Analysis Date2015-07-31 00:27:53
MD53534b3870190a65d0b301e6b6e402dcc
SHA1d51a9f2fc8ce3ca540a392617cd8f51b929e3732

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0612fcf59dc250468951143574114146 sha1: 7f01b0374b8256672e289e47e0cea7004a15791e size: 148992
Section.rdata md5: d786b2871920ff3b0b5aba5484f9946d sha1: 6fe18c36564e6240612cd090b1edf0917b365338 size: 37376
Section.data md5: 409bcdeee6472e963126a5897be5a61e sha1: b5a609c2203a578a474a720f62ae0a9d2470016f size: 92160
Section.rsrc md5: 2dd39ceb107f11df919bcc29e58d9363 sha1: ea702541fe8eb676d85f273c585780085c928ed6 size: 315392
Section.reloc md5: cedca2b73ee9407058d8f99376b55676 sha1: ef0074004fa1ec228ec808dad7ec3864b3398135 size: 30720
Timestamp2015-07-27 15:21:00
Pdb pathC:\唐盛武\work\DownUi2.0\Release\demo5.pdb
PackerMicrosoft Visual C++ ?.?
PEhashac1fd8e458b412b7c6d35cb13417fb7e0d94cef1
IMPhash185c971b924f059b067fb7c9685ec8bc
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.GenericKD.2600159
AVDr. WebTrojan.Upatre.6018
AVClamAVno_virus
AVArcabit (arcavir)Trojan.GenericKD.2600159
AVBullGuardTrojan.GenericKD.2600159
AVPadvishno_virus
AVVirusBlokAda (vba32)BScope.Malware-Cryptor.Ngrbot
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyno_virus
AVZillya!no_virus
AVEmsisoftTrojan.GenericKD.2600159
AVIkarusno_virus
AVFrisk (f-prot)no_virus
AVAuthentiumno_virus
AVMalwareBytesTrojan.Downloader
AVMicroWorld (escan)Trojan.GenericKD.2600159
AVMicrosoft Security Essentialsno_virus
AVK7Riskware ( 004c980d1 )
AVBitDefenderTrojan.GenericKD.2600159
AVFortinetRiskware/Chindo
AVSymantecno_virus
AVGrisoft (avg)Win32/DH{gRKBEyAiJT02}
AVEset (nod32)Win32/RiskWare.Chindo.M
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareTrojan.GenericKD.2600159
AVTwisterRisktool.Chindo.M.cnju
AVAvira (antivir)no_virus
AVMcafeeno_virus
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\
Creates MutexDBWinMutex
Creates Mutexxdfskajfdklsjfadkjfdalokhjdkhfsfsfsfsfsfsfsfsfsfsfsfs
Winsock DNSt.cn
Winsock URLhttp://t.cn/RLo9MTs
Winsock URLhttp://t.cn/RL5BJq0
Winsock URLhttp://t.cn/R2ZWjsD
Winsock URLhttp://t.cn/RLoupXd
Winsock URLhttp://t.cn/RL6BPix
Winsock URLhttp://t.cn/R2AShwm
Winsock URLhttp://t.cn/RL6yITb
Winsock URLhttp://t.cn/RLUdXVa
Winsock URLhttp://t.cn/RLvMya2
Winsock URLhttp://t.cn/RLfZ04R
Winsock URLhttp://t.cn/RLAcowy
Winsock URLhttp://t.cn/RL6yZ0f
Winsock URLhttp://t.cn/RLoKHWJ
Winsock URLhttp://t.cn/RLxjt89

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}\iexplore\Type ➝
1
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Type ➝
4
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order ➝
NULL
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore\Type ➝
3
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement ➝
NULL
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore\Type ➝
4
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates MutexShell.CMruPidlList
Winsock DNS120.55.106.87

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\

Network Details:

DNSint.dpool.sina.com.cn
Type: A
180.149.136.219
DNSt.cn
Type: A
114.134.80.138
HTTP GEThttp://int.dpool.sina.com.cn/iplookup/iplookup.php
User-Agent: WinInetGet/0.1
HTTP GEThttp://t.cn/RLoupXd
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLvMya2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/R2AShwm
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLAcowy
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://120.55.106.87/ZDUxYTlmMmZjOGNlM2NhNTQwYTM5MjYxN2NkOGY1MWI5MjllMzczMi5leGU=/40.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/R2ZWjsD
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RL5BJq0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLUdXVa
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RL6yZ0f
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RL6yITb
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RL6BPix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLxjt89
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLfZ04R
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLo9MTs
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://t.cn/RLoKHWJ
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 180.149.136.219:80
Flows TCP192.168.1.1:1033 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1034 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1036 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1038 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1037 ➝ 120.55.106.87:80
Flows TCP192.168.1.1:1039 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1040 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1041 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1042 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1043 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1044 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1045 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1046 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1047 ➝ 114.134.80.138:80
Flows TCP192.168.1.1:1048 ➝ 114.134.80.138:80

Raw Pcap
0x00000000 (00000)   47455420 2f69706c 6f6f6b75 702f6970   GET /iplookup/ip
0x00000010 (00016)   6c6f6f6b 75702e70 68702048 5454502f   lookup.php HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   2057696e 496e6574 4765742f 302e310d    WinInetGet/0.1.
0x00000040 (00064)   0a486f73 743a2069 6e742e64 706f6f6c   .Host: int.dpool
0x00000050 (00080)   2e73696e 612e636f 6d2e636e 0d0a436f   .sina.com.cn..Co
0x00000060 (00096)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x00000070 (00112)   6c697665 0d0a4361 6368652d 436f6e74   live..Cache-Cont
0x00000080 (00128)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000090 (00144)   0a                                    .

0x00000000 (00000)   47455420 2f524c6f 75705864 20485454   GET /RLoupXd HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c76 4d796132 20485454   GET /RLvMya2 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f523241 5368776d 20485454   GET /R2AShwm HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f524c41 636f7779 20485454   GET /RLAcowy HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f5a4455 7859546c 6d4d6d5a   GET /ZDUxYTlmMmZ
0x00000010 (00016)   6a4f474e 6c4d324e 684e5451 7759544d   jOGNlM2NhNTQwYTM
0x00000020 (00032)   354d6a59 784e324e 6b4f4759 314d5749   5MjYxN2NkOGY1MWI
0x00000030 (00048)   354d6a6c 6c4d7a63 7a4d6935 6c654755   5MjllMzczMi5leGU
0x00000040 (00064)   3d2f3430 2e68746d 6c204854 54502f31   =/40.html HTTP/1
0x00000050 (00080)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000060 (00096)   0a416363 6570742d 4c616e67 75616765   .Accept-Language
0x00000070 (00112)   3a20656e 2d75730d 0a416363 6570742d   : en-us..Accept-
0x00000080 (00128)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000090 (00144)   6465666c 6174650d 0a557365 722d4167   deflate..User-Ag
0x000000a0 (00160)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x000000b0 (00176)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x000000c0 (00192)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x000000d0 (00208)   4e542035 2e313b20 5356313b 202e4e45   NT 5.1; SV1; .NE
0x000000e0 (00224)   5420434c 5220322e 302e3530 37323729   T CLR 2.0.50727)
0x000000f0 (00240)   0d0a486f 73743a20 3132302e 35352e31   ..Host: 120.55.1
0x00000100 (00256)   30362e38 370d0a43 6f6e6e65 6374696f   06.87..Connectio
0x00000110 (00272)   6e3a204b 6565702d 416c6976 650d0a0d   n: Keep-Alive...
0x00000120 (00288)   0a646572 7374616e 642e3c2f 703e0a20   .derstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f52325a 576a7344 20485454   GET /R2ZWjsD HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a3c 626f6479 3e0a2020 20203c68   ...<body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f524c35 424a7130 20485454   GET /RL5BJq0 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a3c 626f6479 3e0a2020 20203c68   ...<body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f524c55 64585661 20485454   GET /RLUdXVa HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a3c 626f6479 3e0a2020 20203c68   ...<body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f524c36 795a3066 20485454   GET /RL6yZ0f HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a3c 626f6479 3e0a2020 20203c68   ...<body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f524c36 79495462 20485454   GET /RL6yITb HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a3c 626f6479 3e0a2020 20203c68   ...<body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f524c36 42506978 20485454   GET /RL6BPix HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a3c 626f6479 3e0a2020 20203c68   ...<body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f524c78 6a743839 20485454   GET /RLxjt89 HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a3c 626f6479 3e0a2020 20203c68   ...<body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f524c66 5a303452 20485454   GET /RLfZ04R HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a3c 626f6479 3e0a2020 20203c68   ...<body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f524c6f 394d5473 20485454   GET /RLo9MTs HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a3c 626f6479 3e0a2020 20203c68   ...<body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f524c6f 4b48574a 20485454   GET /RLoKHWJ HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d45 6e636f64   /*..Accept-Encod
0x00000030 (00048)   696e673a 20677a69 702c2064 65666c61   ing: gzip, defla
0x00000040 (00064)   74650d0a 55736572 2d416765 6e743a20   te..User-Agent: 
0x00000050 (00080)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000060 (00096)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000070 (00112)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000080 (00128)   313b2053 56313b20 2e4e4554 20434c52   1; SV1; .NET CLR
0x00000090 (00144)   20322e30 2e353037 3237290d 0a486f73    2.0.50727)..Hos
0x000000a0 (00160)   743a2074 2e636e0d 0a436f6e 6e656374   t: t.cn..Connect
0x000000b0 (00176)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000c0 (00192)   0a0d0a3c 626f6479 3e0a2020 20203c68   ...<body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.


Strings