Analysis Date2013-09-02 23:07:57
MD58afcbf71334b2f1dad7f4fcff7e83ac3
SHA197664911af57a5fd358ed4dca33a499a9d189a11

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 984dfeff737935f78877d3d08b82ef95 sha1: d37c898578b52c62ca8c93757e64b07939999701 size: 72192
Section.rdata md5: 0fb0a72395723950e1915d6bf373f506 sha1: 904ad0342509a0b37abfcefd6606a12adbdc7707 size: 7680
Section.data md5: 11ffdfc240c81dfe9d957f6bf1761f00 sha1: f0f691437eb067b4de686e8b7225b8e4127cb275 size: 512
Section.CRT md5: a5ba361df79e0a565f00bd42dc501625 sha1: a91ea47a0eb05af400245bce0fd66b2bec2b6335 size: 512
Section.rsrc md5: 1285ef10fd521f02cfdc1dc5b0c29d9d sha1: d825bfff12556e6659ee01a7375558e1d25707a1 size: 14336
Timestamp2011-05-28 16:04:29
Pdb pathd:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
PEhashf80ba1ed9b91cd690100e0b3e6e17a8090e4d22c
AVavgClicker.BEJF

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Fileweb7b.ini
Creates FiledriversQB.exe
Creates File__tmp_rar_sfx_access_check_81296
Deletes File__tmp_rar_sfx_access_check_81296
Creates ProcessC:\WINDOWS\system32\driversQB.exe

Process
↳ C:\WINDOWS\system32\driversQB.exe

RegistryHKEY_CURRENT_USER\RemoteAccess\Profile\\\xc2\\xbf\\xc3\\xad\\xc2\\xb4\\xc3\\xb8\\xc3\\x81\\xc2\\xac\\xc2\\xbd\\xc3\\x93\AutoConnect ➝
NULL
Creates FileC:\WINDOWS\system32\web7b.ini
Creates FilePIPE\ROUTER
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Program Files\7b
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Starts ServiceRASMAN

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 780

Process
↳ Pid 840

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePIPE\wkssvc
Creates FileWANARP
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileNDISWAN
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log
Creates MutexGlobal\RAS_MO_01
Creates MutexRAS_MO_02

Process
↳ Pid 1080

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates FileWMIDataDevice

Process
↳ Pid 1840

Process
↳ Pid 1036

Network Details:

DNSwww.web7b.cn.h1.aqb.so
Type: A
112.253.27.229
DNSw.web7b.cn
Type: A
123.183.218.32
DNSwww.web7b.cn
Type: A
HTTP GEThttp://www.web7b.cn/banben.asp?banben=3.2.24
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://w.web7b.cn/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://www.web7b.cn/soft/login0.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Flows TCP192.168.1.1:1031 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1032 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1033 ➝ 123.183.218.32:80
Flows TCP192.168.1.1:1034 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1035 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1036 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1037 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1038 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1039 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1040 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1041 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1042 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1043 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1044 ➝ 112.253.27.229:80
Flows TCP192.168.1.1:1045 ➝ 112.253.27.229:80

Raw Pcap
0x00000000 (00000)   47455420 2f62616e 62656e2e 6173703f   GET /banben.asp?
0x00000010 (00016)   62616e62 656e3d33 2e322e32 34204854   banben=3.2.24 HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000050 (00080)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000060 (00096)   5420352e 30290d0a 41636365 70743a20   T 5.0)..Accept: 
0x00000070 (00112)   2a2f2a0d 0a486f73 743a2077 77772e77   */*..Host: www.w
0x00000080 (00128)   65623762 2e636e0d 0a436163 68652d43   eb7b.cn..Cache-C
0x00000090 (00144)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000a0 (00160)   0d0a0d0a                              ....

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000020 (00032)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000030 (00048)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000040 (00064)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000050 (00080)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000060 (00096)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000070 (00112)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000080 (00128)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x00000090 (00144)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000a0 (00160)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000b0 (00176)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000c0 (00192)   66657265 723a2068 7474703a 2f2f772e   ferer: http://w.
0x000000d0 (00208)   77656237 622e636e 0d0a4163 63657074   web7b.cn..Accept
0x000000e0 (00224)   2d4c616e 67756167 653a207a 682d636e   -Language: zh-cn
0x000000f0 (00240)   0d0a5573 65722d41 67656e74 3a204d6f   ..User-Agent: Mo
0x00000100 (00256)   7a696c6c 612f342e 30202863 6f6d7061   zilla/4.0 (compa
0x00000110 (00272)   7469626c 653b204d 53494520 362e303b   tible; MSIE 6.0;
0x00000120 (00288)   2057696e 646f7773 204e5420 352e3029    Windows NT 5.0)
0x00000130 (00304)   0d0a486f 73743a20 772e7765 6237622e   ..Host: w.web7b.
0x00000140 (00320)   636e0d0a 43616368 652d436f 6e74726f   cn..Cache-Contro
0x00000150 (00336)   6c3a206e 6f2d6361 6368650d 0a0d0a67   l: no-cache....g
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c

0x00000000 (00000)   504f5354 202f736f 66742f6c 6f67696e   POST /soft/login
0x00000010 (00016)   302e6173 70204854 54502f31 2e310d0a   0.asp HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 696d6167 652f6769   Accept: image/gi
0x00000030 (00048)   662c2069 6d616765 2f782d78 6269746d   f, image/x-xbitm
0x00000040 (00064)   61702c20 696d6167 652f6a70 65672c20   ap, image/jpeg, 
0x00000050 (00080)   696d6167 652f706a 7065672c 20617070   image/pjpeg, app
0x00000060 (00096)   6c696361 74696f6e 2f782d73 686f636b   lication/x-shock
0x00000070 (00112)   77617665 2d666c61 73682c20 6170706c   wave-flash, appl
0x00000080 (00128)   69636174 696f6e2f 766e642e 6d732d65   ication/vnd.ms-e
0x00000090 (00144)   7863656c 2c206170 706c6963 6174696f   xcel, applicatio
0x000000a0 (00160)   6e2f766e 642e6d73 2d706f77 6572706f   n/vnd.ms-powerpo
0x000000b0 (00176)   696e742c 20617070 6c696361 74696f6e   int, application
0x000000c0 (00192)   2f6d7377 6f72642c 202a2f2a 0d0a5265   /msword, */*..Re
0x000000d0 (00208)   66657265 723a2068 7474703a 2f2f7777   ferer: http://ww
0x000000e0 (00224)   772e7765 6237622e 636e2f73 6f66742f   w.web7b.cn/soft/
0x000000f0 (00240)   6c6f6769 6e302e61 73700d0a 41636365   login0.asp..Acce
0x00000100 (00256)   70742d4c 616e6775 6167653a 207a682d   pt-Language: zh-
0x00000110 (00272)   636e0d0a 436f6e74 656e742d 54797065   cn..Content-Type
0x00000120 (00288)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000130 (00304)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000140 (00320)   6465640d 0a436f6e 74656e74 2d4c656e   ded..Content-Len
0x00000150 (00336)   6774683a 2034310d 0a557365 722d4167   gth: 41..User-Ag
0x00000160 (00352)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000170 (00368)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000180 (00384)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000190 (00400)   4e542035 2e30290d 0a486f73 743a2077   NT 5.0)..Host: w
0x000001a0 (00416)   77772e77 65623762 2e636e0d 0a436163   ww.web7b.cn..Cac
0x000001b0 (00432)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000001c0 (00448)   61636865 0d0a0d0a 75736572 6e616d65   ache....username
0x000001d0 (00464)   3d766f69 6c696e26 70617373 776f7264   =voilin&password
0x000001e0 (00480)   3d643638 61336435 33626463 65626166   =d68a3d53bdcebaf
0x000001f0 (00496)   63                                    c


Strings