Analysis Date2015-09-29 22:13:17
MD50e7b4921fb2e8f074230467ca6a35222
SHA171ffa62cca66f12112812b87bb991c0d4562e226

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d4285993f9e5a8406887f53e3e610b36 sha1: fcbc165babb2637e614c24c1b4acc6dc5e4f5231 size: 730112
Section.rdata md5: 8663f9235100f6144a397b42d154843c sha1: 39fd2ea39373d7407464cb43a648881e1a6b1ada size: 32256
Section.data md5: 1335369260fb59b315d0410e7db6ab70 sha1: f0a19bc59a5acd43f3d21cda425100f31c88eaab size: 123392
Timestamp2014-01-22 05:58:36
PackerMicrosoft Visual C++ ?.?
PEhashaac1e7995c488ce508e9067076a5ffc7fb189e9c
IMPhashe40fbd1ffbc1420593cae315fb61f624
AVRisingno_virus
AVCA (E-Trust Ino)Win32/Tnega.XAMV!suspicious
AVF-SecureGen:Variant.Symmi.22722
AVDr. WebTrojan.KillFiles.12831
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Symmi.22722
AVBullGuardGen:Variant.Symmi.22722
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend MicroTSPY_NIVDORT.SMA
AVKasperskyTrojan.Win32.Generic
AVZillya!Trojan.Kryptik.Win32.789586
AVEmsisoftGen:Variant.Symmi.22722
AVIkarusTrojan.Win32.Spy
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Symmi.AH.gen!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Gen:Variant.Symmi.22722
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.Y
AVK7Trojan ( 0049137f1 )
AVBitDefenderGen:Variant.Symmi.22722
AVFortinetW32/Kryptik.BCFJ!tr
AVSymantecno_virus
AVGrisoft (avg)Win32/Cryptor
AVEset (nod32)Win32/Kryptik.CCLE
AVAlwil (avast)Kryptik-OCE [Trj]
AVAd-AwareGen:Variant.Symmi.22722
AVTwisterTrojan.558BEC@24000C1@2F.mg
AVAvira (antivir)BDS/Zegost.Gen4
AVMcafeeno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\lhkz1vh1ma3neevwrnsdpbl.exe
Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\lhkz1vh1ma3neevwrnsdpbl.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\lhkz1vh1ma3neevwrnsdpbl.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Assistant Authentication Event Health ➝
C:\WINDOWS\system32\hfzrrnbuvzyk.exe
Creates FileC:\WINDOWS\system32\hfzrrnbuvzyk.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\lck
Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\tst
Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\etc
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\hfzrrnbuvzyk.exe
Creates ServiceClient Auto SNMP Peer System Desktop - C:\WINDOWS\system32\hfzrrnbuvzyk.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 828

Process
↳ Pid 872

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1228

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates FileWMIDataDevice

Process
↳ Pid 1868

Process
↳ Pid 1180

Process
↳ C:\WINDOWS\system32\hfzrrnbuvzyk.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\TEMP\lhkz1vh1t78neevw.exe
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\jkwpklbfy.exe
Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\lck
Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\tst
Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\cfg
Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\run
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\rng
Creates ProcessWATCHDOGPROC "c:\windows\system32\hfzrrnbuvzyk.exe"
Creates ProcessC:\WINDOWS\TEMP\lhkz1vh1t78neevw.exe -r 21143 tcp

Process
↳ C:\WINDOWS\system32\hfzrrnbuvzyk.exe

Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\hfzrrnbuvzyk.exe"

Creates FileC:\WINDOWS\system32\zzscymzagykfnmj\tst

Process
↳ C:\WINDOWS\TEMP\lhkz1vh1t78neevw.exe -r 21143 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSstickmarch.net
Type: A
52.4.209.250
DNStablefruit.net
Type: A
52.4.209.250
DNSmeathouse.net
Type: A
89.19.29.109
DNSsickhouse.net
Type: A
146.0.42.103
DNScloudhouse.net
Type: A
208.91.197.26
DNScloudgift.net
Type: A
210.157.1.134
DNSmilkhome.net
Type: A
121.78.88.38
DNSwithhome.net
Type: A
112.175.85.235
DNScasehome.net
Type: A
50.23.195.228
DNSheadhome.net
Type: A
216.239.34.21
DNSheadhome.net
Type: A
216.239.36.21
DNSheadhome.net
Type: A
216.239.38.21
DNSheadhome.net
Type: A
216.239.32.21
DNSquickhome.net
Type: A
207.148.248.143
DNSthenhome.net
Type: A
82.165.188.126
DNSthengrain.net
Type: A
162.255.119.250
DNSthengold.net
Type: A
95.211.230.75
DNSmeathome.net
Type: A
121.254.210.142
DNScloudhome.net
Type: A
8.5.1.35
DNSkaselindertu.com
Type: A
DNSdavedekilai.com
Type: A
DNSlaloponea.com
Type: A
DNSfredesecas.com
Type: A
DNSdonaven4guia.com
Type: A
DNSquicktuesday.net
Type: A
DNSthentuesday.net
Type: A
DNSquickpeace.net
Type: A
DNSthenpeace.net
Type: A
DNSsundayhouse.net
Type: A
DNSmosthouse.net
Type: A
DNSsundaygift.net
Type: A
DNSmostgift.net
Type: A
DNSsundaytuesday.net
Type: A
DNSmosttuesday.net
Type: A
DNSsundaypeace.net
Type: A
DNSmostpeace.net
Type: A
DNSmeatgift.net
Type: A
DNSsickgift.net
Type: A
DNSmeattuesday.net
Type: A
DNSsicktuesday.net
Type: A
DNSmeatpeace.net
Type: A
DNSsickpeace.net
Type: A
DNSdarkhouse.net
Type: A
DNSdarkgift.net
Type: A
DNScloudtuesday.net
Type: A
DNSdarktuesday.net
Type: A
DNScloudpeace.net
Type: A
DNSdarkpeace.net
Type: A
DNStriedhome.net
Type: A
DNSmilkover.net
Type: A
DNStriedover.net
Type: A
DNSmilkgrain.net
Type: A
DNStriedgrain.net
Type: A
DNSmilkgold.net
Type: A
DNStriedgold.net
Type: A
DNSdutyhome.net
Type: A
DNSwithover.net
Type: A
DNSdutyover.net
Type: A
DNSwithgrain.net
Type: A
DNSdutygrain.net
Type: A
DNSwithgold.net
Type: A
DNSdutygold.net
Type: A
DNSthesehome.net
Type: A
DNSsighthome.net
Type: A
DNStheseover.net
Type: A
DNSsightover.net
Type: A
DNSthesegrain.net
Type: A
DNSsightgrain.net
Type: A
DNSthesegold.net
Type: A
DNSsightgold.net
Type: A
DNScaseover.net
Type: A
DNSheadover.net
Type: A
DNScasegrain.net
Type: A
DNSheadgrain.net
Type: A
DNScasegold.net
Type: A
DNSheadgold.net
Type: A
DNSquickover.net
Type: A
DNSthenover.net
Type: A
DNSquickgrain.net
Type: A
DNSquickgold.net
Type: A
DNSsundayhome.net
Type: A
DNSmosthome.net
Type: A
DNSsundayover.net
Type: A
DNSmostover.net
Type: A
DNSsundaygrain.net
Type: A
DNSmostgrain.net
Type: A
DNSsundaygold.net
Type: A
DNSmostgold.net
Type: A
DNSsickhome.net
Type: A
DNSmeatover.net
Type: A
DNSsickover.net
Type: A
DNSmeatgrain.net
Type: A
DNSsickgrain.net
Type: A
DNSmeatgold.net
Type: A
DNSsickgold.net
Type: A
HTTP GEThttp://stickmarch.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://tablefruit.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://meathouse.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://sickhouse.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://cloudhouse.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://cloudgift.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://milkhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://withhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://casehome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://headhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://quickhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://thenhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://thengrain.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://thengold.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://meathome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://cloudhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://stickmarch.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://tablefruit.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://meathouse.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://sickhouse.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://cloudhouse.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://cloudgift.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://milkhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://withhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://casehome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://headhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://quickhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://thenhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://thengrain.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://thengold.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://meathome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
HTTP GEThttp://cloudhome.net/forum/search.php?method=validate&mode=sox&v=020&sox=3a8f4002
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 52.4.209.250:80
Flows TCP192.168.1.1:1037 ➝ 52.4.209.250:80
Flows TCP192.168.1.1:1038 ➝ 89.19.29.109:80
Flows TCP192.168.1.1:1039 ➝ 146.0.42.103:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.26:80
Flows TCP192.168.1.1:1041 ➝ 210.157.1.134:80
Flows TCP192.168.1.1:1042 ➝ 121.78.88.38:80
Flows TCP192.168.1.1:1043 ➝ 112.175.85.235:80
Flows TCP192.168.1.1:1045 ➝ 50.23.195.228:80
Flows TCP192.168.1.1:1046 ➝ 216.239.34.21:80
Flows TCP192.168.1.1:1047 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1048 ➝ 82.165.188.126:80
Flows TCP192.168.1.1:1049 ➝ 162.255.119.250:80
Flows TCP192.168.1.1:1050 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1051 ➝ 121.254.210.142:80
Flows TCP192.168.1.1:1052 ➝ 8.5.1.35:80
Flows TCP192.168.1.1:1053 ➝ 52.4.209.250:80
Flows TCP192.168.1.1:1054 ➝ 52.4.209.250:80
Flows TCP192.168.1.1:1055 ➝ 89.19.29.109:80
Flows TCP192.168.1.1:1056 ➝ 146.0.42.103:80
Flows TCP192.168.1.1:1057 ➝ 208.91.197.26:80
Flows TCP192.168.1.1:1058 ➝ 210.157.1.134:80
Flows TCP192.168.1.1:1059 ➝ 121.78.88.38:80
Flows TCP192.168.1.1:1060 ➝ 112.175.85.235:80
Flows TCP192.168.1.1:1061 ➝ 50.23.195.228:80
Flows TCP192.168.1.1:1062 ➝ 216.239.34.21:80
Flows TCP192.168.1.1:1063 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1064 ➝ 82.165.188.126:80
Flows TCP192.168.1.1:1065 ➝ 162.255.119.250:80
Flows TCP192.168.1.1:1066 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1067 ➝ 121.254.210.142:80
Flows TCP192.168.1.1:1068 ➝ 8.5.1.35:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d65 6174686f 7573652e 6e65740d   : meathouse.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207369 636b686f 7573652e 6e65740d   : sickhouse.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f756468 6f757365 2e6e6574   : cloudhouse.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f756467 6966742e 6e65740d   : cloudgift.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d69 6c6b686f 6d652e6e 65740d0a   : milkhome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 7468686f 6d652e6e 65740d0a   : withhome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206361 7365686f 6d652e6e 65740d0a   : casehome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206865 6164686f 6d652e6e 65740d0a   : headhome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 69636b68 6f6d652e 6e65740d   : quickhome.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 656e686f 6d652e6e 65740d0a   : thenhome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 656e6772 61696e2e 6e65740d   : thengrain.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 656e676f 6c642e6e 65740d0a   : thengold.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d65 6174686f 6d652e6e 65740d0a   : meathome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f756468 6f6d652e 6e65740d   : cloudhome.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d65 6174686f 7573652e 6e65740d   : meathouse.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207369 636b686f 7573652e 6e65740d   : sickhouse.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f756468 6f757365 2e6e6574   : cloudhouse.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f756467 6966742e 6e65740d   : cloudgift.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d69 6c6b686f 6d652e6e 65740d0a   : milkhome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 7468686f 6d652e6e 65740d0a   : withhome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206361 7365686f 6d652e6e 65740d0a   : casehome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206865 6164686f 6d652e6e 65740d0a   : headhome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 69636b68 6f6d652e 6e65740d   : quickhome.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 656e686f 6d652e6e 65740d0a   : thenhome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 656e6772 61696e2e 6e65740d   : thengrain.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 656e676f 6c642e6e 65740d0a   : thengold.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d65 6174686f 6d652e6e 65740d0a   : meathome.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d336138 66343030   =020&sox=3a8f400
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f756468 6f6d652e 6e65740d   : cloudhome.net.
0x00000080 (00128)   0a0d0a0a                              ....


Strings