| Analysis Date | 2013-07-24 12:45:10 |
|---|---|
| MD5 | fe24622a85cb4d7a12700d0927939920 |
| SHA1 | 1ff659d26403be1e6e613b98c33837505f737236 |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 8a2feeb3ad2fb8a06d672f5018030669 sha1: 2014d088bd6ce64bdbcb0232d4fc345b34636f27 size: 734208 | |
| Section | .rdata md5: c27bbca62258766c763b5d980bbec661 sha1: fe48162f3eab962f076fb4c03ba68bb550c510e7 size: 33792 | |
| Section | .data md5: 48b144e874187587a45495005d503fef sha1: d6a96ccbe697d8ed3e8f2174aa4bec1c1d30d942 size: 123392 | |
| Timestamp | 2013-06-11 11:48:49 | |
| Packer | Microsoft Visual C++ ?.? | |
| PEhash | f962d144520005e8daa8570258765dd0a469f67a | |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\WINDOWS\system32\bndwhqocpkrshy\tst |
|---|---|
| Creates File | PIPE\lsarpc |
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6AD4.tmp |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\hmbuhhwg1rojoghdzn0ry.exe |
| Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\hmbuhhwg1rojoghdzn0ry.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\hmbuhhwg1rojoghdzn0ry.exe
| Registry | HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝ NULL |
|---|---|
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Intelligent Socket Config Procedure ➝ C:\WINDOWS\system32\dhbedahtwbu.exe |
| Creates File | C:\WINDOWS\system32\dhbedahtwbu.exe |
| Creates File | C:\WINDOWS\system32\bndwhqocpkrshy\lck |
| Creates File | C:\WINDOWS\system32\bndwhqocpkrshy\tst |
| Creates File | C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat |
| Creates File | C:\Documents and Settings\Administrator\Cookies\index.dat |
| Creates File | PIPE\lsarpc |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
| Creates Process | C:\WINDOWS\system32\dhbedahtwbu.exe |
| Creates Mutex | c:!documents and settings!administrator!local settings!history!history.ie5! |
| Creates Mutex | WininetConnectionMutex |
| Creates Mutex | c:!documents and settings!administrator!cookies! |
| Creates Mutex | c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! |
| Creates Service | Bluetooth Accounts Certificate Play Web - C:\WINDOWS\system32\dhbedahtwbu.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
| Creates File | PIPE\lsarpc |
|---|
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 828
Process
↳ C:\WINDOWS\System32\svchost.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝ NULL |
|---|---|
| Creates File | pipe\winlogonrpc |
| Creates File | C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG |
| Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
Process
↳ C:\WINDOWS\system32\spoolsv.exe
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
|---|---|
| Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
| Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LogonTime ➝ NULL |
| Creates File | WMIDataDevice |
Process
↳ Pid 1840
Process
↳ Pid 1020
Process
↳ C:\WINDOWS\system32\dhbedahtwbu.exe
| Creates File | C:\WINDOWS\system32\jiwstlqeevon.exe |
|---|---|
| Creates File | C:\WINDOWS\system32\bndwhqocpkrshy\run |
| Creates File | C:\WINDOWS\system32\bndwhqocpkrshy\rng |
| Creates File | C:\WINDOWS\system32\bndwhqocpkrshy\lck |
| Creates File | pipe\net\NtControlPipe10 |
| Creates File | C:\WINDOWS\system32\bndwhqocpkrshy\tst |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\WINDOWS\system32\bndwhqocpkrshy\cfg |
| Creates Process | WATCHDOGPROC "c:\windows\system32\dhbedahtwbu.exe" |
Process
↳ C:\WINDOWS\system32\dhbedahtwbu.exe
| Creates File | C:\WINDOWS\system32\bndwhqocpkrshy\tst |
|---|
Process
↳ WATCHDOGPROC "c:\windows\system32\dhbedahtwbu.exe"
| Creates File | C:\WINDOWS\system32\bndwhqocpkrshy\tst |
|---|
Network Details:
| DNS | elementarimagine.com Type: A 216.239.140.29 |
|---|---|
| DNS | themorrefk.com Type: A 216.55.149.9 |
| DNS | jumpgray.net Type: A 98.139.135.21 |
| DNS | jumpgray.net Type: A 98.139.135.22 |
| DNS | lifeblood.net Type: A 50.62.113.58 |
| DNS | lifedaily.net Type: A 67.205.96.219 |
| DNS | lifefull.net Type: A 50.63.202.63 |
| DNS | mouthfull.net Type: A 176.74.176.178 |
| DNS | mojoguia.com Type: A |
| DNS | pengthecon.com Type: A |
| DNS | tablewash.net Type: A |
| DNS | salthave.net Type: A |
| DNS | yourenjoy.net Type: A |
| DNS | lookloss.net Type: A |
| DNS | southabout.net Type: A |
| DNS | liarshot.net Type: A |
| DNS | ableeach.net Type: A |
| DNS | movegray.net Type: A |
| DNS | wheelblood.net Type: A |
| DNS | saidblood.net Type: A |
| DNS | wheeldaily.net Type: A |
| DNS | saiddaily.net Type: A |
| DNS | wheellose.net Type: A |
| DNS | saidlose.net Type: A |
| DNS | wheelfull.net Type: A |
| DNS | saidfull.net Type: A |
| DNS | stickblood.net Type: A |
| DNS | ballblood.net Type: A |
| DNS | stickdaily.net Type: A |
| DNS | balldaily.net Type: A |
| DNS | sticklose.net Type: A |
| DNS | balllose.net Type: A |
| DNS | stickfull.net Type: A |
| DNS | ballfull.net Type: A |
| DNS | enemyblood.net Type: A |
| DNS | enemydaily.net Type: A |
| DNS | enemylose.net Type: A |
| DNS | lifelose.net Type: A |
| DNS | enemyfull.net Type: A |
| DNS | mouthblood.net Type: A |
| DNS | tillblood.net Type: A |
| DNS | mouthdaily.net Type: A |
| DNS | tilldaily.net Type: A |
| DNS | mouthlose.net Type: A |
| DNS | tilllose.net Type: A |
| DNS | tillfull.net Type: A |
| DNS | shallblood.net Type: A |
| DNS | deepblood.net Type: A |
| DNS | shalldaily.net Type: A |
| DNS | deepdaily.net Type: A |
| DNS | shalllose.net Type: A |
| DNS | deeplose.net Type: A |
| DNS | shallfull.net Type: A |
| DNS | deepfull.net Type: A |
| DNS | pushblood.net Type: A |
| DNS | fridayblood.net Type: A |
| DNS | pushdaily.net Type: A |
| DNS | fridaydaily.net Type: A |
| DNS | pushlose.net Type: A |
| DNS | fridaylose.net Type: A |
| DNS | pushfull.net Type: A |
| DNS | fridayfull.net Type: A |
| DNS | alongblood.net Type: A |
| DNS | decemberblood.net Type: A |
| DNS | alongdaily.net Type: A |
| DNS | decemberdaily.net Type: A |
| DNS | alonglose.net Type: A |
| DNS | decemberlose.net Type: A |
| DNS | alongfull.net Type: A |
| DNS | decemberfull.net Type: A |
| DNS | longhold.net Type: A |
| DNS | soilhold.net Type: A |
| DNS | longsecond.net Type: A |
| DNS | soilsecond.net Type: A |
| DNS | longocean.net Type: A |
| DNS | soilocean.net Type: A |
| DNS | longhave.net Type: A |
| DNS | soilhave.net Type: A |
| DNS | wheelhold.net Type: A |
| DNS | saidhold.net Type: A |
| DNS | wheelsecond.net Type: A |
| DNS | saidsecond.net Type: A |
| DNS | wheelocean.net Type: A |
| DNS | saidocean.net Type: A |
| DNS | wheelhave.net Type: A |
| DNS | saidhave.net Type: A |
| DNS | stickhold.net Type: A |
| DNS | ballhold.net Type: A |
| DNS | sticksecond.net Type: A |
| DNS | ballsecond.net Type: A |
| DNS | stickocean.net Type: A |
| DNS | ballocean.net Type: A |
| DNS | stickhave.net Type: A |
| DNS | ballhave.net Type: A |
| DNS | enemyhold.net Type: A |
| DNS | lifehold.net Type: A |
| DNS | enemysecond.net Type: A |
| DNS | lifesecond.net Type: A |
| DNS | enemyocean.net Type: A |
| HTTP GET | http://elementarimagine.com/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012 User-Agent: |
| HTTP GET | http://themorrefk.com/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012 User-Agent: |
| HTTP GET | http://jumpgray.net/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012 User-Agent: |
| HTTP GET | http://lifeblood.net/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012 User-Agent: |
| HTTP GET | http://lifedaily.net/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012 User-Agent: |
| HTTP GET | http://lifefull.net/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012 User-Agent: |
| HTTP GET | http://mouthfull.net/forum/search.php?method=validate&mode=my&email=denpannoel@yahoo.com&lici=auto_000890&ver=012 User-Agent: |
| Flows TCP | 192.168.1.1:1031 ➝ 216.239.140.29:80 |
| Flows TCP | 192.168.1.1:1032 ➝ 216.55.149.9:80 |
| Flows TCP | 192.168.1.1:1033 ➝ 98.139.135.21:80 |
| Flows TCP | 192.168.1.1:1034 ➝ 50.62.113.58:80 |
| Flows TCP | 192.168.1.1:1035 ➝ 67.205.96.219:80 |
| Flows TCP | 192.168.1.1:1036 ➝ 50.63.202.63:80 |
| Flows TCP | 192.168.1.1:1037 ➝ 176.74.176.178:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d6d 7926656d idate&mode=my&em 0x00000030 (00048) 61696c3d 64656e70 616e6e6f 656c4079 ail=denpannoel@y 0x00000040 (00064) 61686f6f 2e636f6d 266c6963 693d6175 ahoo.com&lici=au 0x00000050 (00080) 746f5f30 30303839 30267665 723d3031 to_000890&ver=01 0x00000060 (00096) 32204854 54502f31 2e300d0a 41636365 2 HTTP/1.0..Acce 0x00000070 (00112) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000080 (00128) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000090 (00144) 3a20656c 656d656e 74617269 6d616769 : elementarimagi 0x000000a0 (00160) 6e652e63 6f6d0d0a 0d0a ne.com.... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d6d 7926656d idate&mode=my&em 0x00000030 (00048) 61696c3d 64656e70 616e6e6f 656c4079 ail=denpannoel@y 0x00000040 (00064) 61686f6f 2e636f6d 266c6963 693d6175 ahoo.com&lici=au 0x00000050 (00080) 746f5f30 30303839 30267665 723d3031 to_000890&ver=01 0x00000060 (00096) 32204854 54502f31 2e300d0a 41636365 2 HTTP/1.0..Acce 0x00000070 (00112) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000080 (00128) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000090 (00144) 3a207468 656d6f72 7265666b 2e636f6d : themorrefk.com 0x000000a0 (00160) 0d0a0d0a 6f6d0d0a 0d0a ....om.... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d6d 7926656d idate&mode=my&em 0x00000030 (00048) 61696c3d 64656e70 616e6e6f 656c4079 ail=denpannoel@y 0x00000040 (00064) 61686f6f 2e636f6d 266c6963 693d6175 ahoo.com&lici=au 0x00000050 (00080) 746f5f30 30303839 30267665 723d3031 to_000890&ver=01 0x00000060 (00096) 32204854 54502f31 2e300d0a 41636365 2 HTTP/1.0..Acce 0x00000070 (00112) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000080 (00128) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000090 (00144) 3a206a75 6d706772 61792e6e 65740d0a : jumpgray.net.. 0x000000a0 (00160) 0d0a3034 204e6f74 20466f75 6e643c2f ..04 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d6d 7926656d idate&mode=my&em 0x00000030 (00048) 61696c3d 64656e70 616e6e6f 656c4079 ail=denpannoel@y 0x00000040 (00064) 61686f6f 2e636f6d 266c6963 693d6175 ahoo.com&lici=au 0x00000050 (00080) 746f5f30 30303839 30267665 723d3031 to_000890&ver=01 0x00000060 (00096) 32204854 54502f31 2e300d0a 41636365 2 HTTP/1.0..Acce 0x00000070 (00112) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000080 (00128) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000090 (00144) 3a206c69 6665626c 6f6f642e 6e65740d : lifeblood.net. 0x000000a0 (00160) 0a0d0a34 204e6f74 20466f75 6e643c2f ...4 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d6d 7926656d idate&mode=my&em 0x00000030 (00048) 61696c3d 64656e70 616e6e6f 656c4079 ail=denpannoel@y 0x00000040 (00064) 61686f6f 2e636f6d 266c6963 693d6175 ahoo.com&lici=au 0x00000050 (00080) 746f5f30 30303839 30267665 723d3031 to_000890&ver=01 0x00000060 (00096) 32204854 54502f31 2e300d0a 41636365 2 HTTP/1.0..Acce 0x00000070 (00112) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000080 (00128) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000090 (00144) 3a206c69 66656461 696c792e 6e65740d : lifedaily.net. 0x000000a0 (00160) 0a0d0a34 204e6f74 20466f75 6e643c2f ...4 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d6d 7926656d idate&mode=my&em 0x00000030 (00048) 61696c3d 64656e70 616e6e6f 656c4079 ail=denpannoel@y 0x00000040 (00064) 61686f6f 2e636f6d 266c6963 693d6175 ahoo.com&lici=au 0x00000050 (00080) 746f5f30 30303839 30267665 723d3031 to_000890&ver=01 0x00000060 (00096) 32204854 54502f31 2e300d0a 41636365 2 HTTP/1.0..Acce 0x00000070 (00112) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000080 (00128) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000090 (00144) 3a206c69 66656675 6c6c2e6e 65740d0a : lifefull.net.. 0x000000a0 (00160) 0d0a0a34 204e6f74 20466f75 6e643c2f ...4 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d6d 7926656d idate&mode=my&em 0x00000030 (00048) 61696c3d 64656e70 616e6e6f 656c4079 ail=denpannoel@y 0x00000040 (00064) 61686f6f 2e636f6d 266c6963 693d6175 ahoo.com&lici=au 0x00000050 (00080) 746f5f30 30303839 30267665 723d3031 to_000890&ver=01 0x00000060 (00096) 32204854 54502f31 2e300d0a 41636365 2 HTTP/1.0..Acce 0x00000070 (00112) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000080 (00128) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000090 (00144) 3a206d6f 75746866 756c6c2e 6e65740d : mouthfull.net. 0x000000a0 (00160) 0a0d0a34 204e6f74 20466f75 6e643c2f ...4 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>.
Strings