Analysis Date2018-02-27 16:02:45
MD52889a2ad5830cb24972bb0c5fd10b966
SHA1fbeb50b0d8bf87ccf2d0cd66bf4109e9a6bd1e89

Static Details:

AVArcabit (arcavir)Error Scanning File
AVAuthentiumVBS/Ramnit.B
AVGrisoft (avg)VBS/Dropper
AVAvira (antivir)VBS/Ramnit.abcd
AVAlwil (avast)Error Scanning File
AVAd-AwareTrojan.HTML.Ramnit.A
AVBitDefenderTrojan.HTML.Ramnit.A
AVBullGuardTrojan.HTML.Ramnit.A
AVClamAVLegacy.Trojan.Agent-1388596
AVDr. WebVBS.Rmnet.5
AVEmsisoftError Scanning File
AVMicroWorld (escan)Trojan.HTML.Ramnit.A
AVCA (E-Trust Ino)Trojan.HTML.Ramnit.A
AVFortinetVBS/Ramnit.4D5
AVFrisk (f-prot)VBS/Ramnit.B
AVF-SecureTrojan.HTML.Ramnit.A
AVIkarusVirus.VBS.Ramnit
AVK7Trojan ( 001bb56b1 )
AVKasperskyTrojan-Dropper.VBS.Agent.bp
AVMalwareBytesError Scanning File
AVMcafeeW32/Ramnit.a!htm
AVMicrosoft Security EssentialsVirus:VBS/Ramnit.gen!C
AVNANOTrojan.Script.Agent.bfcghy
AVNANOTrojan.Script.Dropper.eahqhd
AVNANOTrojan.Script.Inor.lbdq
AVNANOTrojan.Script.Rmnet.dsnprg
AVEset (nod32)Win32/Ramnit.A virus
AVPadvishError Scanning File
AVCAT (quickheal)VBS.Dropper.A
AVRisingScript.VBS.Ramnit.a
AV360 Safevirus.vbs.writebin.a
AVSUPERAntiSpywareNo Virus
AVSymantecW32.Ramnit!html
AVTrend MicroVBS_RAMNIT.SMC
AVTwisterNo Virus
AVVirusBlokAda (vba32)Trojan.HTML.Ramnit.A
AVWindows DefenderVirus:VBS/Ramnit.gen!C
AVZillya!Dropper.Inor.VBS.1

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\AppData\Local
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\AppData\Roaming
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\AppData\Local
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates File\??\Nsi
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\Favorites
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\AppData\Local
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\
Creates FileC:\Users\THX1138\AppData\Local\
Creates FileC:\Users\THX1138\AppData\Local\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\AppData\Roaming
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\
Creates FileC:\Users\THX1138\AppData\Roaming\
Creates FileC:\Users\THX1138\AppData\Roaming\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\Cookies\Low
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\AppData\Local
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\
Creates FileC:\Users\THX1138\AppData\Local\
Creates FileC:\Users\THX1138\AppData\Local\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\History\Low
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\Favorites
Creates FileC:\Users\THX1138\Favorites\
Creates FileC:\Users\THX1138\Favorites\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\THX1138\Favorites
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\AppData\Local
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\
Creates FileC:\Users\THX1138\AppData\Local\
Creates FileC:\Users\THX1138\AppData\Local\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\PrivacIE
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\
Creates FileC:\Users\THX1138\AppData\Roaming\
Creates FileC:\Users\THX1138\AppData\Roaming\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IECompatCache
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\
Creates FileC:\Users\THX1138\AppData\Roaming\
Creates FileC:\Users\THX1138\AppData\Roaming\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IETldCache
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\
Creates FileC:\Users\THX1138\AppData\Roaming\
Creates FileC:\Users\THX1138\AppData\Roaming\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\Windows\IETldCache\Low
Creates FileC:\Users\THX1138\AppData\Local\Temp\Low\
Creates FileC:\Users\THX1138\AppData\Local\Temp\Low\
Creates FileC:\Users\THX1138\AppData\Local\Temp\
Creates FileC:\Users\THX1138\AppData\Local\Temp\
Creates FileC:\Users\THX1138\AppData\Local\
Creates FileC:\Users\THX1138\AppData\Local\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\AppData\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\THX1138\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\THX1138\AppData\Local\Temp\Low
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\Favorites
Creates FileC:\Windows\Fonts\staticcache.dat
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\AppData
Creates FileC:\Users\THX1138\AppData\Local
Creates FileC:\Users\THX1138\AppData\Local\Temp
Creates FileC:\Windows\System32\url.dll
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0B86CA28-1B46-11E8-8F5A-525400DF74CB}.dat
Creates FileC:\Users\THX1138\AppData\Local\Temp\~DF32CA386C965269B0.TMP
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B86CA29-1B46-11E8-8F5A-525400DF74CB}.dat
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\THX1138
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\AppData\Local\Temp\~DF1A65351F45C76656.TMP
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\THX1138
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\Favorites
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\Users\THX1138\Favorites
Creates FileC:\Users\THX1138\Favorites\Links
Creates FileC:\Users\THX1138\Favorites\Links
Creates FileC:\Users\THX1138\Favorites\Links
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\Favorites
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Feeds
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
Creates FileC:\Windows\System32\ieframe.dll
Creates FileC:\Windows\System32\stdole2.tlb
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RVX995HY\favicon[1].ico
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RVX995HY\favicon[1].ico
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RVX995HY\favicon[1].ico
Creates FileC:\Users\THX1138\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Creates FileC:\Users\THX1138\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Creates FileC:\Users\THX1138\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Creates FileC:\Users\THX1138\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Creates FileC:\Users\THX1138\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f666176 69636f6e 2e69636f   GET /favicon.ico
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55412d43 50553a20   t: */*..UA-CPU: 
0x00000030 (00048)   414d4436 340d0a41 63636570 742d456e   AMD64..Accept-En
0x00000040 (00064)   636f6469 6e673a20 677a6970 2c206465   coding: gzip, de
0x00000050 (00080)   666c6174 650d0a55 7365722d 4167656e   flate..User-Agen
0x00000060 (00096)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000070 (00112)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000080 (00128)   20382e30 3b205769 6e646f77 73204e54    8.0; Windows NT
0x00000090 (00144)   20362e31 3b205769 6e36343b 20783634    6.1; Win64; x64
0x000000a0 (00160)   3b205472 6964656e 742f342e 303b202e   ; Trident/4.0; .
0x000000b0 (00176)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x000000c0 (00192)   373b2053 4c434332 3b202e4e 45542043   7; SLCC2; .NET C
0x000000d0 (00208)   4c522033 2e352e33 30373239 3b202e4e   LR 3.5.30729; .N
0x000000e0 (00224)   45542043 4c522033 2e302e33 30373239   ET CLR 3.0.30729
0x000000f0 (00240)   3b204d65 64696120 43656e74 65722050   ; Media Center P
0x00000100 (00256)   4320362e 303b202e 4e455434 2e30433b   C 6.0; .NET4.0C;
0x00000110 (00272)   202e4e45 54342e30 45290d0a 486f7374    .NET4.0E)..Host
0x00000120 (00288)   3a207777 772e6269 6e672e63 6f6d0d0a   : www.bing.com..
0x00000130 (00304)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x00000140 (00320)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a3a204d 6f7a696c 6c612f34 2e302028   .: Mozilla/4.0 (
0x00000070 (00112)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000080 (00128)   20382e30 3b205769 6e646f77 73204e54    8.0; Windows NT
0x00000090 (00144)   20362e31 3b205769 6e36343b 20783634    6.1; Win64; x64
0x000000a0 (00160)   3b205472 6964656e 742f342e 303b202e   ; Trident/4.0; .
0x000000b0 (00176)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x000000c0 (00192)   373b2053 4c434332 3b202e4e 45542043   7; SLCC2; .NET C
0x000000d0 (00208)   4c522033 2e352e33 30373239 3b202e4e   LR 3.5.30729; .N
0x000000e0 (00224)   45542043 4c522033 2e302e33 30373239   ET CLR 3.0.30729
0x000000f0 (00240)   3b204d65 64696120 43656e74 65722050   ; Media Center P
0x00000100 (00256)   4320362e 303b202e 4e455434 2e30433b   C 6.0; .NET4.0C;
0x00000110 (00272)   202e4e45 54342e30 45290d0a 486f7374    .NET4.0E)..Host
0x00000120 (00288)   3a207777 772e6269 6e672e63 6f6d0d0a   : www.bing.com..
0x00000130 (00304)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x00000140 (00320)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f737461 7469632f 6170692f   GET /static/api/
0x00000010 (00016)   6a732f73 68617265 2e6a733f 763d3839   js/share.js?v=89
0x00000020 (00032)   38363035 39332e6a 733f6364 6e766572   860593.js?cdnver
0x00000030 (00048)   73696f6e 3d343232 31333320 48545450   sion=422133 HTTP
0x00000040 (00064)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000050 (00080)   2a0d0a41 63636570 742d4c61 6e677561   *..Accept-Langua
0x00000060 (00096)   67653a20 656e2d55 530d0a55 7365722d   ge: en-US..User-
0x00000070 (00112)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000080 (00128)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000090 (00144)   4d534945 20382e30 3b205769 6e646f77   MSIE 8.0; Window
0x000000a0 (00160)   73204e54 20362e31 3b205769 6e36343b   s NT 6.1; Win64;
0x000000b0 (00176)   20783634 3b205472 6964656e 742f342e    x64; Trident/4.
0x000000c0 (00192)   303b202e 4e455420 434c5220 322e302e   0; .NET CLR 2.0.
0x000000d0 (00208)   35303732 373b2053 4c434332 3b202e4e   50727; SLCC2; .N
0x000000e0 (00224)   45542043 4c522033 2e352e33 30373239   ET CLR 3.5.30729
0x000000f0 (00240)   3b202e4e 45542043 4c522033 2e302e33   ; .NET CLR 3.0.3
0x00000100 (00256)   30373239 3b204d65 64696120 43656e74   0729; Media Cent
0x00000110 (00272)   65722050 4320362e 303b202e 4e455434   er PC 6.0; .NET4
0x00000120 (00288)   2e30433b 202e4e45 54342e30 45290d0a   .0C; .NET4.0E)..
0x00000130 (00304)   55412d43 50553a20 414d4436 340d0a41   UA-CPU: AMD64..A
0x00000140 (00320)   63636570 742d456e 636f6469 6e673a20   ccept-Encoding: 
0x00000150 (00336)   677a6970 2c206465 666c6174 650d0a48   gzip, deflate..H
0x00000160 (00352)   6f73743a 20626469 6d672e73 68617265   ost: bdimg.share
0x00000170 (00368)   2e626169 64752e63 6f6d0d0a 436f6e6e   .baidu.com..Conn
0x00000180 (00384)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000190 (00400)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f707573 682e6a73 20485454   GET /push.js HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d4c 616e6775   /*..Accept-Langu
0x00000030 (00048)   6167653a 20656e2d 55530d0a 55736572   age: en-US..User
0x00000040 (00064)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000050 (00080)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000060 (00096)   204d5349 4520382e 303b2057 696e646f    MSIE 8.0; Windo
0x00000070 (00112)   7773204e 5420362e 313b2057 696e3634   ws NT 6.1; Win64
0x00000080 (00128)   3b207836 343b2054 72696465 6e742f34   ; x64; Trident/4
0x00000090 (00144)   2e303b20 2e4e4554 20434c52 20322e30   .0; .NET CLR 2.0
0x000000a0 (00160)   2e353037 32373b20 534c4343 323b202e   .50727; SLCC2; .
0x000000b0 (00176)   4e455420 434c5220 332e352e 33303732   NET CLR 3.5.3072
0x000000c0 (00192)   393b202e 4e455420 434c5220 332e302e   9; .NET CLR 3.0.
0x000000d0 (00208)   33303732 393b204d 65646961 2043656e   30729; Media Cen
0x000000e0 (00224)   74657220 50432036 2e303b20 2e4e4554   ter PC 6.0; .NET
0x000000f0 (00240)   342e3043 3b202e4e 4554342e 3045290d   4.0C; .NET4.0E).
0x00000100 (00256)   0a55412d 4350553a 20414d44 36340d0a   .UA-CPU: AMD64..
0x00000110 (00272)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000120 (00288)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000130 (00304)   486f7374 3a207075 73682e7a 68616e7a   Host: push.zhanz
0x00000140 (00320)   68616e67 2e626169 64752e63 6f6d0d0a   hang.baidu.com..
0x00000150 (00336)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x00000160 (00352)   2d416c69 76650d0a 0d0a2e73 68617265   -Alive.....share
0x00000170 (00368)   2e626169 64752e63 6f6d0d0a 436f6e6e   .baidu.com..Conn
0x00000180 (00384)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000190 (00400)   76650d0a 0d0a                         ve....


Strings