Analysis Date | 2015-09-16 21:50:30 |
---|---|
MD5 | 5fa2ed361ff5b2cc35609206c5d84957 |
SHA1 | 9fb0468b40621090d0d9f98726c8fd22dd21c27b |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 3a77f2cd76b031e8bc1a9d15d5fec878 sha1: 935abd1d1d8039f6fafd31fbf88ddec736f6f453 size: 976384 | |
Section | .rdata md5: b370efb328f201cc8774a568167a89a3 sha1: 111436ca67425dabc640de903d0f393340a3c829 size: 31744 | |
Section | .data md5: ee8bf4b1dd88fb1bd69d6040d6bece7d sha1: 1fdb45d056a0bf92f9e9eb2403ca0017985451ca size: 117248 | |
Timestamp | 2013-03-14 23:45:00 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | e687914636a12d9b932a3784f46f02890b7636fc | |
IMPhash | 36a6fc89f1fc4e137bc900bb5d062da6 | |
AV | Rising | no_virus |
AV | Mcafee | no_virus |
AV | Avira (antivir) | BDS/Zegost.Gen |
AV | Twister | Virus.CB0000E978FEFFFF50.mg |
AV | Ad-Aware | Gen:Variant.Kazy.164619 |
AV | Alwil (avast) | Evo-gen [Susp] |
AV | Eset (nod32) | Win32/Bayrob.N.Gen |
AV | Grisoft (avg) | Generic_r.CDN |
AV | Symantec | Trojan.Bayrob!gen4 |
AV | Fortinet | W32/Bayrob.N!tr |
AV | BitDefender | Gen:Variant.Kazy.164619 |
AV | K7 | Backdoor ( 04c540d41 ) |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.AE |
AV | MicroWorld (escan) | Gen:Variant.Kazy.164619 |
AV | MalwareBytes | Trojan.Agent |
AV | Authentium | W32/Symmi.G.gen!Eldorado |
AV | Frisk (f-prot) | W32/Symmi.G.gen!Eldorado |
AV | Ikarus | Trojan.Win32.Spy |
AV | Emsisoft | Gen:Variant.Kazy.164619 |
AV | Zillya! | no_virus |
AV | Kaspersky | Trojan.Win32.Generic |
AV | Trend Micro | TSPY_NIVDORT.SM |
AV | CAT (quickheal) | no_virus |
AV | VirusBlokAda (vba32) | no_virus |
AV | Padvish | no_virus |
AV | BullGuard | Gen:Variant.Kazy.164619 |
AV | Arcabit (arcavir) | Gen:Variant.Kazy.164619 |
AV | ClamAV | no_virus |
AV | Dr. Web | Trojan.DownLoader9.23455 |
AV | F-Secure | Gen:Variant.Kazy.164619 |
AV | CA (E-Trust Ino) | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\xa7kmo01kt5fmvmafcett.exe |
---|---|
Creates File | C:\WINDOWS\system32\txwiaiyowdskosi\tst |
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\xa7kmo01kt5fmvmafcett.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\xa7kmo01kt5fmvmafcett.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Tunneling Intelligent Visual Image Storage Media ➝ C:\WINDOWS\system32\zxzldwtotd.exe |
---|---|
Creates File | C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\zxzldwtotd.exe |
Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
Creates File | C:\WINDOWS\system32\txwiaiyowdskosi\lck |
Creates File | C:\WINDOWS\system32\zxzldwtotd.exe |
Creates File | C:\WINDOWS\system32\txwiaiyowdskosi\etc |
Creates File | C:\WINDOWS\system32\txwiaiyowdskosi\tst |
Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
Creates Process | C:\WINDOWS\system32\zxzldwtotd.exe |
Creates Service | Logon HomeGroup Collector Backup Print Time - C:\WINDOWS\system32\zxzldwtotd.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 812
Process
↳ Pid 860
Process
↳ C:\WINDOWS\System32\svchost.exe
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\WERe42d.dir00\svchost.exe.mdmp |
---|---|
Creates File | \Device\Afd\Endpoint |
Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
Creates File | pipe\PCHFaultRepExecPipe |
Creates Process | C:\WINDOWS\system32\dumprep.exe 1028 -dm 7 7 C:\Documents and Settings\Administrator\Local Settings\Temp\WERe42d.dir00\svchost.exe.mdmp 16325836412030904 |
Process
↳ Pid 1216
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
---|---|
Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Creates File | WMIDataDevice |
Process
↳ Pid 1872
Process
↳ Pid 1136
Process
↳ C:\WINDOWS\system32\zxzldwtotd.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
---|---|
Creates File | C:\WINDOWS\system32\txwiaiyowdskosi\cfg |
Creates File | C:\WINDOWS\system32\txwiaiyowdskosi\run |
Creates File | C:\WINDOWS\system32\txwiaiyowdskosi\rng |
Creates File | C:\WINDOWS\system32\ugunyocdqk.exe |
Creates File | C:\WINDOWS\system32\txwiaiyowdskosi\lck |
Creates File | pipe\net\NtControlPipe10 |
Creates File | C:\WINDOWS\TEMP\xa7kmo01rkmfmq.exe |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\WINDOWS\system32\txwiaiyowdskosi\tst |
Creates Process | C:\WINDOWS\TEMP\xa7kmo01rkmfmq.exe -r 29234 tcp |
Creates Process | WATCHDOGPROC "c:\windows\system32\zxzldwtotd.exe" |
Process
↳ C:\WINDOWS\system32\zxzldwtotd.exe
Process
↳ C:\WINDOWS\system32\dumprep.exe 1028 -dm 7 7 C:\Documents and Settings\Administrator\Local Settings\Temp\WERe42d.dir00\svchost.exe.mdmp 16325836412030904
Process
↳ WATCHDOGPROC "c:\windows\system32\zxzldwtotd.exe"
Creates File | C:\WINDOWS\system32\txwiaiyowdskosi\tst |
---|
Process
↳ C:\WINDOWS\TEMP\xa7kmo01rkmfmq.exe -r 29234 tcp
Creates File | \Device\Afd\Endpoint |
---|---|
Winsock DNS | 239.255.255.250 |
Network Details:
DNS | mojoguia.com Type: A 204.11.56.48 |
---|---|
DNS | villemojo.com Type: A 209.99.40.222 |
DNS | deepfeet.net Type: A 23.229.186.71 |
DNS | alongeach.net Type: A 195.22.26.231 |
DNS | alongeach.net Type: A 195.22.26.252 |
DNS | alongeach.net Type: A 195.22.26.253 |
DNS | alongeach.net Type: A 195.22.26.254 |
DNS | soiledge.net Type: A 95.211.230.75 |
DNS | ballgray.net Type: A 98.139.135.129 |
DNS | tillapril.net Type: A 66.96.147.155 |
DNS | dominoclub-grup.com Type: A |
DNS | elementarimagine.com Type: A |
DNS | jarybuter.com Type: A |
DNS | mojositio.com Type: A |
DNS | aminastol.com Type: A |
DNS | lifefeet.net Type: A |
DNS | enemyeach.net Type: A |
DNS | lifeeach.net Type: A |
DNS | enemyyesterday.net Type: A |
DNS | lifeyesterday.net Type: A |
DNS | enemywedge.net Type: A |
DNS | lifewedge.net Type: A |
DNS | mouthfeet.net Type: A |
DNS | tillfeet.net Type: A |
DNS | moutheach.net Type: A |
DNS | tilleach.net Type: A |
DNS | mouthyesterday.net Type: A |
DNS | tillyesterday.net Type: A |
DNS | mouthwedge.net Type: A |
DNS | tillwedge.net Type: A |
DNS | shallfeet.net Type: A |
DNS | shalleach.net Type: A |
DNS | deepeach.net Type: A |
DNS | shallyesterday.net Type: A |
DNS | deepyesterday.net Type: A |
DNS | shallwedge.net Type: A |
DNS | deepwedge.net Type: A |
DNS | pushfeet.net Type: A |
DNS | fridayfeet.net Type: A |
DNS | pusheach.net Type: A |
DNS | fridayeach.net Type: A |
DNS | pushyesterday.net Type: A |
DNS | fridayyesterday.net Type: A |
DNS | pushwedge.net Type: A |
DNS | fridaywedge.net Type: A |
DNS | alongfeet.net Type: A |
DNS | decemberfeet.net Type: A |
DNS | decembereach.net Type: A |
DNS | alongyesterday.net Type: A |
DNS | decemberyesterday.net Type: A |
DNS | alongwedge.net Type: A |
DNS | decemberwedge.net Type: A |
DNS | longgray.net Type: A |
DNS | soilgray.net Type: A |
DNS | longapril.net Type: A |
DNS | soilapril.net Type: A |
DNS | longarmy.net Type: A |
DNS | soilarmy.net Type: A |
DNS | longedge.net Type: A |
DNS | wheelgray.net Type: A |
DNS | saidgray.net Type: A |
DNS | wheelapril.net Type: A |
DNS | saidapril.net Type: A |
DNS | wheelarmy.net Type: A |
DNS | saidarmy.net Type: A |
DNS | wheeledge.net Type: A |
DNS | saidedge.net Type: A |
DNS | stickgray.net Type: A |
DNS | stickapril.net Type: A |
DNS | ballapril.net Type: A |
DNS | stickarmy.net Type: A |
DNS | ballarmy.net Type: A |
DNS | stickedge.net Type: A |
DNS | balledge.net Type: A |
DNS | enemygray.net Type: A |
DNS | lifegray.net Type: A |
DNS | enemyapril.net Type: A |
DNS | lifeapril.net Type: A |
DNS | enemyarmy.net Type: A |
DNS | lifearmy.net Type: A |
DNS | enemyedge.net Type: A |
DNS | lifeedge.net Type: A |
DNS | mouthgray.net Type: A |
DNS | tillgray.net Type: A |
DNS | mouthapril.net Type: A |
DNS | moutharmy.net Type: A |
DNS | tillarmy.net Type: A |
DNS | mouthedge.net Type: A |
DNS | tilledge.net Type: A |
DNS | shallgray.net Type: A |
DNS | deepgray.net Type: A |
DNS | shallapril.net Type: A |
DNS | deepapril.net Type: A |
DNS | shallarmy.net Type: A |
DNS | deeparmy.net Type: A |
HTTP GET | http://mojoguia.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://villemojo.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://deepfeet.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://alongeach.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://soiledge.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://ballgray.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://tillapril.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://mojoguia.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://villemojo.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://deepfeet.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://alongeach.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://soiledge.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://ballgray.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
HTTP GET | http://tillapril.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent: |
Flows TCP | 192.168.1.1:1036 ➝ 204.11.56.48:80 |
Flows TCP | 192.168.1.1:1037 ➝ 209.99.40.222:80 |
Flows TCP | 192.168.1.1:1038 ➝ 23.229.186.71:80 |
Flows TCP | 192.168.1.1:1039 ➝ 195.22.26.231:80 |
Flows TCP | 192.168.1.1:1040 ➝ 95.211.230.75:80 |
Flows TCP | 192.168.1.1:1042 ➝ 98.139.135.129:80 |
Flows TCP | 192.168.1.1:1043 ➝ 66.96.147.155:80 |
Flows TCP | 192.168.1.1:1044 ➝ 204.11.56.48:80 |
Flows TCP | 192.168.1.1:1045 ➝ 209.99.40.222:80 |
Flows TCP | 192.168.1.1:1046 ➝ 23.229.186.71:80 |
Flows TCP | 192.168.1.1:1047 ➝ 195.22.26.231:80 |
Flows TCP | 192.168.1.1:1048 ➝ 95.211.230.75:80 |
Flows TCP | 192.168.1.1:1049 ➝ 98.139.135.129:80 |
Flows TCP | 192.168.1.1:1050 ➝ 66.96.147.155:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d6f 6a6f6775 69612e63 6f6d0d0a : mojoguia.com.. 0x00000080 (00128) 0d0a .. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207669 6c6c656d 6f6a6f2e 636f6d0d : villemojo.com. 0x00000080 (00128) 0a0d0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206465 65706665 65742e6e 65740d0a : deepfeet.net.. 0x00000080 (00128) 0d0a0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20616c 6f6e6765 6163682e 6e65740d : alongeach.net. 0x00000080 (00128) 0a0d0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20736f 696c6564 67652e6e 65740d0a : soiledge.net.. 0x00000080 (00128) 0d0a0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206261 6c6c6772 61792e6e 65740d0a : ballgray.net.. 0x00000080 (00128) 0d0a0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207469 6c6c6170 72696c2e 6e65740d : tillapril.net. 0x00000080 (00128) 0a0d0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d6f 6a6f6775 69612e63 6f6d0d0a : mojoguia.com.. 0x00000080 (00128) 0d0a0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207669 6c6c656d 6f6a6f2e 636f6d0d : villemojo.com. 0x00000080 (00128) 0a0d0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206465 65706665 65742e6e 65740d0a : deepfeet.net.. 0x00000080 (00128) 0d0a0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20616c 6f6e6765 6163682e 6e65740d : alongeach.net. 0x00000080 (00128) 0a0d0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20736f 696c6564 67652e6e 65740d0a : soiledge.net.. 0x00000080 (00128) 0d0a0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206261 6c6c6772 61792e6e 65740d0a : ballgray.net.. 0x00000080 (00128) 0d0a0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326334 64643230 =004&sox=2c4dd20 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207469 6c6c6170 72696c2e 6e65740d : tillapril.net. 0x00000080 (00128) 0a0d0a ...
Strings