Analysis | #totalhash

Analysis Date	2015-09-17 08:31:40
MD5	b0beea7235f94921c083497084c1e9f9
SHA1	86e658c3ce064f7623f48614c4d5318b9d341d18

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 7777651977c982dc47804551941743b9 sha1: 95f1437feae6c82786d18d6b70c4fe8c9dc79c25 size: 976896
Section	.rdata md5: 695ed73042bd92514391717e7877a5bc sha1: c0da6ad557952157f1091ae7a26ca304e8e5aacb size: 31232
Section	.data md5: e70c9bb050223d7847e158a5b86ec8d6 sha1: 751357d0a9f2ef48bb540e7b602f1b1805832cf7 size: 117248
Timestamp	2013-03-13 19:18:58
Packer	Microsoft Visual C++ ?.?
PEhash	e55c311065fe49c70e929754d17e3e1c6e1a042e
IMPhash	eb56d3cc2f74f721b650c169ad0b4214
AV	Rising	no_virus
AV	Mcafee	no_virus
AV	Avira (antivir)	BDS/Zegost.Gen
AV	Twister	Virus.CB0000E978FEFFFF50.mg
AV	Ad-Aware	Gen:Variant.Kazy.164619
AV	Alwil (avast)	Downloader-TLD [Trj]
AV	Eset (nod32)	Win32/Bayrob.N.Gen
AV	Grisoft (avg)	Generic_r.CDN
AV	Symantec	Trojan.Bayrob!gen4
AV	Fortinet	W32/Bayrob.N!tr
AV	BitDefender	Gen:Variant.Kazy.164619
AV	K7	Backdoor ( 04c540d41 )
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort.P
AV	MicroWorld (escan)	Gen:Variant.Kazy.164619
AV	MalwareBytes	Trojan.Agent
AV	Authentium	W32/Symmi.G.gen!Eldorado
AV	Frisk (f-prot)	W32/Symmi.G.gen!Eldorado
AV	Ikarus	Trojan.Win32.Spy
AV	Emsisoft	Gen:Variant.Kazy.164619
AV	Zillya!	Trojan.Bayrob.Win32.1501
AV	Kaspersky	Trojan.Win32.Generic
AV	Trend Micro	TSPY_NIVDORT.SM
AV	CAT (quickheal)	no_virus
AV	VirusBlokAda (vba32)	no_virus
AV	Padvish	no_virus
AV	BullGuard	Gen:Variant.Kazy.164619
AV	Arcabit (arcavir)	Gen:Variant.Kazy.164619
AV	ClamAV	no_virus
AV	Dr. Web	no_virus
AV	F-Secure	Gen:Variant.Kazy.164619
AV	CA (E-Trust Ino)	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\h7adhgj31n5cwbxh6zob1i.exe
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\tst
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\h7adhgj31n5cwbxh6zob1i.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\h7adhgj31n5cwbxh6zob1i.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Tunneling Intelligent Visual Image Storage Media ➝ C:\WINDOWS\system32\zxzldwtotd.exe
Creates File	C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\zxzldwtotd.exe
Creates File	C:\WINDOWS\system32\drivers\etc\hosts
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\lck
Creates File	C:\WINDOWS\system32\zxzldwtotd.exe
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\etc
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\tst
Deletes File	C:\WINDOWS\system32\\drivers\etc\hosts
Creates Process	C:\WINDOWS\system32\zxzldwtotd.exe
Creates Service	Logon HomeGroup Collector Backup Print Time - C:\WINDOWS\system32\zxzldwtotd.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝ NULL
Creates File	PIPE\lsarpc
Creates File	C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates File	C:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Process
↳ Pid 1868

Process
↳ Pid 1152

Process
↳ C:\WINDOWS\system32\zxzldwtotd.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\cfg
Creates File	C:\WINDOWS\TEMP\h7adhgj31tzfwbl.exe
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\run
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\rng
Creates File	C:\WINDOWS\system32\ugunyocdqk.exe
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\lck
Creates File	pipe\net\NtControlPipe10
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\tst
Creates Process	WATCHDOGPROC "c:\windows\system32\zxzldwtotd.exe"
Creates Process	C:\WINDOWS\TEMP\h7adhgj31tzfwbl.exe -r 38415 tcp

Process
↳ C:\WINDOWS\system32\zxzldwtotd.exe

Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\zxzldwtotd.exe"

Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\tst

Process
↳ C:\WINDOWS\TEMP\h7adhgj31tzfwbl.exe -r 38415 tcp

Creates File	\Device\Afd\Endpoint
Winsock DNS	239.255.255.250

Network Details:

DNS	mojoguia.com Type: A 204.11.56.48
DNS	villemojo.com Type: A 209.99.40.222
DNS	deepedge.net Type: A 46.30.211.32
DNS	longstudy.net Type: A 223.4.7.89
DNS	balluncle.net Type: A 195.22.26.248
DNS	lifestudy.com Type: A 66.252.139.75
DNS	enemyloss.net Type: A 95.211.230.75
DNS	lifeloss.net Type: A 64.99.80.30
DNS	mouthonce.net Type: A 98.139.135.129
DNS	fridaystudy.net Type: A 74.220.215.214
DNS	dominoclub-grup.com Type: A
DNS	elementarimagine.com Type: A
DNS	jarybuter.com Type: A
DNS	mojositio.com Type: A
DNS	aminastol.com Type: A
DNS	tilledge.net Type: A
DNS	shallgray.net Type: A
DNS	deepgray.net Type: A
DNS	shallapril.net Type: A
DNS	deepapril.net Type: A
DNS	shallarmy.net Type: A
DNS	deeparmy.net Type: A
DNS	shalledge.net Type: A
DNS	pushgray.net Type: A
DNS	fridaygray.net Type: A
DNS	pushapril.net Type: A
DNS	fridayapril.net Type: A
DNS	pusharmy.net Type: A
DNS	fridayarmy.net Type: A
DNS	pushedge.net Type: A
DNS	fridayedge.net Type: A
DNS	alonggray.net Type: A
DNS	decembergray.net Type: A
DNS	alongapril.net Type: A
DNS	decemberapril.net Type: A
DNS	alongarmy.net Type: A
DNS	decemberarmy.net Type: A
DNS	alongedge.net Type: A
DNS	decemberedge.net Type: A
DNS	longuncle.net Type: A
DNS	soiluncle.net Type: A
DNS	soilstudy.net Type: A
DNS	longloss.net Type: A
DNS	soilloss.net Type: A
DNS	longonce.net Type: A
DNS	soilonce.net Type: A
DNS	wheeluncle.net Type: A
DNS	saiduncle.net Type: A
DNS	wheelstudy.net Type: A
DNS	saidstudy.net Type: A
DNS	wheelloss.net Type: A
DNS	saidloss.net Type: A
DNS	wheelonce.net Type: A
DNS	saidonce.net Type: A
DNS	stickuncle.net Type: A
DNS	stickstudy.net Type: A
DNS	ballstudy.net Type: A
DNS	stickloss.net Type: A
DNS	ballloss.net Type: A
DNS	stickonce.net Type: A
DNS	ballonce.net Type: A
DNS	enemyuncle.net Type: A
DNS	lifeuncle.net Type: A
DNS	enemystudy.net Type: A
DNS	lifestudy.net Type: A
DNS	enemyonce.net Type: A
DNS	lifeonce.net Type: A
DNS	mouthuncle.net Type: A
DNS	tilluncle.net Type: A
DNS	mouthstudy.net Type: A
DNS	tillstudy.net Type: A
DNS	mouthloss.net Type: A
DNS	tillloss.net Type: A
DNS	tillonce.net Type: A
DNS	shalluncle.net Type: A
DNS	deepuncle.net Type: A
DNS	shallstudy.net Type: A
DNS	deepstudy.net Type: A
DNS	shallloss.net Type: A
DNS	deeploss.net Type: A
DNS	shallonce.net Type: A
DNS	deeponce.net Type: A
DNS	pushuncle.net Type: A
DNS	fridayuncle.net Type: A
DNS	pushstudy.net Type: A
DNS	pushloss.net Type: A
DNS	fridayloss.net Type: A
DNS	pushonce.net Type: A
DNS	fridayonce.net Type: A
DNS	alonguncle.net Type: A
DNS	decemberuncle.net Type: A
DNS	alongstudy.net Type: A
DNS	decemberstudy.net Type: A
HTTP GET	http://mojoguia.com/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://villemojo.com/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://deepedge.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://longstudy.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://balluncle.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://lifestudy.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://enemyloss.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://lifeloss.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://mouthonce.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://fridaystudy.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://mojoguia.com/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://villemojo.com/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://deepedge.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://longstudy.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://balluncle.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://lifestudy.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://enemyloss.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://lifeloss.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://mouthonce.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
HTTP GET	http://fridaystudy.net/forum/search.php?method=validate&mode=sox&v=003&sox=2c4dd200 User-Agent:
Flows TCP	192.168.1.1:1036 ➝ 204.11.56.48:80
Flows TCP	192.168.1.1:1037 ➝ 209.99.40.222:80
Flows TCP	192.168.1.1:1038 ➝ 46.30.211.32:80
Flows TCP	192.168.1.1:1039 ➝ 223.4.7.89:80
Flows TCP	192.168.1.1:1040 ➝ 195.22.26.248:80
Flows TCP	192.168.1.1:1041 ➝ 66.252.139.75:80
Flows TCP	192.168.1.1:1043 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1044 ➝ 64.99.80.30:80
Flows TCP	192.168.1.1:1045 ➝ 98.139.135.129:80
Flows TCP	192.168.1.1:1046 ➝ 74.220.215.214:80
Flows TCP	192.168.1.1:1047 ➝ 204.11.56.48:80
Flows TCP	192.168.1.1:1048 ➝ 209.99.40.222:80
Flows TCP	192.168.1.1:1049 ➝ 46.30.211.32:80
Flows TCP	192.168.1.1:1050 ➝ 223.4.7.89:80
Flows TCP	192.168.1.1:1051 ➝ 195.22.26.248:80
Flows TCP	192.168.1.1:1052 ➝ 66.252.139.75:80
Flows TCP	192.168.1.1:1053 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1054 ➝ 64.99.80.30:80
Flows TCP	192.168.1.1:1055 ➝ 98.139.135.129:80
Flows TCP	192.168.1.1:1056 ➝ 74.220.215.214:80

Raw Pcap

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 6a6f6775 69612e63 6f6d0d0a   : mojoguia.com..
0x00000080 (00128)   0d0a                                  ..

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207669 6c6c656d 6f6a6f2e 636f6d0d   : villemojo.com.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706564 67652e6e 65740d0a   : deepedge.net..
0x00000080 (00128)   0d0a0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 6e677374 7564792e 6e65740d   : longstudy.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c756e 636c652e 6e65740d   : balluncle.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66657374 7564792e 6e65740d   : lifestudy.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20656e 656d796c 6f73732e 6e65740d   : enemyloss.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66656c6f 73732e6e 65740d0a   : lifeloss.net..
0x00000080 (00128)   0d0a0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 7574686f 6e63652e 6e65740d   : mouthonce.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 69646179 73747564 792e6e65   : fridaystudy.ne
0x00000080 (00128)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 6a6f6775 69612e63 6f6d0d0a   : mojoguia.com..
0x00000080 (00128)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207669 6c6c656d 6f6a6f2e 636f6d0d   : villemojo.com.
0x00000080 (00128)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706564 67652e6e 65740d0a   : deepedge.net..
0x00000080 (00128)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 6e677374 7564792e 6e65740d   : longstudy.net.
0x00000080 (00128)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c756e 636c652e 6e65740d   : balluncle.net.
0x00000080 (00128)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66657374 7564792e 6e65740d   : lifestudy.net.
0x00000080 (00128)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20656e 656d796c 6f73732e 6e65740d   : enemyloss.net.
0x00000080 (00128)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66656c6f 73732e6e 65740d0a   : lifeloss.net..
0x00000080 (00128)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 7574686f 6e63652e 6e65740d   : mouthonce.net.
0x00000080 (00128)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303033 26736f78 3d326334 64643230   =003&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 69646179 73747564 792e6e65   : fridaystudy.ne
0x00000080 (00128)   740d0a0d 0a                           t....

Strings