Analysis Date2013-08-29 15:25:25
MD5f2255db8abd60ac1d8a479b3186c7f71
SHA16f8fc5224d9e358df46ca57e3254d25d9bd4c9e9

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: dd639e462ec6c15d2f3163ee1576b374 sha1: 2091977f39bc39c9eeaa94b7432644bef67a90b7 size: 225792
Section.rdata md5: 9e1a70c7d3f785caaa8dadd81beca6ec sha1: 090b1f9941cbd144e7dd381b3c403af4053e85d7 size: 29184
Section.data md5: bcde145b2c6c322c27691a6cd8a00fb7 sha1: 00380d129250004928089b607f76156f2c54dbff size: 9216
Timestamp2011-12-06 18:20:43
PackerMicrosoft Visual C++ ?.?
PEhash144c793406c3f9bfea0c0ca51c3ac0ecbf81880d
AVavgAgent_r.AVD
AVmsseVirTool:Win32/Obfuscator.AAV

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Source Gateway Secondary Wired Support Panel ➝
C:\Documents and Settings\Administrator\Local Settings\Application Data\zsoyjfpyrss\usfdmvx.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\zsoyjfpyrss\usfdmvx.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Application Data\zsoyjfpyrss\usfdmvx.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Application Data\zsoyjfpyrss\usfdmvx.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\zsoyjfpyrss\qfhdwrvfkuwn.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\zsoyjfpyrss\usfdmvx.woz
Creates ProcessWATCHDOGPROC "C:\Documents and Settings\Administrator\Local Settings\Application Data\zsoyjfpyrss\usfdmvx.exe"

Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Local Settings\Application Data\zsoyjfpyrss\usfdmvx.exe"

Network Details:

DNShaselopricezat.com
Type: A
208.73.210.155
DNSoppored.com
Type: A
69.43.161.169
DNSpulaminacee.com
Type: A
208.73.210.155
DNSburitosasrl.com
Type: A
69.43.161.170
DNSrebalt.com
Type: A
184.168.221.2
DNSgonotar.com
Type: A
208.73.210.155
DNSelverot.com
Type: A
208.73.210.155
DNSfalaterest.com
Type: A
208.73.210.155
DNSpapadov.com
Type: A
208.73.210.201
DNSbadero.com
Type: A
50.63.202.67
DNSjimberolipop.com
Type: A
208.73.210.155
DNSglostmec.com
Type: A
208.73.210.155
DNSiberan.com
Type: A
208.73.210.203
DNSburitoriso.com
Type: A
208.73.210.202
DNSpoleric.com
Type: A
208.73.210.155
DNSvadelt.com
Type: A
208.73.210.155
DNSgehereiroplop.com
Type: A
208.73.210.155
DNSelectow.com
Type: A
208.73.210.155
DNSekendar.com
Type: A
208.73.210.155
DNSswcopilserits.com
Type: A
208.73.210.155
DNSmelixe.com
Type: A
208.73.210.155
DNSbilode.com
Type: A
209.99.40.226
DNSmarjepolirst.com
Type: A
208.73.210.155
DNShartend.com
Type: A
208.73.210.155
DNSferetolopazerns.com
Type: A
208.73.210.155
DNSmacandpa.com
Type: A
208.73.210.203
DNSlocoand.com
Type: A
208.73.210.155
DNSnerlestitops.com
Type: A
208.73.210.202
DNSjondiret.com
Type: A
208.73.210.201
DNSbinerat.com
Type: A
208.73.210.155
DNSherolopcazers.com
Type: A
208.73.210.155
DNSvadaxer.com
Type: A
208.73.210.155
DNSfontored.com
Type: A
64.15.71.22
DNSaderino.com
Type: A
209.99.40.223
DNSklestar.com
Type: A
72.10.147.6
DNSklestar.com
Type: A
72.10.147.5
DNSmianaf.com
Type: A
208.73.210.155
DNSnaimied.com
Type: A
208.73.210.155
DNSdengodar.com
Type: A
208.73.210.155
DNSbezedete.com
Type: A
209.99.40.227
DNSmogohet.com
Type: A
DNSgesqwaserops.com
Type: A
DNSfiatelox.com
Type: A
DNSdafatan.com
Type: A
HTTP GEThttp://haselopricezat.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://oppored.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://pulaminacee.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://buritosasrl.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://rebalt.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://gonotar.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://elverot.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://falaterest.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://papadov.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://badero.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://jimberolipop.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://glostmec.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://iberan.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://buritoriso.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://poleric.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://vadelt.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://gehereiroplop.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://electow.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://ekendar.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://swcopilserits.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://melixe.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://bilode.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://marjepolirst.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://hartend.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://feretolopazerns.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://macandpa.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://locoand.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://nerlestitops.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://jondiret.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://binerat.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://herolopcazers.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://vadaxer.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://fontored.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://aderino.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://falaterest.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://klestar.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://mianaf.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://naimied.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://dengodar.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
HTTP GEThttp://bezedete.com/forum/search.php?email=ajay13_9@yahoo.com
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1032 ➝ 69.43.161.169:80
Flows TCP192.168.1.1:1033 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1034 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1035 ➝ 184.168.221.2:80
Flows TCP192.168.1.1:1036 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1037 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1038 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1039 ➝ 208.73.210.201:80
Flows TCP192.168.1.1:1040 ➝ 50.63.202.67:80
Flows TCP192.168.1.1:1041 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1042 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1043 ➝ 208.73.210.203:80
Flows TCP192.168.1.1:1044 ➝ 208.73.210.202:80
Flows TCP192.168.1.1:1045 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1046 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1047 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1048 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1049 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1050 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1051 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1052 ➝ 209.99.40.226:80
Flows TCP192.168.1.1:1053 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1054 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1055 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1056 ➝ 208.73.210.203:80
Flows TCP192.168.1.1:1057 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1058 ➝ 208.73.210.202:80
Flows TCP192.168.1.1:1059 ➝ 208.73.210.201:80
Flows TCP192.168.1.1:1060 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1061 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1062 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1063 ➝ 64.15.71.22:80
Flows TCP192.168.1.1:1064 ➝ 209.99.40.223:80
Flows TCP192.168.1.1:1065 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1066 ➝ 72.10.147.6:80
Flows TCP192.168.1.1:1067 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1068 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1069 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1070 ➝ 209.99.40.227:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2068   : close..Host: h
0x00000060 (00096)   6173656c 6f707269 63657a61 742e636f   aselopricezat.co
0x00000070 (00112)   6d0d0a0d 0a                           m....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206f   : close..Host: o
0x00000060 (00096)   70706f72 65642e63 6f6d0d0a 0d0a636f   ppored.com....co
0x00000070 (00112)   6d0d0a0d 0a                           m....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000060 (00096)   756c616d 696e6163 65652e63 6f6d0d0a   ulaminacee.com..
0x00000070 (00112)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000060 (00096)   75726974 6f736173 726c2e63 6f6d0d0a   uritosasrl.com..
0x00000070 (00112)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2072   : close..Host: r
0x00000060 (00096)   6562616c 742e636f 6d0d0a0d 0a6d0d0a   ebalt.com....m..
0x00000070 (00112)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2067   : close..Host: g
0x00000060 (00096)   6f6e6f74 61722e63 6f6d0d0a 0d0a0d0a   onotar.com......
0x00000070 (00112)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2065   : close..Host: e
0x00000060 (00096)   6c766572 6f742e63 6f6d0d0a 0d0a0d0a   lverot.com......
0x00000070 (00112)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2066   : close..Host: f
0x00000060 (00096)   616c6174 65726573 742e636f 6d0d0a0d   alaterest.com...
0x00000070 (00112)   0a0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000060 (00096)   61706164 6f762e63 6f6d0d0a 0d0a0a0d   apadov.com......
0x00000070 (00112)   0a0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000060 (00096)   61646572 6f2e636f 6d0d0a0d 0a0a0a0d   adero.com.......
0x00000070 (00112)   0a0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206a   : close..Host: j
0x00000060 (00096)   696d6265 726f6c69 706f702e 636f6d0d   imberolipop.com.
0x00000070 (00112)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2067   : close..Host: g
0x00000060 (00096)   6c6f7374 6d65632e 636f6d0d 0a0d0a0d   lostmec.com.....
0x00000070 (00112)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2069   : close..Host: i
0x00000060 (00096)   62657261 6e2e636f 6d0d0a0d 0a0d0a0d   beran.com.......
0x00000070 (00112)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000060 (00096)   75726974 6f726973 6f2e636f 6d0d0a0d   uritoriso.com...
0x00000070 (00112)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000060 (00096)   6f6c6572 69632e63 6f6d0d0a 0d0a0a0d   oleric.com......
0x00000070 (00112)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2076   : close..Host: v
0x00000060 (00096)   6164656c 742e636f 6d0d0a0d 0a0a0a0d   adelt.com.......
0x00000070 (00112)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2067   : close..Host: g
0x00000060 (00096)   65686572 6569726f 706c6f70 2e636f6d   ehereiroplop.com
0x00000070 (00112)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2065   : close..Host: e
0x00000060 (00096)   6c656374 6f772e63 6f6d0d0a 0d0a6f6d   lectow.com....om
0x00000070 (00112)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2065   : close..Host: e
0x00000060 (00096)   6b656e64 61722e63 6f6d0d0a 0d0a6f6d   kendar.com....om
0x00000070 (00112)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000060 (00096)   77636f70 696c7365 72697473 2e636f6d   wcopilserits.com
0x00000070 (00112)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000060 (00096)   656c6978 652e636f 6d0d0a0d 0a636f6d   elixe.com....com
0x00000070 (00112)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000060 (00096)   696c6f64 652e636f 6d0d0a0d 0a636f6d   ilode.com....com
0x00000070 (00112)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000060 (00096)   61726a65 706f6c69 7273742e 636f6d0d   arjepolirst.com.
0x00000070 (00112)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2068   : close..Host: h
0x00000060 (00096)   61727465 6e642e63 6f6d0d0a 0d0a6d0d   artend.com....m.
0x00000070 (00112)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2066   : close..Host: f
0x00000060 (00096)   65726574 6f6c6f70 617a6572 6e732e63   eretolopazerns.c
0x00000070 (00112)   6f6d0d0a 0d0a                         om....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000060 (00096)   6163616e 6470612e 636f6d0d 0a0d0a63   acandpa.com....c
0x00000070 (00112)   6f6d0d0a 0d0a                         om....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206c   : close..Host: l
0x00000060 (00096)   6f636f61 6e642e63 6f6d0d0a 0d0a0a63   ocoand.com.....c
0x00000070 (00112)   6f6d0d0a 0d0a                         om....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206e   : close..Host: n
0x00000060 (00096)   65726c65 73746974 6f70732e 636f6d0d   erlestitops.com.
0x00000070 (00112)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206a   : close..Host: j
0x00000060 (00096)   6f6e6469 7265742e 636f6d0d 0a0d0a0d   ondiret.com.....
0x00000070 (00112)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000060 (00096)   696e6572 61742e63 6f6d0d0a 0d0a0a0d   inerat.com......
0x00000070 (00112)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2068   : close..Host: h
0x00000060 (00096)   65726f6c 6f706361 7a657273 2e636f6d   erolopcazers.com
0x00000070 (00112)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2076   : close..Host: v
0x00000060 (00096)   61646178 65722e63 6f6d0d0a 0d0a6f6d   adaxer.com....om
0x00000070 (00112)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2066   : close..Host: f
0x00000060 (00096)   6f6e746f 7265642e 636f6d0d 0a0d0a6d   ontored.com....m
0x00000070 (00112)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2061   : close..Host: a
0x00000060 (00096)   64657269 6e6f2e63 6f6d0d0a 0d0a       derino.com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2066   : close..Host: f
0x00000060 (00096)   616c6174 65726573 742e636f 6d0d0a0d   alaterest.com...
0x00000070 (00112)   0a0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206b   : close..Host: k
0x00000060 (00096)   6c657374 61722e63 6f6d0d0a 0d0a0a0d   lestar.com......
0x00000070 (00112)   0a0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000060 (00096)   69616e61 662e636f 6d0d0a0d 0a0a0a0d   ianaf.com.......
0x00000070 (00112)   0a0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a206e   : close..Host: n
0x00000060 (00096)   61696d69 65642e63 6f6d0d0a 0d0a0a0d   aimied.com......
0x00000070 (00112)   0a0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2064   : close..Host: d
0x00000060 (00096)   656e676f 6461722e 636f6d0d 0a0d0a0d   engodar.com.....
0x00000070 (00112)   0a0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 616a6179   h.php?email=ajay
0x00000020 (00032)   31335f39 40796168 6f6f2e63 6f6d2048   13_9@yahoo.com H
0x00000030 (00048)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000040 (00064)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000050 (00080)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000060 (00096)   657a6564 6574652e 636f6d0d 0a0d0a0d   ezedete.com.....
0x00000070 (00112)   0a0a0d0a                              ....


Strings