Analysis Date2013-07-24 12:45:10
MD5fe24622a85cb4d7a12700d0927939920
SHA11ff659d26403be1e6e613b98c33837505f737236

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 8a2feeb3ad2fb8a06d672f5018030669 sha1: 2014d088bd6ce64bdbcb0232d4fc345b34636f27 size: 734208
Section.rdata md5: c27bbca62258766c763b5d980bbec661 sha1: fe48162f3eab962f076fb4c03ba68bb550c510e7 size: 33792
Section.data md5: 48b144e874187587a45495005d503fef sha1: d6a96ccbe697d8ed3e8f2174aa4bec1c1d30d942 size: 123392
Timestamp2013-06-11 11:48:49
PackerMicrosoft Visual C++ ?.?
PEhashf962d144520005e8daa8570258765dd0a469f67a

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\bndwhqocpkrshy\tst
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\~DF6AD4.tmp
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\hmbuhhwg1rojoghdzn0ry.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\hmbuhhwg1rojoghdzn0ry.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\hmbuhhwg1rojoghdzn0ry.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Intelligent Socket Config Procedure ➝
C:\WINDOWS\system32\dhbedahtwbu.exe
Creates FileC:\WINDOWS\system32\dhbedahtwbu.exe
Creates FileC:\WINDOWS\system32\bndwhqocpkrshy\lck
Creates FileC:\WINDOWS\system32\bndwhqocpkrshy\tst
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\WINDOWS\system32\dhbedahtwbu.exe
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates ServiceBluetooth Accounts Certificate Play Web - C:\WINDOWS\system32\dhbedahtwbu.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates FilePIPE\lsarpc

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 828

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates Filepipe\winlogonrpc
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LogonTime ➝
NULL
Creates FileWMIDataDevice

Process
↳ Pid 1840

Process
↳ Pid 1020

Process
↳ C:\WINDOWS\system32\dhbedahtwbu.exe

Creates FileC:\WINDOWS\system32\jiwstlqeevon.exe
Creates FileC:\WINDOWS\system32\bndwhqocpkrshy\run
Creates FileC:\WINDOWS\system32\bndwhqocpkrshy\rng
Creates FileC:\WINDOWS\system32\bndwhqocpkrshy\lck
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\bndwhqocpkrshy\tst
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\bndwhqocpkrshy\cfg
Creates ProcessWATCHDOGPROC "c:\windows\system32\dhbedahtwbu.exe"

Process
↳ C:\WINDOWS\system32\dhbedahtwbu.exe

Creates FileC:\WINDOWS\system32\bndwhqocpkrshy\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\dhbedahtwbu.exe"

Creates FileC:\WINDOWS\system32\bndwhqocpkrshy\tst

Network Details:

DNSelementarimagine.com
Type: A
216.239.140.29
DNSthemorrefk.com
Type: A
216.55.149.9
DNSjumpgray.net
Type: A
98.139.135.21
DNSjumpgray.net
Type: A
98.139.135.22
DNSlifeblood.net
Type: A
50.62.113.58
DNSlifedaily.net
Type: A
67.205.96.219
DNSlifefull.net
Type: A
50.63.202.63
DNSmouthfull.net
Type: A
176.74.176.178
DNSmojoguia.com
Type: A
DNSpengthecon.com
Type: A
DNStablewash.net
Type: A
DNSsalthave.net
Type: A
DNSyourenjoy.net
Type: A
DNSlookloss.net
Type: A
DNSsouthabout.net
Type: A
DNSliarshot.net
Type: A
DNSableeach.net
Type: A
DNSmovegray.net
Type: A
DNSwheelblood.net
Type: A
DNSsaidblood.net
Type: A
DNSwheeldaily.net
Type: A
DNSsaiddaily.net
Type: A
DNSwheellose.net
Type: A
DNSsaidlose.net
Type: A
DNSwheelfull.net
Type: A
DNSsaidfull.net
Type: A
DNSstickblood.net
Type: A
DNSballblood.net
Type: A
DNSstickdaily.net
Type: A
DNSballdaily.net
Type: A
DNSsticklose.net
Type: A
DNSballlose.net
Type: A
DNSstickfull.net
Type: A
DNSballfull.net
Type: A
DNSenemyblood.net
Type: A
DNSenemydaily.net
Type: A
DNSenemylose.net
Type: A
DNSlifelose.net
Type: A
DNSenemyfull.net
Type: A
DNSmouthblood.net
Type: A
DNStillblood.net
Type: A
DNSmouthdaily.net
Type: A
DNStilldaily.net
Type: A
DNSmouthlose.net
Type: A
DNStilllose.net
Type: A
DNStillfull.net
Type: A
DNSshallblood.net
Type: A
DNSdeepblood.net
Type: A
DNSshalldaily.net
Type: A
DNSdeepdaily.net
Type: A
DNSshalllose.net
Type: A
DNSdeeplose.net
Type: A
DNSshallfull.net
Type: A
DNSdeepfull.net
Type: A
DNSpushblood.net
Type: A
DNSfridayblood.net
Type: A
DNSpushdaily.net
Type: A
DNSfridaydaily.net
Type: A
DNSpushlose.net
Type: A
DNSfridaylose.net
Type: A
DNSpushfull.net
Type: A
DNSfridayfull.net
Type: A
DNSalongblood.net
Type: A
DNSdecemberblood.net
Type: A
DNSalongdaily.net
Type: A
DNSdecemberdaily.net
Type: A
DNSalonglose.net
Type: A
DNSdecemberlose.net
Type: A
DNSalongfull.net
Type: A
DNSdecemberfull.net
Type: A
DNSlonghold.net
Type: A
DNSsoilhold.net
Type: A
DNSlongsecond.net
Type: A
DNSsoilsecond.net
Type: A
DNSlongocean.net
Type: A
DNSsoilocean.net
Type: A
DNSlonghave.net
Type: A
DNSsoilhave.net
Type: A
DNSwheelhold.net
Type: A
DNSsaidhold.net
Type: A
DNSwheelsecond.net
Type: A
DNSsaidsecond.net
Type: A
DNSwheelocean.net
Type: A
DNSsaidocean.net
Type: A
DNSwheelhave.net
Type: A
DNSsaidhave.net
Type: A
DNSstickhold.net
Type: A
DNSballhold.net
Type: A
DNSsticksecond.net
Type: A
DNSballsecond.net
Type: A
DNSstickocean.net
Type: A
DNSballocean.net
Type: A
DNSstickhave.net
Type: A
DNSballhave.net
Type: A
DNSenemyhold.net
Type: A
DNSlifehold.net
Type: A
DNSenemysecond.net
Type: A
DNSlifesecond.net
Type: A
DNSenemyocean.net
Type: A
HTTP GEThttp://elementarimagine.com/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012
User-Agent:
HTTP GEThttp://themorrefk.com/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012
User-Agent:
HTTP GEThttp://jumpgray.net/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012
User-Agent:
HTTP GEThttp://lifeblood.net/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012
User-Agent:
HTTP GEThttp://lifedaily.net/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012
User-Agent:
HTTP GEThttp://lifefull.net/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012
User-Agent:
HTTP GEThttp://mouthfull.net/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 216.239.140.29:80
Flows TCP192.168.1.1:1032 ➝ 216.55.149.9:80
Flows TCP192.168.1.1:1033 ➝ 98.139.135.21:80
Flows TCP192.168.1.1:1034 ➝ 50.62.113.58:80
Flows TCP192.168.1.1:1035 ➝ 67.205.96.219:80
Flows TCP192.168.1.1:1036 ➝ 50.63.202.63:80
Flows TCP192.168.1.1:1037 ➝ 176.74.176.178:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 64656e70 616e6e6f 656c4079   ail=denpannoel@y
0x00000040 (00064)   61686f6f 2e636f6d 266c6963 693d6175   ahoo.com&lici=au
0x00000050 (00080)   746f5f30 30303839 30267665 723d3031   to_000890&ver=01
0x00000060 (00096)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000070 (00112)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000080 (00128)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000090 (00144)   3a20656c 656d656e 74617269 6d616769   : elementarimagi
0x000000a0 (00160)   6e652e63 6f6d0d0a 0d0a                ne.com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 64656e70 616e6e6f 656c4079   ail=denpannoel@y
0x00000040 (00064)   61686f6f 2e636f6d 266c6963 693d6175   ahoo.com&lici=au
0x00000050 (00080)   746f5f30 30303839 30267665 723d3031   to_000890&ver=01
0x00000060 (00096)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000070 (00112)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000080 (00128)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000090 (00144)   3a207468 656d6f72 7265666b 2e636f6d   : themorrefk.com
0x000000a0 (00160)   0d0a0d0a 6f6d0d0a 0d0a                ....om....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 64656e70 616e6e6f 656c4079   ail=denpannoel@y
0x00000040 (00064)   61686f6f 2e636f6d 266c6963 693d6175   ahoo.com&lici=au
0x00000050 (00080)   746f5f30 30303839 30267665 723d3031   to_000890&ver=01
0x00000060 (00096)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000070 (00112)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000080 (00128)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000090 (00144)   3a206a75 6d706772 61792e6e 65740d0a   : jumpgray.net..
0x000000a0 (00160)   0d0a3034 204e6f74 20466f75 6e643c2f   ..04 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 64656e70 616e6e6f 656c4079   ail=denpannoel@y
0x00000040 (00064)   61686f6f 2e636f6d 266c6963 693d6175   ahoo.com&lici=au
0x00000050 (00080)   746f5f30 30303839 30267665 723d3031   to_000890&ver=01
0x00000060 (00096)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000070 (00112)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000080 (00128)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000090 (00144)   3a206c69 6665626c 6f6f642e 6e65740d   : lifeblood.net.
0x000000a0 (00160)   0a0d0a34 204e6f74 20466f75 6e643c2f   ...4 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 64656e70 616e6e6f 656c4079   ail=denpannoel@y
0x00000040 (00064)   61686f6f 2e636f6d 266c6963 693d6175   ahoo.com&lici=au
0x00000050 (00080)   746f5f30 30303839 30267665 723d3031   to_000890&ver=01
0x00000060 (00096)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000070 (00112)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000080 (00128)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000090 (00144)   3a206c69 66656461 696c792e 6e65740d   : lifedaily.net.
0x000000a0 (00160)   0a0d0a34 204e6f74 20466f75 6e643c2f   ...4 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 64656e70 616e6e6f 656c4079   ail=denpannoel@y
0x00000040 (00064)   61686f6f 2e636f6d 266c6963 693d6175   ahoo.com&lici=au
0x00000050 (00080)   746f5f30 30303839 30267665 723d3031   to_000890&ver=01
0x00000060 (00096)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000070 (00112)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000080 (00128)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000090 (00144)   3a206c69 66656675 6c6c2e6e 65740d0a   : lifefull.net..
0x000000a0 (00160)   0d0a0a34 204e6f74 20466f75 6e643c2f   ...4 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 64656e70 616e6e6f 656c4079   ail=denpannoel@y
0x00000040 (00064)   61686f6f 2e636f6d 266c6963 693d6175   ahoo.com&lici=au
0x00000050 (00080)   746f5f30 30303839 30267665 723d3031   to_000890&ver=01
0x00000060 (00096)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000070 (00112)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000080 (00128)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000090 (00144)   3a206d6f 75746866 756c6c2e 6e65740d   : mouthfull.net.
0x000000a0 (00160)   0a0d0a34 204e6f74 20466f75 6e643c2f   ...4 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.


Strings