Analysis Date2015-10-30 09:13:55
MD5f31eeb5a37745bf99a1b5d8c83d0b350
SHA1b5911f415c12e70973068b292f5b5ddb5419d1ab

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 783d073b8a7a9c0c4ed6399f7e548568 sha1: 238f52f5fa5d4f48a412aa483857bdf7b5dbd9ed size: 636416
Section.rdata md5: 32c94282e3ce650ff823a17327e53f33 sha1: 662fff123776da2bf1996da1bb7162a037789225 size: 51200
Section.data md5: 5c72e058098156764e3b81f85c7b6f07 sha1: a7acf705b47b39a1f1c5ecff66c003c4e2a0e33e size: 123904
Timestamp2014-02-12 19:44:49
PackerMicrosoft Visual C++ ?.?
PEhash39774a16b59fcedfabfa80ca448f7520e1e97931
IMPhashfd4e8b2e756ad6c97e30bc59d4092670
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)TR/Crypt.ZPACK.Gen2
AVTwisterTrojan.Girtk.BCFJ.cpsn.mg
AVAd-AwareGen:Variant.Symmi.22722
AVAlwil (avast)Kryptik-NQV [Trj]
AVEset (nod32)Win32/Kryptik.BGRP
AVGrisoft (avg)Win32/Cryptor
AVSymantecDownloader.Upatre!g15
AVFortinetW32/COMROKI.A!tr
AVBitDefenderGen:Variant.Symmi.22722
AVK7Trojan ( 004cd0081 )
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.Y
AVMicroWorld (escan)Gen:Variant.Symmi.22722
AVMalwareBytesno_virus
AVAuthentiumW32/Symmi.AH.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Crypt2
AVEmsisoftGen:Variant.Symmi.22722
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTSPY_NIVDORT.SM
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Symmi.22722
AVArcabit (arcavir)Gen:Variant.Symmi.22722
AVClamAVno_virus
AVDr. WebTrojan.DownLoader17.20065
AVF-SecureGen:Variant.Symmi.22722
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\rwve4b1m2aheeihqhoeyb.exe
Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\rwve4b1m2aheeihqhoeyb.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\rwve4b1m2aheeihqhoeyb.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Audio Multimedia Diagnostic Plug Credential ➝
C:\WINDOWS\system32\qpzzxxwhcn.exe
Creates FileC:\WINDOWS\system32\qpzzxxwhcn.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\lck
Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\tst
Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\etc
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\qpzzxxwhcn.exe
Creates ServiceDNS SNMP Class Parental TPM Services Upgrade - C:\WINDOWS\system32\qpzzxxwhcn.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates Filepipe\PCHFaultRepExecPipe

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Process
↳ Pid 1140

Process
↳ C:\WINDOWS\system32\qpzzxxwhcn.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\TEMP\rwve4b1s1zheeih.exe
Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\cfg
Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\rng
Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\tst
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\cpfwjazb.exe
Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\run
Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\lck
Creates File\Device\Afd\Endpoint
Creates ProcessC:\WINDOWS\TEMP\rwve4b1s1zheeih.exe -r 21669 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\qpzzxxwhcn.exe"

Process
↳ C:\WINDOWS\system32\qpzzxxwhcn.exe

Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\qpzzxxwhcn.exe"

Creates FileC:\WINDOWS\system32\ojqzzolbdvgye\tst

Process
↳ C:\WINDOWS\TEMP\rwve4b1s1zheeih.exe -r 21669 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNStablefruit.net
Type: A
52.0.217.44
DNSstickmarch.net
Type: A
52.0.217.44
DNSwatchdance.net
Type: A
210.172.144.22
DNSdreamdance.net
Type: A
66.228.59.130
DNSdreambody.net
Type: A
72.52.4.119
DNSspotcolor.net
Type: A
211.247.239.26
DNStakenfeel.net
Type: A
208.100.26.234
DNSequalfeel.net
Type: A
195.22.26.231
DNSequalfeel.net
Type: A
195.22.26.252
DNSequalfeel.net
Type: A
195.22.26.253
DNSequalfeel.net
Type: A
195.22.26.254
DNSgrouphigh.net
Type: A
184.168.221.94
DNSequalcolor.net
Type: A
195.22.26.248
DNSgrouponly.net
Type: A
184.168.221.18
DNSdonaven4guia.com
Type: A
DNSfredesecas.com
Type: A
DNSlaloponea.com
Type: A
DNSdavedekilai.com
Type: A
DNSgladtell.net
Type: A
DNStakentell.net
Type: A
DNSequaldare.net
Type: A
DNSgroupdare.net
Type: A
DNSequaldance.net
Type: A
DNSgroupdance.net
Type: A
DNSequalbody.net
Type: A
DNSgroupbody.net
Type: A
DNSequaltell.net
Type: A
DNSgrouptell.net
Type: A
DNSspokedare.net
Type: A
DNSvisitdare.net
Type: A
DNSspokedance.net
Type: A
DNSvisitdance.net
Type: A
DNSspokebody.net
Type: A
DNSvisitbody.net
Type: A
DNSspoketell.net
Type: A
DNSvisittell.net
Type: A
DNSwatchdare.net
Type: A
DNSfairdare.net
Type: A
DNSfairdance.net
Type: A
DNSwatchbody.net
Type: A
DNSfairbody.net
Type: A
DNSwatchtell.net
Type: A
DNSfairtell.net
Type: A
DNSdreamdare.net
Type: A
DNSthisdare.net
Type: A
DNSthisdance.net
Type: A
DNSthisbody.net
Type: A
DNSdreamtell.net
Type: A
DNSthistell.net
Type: A
DNSarivefeel.net
Type: A
DNSsouthfeel.net
Type: A
DNSarivehigh.net
Type: A
DNSsouthhigh.net
Type: A
DNSarivecolor.net
Type: A
DNSsouthcolor.net
Type: A
DNSariveonly.net
Type: A
DNSsouthonly.net
Type: A
DNSuponfeel.net
Type: A
DNSwhichfeel.net
Type: A
DNSuponhigh.net
Type: A
DNSwhichhigh.net
Type: A
DNSuponcolor.net
Type: A
DNSwhichcolor.net
Type: A
DNSupononly.net
Type: A
DNSwhichonly.net
Type: A
DNSspotfeel.net
Type: A
DNSsaltfeel.net
Type: A
DNSspothigh.net
Type: A
DNSsalthigh.net
Type: A
DNSsaltcolor.net
Type: A
DNSspotonly.net
Type: A
DNSsaltonly.net
Type: A
DNSgladfeel.net
Type: A
DNSgladhigh.net
Type: A
DNStakenhigh.net
Type: A
DNSgladcolor.net
Type: A
DNStakencolor.net
Type: A
DNSgladonly.net
Type: A
DNStakenonly.net
Type: A
DNSgroupfeel.net
Type: A
DNSequalhigh.net
Type: A
DNSgroupcolor.net
Type: A
DNSequalonly.net
Type: A
DNSspokefeel.net
Type: A
DNSvisitfeel.net
Type: A
DNSspokehigh.net
Type: A
DNSvisithigh.net
Type: A
DNSspokecolor.net
Type: A
DNSvisitcolor.net
Type: A
DNSspokeonly.net
Type: A
DNSvisitonly.net
Type: A
DNSwatchfeel.net
Type: A
DNSfairfeel.net
Type: A
DNSwatchhigh.net
Type: A
HTTP GEThttp://tablefruit.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://stickmarch.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://watchdance.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://dreamdance.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://dreambody.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://spotcolor.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://takenfeel.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://equalfeel.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://grouphigh.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://equalcolor.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://grouponly.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://tablefruit.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://stickmarch.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://watchdance.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://dreamdance.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://dreambody.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://spotcolor.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://takenfeel.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://equalfeel.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://grouphigh.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://equalcolor.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
HTTP GEThttp://grouponly.net/forum/search.php?method=validate&mode=sox&v=023&sox=3cf04a01
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 52.0.217.44:80
Flows TCP192.168.1.1:1037 ➝ 52.0.217.44:80
Flows TCP192.168.1.1:1039 ➝ 210.172.144.22:80
Flows TCP192.168.1.1:1040 ➝ 66.228.59.130:80
Flows TCP192.168.1.1:1041 ➝ 72.52.4.119:80
Flows TCP192.168.1.1:1042 ➝ 211.247.239.26:80
Flows TCP192.168.1.1:1043 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1044 ➝ 195.22.26.231:80
Flows TCP192.168.1.1:1045 ➝ 184.168.221.94:80
Flows TCP192.168.1.1:1046 ➝ 195.22.26.248:80
Flows TCP192.168.1.1:1047 ➝ 184.168.221.18:80
Flows TCP192.168.1.1:1048 ➝ 52.0.217.44:80
Flows TCP192.168.1.1:1049 ➝ 52.0.217.44:80
Flows TCP192.168.1.1:1050 ➝ 210.172.144.22:80
Flows TCP192.168.1.1:1051 ➝ 66.228.59.130:80
Flows TCP192.168.1.1:1052 ➝ 72.52.4.119:80
Flows TCP192.168.1.1:1053 ➝ 211.247.239.26:80
Flows TCP192.168.1.1:1054 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1055 ➝ 195.22.26.231:80
Flows TCP192.168.1.1:1056 ➝ 184.168.221.94:80
Flows TCP192.168.1.1:1057 ➝ 195.22.26.248:80
Flows TCP192.168.1.1:1058 ➝ 184.168.221.18:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636864 616e6365 2e6e6574   : watchdance.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d64 616e6365 2e6e6574   : dreamdance.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d62 6f64792e 6e65740d   : dreambody.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207370 6f74636f 6c6f722e 6e65740d   : spotcolor.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b656e66 65656c2e 6e65740d   : takenfeel.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206571 75616c66 65656c2e 6e65740d   : equalfeel.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206772 6f757068 6967682e 6e65740d   : grouphigh.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206571 75616c63 6f6c6f72 2e6e6574   : equalcolor.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206772 6f75706f 6e6c792e 6e65740d   : grouponly.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636864 616e6365 2e6e6574   : watchdance.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d64 616e6365 2e6e6574   : dreamdance.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d62 6f64792e 6e65740d   : dreambody.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207370 6f74636f 6c6f722e 6e65740d   : spotcolor.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b656e66 65656c2e 6e65740d   : takenfeel.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206571 75616c66 65656c2e 6e65740d   : equalfeel.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206772 6f757068 6967682e 6e65740d   : grouphigh.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206571 75616c63 6f6c6f72 2e6e6574   : equalcolor.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303233 26736f78 3d336366 30346130   =023&sox=3cf04a0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206772 6f75706f 6e6c792e 6e65740d   : grouponly.net.
0x00000080 (00128)   0a0d0a0a                              ....


Strings