Analysis Date2015-07-30 20:51:02
MD57d628b268bfd2eb19aa983461aece7bf
SHA18370e4a7ce72e2f1cf765d9e15088354bc7976f7

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b530f6f5d7614d286fa018a84fdd72ca sha1: fea4e63c8a50791a612ba3af54434949ce464790 size: 148480
Section.rdata md5: aa6a387774f84941f8907a263156cca4 sha1: 3b5349dd799feea04f79d29625cafacdf5625826 size: 37376
Section.data md5: 3dbcdf0e396368011699614407e3457e sha1: a5d27b780c19f7b762b925bcc55cd633dadc9644 size: 79872
Section.rsrc md5: 9f061efdd40240c4acddae90f7235011 sha1: e455950d16653ac5ce4683a158319bcbc225835f size: 228864
Section.reloc md5: 7f2f1fe474a6c9a5a5dc23d569067dca sha1: 56c3c2dfee92985de18d26fde2565edd6d28454a size: 30720
Timestamp2015-07-22 14:30:19
Pdb pathC:\唐盛武\work\DownUi2.0\Release\demo.pdb
PackerMicrosoft Visual C++ ?.?
PEhash1ce541df750347ca8892f5e53fe996bb41713a61
IMPhasha3d8cf4206972aae5661c7fb436710e1
AVTwisterRisktool.Chindo.K.cpdn
AVDr. WebAdware.Chindo.9
AVK7Riskware ( 0040eff71 )
AVKasperskyTrojan.Win32.Agent.ifzc
AVAd-AwareTrojan.AgentWDCR
AVIkarusPUA.RiskWare.Chindo
AVEset (nod32)Win32/RiskWare.Chindo.M
AVZillya!Tool.Chindo.Win32.9
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAuthentiumW32/Trojan.HZCH-6566
AVBullGuardTrojan.AgentWDCR
AVVirusBlokAda (vba32)BScope.Malware-Cryptor.Ngrbot
AVSymantecDownloader.Upatre
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.AgentWDCR
AVFortinetW32/Agent.IFZC!tr
AVFrisk (f-prot)W32/Trojan2.OVMD
AVGrisoft (avg)Generic36.BSAH
AVMcafeeGeneric.wt
AVMalwareBytesno_virus
AVAvira (antivir)TR/Kryptik.kjho
AVClamAVno_virus
AVArcabit (arcavir)Trojan.AgentWDCR
AVPadvishno_virus
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Codumwis.B
AVCAT (quickheal)Trojan.Skeeyah.gw5
AVBitDefenderTrojan.AgentWDCR
AVMicroWorld (escan)Trojan.AgentWDCR
AVTrend Microno_virus
AVRising0x58fb202c
AVEmsisoftTrojan.AgentWDCR

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates Mutex143623123y75241237437315232835431520000000014533
Creates MutexDBWinMutex
Winsock DNSt.cn
Winsock URLhttp://t.cn/RL5BJq0
Winsock URLhttp://t.cn/R2ZWjsD
Winsock URLhttp://t.cn/R2AShwm
Winsock URLhttp://t.cn/RLUdXVa
Winsock URLhttp://t.cn/RLvMya2
Winsock URLhttp://t.cn/RLxOw12
Winsock URLhttp://t.cn/RLq0ReF
Winsock URLhttp://t.cn/RLAcowy
Winsock URLhttp://t.cn/RLfZ04R
Winsock URLhttp://t.cn/RLxHkCr
Winsock URLhttp://t.cn/RLUgRcv
Winsock URLhttp://t.cn/RLxjt89
Winsock URLhttp://t.cn/RLJe0rf

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Network Details:

DNSint.dpool.sina.com.cn
Type: A
180.149.136.219
DNSt.cn
Type: A
114.134.80.138
HTTP GEThttp://int.dpool.sina.com.cn/iplookup/iplookup.php
User-Agent: WinInetGet/0.1
HTTP GEThttp://t.cn/RLq0ReF
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLvMya2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/R2AShwm
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLAcowy
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://121.43.19.217/ODM3MGU0YTdjZTcyZTJmMWNmNzY1ZDllMTUwODgzNTRiYzc5NzZmNy5leGU=/40.html
User-Agent: WinInetGet/0.1
HTTP GEThttp://t.cn/R2ZWjsD
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RL5BJq0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLUdXVa
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLUgRcv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLxjt89
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLJe0rf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLfZ04R
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLxOw12
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLxHkCr
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 180.149.136.219:80
Flows TCP192.168.1.1:1033 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1034 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1035 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1036 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1037 ➝ 121.43.19.217:80
Flows TCP192.168.1.1:1038 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1039 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1040 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1041 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1042 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1043 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1044 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1045 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1046 ➝ 114.134.80.138:80

Raw Pcap
0x00000000 (00000)   47455420 2f69706c 6f6f6b75 702f6970   GET /iplookup/ip
0x00000010 (00016)   6c6f6f6b 75702e70 68702048 5454502f   lookup.php HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   2057696e 496e6574 4765742f 302e310d    WinInetGet/0.1.
0x00000040 (00064)   0a486f73 743a2069 6e742e64 706f6f6c   .Host: int.dpool
0x00000050 (00080)   2e73696e 612e636f 6d2e636e 0d0a436f   .sina.com.cn..Co
0x00000060 (00096)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x00000070 (00112)   6c697665 0d0a4361 6368652d 436f6e74   live..Cache-Cont
0x00000080 (00128)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000090 (00144)   0a                                    .

0x00000000 (00000)   47455420 2f524c71 30526546 20485454   GET /RLq0ReF HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c76 4d796132 20485454   GET /RLvMya2 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f523241 5368776d 20485454   GET /R2AShwm HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c41 636f7779 20485454   GET /RLAcowy HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f4f444d 334d4755 30595464   GET /ODM3MGU0YTd
0x00000010 (00016)   6a5a5463 795a544a 6d4d574e 6d4e7a59   jZTcyZTJmMWNmNzY
0x00000020 (00032)   315a446c 6c4d5455 774f4467 7a4e5452   1ZDllMTUwODgzNTR
0x00000030 (00048)   69597a63 354e7a5a 6d4e7935 6c654755   iYzc5NzZmNy5leGU
0x00000040 (00064)   3d2f3430 2e68746d 6c204854 54502f31   =/40.html HTTP/1
0x00000050 (00080)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000060 (00096)   57696e49 6e657447 65742f30 2e310d0a   WinInetGet/0.1..
0x00000070 (00112)   486f7374 3a203132 312e3433 2e31392e   Host: 121.43.19.
0x00000080 (00128)   3231370d 0a436f6e 6e656374 696f6e3a   217..Connection:
0x00000090 (00144)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x000000a0 (00160)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000b0 (00176)   61636865 0d0a0d0a 702d416c 6976650d   ache....p-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f52325a 576a7344 20485454   GET /R2ZWjsD HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c35 424a7130 20485454   GET /RL5BJq0 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c55 64585661 20485454   GET /RLUdXVa HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c55 67526376 20485454   GET /RLUgRcv HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c78 6a743839 20485454   GET /RLxjt89 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c4a 65307266 20485454   GET /RLJe0rf HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c66 5a303452 20485454   GET /RLfZ04R HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c78 4f773132 20485454   GET /RLxOw12 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c78 486b4372 20485454   GET /RLxHkCr HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...


Strings