Analysis | #totalhash

Analysis Date	2015-09-16 21:50:30
MD5	5fa2ed361ff5b2cc35609206c5d84957
SHA1	9fb0468b40621090d0d9f98726c8fd22dd21c27b

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 3a77f2cd76b031e8bc1a9d15d5fec878 sha1: 935abd1d1d8039f6fafd31fbf88ddec736f6f453 size: 976384
Section	.rdata md5: b370efb328f201cc8774a568167a89a3 sha1: 111436ca67425dabc640de903d0f393340a3c829 size: 31744
Section	.data md5: ee8bf4b1dd88fb1bd69d6040d6bece7d sha1: 1fdb45d056a0bf92f9e9eb2403ca0017985451ca size: 117248
Timestamp	2013-03-14 23:45:00
Packer	Microsoft Visual C++ ?.?
PEhash	e687914636a12d9b932a3784f46f02890b7636fc
IMPhash	36a6fc89f1fc4e137bc900bb5d062da6
AV	Rising	no_virus
AV	Mcafee	no_virus
AV	Avira (antivir)	BDS/Zegost.Gen
AV	Twister	Virus.CB0000E978FEFFFF50.mg
AV	Ad-Aware	Gen:Variant.Kazy.164619
AV	Alwil (avast)	Evo-gen [Susp]
AV	Eset (nod32)	Win32/Bayrob.N.Gen
AV	Grisoft (avg)	Generic_r.CDN
AV	Symantec	Trojan.Bayrob!gen4
AV	Fortinet	W32/Bayrob.N!tr
AV	BitDefender	Gen:Variant.Kazy.164619
AV	K7	Backdoor ( 04c540d41 )
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort.AE
AV	MicroWorld (escan)	Gen:Variant.Kazy.164619
AV	MalwareBytes	Trojan.Agent
AV	Authentium	W32/Symmi.G.gen!Eldorado
AV	Frisk (f-prot)	W32/Symmi.G.gen!Eldorado
AV	Ikarus	Trojan.Win32.Spy
AV	Emsisoft	Gen:Variant.Kazy.164619
AV	Zillya!	no_virus
AV	Kaspersky	Trojan.Win32.Generic
AV	Trend Micro	TSPY_NIVDORT.SM
AV	CAT (quickheal)	no_virus
AV	VirusBlokAda (vba32)	no_virus
AV	Padvish	no_virus
AV	BullGuard	Gen:Variant.Kazy.164619
AV	Arcabit (arcavir)	Gen:Variant.Kazy.164619
AV	ClamAV	no_virus
AV	Dr. Web	Trojan.DownLoader9.23455
AV	F-Secure	Gen:Variant.Kazy.164619
AV	CA (E-Trust Ino)	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\xa7kmo01kt5fmvmafcett.exe
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\tst
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\xa7kmo01kt5fmvmafcett.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\xa7kmo01kt5fmvmafcett.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Tunneling Intelligent Visual Image Storage Media ➝ C:\WINDOWS\system32\zxzldwtotd.exe
Creates File	C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\zxzldwtotd.exe
Creates File	C:\WINDOWS\system32\drivers\etc\hosts
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\lck
Creates File	C:\WINDOWS\system32\zxzldwtotd.exe
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\etc
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\tst
Deletes File	C:\WINDOWS\system32\\drivers\etc\hosts
Creates Process	C:\WINDOWS\system32\zxzldwtotd.exe
Creates Service	Logon HomeGroup Collector Backup Print Time - C:\WINDOWS\system32\zxzldwtotd.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 812

Process
↳ Pid 860

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\WERe42d.dir00\svchost.exe.mdmp
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\WBEM\Logs\wbemess.log
Creates File	pipe\PCHFaultRepExecPipe
Creates Process	C:\WINDOWS\system32\dumprep.exe 1028 -dm 7 7 C:\Documents and Settings\Administrator\Local Settings\Temp\WERe42d.dir00\svchost.exe.mdmp 16325836412030904

Process
↳ Pid 1216

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7
Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates File	WMIDataDevice

Process
↳ Pid 1872

Process
↳ Pid 1136

Process
↳ C:\WINDOWS\system32\zxzldwtotd.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\cfg
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\run
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\rng
Creates File	C:\WINDOWS\system32\ugunyocdqk.exe
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\lck
Creates File	pipe\net\NtControlPipe10
Creates File	C:\WINDOWS\TEMP\xa7kmo01rkmfmq.exe
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\tst
Creates Process	C:\WINDOWS\TEMP\xa7kmo01rkmfmq.exe -r 29234 tcp
Creates Process	WATCHDOGPROC "c:\windows\system32\zxzldwtotd.exe"

Process
↳ C:\WINDOWS\system32\zxzldwtotd.exe

Process
↳ C:\WINDOWS\system32\dumprep.exe 1028 -dm 7 7 C:\Documents and Settings\Administrator\Local Settings\Temp\WERe42d.dir00\svchost.exe.mdmp 16325836412030904

Process
↳ WATCHDOGPROC "c:\windows\system32\zxzldwtotd.exe"

Creates File	C:\WINDOWS\system32\txwiaiyowdskosi\tst

Process
↳ C:\WINDOWS\TEMP\xa7kmo01rkmfmq.exe -r 29234 tcp

Creates File	\Device\Afd\Endpoint
Winsock DNS	239.255.255.250

Network Details:

DNS	mojoguia.com Type: A 204.11.56.48
DNS	villemojo.com Type: A 209.99.40.222
DNS	deepfeet.net Type: A 23.229.186.71
DNS	alongeach.net Type: A 195.22.26.231
DNS	alongeach.net Type: A 195.22.26.252
DNS	alongeach.net Type: A 195.22.26.253
DNS	alongeach.net Type: A 195.22.26.254
DNS	soiledge.net Type: A 95.211.230.75
DNS	ballgray.net Type: A 98.139.135.129
DNS	tillapril.net Type: A 66.96.147.155
DNS	dominoclub-grup.com Type: A
DNS	elementarimagine.com Type: A
DNS	jarybuter.com Type: A
DNS	mojositio.com Type: A
DNS	aminastol.com Type: A
DNS	lifefeet.net Type: A
DNS	enemyeach.net Type: A
DNS	lifeeach.net Type: A
DNS	enemyyesterday.net Type: A
DNS	lifeyesterday.net Type: A
DNS	enemywedge.net Type: A
DNS	lifewedge.net Type: A
DNS	mouthfeet.net Type: A
DNS	tillfeet.net Type: A
DNS	moutheach.net Type: A
DNS	tilleach.net Type: A
DNS	mouthyesterday.net Type: A
DNS	tillyesterday.net Type: A
DNS	mouthwedge.net Type: A
DNS	tillwedge.net Type: A
DNS	shallfeet.net Type: A
DNS	shalleach.net Type: A
DNS	deepeach.net Type: A
DNS	shallyesterday.net Type: A
DNS	deepyesterday.net Type: A
DNS	shallwedge.net Type: A
DNS	deepwedge.net Type: A
DNS	pushfeet.net Type: A
DNS	fridayfeet.net Type: A
DNS	pusheach.net Type: A
DNS	fridayeach.net Type: A
DNS	pushyesterday.net Type: A
DNS	fridayyesterday.net Type: A
DNS	pushwedge.net Type: A
DNS	fridaywedge.net Type: A
DNS	alongfeet.net Type: A
DNS	decemberfeet.net Type: A
DNS	decembereach.net Type: A
DNS	alongyesterday.net Type: A
DNS	decemberyesterday.net Type: A
DNS	alongwedge.net Type: A
DNS	decemberwedge.net Type: A
DNS	longgray.net Type: A
DNS	soilgray.net Type: A
DNS	longapril.net Type: A
DNS	soilapril.net Type: A
DNS	longarmy.net Type: A
DNS	soilarmy.net Type: A
DNS	longedge.net Type: A
DNS	wheelgray.net Type: A
DNS	saidgray.net Type: A
DNS	wheelapril.net Type: A
DNS	saidapril.net Type: A
DNS	wheelarmy.net Type: A
DNS	saidarmy.net Type: A
DNS	wheeledge.net Type: A
DNS	saidedge.net Type: A
DNS	stickgray.net Type: A
DNS	stickapril.net Type: A
DNS	ballapril.net Type: A
DNS	stickarmy.net Type: A
DNS	ballarmy.net Type: A
DNS	stickedge.net Type: A
DNS	balledge.net Type: A
DNS	enemygray.net Type: A
DNS	lifegray.net Type: A
DNS	enemyapril.net Type: A
DNS	lifeapril.net Type: A
DNS	enemyarmy.net Type: A
DNS	lifearmy.net Type: A
DNS	enemyedge.net Type: A
DNS	lifeedge.net Type: A
DNS	mouthgray.net Type: A
DNS	tillgray.net Type: A
DNS	mouthapril.net Type: A
DNS	moutharmy.net Type: A
DNS	tillarmy.net Type: A
DNS	mouthedge.net Type: A
DNS	tilledge.net Type: A
DNS	shallgray.net Type: A
DNS	deepgray.net Type: A
DNS	shallapril.net Type: A
DNS	deepapril.net Type: A
DNS	shallarmy.net Type: A
DNS	deeparmy.net Type: A
HTTP GET	http://mojoguia.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://villemojo.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://deepfeet.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://alongeach.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://soiledge.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://ballgray.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://tillapril.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://mojoguia.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://villemojo.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://deepfeet.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://alongeach.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://soiledge.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://ballgray.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
HTTP GET	http://tillapril.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c4dd200 User-Agent:
Flows TCP	192.168.1.1:1036 ➝ 204.11.56.48:80
Flows TCP	192.168.1.1:1037 ➝ 209.99.40.222:80
Flows TCP	192.168.1.1:1038 ➝ 23.229.186.71:80
Flows TCP	192.168.1.1:1039 ➝ 195.22.26.231:80
Flows TCP	192.168.1.1:1040 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1042 ➝ 98.139.135.129:80
Flows TCP	192.168.1.1:1043 ➝ 66.96.147.155:80
Flows TCP	192.168.1.1:1044 ➝ 204.11.56.48:80
Flows TCP	192.168.1.1:1045 ➝ 209.99.40.222:80
Flows TCP	192.168.1.1:1046 ➝ 23.229.186.71:80
Flows TCP	192.168.1.1:1047 ➝ 195.22.26.231:80
Flows TCP	192.168.1.1:1048 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1049 ➝ 98.139.135.129:80
Flows TCP	192.168.1.1:1050 ➝ 66.96.147.155:80

Raw Pcap

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 6a6f6775 69612e63 6f6d0d0a   : mojoguia.com..
0x00000080 (00128)   0d0a                                  ..

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207669 6c6c656d 6f6a6f2e 636f6d0d   : villemojo.com.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706665 65742e6e 65740d0a   : deepfeet.net..
0x00000080 (00128)   0d0a0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20616c 6f6e6765 6163682e 6e65740d   : alongeach.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20736f 696c6564 67652e6e 65740d0a   : soiledge.net..
0x00000080 (00128)   0d0a0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c6772 61792e6e 65740d0a   : ballgray.net..
0x00000080 (00128)   0d0a0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207469 6c6c6170 72696c2e 6e65740d   : tillapril.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 6a6f6775 69612e63 6f6d0d0a   : mojoguia.com..
0x00000080 (00128)   0d0a0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207669 6c6c656d 6f6a6f2e 636f6d0d   : villemojo.com.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706665 65742e6e 65740d0a   : deepfeet.net..
0x00000080 (00128)   0d0a0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20616c 6f6e6765 6163682e 6e65740d   : alongeach.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20736f 696c6564 67652e6e 65740d0a   : soiledge.net..
0x00000080 (00128)   0d0a0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c6772 61792e6e 65740d0a   : ballgray.net..
0x00000080 (00128)   0d0a0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326334 64643230   =004&sox=2c4dd20
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207469 6c6c6170 72696c2e 6e65740d   : tillapril.net.
0x00000080 (00128)   0a0d0a                                ...

Strings