq0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLUdXVa
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RL6PTIl
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLoiQt1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RL6BPix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLxjt89
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLfZ04R
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLo9MTs
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLoKHWJ
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 180.149.136.219:80
Flows TCP192.168.1.1:1033 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1034 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1035 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1036 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1037 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1038 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1039 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1040 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1041 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1042 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1043 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1044 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1045 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1046 ➝ 114.134.80.138:80

Raw Pcap
0x00000000 (00000)   47455420 2f69706c 6f6f6b75 702f6970   GET /iplookup/ip
0x00000010 (00016)   6c6f6f6b 75702e70 68702048 5454502f   lookup.php HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   2057696e 496e6574 4765742f 302e310d    WinInetGet/0.1.
0x00000040 (00064)   0a486f73 743a2069 6e742e64 706f6f6c   .Host: int.dpool
0x00000050 (00080)   2e73696e 612e636f 6d2e636e 0d0a436f   .sina.com.cn..Co
0x00000060 (00096)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x00000070 (00112)   6c697665 0d0a4361 6368652d 436f6e74   live..Cache-Cont
0x00000080 (00128)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000090 (00144)   0a                                    .

0x00000000 (00000)   47455420 2f523241 61465963 20485454   GET /R2AaFYc HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c76 4d796132 20485454   GET /RLvMya2 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f523241 5368776d 20485454   GET /R2AShwm HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c41 636f7779 20485454   GET /RLAcowy HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f52325a 576a7344 20485454   GET /R2ZWjsD HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c35 424a7130 20485454   GET /RL5BJq0 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c55 64585661 20485454   GET /RLUdXVa HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c36 5054496c 20485454   GET /RL6PTIl HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c6f 69517431 20485454   GET /RLoiQt1 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c36 42506978 20485454   GET /RL6BPix HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c78 6a743839 20485454   GET /RLxjt89 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c66 5a303452 20485454   GET /RLfZ04R HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c6f 394d5473 20485454   GET /RLo9MTs HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c6f 4b48574a 20485454   GET /RLoKHWJ HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...


Strings