Win32.Viking.AX (BitDefender), Exploit:Win32/ShellCode.gen!B (Microsoft), HEUR:Trojan.Win32.Generic (Kaspersky), Worm.Win32.Qvod.ank (v) (VIPRE), Trojan.AVKill.11573 (DrWeb), Win32.Viking.AX (B) (Emsisoft), Artemis!45DB9E92ADF0 (McAfee), W32.Wapomi!gen1 (Symantec), Virus.Win32.Qvod (Ikarus), Win32.Viking.AX (FSecure), Worm/AutoRun.LY (AVG), Win32:Malware-gen (Avast), PE_JADTRE.A-O (TrendMicro), Win32.Viking.AX (AdAware)Behaviour: Trojan, Worm, Virus
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 45db9e92adf00b8de9b733b52a306a40
SHA1: 40657201a984412125d32ac3a9d7dc33155e6942
SHA256: d3ed8896b7cfc812d61e0342705084247976725e0972f21ede4c8d3addc4e858
SSDeep: 6144:mwtKDxiswkBYK5Tz77uCYXilJbg5O5/9Wy:0TYK5/7 XST5lX
Size: 242688 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: ASPackv212, PolyEnE001byLennartHedlund, UPolyXv05_v6
Company: no certificate found
Created at: 2010-09-08 22:16:40
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
57124ba2.exe:2896
%original file name%.exe:320
reg.exe:1652
reg.exe:2044
reg.exe:844
reg.exe:520
The Trojan injects its code into the following process(es):
svchost.exe:1136
File activity
The process 57124ba2.exe:2896 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\Infotmp.txt (456 bytes)
The process %original file name%.exe:320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\Infotmp.txt (456 bytes)
%System%\appmgmts.dll (242688 bytes)
The process reg.exe:1652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Temp\r663215ff.txt (3806 bytes)
Registry activity
The process %original file name%.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 9B B4 79 90 5D 20 51 64 56 78 93 40 E6 7C E8"
The process reg.exe:2044 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\5163053E]
"Type" = "1"
The process reg.exe:844 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Services\5163053E]
"ImagePath" = "system32\5163053E.sys"
The process reg.exe:520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
Automatic startup of the following service is disabled:
[HKLM\System\CurrentControlSet\Services\5163053E]
"Start" = "3"
Dropped PE files
MD5 | File path |
---|---|
8ccbd9aba7ff4f6190d151b6ccb38efc | c:\WINDOWS\system32\dmutilio.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
The Trojan installs the following kernel-mode hooks:
KeInsertQueueApc
Using the driver "%System%\5163053E.sys" the Trojan substitutes IRP handlers in a file system driver (FastFAT) to control operations with files:
MJ_CREATE
MJ_DIRECTORY_CONTROL
Using the driver "%System%\5163053E.sys" the Trojan substitutes IRP handlers to control devices of tcpip.sys driver:
MJ_INTERNAL_DEVICE_CONTROL
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
57124ba2.exe:2896
%original file name%.exe:320
reg.exe:1652
reg.exe:2044
reg.exe:844
reg.exe:520 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\Infotmp.txt (456 bytes)
%System%\appmgmts.dll (242688 bytes)
%WinDir%\Temp\r663215ff.txt (3806 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: Shenzhen QVOD Technology Co.,Ltd
Product Name: QvodInstall Module
Product Version: 3, 0, 0, 0
Legal Copyright: Copyright(C) 2006-2009 QVOD
Legal Trademarks:
Original Filename: QvodInstall.exe
Internal Name: QvodInstall.exe
File Version: 3, 0, 0, 0
File Description: QvodInstall Module
Comments:
Language: English (United States)
Company Name: Shenzhen QVOD Technology Co.,LtdProduct Name: QvodInstall ModuleProduct Version: 3, 0, 0, 0Legal Copyright: Copyright(C) 2006-2009 QVODLegal Trademarks: Original Filename: QvodInstall.exeInternal Name: QvodInstall.exeFile Version: 3, 0, 0, 0File Description: QvodInstall ModuleComments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 49152 | 21504 | 5.52493 | f6eb240322cd78af0c93c914983b29da |
.rdata | 53248 | 12288 | 4608 | 5.43345 | 6663c344ae9ba3fe17ebe78212b5ff76 |
.data | 65536 | 20480 | 11776 | 5.48192 | b6507624347c807f729c29635c24cd28 |
.rsrc | 86016 | 159744 | 148992 | 5.54253 | 6a78028585bf2331daa1896503d00ce3 |
.UPX0 | 245760 | 8192 | 3072 | 5.32369 | aa12a6555e17c14067054b55c6c38038 |
.UPX1 | 253952 | 36864 | 33280 | 5.53866 | 444aa4cc3c7a0483c6cf2183239ff3df |
.reloc | 290816 | 4096 | 3072 | 5.14192 | 96b72e1cc79e921e22de659fb82c2b8e |
.aspack | 294912 | 16384 | 15360 | 4.04081 | db344d172c9ef14bacec0dba4f892bb1 |
.adata | 311296 | 4096 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 1
287a5a75e19cdb58d00f9763e2a69218
Network Activity
URLs
URL | IP |
---|---|
hxxp://52.nsvhn987.com/msdownload/update/v5/redir/wuredirt.rar | 195.22.26.231 |
hxxp://w2.mvps.org/resources/tools/getpublicip.shtml | |
hxxp://e6845.ce.akamaiedge.net/pca3-g2.crl | |
hxxp://e6845.ce.akamaiedge.net/CSC3-2009.crl | |
hxxp://e6845.ce.akamaiedge.net/pca3.crl | |
hxxp://e6845.ce.akamaiedge.net/CSC3-2009-2.crl | |
hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt | |
hxxp://e6845.ce.akamaiedge.net/CSC3-2004.crl | |
csc3-2004-crl.verisign.com | 23.42.21.163 |
csc3-2009-2-crl.verisign.com | 23.42.21.163 |
www.baidu.com | 180.76.3.151 |
crl.verisign.com | 23.42.21.163 |
vbnet.mvps.org | 216.155.126.44 |
www.download.windowsupdate.com | 92.123.155.25 |
csc3-2009-crl.verisign.com | 23.42.21.163 |
52.nsvjn987.com | 192.155.89.148 |
52.ns2275ab.com | |
52.ns768.com | |
1.nsb927.com | |
wpad | |
52.nsb927.com | |
52.ns792.com | |
52.ns529.com | |
52.ns098.com |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /CSC3-2004.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: CSC3-2004-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "5068635391784c74dc0a5a7140856f08:1395911413"
Last-Modified: Thu, 27 Mar 2014 09:10:13 GMT
Accept-Ranges: bytes
Content-Length: 96264
Date: Thu, 27 Mar 2014 20:44:47 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0..x.0..v.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA..140327090000Z..140406090000Z0..v.0!.....'...._.=.t.{...060411095352Z0!........]...n.d.^...041210180734Z0!....B.38..I....Z.Z..060522202503Z0!.....V..=.&..p.K_...041223173514Z0!...$fd{........ZKI..050727182105Z0!...'..P..Tk....i ...081114114704Z0!...*m.......$.e.iw..050113162826Z0!...4..&.....(.V.bD..060717184318Z0!...>.h`a.nZM.VIP....061027222850Z0!...?..!.....Z..%....080514074106Z0!...A.*T-.NB>Ro.S.~..070627153307Z0!...Wf....0?.1.<G4...080827011731Z0!...[.}7.8.t.........070607081209Z0!...^.@.....1..v..`..061207041025Z0!...ol4....{.........080520210256Z0!.....oP...._. .a....061205224400Z0!.....}...../5.=.....041018225848Z0!.....B.w5$.h..,."...060707142917Z0!....]....d..........041217144015Z0!.........1.9.fwI.a..050926191715Z0!............*.>W....041221185802Z0!...."....J..l.......050712133504Z0!....X.r..'7hK._.....080804054612Z0!....Q)..6.....4.[...051018015040Z0!.........Y.=.U=y....060308034429Z0!....:..I.. ......Y..060912161745Z0!......t..Au...e `...060406020106Z0!........&.zR.....J..080220163354Z0!...%.&.f./....>.H...070216105424Z0!...8....n..#b.dM....090505134237Z0!...E..1..>..........070621145128Z0!...L.k'.W..!.;w0....060711202546Z0!...U.......Te.c.....080829025216Z0!...qo..b..>...C.....081214140650Z0!.......?....War.y...061019142712Z0!.......^i7.6_m..W...070122210641Z0!....&.G.E.
<<
<<< skipped >>>
GET /pca3-g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "8e6524f62f3a114ec765d2f97962a2e2:1391212212"
Last-Modified: Fri, 31 Jan 2014 23:50:12 GMT
Accept-Ranges: bytes
Content-Length: 1415
Date: Thu, 27 Mar 2014 20:44:17 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network..140129000000Z..140331235959Z0...0!...=...X.FL...3..I..080403173458Z0!...SJs|.."E.G.......070412172616Z0!....E........W6.n...140129192923Z0!.......jvO..!....]..040401180422Z0!......\*....bO-.....080403173459Z0!....I..:.<....9..m..070412172523Z0!.........R.E!..=t...070522172634Z0!....}.....}.}.(q.C..040401180606Z0!...`.6..,...u.~x.:..080403173459Z0!.........wX.....~...080606171636Z0!..$.Jn>.t..d_j..."..040401180518Z0!.. ..N*(.}H..j......070412172308Z0!.. ..3.J......d..9..070522172711Z0!..50.h.:....s.K"....040401180542Z0!..7_f...s...........080403173459Z0!..<.J..y..)..~x7.e..080606171735Z0!..NS.c.f......7.p...070412172213Z0!..N.k;..-...9J..-...070522172748Z0!..Q..2pRv.WC.:..f...030109181346Z0!..Tq..m..*..........140129192925Z0!..^..CX4.3... F.R...070522172548Z0!..^..)..P3...7...L..080403173459Z0!..e........O.^.S....080403173457Z0!..jP....Wv..[.v.5H..070412172102Z0!..nk.l.!y.~...7G@...070412171752Z0!..r.q.I-Ln./........080403173458Z0!..t8....D...........080606171524Z0!..t.xn.tS....O_.....070412171951Z0!..v......Qnw..W.g...140129192921Z0...*.H...............8`u...j.....]....zz..~.7g!.(.h*1T..iC.X..TlS{.....n...lo....%xZ...Y?.F..-;....xE[s@.[.o.)ay...5.`.PWP......onZ.t ....GIuTV.XY....
<<
<<< skipped >>>
GET /pca3-g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "8e6524f62f3a114ec765d2f97962a2e2:1391212212"
Last-Modified: Fri, 31 Jan 2014 23:50:12 GMT
Accept-Ranges: bytes
Content-Length: 1415
Date: Thu, 27 Mar 2014 20:44:17 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network..140129000000Z..140331235959Z0...0!...=...X.FL...3..I..080403173458Z0!...SJs|.."E.G.......070412172616Z0!....E........W6.n...140129192923Z0!.......jvO..!....]..040401180422Z0!......\*....bO-.....080403173459Z0!....I..:.<....9..m..070412172523Z0!.........R.E!..=t...070522172634Z0!....}.....}.}.(q.C..040401180606Z0!...`.6..,...u.~x.:..080403173459Z0!.........wX.....~...080606171636Z0!..$.Jn>.t..d_j..."..040401180518Z0!.. ..N*(.}H..j......070412172308Z0!.. ..3.J......d..9..070522172711Z0!..50.h.:....s.K"....040401180542Z0!..7_f...s...........080403173459Z0!..<.J..y..)..~x7.e..080606171735Z0!..NS.c.f......7.p...070412172213Z0!..N.k;..-...9J..-...070522172748Z0!..Q..2pRv.WC.:..f...030109181346Z0!..Tq..m..*..........140129192925Z0!..^..CX4.3... F.R...070522172548Z0!..^..)..P3...7...L..080403173459Z0!..e........O.^.S....080403173457Z0!..jP....Wv..[.v.5H..070412172102Z0!..nk.l.!y.~...7G@...070412171752Z0!..r.q.I-Ln./........080403173458Z0!..t8....D...........080606171524Z0!..t.xn.tS....O_.....070412171951Z0!..v......Qnw..W.g...140129192921Z0...*.H...............8`u...j.....]....zz..~.7g!.(.h*1T..iC.X..TlS{.....n...lo....%xZ...Y?.F..-;....xE[s@.[.o.)ay...5.`.PWP......onZ.t ....GIuTV.XY....
<<
<<< skipped >>>
GET /pca3-g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "8e6524f62f3a114ec765d2f97962a2e2:1391212212"
Last-Modified: Fri, 31 Jan 2014 23:50:12 GMT
Accept-Ranges: bytes
Content-Length: 1415
Date: Thu, 27 Mar 2014 20:44:18 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network..140129000000Z..140331235959Z0...0!...=...X.FL...3..I..080403173458Z0!...SJs|.."E.G.......070412172616Z0!....E........W6.n...140129192923Z0!.......jvO..!....]..040401180422Z0!......\*....bO-.....080403173459Z0!....I..:.<....9..m..070412172523Z0!.........R.E!..=t...070522172634Z0!....}.....}.}.(q.C..040401180606Z0!...`.6..,...u.~x.:..080403173459Z0!.........wX.....~...080606171636Z0!..$.Jn>.t..d_j..."..040401180518Z0!.. ..N*(.}H..j......070412172308Z0!.. ..3.J......d..9..070522172711Z0!..50.h.:....s.K"....040401180542Z0!..7_f...s...........080403173459Z0!..<.J..y..)..~x7.e..080606171735Z0!..NS.c.f......7.p...070412172213Z0!..N.k;..-...9J..-...070522172748Z0!..Q..2pRv.WC.:..f...030109181346Z0!..Tq..m..*..........140129192925Z0!..^..CX4.3... F.R...070522172548Z0!..^..)..P3...7...L..080403173459Z0!..e........O.^.S....080403173457Z0!..jP....Wv..[.v.5H..070412172102Z0!..nk.l.!y.~...7G@...070412171752Z0!..r.q.I-Ln./........080403173458Z0!..t8....D...........080606171524Z0!..t.xn.tS....O_.....070412171951Z0!..v......Qnw..W.g...140129192921Z0...*.H...............8`u...j.....]....zz..~.7g!.(.h*1T..iC.X..TlS{.....n...lo....%xZ...Y?.F..-;....xE[s@.[.o.)ay...5.`.PWP......onZ.t ....GIuTV.XY....
<<
<<< skipped >>>
GET /pca3-g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "8e6524f62f3a114ec765d2f97962a2e2:1391212212"
Last-Modified: Fri, 31 Jan 2014 23:50:12 GMT
Accept-Ranges: bytes
Content-Length: 1415
Date: Thu, 27 Mar 2014 20:44:19 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network..140129000000Z..140331235959Z0...0!...=...X.FL...3..I..080403173458Z0!...SJs|.."E.G.......070412172616Z0!....E........W6.n...140129192923Z0!.......jvO..!....]..040401180422Z0!......\*....bO-.....080403173459Z0!....I..:.<....9..m..070412172523Z0!.........R.E!..=t...070522172634Z0!....}.....}.}.(q.C..040401180606Z0!...`.6..,...u.~x.:..080403173459Z0!.........wX.....~...080606171636Z0!..$.Jn>.t..d_j..."..040401180518Z0!.. ..N*(.}H..j......070412172308Z0!.. ..3.J......d..9..070522172711Z0!..50.h.:....s.K"....040401180542Z0!..7_f...s...........080403173459Z0!..<.J..y..)..~x7.e..080606171735Z0!..NS.c.f......7.p...070412172213Z0!..N.k;..-...9J..-...070522172748Z0!..Q..2pRv.WC.:..f...030109181346Z0!..Tq..m..*..........140129192925Z0!..^..CX4.3... F.R...070522172548Z0!..^..)..P3...7...L..080403173459Z0!..e........O.^.S....080403173457Z0!..jP....Wv..[.v.5H..070412172102Z0!..nk.l.!y.~...7G@...070412171752Z0!..r.q.I-Ln./........080403173458Z0!..t8....D...........080606171524Z0!..t.xn.tS....O_.....070412171951Z0!..v......Qnw..W.g...140129192921Z0...*.H...............8`u...j.....]....zz..~.7g!.(.h*1T..iC.X..TlS{.....n...lo....%xZ...Y?.F..-;....xE[s@.[.o.)ay...5.`.PWP......onZ.t ....GIuTV.XY....
<<
<<< skipped >>>
GET /pca3-g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "8e6524f62f3a114ec765d2f97962a2e2:1391212212"
Last-Modified: Fri, 31 Jan 2014 23:50:12 GMT
Accept-Ranges: bytes
Content-Length: 1415
Date: Thu, 27 Mar 2014 20:44:20 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network..140129000000Z..140331235959Z0...0!...=...X.FL...3..I..080403173458Z0!...SJs|.."E.G.......070412172616Z0!....E........W6.n...140129192923Z0!.......jvO..!....]..040401180422Z0!......\*....bO-.....080403173459Z0!....I..:.<....9..m..070412172523Z0!.........R.E!..=t...070522172634Z0!....}.....}.}.(q.C..040401180606Z0!...`.6..,...u.~x.:..080403173459Z0!.........wX.....~...080606171636Z0!..$.Jn>.t..d_j..."..040401180518Z0!.. ..N*(.}H..j......070412172308Z0!.. ..3.J......d..9..070522172711Z0!..50.h.:....s.K"....040401180542Z0!..7_f...s...........080403173459Z0!..<.J..y..)..~x7.e..080606171735Z0!..NS.c.f......7.p...070412172213Z0!..N.k;..-...9J..-...070522172748Z0!..Q..2pRv.WC.:..f...030109181346Z0!..Tq..m..*..........140129192925Z0!..^..CX4.3... F.R...070522172548Z0!..^..)..P3...7...L..080403173459Z0!..e........O.^.S....080403173457Z0!..jP....Wv..[.v.5H..070412172102Z0!..nk.l.!y.~...7G@...070412171752Z0!..r.q.I-Ln./........080403173458Z0!..t8....D...........080606171524Z0!..t.xn.tS....O_.....070412171951Z0!..v......Qnw..W.g...140129192921Z0...*.H...............8`u...j.....]....zz..~.7g!.(.h*1T..iC.X..TlS{.....n...lo....%xZ...Y?.F..-;....xE[s@.[.o.)ay...5.`.PWP......onZ.t ....GIuTV.XY....
<<
<<< skipped >>>
GET /pca3-g2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "8e6524f62f3a114ec765d2f97962a2e2:1391212212"
Last-Modified: Fri, 31 Jan 2014 23:50:12 GMT
Accept-Ranges: bytes
Content-Length: 1415
Date: Thu, 27 Mar 2014 20:44:21 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network..140129000000Z..140331235959Z0...0!...=...X.FL...3..I..080403173458Z0!...SJs|.."E.G.......070412172616Z0!....E........W6.n...140129192923Z0!.......jvO..!....]..040401180422Z0!......\*....bO-.....080403173459Z0!....I..:.<....9..m..070412172523Z0!.........R.E!..=t...070522172634Z0!....}.....}.}.(q.C..040401180606Z0!...`.6..,...u.~x.:..080403173459Z0!.........wX.....~...080606171636Z0!..$.Jn>.t..d_j..."..040401180518Z0!.. ..N*(.}H..j......070412172308Z0!.. ..3.J......d..9..070522172711Z0!..50.h.:....s.K"....040401180542Z0!..7_f...s...........080403173459Z0!..<.J..y..)..~x7.e..080606171735Z0!..NS.c.f......7.p...070412172213Z0!..N.k;..-...9J..-...070522172748Z0!..Q..2pRv.WC.:..f...030109181346Z0!..Tq..m..*..........140129192925Z0!..^..CX4.3... F.R...070522172548Z0!..^..)..P3...7...L..080403173459Z0!..e........O.^.S....080403173457Z0!..jP....Wv..[.v.5H..070412172102Z0!..nk.l.!y.~...7G@...070412171752Z0!..r.q.I-Ln./........080403173458Z0!..t8....D...........080606171524Z0!..t.xn.tS....O_.....070412171951Z0!..v......Qnw..W.g...140129192921Z0...*.H...............8`u...j.....]....zz..~.7g!.(.h*1T..iC.X..TlS{.....n...lo....%xZ...Y?.F..-;....xE[s@.[.o.)ay...5.`.PWP......onZ.t ....GIuTV.XY....
<<
<<< skipped >>>
GET /pca3.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "117874d748d93730ac0fcde495f3f5b7:1391215510"
Last-Modified: Sat, 01 Feb 2014 00:45:10 GMT
Accept-Ranges: bytes
Content-Length: 933
Date: Thu, 27 Mar 2014 20:44:27 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140129000000Z..140331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H..............#v..<.a....-a..,/.<...5%...X..@r%..$G*..9/...>.Y..~.$.|dG.j...XS..U.m.4z....7K..nG.*...}..........R........z?..x....;.Ik...VOEHTTP/1.1 200 OK..Server: Apache..ETag: "117874d748d93730ac0fcde495f3f5b7:1391215510"..Last-Modified: Sat, 01 Feb 2014 00:45:10 GMT..Accept-Ranges: bytes..Content-Length: 933..Date: Thu, 27 Mar 2014 20:44:27 GMT..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140129000000Z..140331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A...
<<
<<< skipped >>>
GET /pca3.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "117874d748d93730ac0fcde495f3f5b7:1391215510"
Last-Modified: Sat, 01 Feb 2014 00:45:10 GMT
Accept-Ranges: bytes
Content-Length: 933
Date: Thu, 27 Mar 2014 20:44:28 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140129000000Z..140331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H..............#v..<.a....-a..,/.<...5%...X..@r%..$G*..9/...>.Y..~.$.|dG.j...XS..U.m.4z....7K..nG.*...}..........R........z?..x....;.Ik...VOEHTTP/1.1 200 OK..Server: Apache..ETag: "117874d748d93730ac0fcde495f3f5b7:1391215510"..Last-Modified: Sat, 01 Feb 2014 00:45:10 GMT..Accept-Ranges: bytes..Content-Length: 933..Date: Thu, 27 Mar 2014 20:44:28 GMT..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140129000000Z..140331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A...
<<
<<< skipped >>>
GET /pca3.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "117874d748d93730ac0fcde495f3f5b7:1391215510"
Last-Modified: Sat, 01 Feb 2014 00:45:10 GMT
Accept-Ranges: bytes
Content-Length: 933
Date: Thu, 27 Mar 2014 20:44:29 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140129000000Z..140331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H..............#v..<.a....-a..,/.<...5%...X..@r%..$G*..9/...>.Y..~.$.|dG.j...XS..U.m.4z....7K..nG.*...}..........R........z?..x....;.Ik...VOEHTTP/1.1 200 OK..Server: Apache..ETag: "117874d748d93730ac0fcde495f3f5b7:1391215510"..Last-Modified: Sat, 01 Feb 2014 00:45:10 GMT..Accept-Ranges: bytes..Content-Length: 933..Date: Thu, 27 Mar 2014 20:44:29 GMT..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140129000000Z..140331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A...
<<
<<< skipped >>>
GET /pca3.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "117874d748d93730ac0fcde495f3f5b7:1391215510"
Last-Modified: Sat, 01 Feb 2014 00:45:10 GMT
Accept-Ranges: bytes
Content-Length: 933
Date: Thu, 27 Mar 2014 20:44:30 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140129000000Z..140331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H..............#v..<.a....-a..,/.<...5%...X..@r%..$G*..9/...>.Y..~.$.|dG.j...XS..U.m.4z....7K..nG.*...}..........R........z?..x....;.Ik...VOEHTTP/1.1 200 OK..Server: Apache..ETag: "117874d748d93730ac0fcde495f3f5b7:1391215510"..Last-Modified: Sat, 01 Feb 2014 00:45:10 GMT..Accept-Ranges: bytes..Content-Length: 933..Date: Thu, 27 Mar 2014 20:44:30 GMT..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140129000000Z..140331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A...
<<
<<< skipped >>>
GET /pca3.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "117874d748d93730ac0fcde495f3f5b7:1391215510"
Last-Modified: Sat, 01 Feb 2014 00:45:10 GMT
Accept-Ranges: bytes
Content-Length: 933
Date: Thu, 27 Mar 2014 20:44:31 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140129000000Z..140331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H..............#v..<.a....-a..,/.<...5%...X..@r%..$G*..9/...>.Y..~.$.|dG.j...XS..U.m.4z....7K..nG.*...}..........R........z?..x....;.Ik...VOEHTTP/1.1 200 OK..Server: Apache..ETag: "117874d748d93730ac0fcde495f3f5b7:1391215510"..Last-Modified: Sat, 01 Feb 2014 00:45:10 GMT..Accept-Ranges: bytes..Content-Length: 933..Date: Thu, 27 Mar 2014 20:44:31 GMT..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140129000000Z..140331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A...
<<
<<< skipped >>>
GET /msdownload/update/v5/redir/wuredirt.rar HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 195.22.26.231
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.4
Date: Thu, 27 Mar 2014 20:44:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=15c5f01238e31651dcad6fae2af483a3|193.138.244.231|1395953054|1395953054|0|1|0
Set-Cookie: snkz=193.138.244.231
Content-Encoding: gzip
14........................0..
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5041
Date: Thu, 27 Mar 2014 20:44:38 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5041..Date: Thu, 27 Mar 2014 20:44:38 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5041
Date: Thu, 27 Mar 2014 20:44:38 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5041..Date: Thu, 27 Mar 2014 20:44:38 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5040
Date: Thu, 27 Mar 2014 20:44:39 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5040..Date: Thu, 27 Mar 2014 20:44:39 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5039
Date: Thu, 27 Mar 2014 20:44:40 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5039..Date: Thu, 27 Mar 2014 20:44:40 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5038
Date: Thu, 27 Mar 2014 20:44:41 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5038..Date: Thu, 27 Mar 2014 20:44:41 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5037
Date: Thu, 27 Mar 2014 20:44:42 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5037..Date: Thu, 27 Mar 2014 20:44:42 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5036
Date: Thu, 27 Mar 2014 20:44:43 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5036..Date: Thu, 27 Mar 2014 20:44:43 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5035
Date: Thu, 27 Mar 2014 20:44:44 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5035..Date: Thu, 27 Mar 2014 20:44:44 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5034
Date: Thu, 27 Mar 2014 20:44:45 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5034..Date: Thu, 27 Mar 2014 20:44:45 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5032
Date: Thu, 27 Mar 2014 20:44:47 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5032..Date: Thu, 27 Mar 2014 20:44:47 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892....
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: VVV.download.windowsupdate.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT
Accept-Ranges: bytes
ETag: "806f4cbb43dcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 18
Cache-Control: max-age=5031
Date: Thu, 27 Mar 2014 20:44:48 GMT
Connection: keep-alive
X-CCC: SE
X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 18..Cache-Control: max-age=5031..Date: Thu, 27 Mar 2014 20:44:48 GMT..Connection: keep-alive..X-CCC: SE..X-CID: 2..1401CF3DB40B609892..
GET /CSC3-2009.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2009-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "d74bed59c9729847e0d56742c9d14f3d:1395911418"
Last-Modified: Thu, 27 Mar 2014 09:10:18 GMT
Accept-Ranges: bytes
Content-Length: 2249
Date: Thu, 27 Mar 2014 20:44:22 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091.0,..U...%VeriSign Class 3 Code Signing 2009 CA..140327090002Z..140410090002Z0...0!.....zOR.D...,oMa...090525061903Z0!......t.o=(..(..G...090520231844Z0!... ....M...m.Q.&...090517075442Z0!...T.Ay(..U...:_|...090608072333Z0!... .(.....F..9.....090805090059Z0!.......P..._}..;.x..090714150126Z0!.....5=.qOV[.cyg.&..090528172131Z0!...K...=$.6.........090521015930Z0!...-H...D...tDXUN...090527062050Z0!.......-.'@..<B{....090525110212Z0!......x..m*[.7.h#"..090702070220Z0!.....%.o.....kT.....090527062152Z0!..!.*;....)..Ef..k..090529084018Z0!..#.}h..."..........090527050204Z0!..$.I^./@.:7.p.,v...090521201736Z0!..&.5{.....Q;D......090521184343Z0!..&...T[.~y.........090903081104Z0!...q..m...G..i^.....090521025017Z0!../a.nS..[lA.lCB....090527045238Z0!..0.....R..iX.px....090605052910Z0!..2.h..).n......p;..090713144756Z0!..:.............. ..090605052934Z0!..;.0.*.v..*....P...090601001940Z0!..?..}p 2I..o.\..u..090527061825Z0!..?....@.Z`......l..090527022214Z0!..B..h~a..]..L.2....100512125735Z0!..B.U..ZF...........090527041620Z0!..F'....?xxnx.6Q....090528003453Z0!..F|A..r....#.@.&...090527062259Z0!..L.r....F..^..i.t..090608130549Z0!..Q...Y...Exm.._7...090520225737Z0!..TH..~.. ..({......090723115618Z0!..U.59Z..[.G.RmyR1..090527071534Z0!..V ].h.../".V<8-...090611075746Z0!..gHT...j5zdG....K..090521205535Z0!..mje.......;.......090521012215Z0!..p^..E.{.>.........09
<<
<<< skipped >>>
GET /CSC3-2009.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2009-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "d74bed59c9729847e0d56742c9d14f3d:1395911418"
Last-Modified: Thu, 27 Mar 2014 09:10:18 GMT
Accept-Ranges: bytes
Content-Length: 2249
Date: Thu, 27 Mar 2014 20:44:23 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091.0,..U...%VeriSign Class 3 Code Signing 2009 CA..140327090002Z..140410090002Z0...0!.....zOR.D...,oMa...090525061903Z0!......t.o=(..(..G...090520231844Z0!... ....M...m.Q.&...090517075442Z0!...T.Ay(..U...:_|...090608072333Z0!... .(.....F..9.....090805090059Z0!.......P..._}..;.x..090714150126Z0!.....5=.qOV[.cyg.&..090528172131Z0!...K...=$.6.........090521015930Z0!...-H...D...tDXUN...090527062050Z0!.......-.'@..<B{....090525110212Z0!......x..m*[.7.h#"..090702070220Z0!.....%.o.....kT.....090527062152Z0!..!.*;....)..Ef..k..090529084018Z0!..#.}h..."..........090527050204Z0!..$.I^./@.:7.p.,v...090521201736Z0!..&.5{.....Q;D......090521184343Z0!..&...T[.~y.........090903081104Z0!...q..m...G..i^.....090521025017Z0!../a.nS..[lA.lCB....090527045238Z0!..0.....R..iX.px....090605052910Z0!..2.h..).n......p;..090713144756Z0!..:.............. ..090605052934Z0!..;.0.*.v..*....P...090601001940Z0!..?..}p 2I..o.\..u..090527061825Z0!..?....@.Z`......l..090527022214Z0!..B..h~a..]..L.2....100512125735Z0!..B.U..ZF...........090527041620Z0!..F'....?xxnx.6Q....090528003453Z0!..F|A..r....#.@.&...090527062259Z0!..L.r....F..^..i.t..090608130549Z0!..Q...Y...Exm.._7...090520225737Z0!..TH..~.. ..({......090723115618Z0!..U.59Z..[.G.RmyR1..090527071534Z0!..V ].h.../".V<8-...090611075746Z0!..gHT...j5zdG....K..090521205535Z0!..mje.......;.......090521012215Z0!..p^..E.{.>.........09
<<
<<< skipped >>>
GET /CSC3-2009.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2009-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "d74bed59c9729847e0d56742c9d14f3d:1395911418"
Last-Modified: Thu, 27 Mar 2014 09:10:18 GMT
Accept-Ranges: bytes
Content-Length: 2249
Date: Thu, 27 Mar 2014 20:44:24 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091.0,..U...%VeriSign Class 3 Code Signing 2009 CA..140327090002Z..140410090002Z0...0!.....zOR.D...,oMa...090525061903Z0!......t.o=(..(..G...090520231844Z0!... ....M...m.Q.&...090517075442Z0!...T.Ay(..U...:_|...090608072333Z0!... .(.....F..9.....090805090059Z0!.......P..._}..;.x..090714150126Z0!.....5=.qOV[.cyg.&..090528172131Z0!...K...=$.6.........090521015930Z0!...-H...D...tDXUN...090527062050Z0!.......-.'@..<B{....090525110212Z0!......x..m*[.7.h#"..090702070220Z0!.....%.o.....kT.....090527062152Z0!..!.*;....)..Ef..k..090529084018Z0!..#.}h..."..........090527050204Z0!..$.I^./@.:7.p.,v...090521201736Z0!..&.5{.....Q;D......090521184343Z0!..&...T[.~y.........090903081104Z0!...q..m...G..i^.....090521025017Z0!../a.nS..[lA.lCB....090527045238Z0!..0.....R..iX.px....090605052910Z0!..2.h..).n......p;..090713144756Z0!..:.............. ..090605052934Z0!..;.0.*.v..*....P...090601001940Z0!..?..}p 2I..o.\..u..090527061825Z0!..?....@.Z`......l..090527022214Z0!..B..h~a..]..L.2....100512125735Z0!..B.U..ZF...........090527041620Z0!..F'....?xxnx.6Q....090528003453Z0!..F|A..r....#.@.&...090527062259Z0!..L.r....F..^..i.t..090608130549Z0!..Q...Y...Exm.._7...090520225737Z0!..TH..~.. ..({......090723115618Z0!..U.59Z..[.G.RmyR1..090527071534Z0!..V ].h.../".V<8-...090611075746Z0!..gHT...j5zdG....K..090521205535Z0!..mje.......;.......090521012215Z0!..p^..E.{.>.........09
<<
<<< skipped >>>
GET /CSC3-2009.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2009-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "d74bed59c9729847e0d56742c9d14f3d:1395911418"
Last-Modified: Thu, 27 Mar 2014 09:10:18 GMT
Accept-Ranges: bytes
Content-Length: 2249
Date: Thu, 27 Mar 2014 20:44:25 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091.0,..U...%VeriSign Class 3 Code Signing 2009 CA..140327090002Z..140410090002Z0...0!.....zOR.D...,oMa...090525061903Z0!......t.o=(..(..G...090520231844Z0!... ....M...m.Q.&...090517075442Z0!...T.Ay(..U...:_|...090608072333Z0!... .(.....F..9.....090805090059Z0!.......P..._}..;.x..090714150126Z0!.....5=.qOV[.cyg.&..090528172131Z0!...K...=$.6.........090521015930Z0!...-H...D...tDXUN...090527062050Z0!.......-.'@..<B{....090525110212Z0!......x..m*[.7.h#"..090702070220Z0!.....%.o.....kT.....090527062152Z0!..!.*;....)..Ef..k..090529084018Z0!..#.}h..."..........090527050204Z0!..$.I^./@.:7.p.,v...090521201736Z0!..&.5{.....Q;D......090521184343Z0!..&...T[.~y.........090903081104Z0!...q..m...G..i^.....090521025017Z0!../a.nS..[lA.lCB....090527045238Z0!..0.....R..iX.px....090605052910Z0!..2.h..).n......p;..090713144756Z0!..:.............. ..090605052934Z0!..;.0.*.v..*....P...090601001940Z0!..?..}p 2I..o.\..u..090527061825Z0!..?....@.Z`......l..090527022214Z0!..B..h~a..]..L.2....100512125735Z0!..B.U..ZF...........090527041620Z0!..F'....?xxnx.6Q....090528003453Z0!..F|A..r....#.@.&...090527062259Z0!..L.r....F..^..i.t..090608130549Z0!..Q...Y...Exm.._7...090520225737Z0!..TH..~.. ..({......090723115618Z0!..U.59Z..[.G.RmyR1..090527071534Z0!..V ].h.../".V<8-...090611075746Z0!..gHT...j5zdG....K..090521205535Z0!..mje.......;.......090521012215Z0!..p^..E.{.>.........09
<<
<<< skipped >>>
GET /CSC3-2009.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2009-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "d74bed59c9729847e0d56742c9d14f3d:1395911418"
Last-Modified: Thu, 27 Mar 2014 09:10:18 GMT
Accept-Ranges: bytes
Content-Length: 2249
Date: Thu, 27 Mar 2014 20:44:26 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091.0,..U...%VeriSign Class 3 Code Signing 2009 CA..140327090002Z..140410090002Z0...0!.....zOR.D...,oMa...090525061903Z0!......t.o=(..(..G...090520231844Z0!... ....M...m.Q.&...090517075442Z0!...T.Ay(..U...:_|...090608072333Z0!... .(.....F..9.....090805090059Z0!.......P..._}..;.x..090714150126Z0!.....5=.qOV[.cyg.&..090528172131Z0!...K...=$.6.........090521015930Z0!...-H...D...tDXUN...090527062050Z0!.......-.'@..<B{....090525110212Z0!......x..m*[.7.h#"..090702070220Z0!.....%.o.....kT.....090527062152Z0!..!.*;....)..Ef..k..090529084018Z0!..#.}h..."..........090527050204Z0!..$.I^./@.:7.p.,v...090521201736Z0!..&.5{.....Q;D......090521184343Z0!..&...T[.~y.........090903081104Z0!...q..m...G..i^.....090521025017Z0!../a.nS..[lA.lCB....090527045238Z0!..0.....R..iX.px....090605052910Z0!..2.h..).n......p;..090713144756Z0!..:.............. ..090605052934Z0!..;.0.*.v..*....P...090601001940Z0!..?..}p 2I..o.\..u..090527061825Z0!..?....@.Z`......l..090527022214Z0!..B..h~a..]..L.2....100512125735Z0!..B.U..ZF...........090527041620Z0!..F'....?xxnx.6Q....090528003453Z0!..F|A..r....#.@.&...090527062259Z0!..L.r....F..^..i.t..090608130549Z0!..Q...Y...Exm.._7...090520225737Z0!..TH..~.. ..({......090723115618Z0!..U.59Z..[.G.RmyR1..090527071534Z0!..V ].h.../".V<8-...090611075746Z0!..gHT...j5zdG....K..090521205535Z0!..mje.......;.......090521012215Z0!..p^..E.{.>.........09
<<
<<< skipped >>>
GET /resources/tools/getpublicip.shtml HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: vbnet.mvps.org
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
MS-Author-Via: MS-FP/4.0
Date: Thu, 27 Mar 2014 20:44:13 GMT
Content-Length: 1245
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="content-container"><fieldset>.. <h2>404 - File or directory not found.</h2>.. <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>.. </fieldset></div>..</div>..</body>..</html>....
<<
<<< skipped >>>
GET /msdownload/update/v5/redir/wuredirt.rar HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 195.22.26.231
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.4
Date: Thu, 27 Mar 2014 20:44:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2e6f8266357cd74177ef7252541d58f6|193.138.244.231|1395953075|1395953075|0|1|0
Set-Cookie: snkz=193.138.244.231
Content-Encoding: gzip
14........................0..
GET /CSC3-2009-2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2009-2-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "b07199373ff075d5e5ac5f584892eb4b:1395911418"
Last-Modified: Thu, 27 Mar 2014 09:10:18 GMT
Accept-Ranges: bytes
Content-Length: 37283
Date: Thu, 27 Mar 2014 20:44:32 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA..140327090001Z..140410090001Z0..h0!.....V..t..'.F(z....121202220203Z0!.... .;...9.7.......090826054212Z0!...\.)../F..^p..s...100722072726Z0!......P....A.x......100708154305Z0!.......O#.`n.5j.9...100930040708Z0!..../..8~p...h......091006052837Z0!.....(../L....--aK..091029040207Z0!...aW.....B.!.0..t..090909121104Z0!...g,..4(vv....mJ_..100514054218Z0!.....V.....(..-..p..090826162211Z0!....O..,J.N.n...Ly..091028032204Z0!....42r...I.Y@...3..100526162150Z0!.........}..Dt...!..090922192227Z0!.......2l....7i..?..101109030426Z0!.....p%...l,AogP....100523060224Z0!...,.P.C......*.....100303082219Z0!...NRPL.............100413090225Z0!....1w....d.&..8....091026111702Z0!......F....e........090608081352Z0!.....6..d6.7..4.....100924123027Z0!....$..*...s..&s....100219210742Z0!......Q_.G..|.......091009145530Z0!........>..O...=72..100616160934Z0!....Xlm$|".su.......090619194406Z0!......J)..E......C..100922142243Z0!...D......u.y.Iy{k..101026130323Z0!...El...)>..W..<K...101004225456Z0!...p..wy.i.zc...X...091117001921Z0!.....,{..^..........091203194409Z0!....B....d...*.P.@..100705023431Z0!.......m. .V.....~..101111134216Z0!...2.R.i.{..........091029071123Z0!...`F..q2..O.:......100602074221Z0!...a{.-...@...'.....100723194022Z0!........fW.y.,s.....101011182226Z0!....Um..}.8)........100324085953Z0!....,u.boxr....Z....
<<
<<< skipped >>>
GET /CSC3-2009-2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2009-2-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "b07199373ff075d5e5ac5f584892eb4b:1395911418"
Last-Modified: Thu, 27 Mar 2014 09:10:18 GMT
Accept-Ranges: bytes
Content-Length: 37283
Date: Thu, 27 Mar 2014 20:44:33 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA..140327090001Z..140410090001Z0..h0!.....V..t..'.F(z....121202220203Z0!.... .;...9.7.......090826054212Z0!...\.)../F..^p..s...100722072726Z0!......P....A.x......100708154305Z0!.......O#.`n.5j.9...100930040708Z0!..../..8~p...h......091006052837Z0!.....(../L....--aK..091029040207Z0!...aW.....B.!.0..t..090909121104Z0!...g,..4(vv....mJ_..100514054218Z0!.....V.....(..-..p..090826162211Z0!....O..,J.N.n...Ly..091028032204Z0!....42r...I.Y@...3..100526162150Z0!.........}..Dt...!..090922192227Z0!.......2l....7i..?..101109030426Z0!.....p%...l,AogP....100523060224Z0!...,.P.C......*.....100303082219Z0!...NRPL.............100413090225Z0!....1w....d.&..8....091026111702Z0!......F....e........090608081352Z0!.....6..d6.7..4.....100924123027Z0!....$..*...s..&s....100219210742Z0!......Q_.G..|.......091009145530Z0!........>..O...=72..100616160934Z0!....Xlm$|".su.......090619194406Z0!......J)..E......C..100922142243Z0!...D......u.y.Iy{k..101026130323Z0!...El...)>..W..<K...101004225456Z0!...p..wy.i.zc...X...091117001921Z0!.....,{..^..........091203194409Z0!....B....d...*.P.@..100705023431Z0!.......m. .V.....~..101111134216Z0!...2.R.i.{..........091029071123Z0!...`F..q2..O.:......100602074221Z0!...a{.-...@...'.....100723194022Z0!........fW.y.,s.....101011182226Z0!....Um..}.8)........100324085953Z0!....,u.boxr....Z....
<<
<<< skipped >>>
GET /CSC3-2009-2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2009-2-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "b07199373ff075d5e5ac5f584892eb4b:1395911418"
Last-Modified: Thu, 27 Mar 2014 09:10:18 GMT
Accept-Ranges: bytes
Content-Length: 37283
Date: Thu, 27 Mar 2014 20:44:34 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA..140327090001Z..140410090001Z0..h0!.....V..t..'.F(z....121202220203Z0!.... .;...9.7.......090826054212Z0!...\.)../F..^p..s...100722072726Z0!......P....A.x......100708154305Z0!.......O#.`n.5j.9...100930040708Z0!..../..8~p...h......091006052837Z0!.....(../L....--aK..091029040207Z0!...aW.....B.!.0..t..090909121104Z0!...g,..4(vv....mJ_..100514054218Z0!.....V.....(..-..p..090826162211Z0!....O..,J.N.n...Ly..091028032204Z0!....42r...I.Y@...3..100526162150Z0!.........}..Dt...!..090922192227Z0!.......2l....7i..?..101109030426Z0!.....p%...l,AogP....100523060224Z0!...,.P.C......*.....100303082219Z0!...NRPL.............100413090225Z0!....1w....d.&..8....091026111702Z0!......F....e........090608081352Z0!.....6..d6.7..4.....100924123027Z0!....$..*...s..&s....100219210742Z0!......Q_.G..|.......091009145530Z0!........>..O...=72..100616160934Z0!....Xlm$|".su.......090619194406Z0!......J)..E......C..100922142243Z0!...D......u.y.Iy{k..101026130323Z0!...El...)>..W..<K...101004225456Z0!...p..wy.i.zc...X...091117001921Z0!.....,{..^..........091203194409Z0!....B....d...*.P.@..100705023431Z0!.......m. .V.....~..101111134216Z0!...2.R.i.{..........091029071123Z0!...`F..q2..O.:......100602074221Z0!...a{.-...@...'.....100723194022Z0!........fW.y.,s.....101011182226Z0!....Um..}.8)........100324085953Z0!....,u.boxr....Z....
<<
<<< skipped >>>
GET /CSC3-2009-2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2009-2-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "b07199373ff075d5e5ac5f584892eb4b:1395911418"
Last-Modified: Thu, 27 Mar 2014 09:10:18 GMT
Accept-Ranges: bytes
Content-Length: 37283
Date: Thu, 27 Mar 2014 20:44:35 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA..140327090001Z..140410090001Z0..h0!.....V..t..'.F(z....121202220203Z0!.... .;...9.7.......090826054212Z0!...\.)../F..^p..s...100722072726Z0!......P....A.x......100708154305Z0!.......O#.`n.5j.9...100930040708Z0!..../..8~p...h......091006052837Z0!.....(../L....--aK..091029040207Z0!...aW.....B.!.0..t..090909121104Z0!...g,..4(vv....mJ_..100514054218Z0!.....V.....(..-..p..090826162211Z0!....O..,J.N.n...Ly..091028032204Z0!....42r...I.Y@...3..100526162150Z0!.........}..Dt...!..090922192227Z0!.......2l....7i..?..101109030426Z0!.....p%...l,AogP....100523060224Z0!...,.P.C......*.....100303082219Z0!...NRPL.............100413090225Z0!....1w....d.&..8....091026111702Z0!......F....e........090608081352Z0!.....6..d6.7..4.....100924123027Z0!....$..*...s..&s....100219210742Z0!......Q_.G..|.......091009145530Z0!........>..O...=72..100616160934Z0!....Xlm$|".su.......090619194406Z0!......J)..E......C..100922142243Z0!...D......u.y.Iy{k..101026130323Z0!...El...)>..W..<K...101004225456Z0!...p..wy.i.zc...X...091117001921Z0!.....,{..^..........091203194409Z0!....B....d...*.P.@..100705023431Z0!.......m. .V.....~..101111134216Z0!...2.R.i.{..........091029071123Z0!...`F..q2..O.:......100602074221Z0!...a{.-...@...'.....100723194022Z0!........fW.y.,s.....101011182226Z0!....Um..}.8)........100324085953Z0!....,u.boxr....Z....
<<
<<< skipped >>>
GET /CSC3-2009-2.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2009-2-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
HTTP/1.1 200 OK
Server: Apache
ETag: "b07199373ff075d5e5ac5f584892eb4b:1395911418"
Last-Modified: Thu, 27 Mar 2014 09:10:18 GMT
Accept-Ranges: bytes
Content-Length: 37283
Date: Thu, 27 Mar 2014 20:44:36 GMT
Connection: keep-alive
Content-Type: application/pkix-crl
0...0......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA..140327090001Z..140410090001Z0..h0!.....V..t..'.F(z....121202220203Z0!.... .;...9.7.......090826054212Z0!...\.)../F..^p..s...100722072726Z0!......P....A.x......100708154305Z0!.......O#.`n.5j.9...100930040708Z0!..../..8~p...h......091006052837Z0!.....(../L....--aK..091029040207Z0!...aW.....B.!.0..t..090909121104Z0!...g,..4(vv....mJ_..100514054218Z0!.....V.....(..-..p..090826162211Z0!....O..,J.N.n...Ly..091028032204Z0!....42r...I.Y@...3..100526162150Z0!.........}..Dt...!..090922192227Z0!.......2l....7i..?..101109030426Z0!.....p%...l,AogP....100523060224Z0!...,.P.C......*.....100303082219Z0!...NRPL.............100413090225Z0!....1w....d.&..8....091026111702Z0!......F....e........090608081352Z0!.....6..d6.7..4.....100924123027Z0!....$..*...s..&s....100219210742Z0!......Q_.G..|.......091009145530Z0!........>..O...=72..100616160934Z0!....Xlm$|".su.......090619194406Z0!......J)..E......C..100922142243Z0!...D......u.y.Iy{k..101026130323Z0!...El...)>..W..<K...101004225456Z0!...p..wy.i.zc...X...091117001921Z0!.....,{..^..........091203194409Z0!....B....d...*.P.@..100705023431Z0!.......m. .V.....~..101111134216Z0!...2.R.i.{..........091029071123Z0!...`F..q2..O.:......100602074221Z0!...a{.-...@...'.....100723194022Z0!........fW.y.,s.....101011182226Z0!....Um..}.8)........100324085953Z0!....,u.boxr....Z....
<<
<<< skipped >>>
Map
Strings from Dumps
svchost.exe_1136_rwx_0505C000_0000B000:
D$<%d
D$<%d
svchost.exe_1136_rwx_05068000_00002000:
kernel32.dll
kernel32.dll
user32.dll
user32.dll
The procedure entry point %s could not be located in the dynamic link library %s
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
msvcrt.dll
msvcrt.dll
shlwapi.dll
shlwapi.dll
ws2_32.dll
ws2_32.dll
iphlpapi.dll
iphlpapi.dll
wintrust.dll
wintrust.dll
mpr.dll
mpr.dll
advapi32.dll
advapi32.dll
shell32.dll
shell32.dll
3, 0, 0, 0
3, 0, 0, 0
QvodInstall.exe
QvodInstall.exe
svchost.exe_1136_rwx_10001000_00057000:
t.SVW
t.SVW
.tgPV
.tgPV
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRVj
C.PjRVj
u.VV3
u.VV3
imagehlp.dll
imagehlp.dll
drivers\tcpip.sys
drivers\tcpip.sys
\drivers\tcpip.sys
\drivers\tcpip.sys
65.6.163.4
65.6.163.4
89.123.188.11
89.123.188.11
90.52.108.231
90.52.108.231
85.11.66.73
85.11.66.73
72.192.20.73
72.192.20.73
219.77.13.11
219.77.13.11
90.201.190.208
90.201.190.208
58.63.39.204
58.63.39.204
77.66.224.30
77.66.224.30
62.65.208.112
62.65.208.112
router.bitcomet.net
router.bitcomet.net
router.bitcomet.com
router.bitcomet.com
router.utorrent.com
router.utorrent.com
router.bittorrent.com
router.bittorrent.com
UDP Port
UDP Port
TCP Port
TCP Port
key not found:
key not found:
unsupported message type:
unsupported message type:
unsupported request:
unsupported request:
port
port
dht.log
dht.log
log.log
log.log
name.utf-8
name.utf-8
controlURL
controlURL
http://
http://
URLBase
URLBase
HTTP/1.1
HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"></s:Envelope>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"></s:Envelope>
AddPortMapping
AddPortMapping
NewPortMappingDescription
NewPortMappingDescription
NewInternalPort
NewInternalPort
NewExternalPort
NewExternalPort
DeletePortMapping
DeletePortMapping
M-SEARCH * HTTP/1.1
M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
HOST: 239.255.255.250:1900
External NAT port in use
External NAT port in use
External NAT port in use: Too many retries
External NAT port in use: Too many retries
Port mapping not owned by this class
Port mapping not owned by this class
Error getting StaticPortMappingCollection
Error getting StaticPortMappingCollection
port=
port=
mscoree.dll
mscoree.dll
kernel32.dll
kernel32.dll
- This application cannot run using the active version of the Microsoft .NET Runtime
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
Please contact the application's support team for more information.
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
GetProcessWindowStation
GetProcessWindowStation
user32.dll
user32.dll
portuguese-brazilian
portuguese-brazilian
d:\Work\Order\Dlft2\trunk\Dlft\Release\DLFT.pdb
d:\Work\Order\Dlft2\trunk\Dlft\Release\DLFT.pdb
USER32.dll
USER32.dll
.?AV?$bind_t@XV?$mf1@XUdht_tracker@dht@@ABUmsg@2@@_mfi@boost@@V?$list2@V?$value@PAUdht_tracker@dht@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XUdht_tracker@dht@@ABUmsg@2@@_mfi@boost@@V?$list2@V?$value@PAUdht_tracker@dht@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVnode_impl@dht@@ABUmsg@2@@_mfi@boost@@V?$list2@V?$value@PAVnode_impl@dht@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVnode_impl@dht@@ABUmsg@2@@_mfi@boost@@V?$list2@V?$value@PAVnode_impl@dht@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
zcÁ
zcÁ
|%System%\svchost.exe
|%System%\svchost.exe
GetCPInfo
GetCPInfo
HttpQueryInfoA
HttpQueryInfoA
InternetOpenUrlA
InternetOpenUrlA
\=.LO
\=.LO
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc