Analysis Date2015-10-20 17:57:31
MD54b91d6921c8d1f2e1f51ca870f0fcfd9
SHA1d335726e8e7f915d1205b431d8ef50fcafbc6efc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 113eeac8bfac5bb769165e7b2b67ae63 sha1: ca4595135196bfc17d010023a9eff34d09ac6094 size: 665600
Section.rdata md5: 1f953e77bba89027b1a855629c86bcb6 sha1: 30b8738c1f9b183eb0c1d5c087436d942290598d size: 52736
Section.data md5: 83c328b7d8ddafbf56f45ab4bce3aac3 sha1: 33f3f41a5c3e11d57d87e5e37aaf0cb34c418e9a size: 124928
Timestamp2014-04-07 07:14:17
PackerMicrosoft Visual C++ ?.?
PEhasha65b636c10ff6ce464e9df8321266c153bb88a9e
IMPhash48864d453601791c230f10781ae87279
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Kazy.164619
AVDr. Webno_virus
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Kazy.164619
AVBullGuardGen:Variant.Kazy.164619
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)Trojan.Generic.r3
AVTrend MicroTSPY_NIVDORT.SMA
AVKasperskyTrojan.Win32.Generic
AVZillya!no_virus
AVEmsisoftGen:Variant.Kazy.164619
AVIkarusTrojan.Crypt2
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Symmi.AH.gen!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Gen:Variant.Kazy.164619
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.Y
AVK7Trojan ( 004cd0081 )
AVBitDefenderGen:Variant.Kazy.164619
AVFortinetW32/COMROKI.A!tr
AVSymantecDownloader.Upatre!g15
AVGrisoft (avg)Win32/Cryptor
AVEset (nod32)Win32/Kryptik.DXVJ
AVAlwil (avast)Kryptik-PLS [Trj]
AVAd-AwareGen:Variant.Kazy.164619
AVTwisterTrojan.Girtk.BCFJ.cpsn.mg
AVAvira (antivir)TR/Crypt.ZPACK.96058
AVMcafeeno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\fdljhzstj\tst
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\foqvdq1m4vcykiwzhsnqq.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\foqvdq1m4vcykiwzhsnqq.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\foqvdq1m4vcykiwzhsnqq.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DNS Multimedia Controls Encrypting Foundation ➝
C:\WINDOWS\system32\uqtscyqhtrl.exe
Creates FileC:\WINDOWS\system32\fdljhzstj\etc
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\fdljhzstj\lck
Creates FileC:\WINDOWS\system32\fdljhzstj\tst
Creates FileC:\WINDOWS\system32\uqtscyqhtrl.exe
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\uqtscyqhtrl.exe
Creates ServiceVideo Microsoft Office Web Logs - C:\WINDOWS\system32\uqtscyqhtrl.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates Filepipe\PCHFaultRepExecPipe

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1152

Process
↳ C:\WINDOWS\system32\uqtscyqhtrl.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\TEMP\foqvdq1sf0cyki.exe
Creates FileC:\WINDOWS\system32\fdljhzstj\rng
Creates FileC:\WINDOWS\system32\ilyvddh.exe
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\fdljhzstj\tst
Creates FileC:\WINDOWS\system32\fdljhzstj\lck
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\fdljhzstj\cfg
Creates FileC:\WINDOWS\system32\fdljhzstj\run
Creates ProcessC:\WINDOWS\TEMP\foqvdq1sf0cyki.exe -r 36766 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\uqtscyqhtrl.exe"

Process
↳ C:\WINDOWS\system32\uqtscyqhtrl.exe

Creates FileC:\WINDOWS\system32\fdljhzstj\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\uqtscyqhtrl.exe"

Creates FileC:\WINDOWS\system32\fdljhzstj\tst

Process
↳ C:\WINDOWS\TEMP\foqvdq1sf0cyki.exe -r 36766 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSstickmarch.net
Type: A
52.4.209.250
DNStablefruit.net
Type: A
52.4.209.250
DNSjumpcolor.net
Type: A
184.168.152.56
DNSlookfeel.net
Type: A
207.148.248.143
DNSfelthigh.net
Type: A
208.100.26.234
DNSthreehigh.net
Type: A
175.28.4.6
DNSthreecolor.net
Type: A
93.89.17.170
DNSthreeonly.net
Type: A
208.91.197.241
DNSlordonly.net
Type: A
64.71.40.23
DNSableguide.net
Type: A
195.22.26.254
DNSableguide.net
Type: A
195.22.26.231
DNSableguide.net
Type: A
195.22.26.252
DNSableguide.net
Type: A
195.22.26.253
DNSsongname.net
Type: A
162.244.253.65
DNSroomguide.net
Type: A
72.52.4.119
DNSsignguide.net
Type: A
184.168.221.28
DNSmightglossary.net
Type: A
DNSrequireneither.net
Type: A
DNSgentlefriend.net
Type: A
DNSglasshealth.net
Type: A
DNSnecessarydress.net
Type: A
DNSrememberpaint.net
Type: A
DNSlittleappear.net
Type: A
DNSthroughcountry.net
Type: A
DNSmoveonly.net
Type: A
DNSjumponly.net
Type: A
DNShillfeel.net
Type: A
DNSwhomfeel.net
Type: A
DNShillhigh.net
Type: A
DNSwhomhigh.net
Type: A
DNShillcolor.net
Type: A
DNSwhomcolor.net
Type: A
DNShillonly.net
Type: A
DNSwhomonly.net
Type: A
DNSfeltfeel.net
Type: A
DNSlookhigh.net
Type: A
DNSfeltcolor.net
Type: A
DNSlookcolor.net
Type: A
DNSfeltonly.net
Type: A
DNSlookonly.net
Type: A
DNSthreefeel.net
Type: A
DNSlordfeel.net
Type: A
DNSlordhigh.net
Type: A
DNSlordcolor.net
Type: A
DNSdrinkfeel.net
Type: A
DNSwifefeel.net
Type: A
DNSdrinkhigh.net
Type: A
DNSwifehigh.net
Type: A
DNSdrinkcolor.net
Type: A
DNSwifecolor.net
Type: A
DNSdrinkonly.net
Type: A
DNSwifeonly.net
Type: A
DNSknowhalf.net
Type: A
DNSablehalf.net
Type: A
DNSknowname.net
Type: A
DNSablename.net
Type: A
DNSknowguide.net
Type: A
DNSknowlate.net
Type: A
DNSablelate.net
Type: A
DNSpickhalf.net
Type: A
DNSsonghalf.net
Type: A
DNSpickname.net
Type: A
DNSpickguide.net
Type: A
DNSsongguide.net
Type: A
DNSpicklate.net
Type: A
DNSsonglate.net
Type: A
DNSroomhalf.net
Type: A
DNSsignhalf.net
Type: A
DNSroomname.net
Type: A
DNSsignname.net
Type: A
DNSroomlate.net
Type: A
DNSsignlate.net
Type: A
DNSmovehalf.net
Type: A
DNSjumphalf.net
Type: A
DNSmovename.net
Type: A
DNSjumpname.net
Type: A
DNSmoveguide.net
Type: A
DNSjumpguide.net
Type: A
DNSmovelate.net
Type: A
DNSjumplate.net
Type: A
DNShillhalf.net
Type: A
DNSwhomhalf.net
Type: A
DNShillname.net
Type: A
DNSwhomname.net
Type: A
DNShillguide.net
Type: A
DNSwhomguide.net
Type: A
DNShilllate.net
Type: A
DNSwhomlate.net
Type: A
DNSfelthalf.net
Type: A
DNSlookhalf.net
Type: A
DNSfeltname.net
Type: A
DNSlookname.net
Type: A
DNSfeltguide.net
Type: A
DNSlookguide.net
Type: A
DNSfeltlate.net
Type: A
DNSlooklate.net
Type: A
DNSthreehalf.net
Type: A
DNSlordhalf.net
Type: A
HTTP GEThttp://stickmarch.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://tablefruit.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://jumpcolor.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://lookfeel.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://felthigh.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://threehigh.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://threecolor.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://threeonly.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://lordonly.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://ableguide.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://songname.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://roomguide.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://signguide.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://stickmarch.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://tablefruit.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://jumpcolor.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://lookfeel.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://felthigh.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://threehigh.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://threecolor.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://threeonly.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://lordonly.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://ableguide.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://songname.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://roomguide.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
HTTP GEThttp://signguide.net/forum/search.php?method=validate&mode=sox&v=027&sox=3c305002
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 52.4.209.250:80
Flows TCP192.168.1.1:1037 ➝ 52.4.209.250:80
Flows TCP192.168.1.1:1038 ➝ 184.168.152.56:80
Flows TCP192.168.1.1:1039 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1040 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1041 ➝ 175.28.4.6:80
Flows TCP192.168.1.1:1042 ➝ 93.89.17.170:80
Flows TCP192.168.1.1:1043 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1045 ➝ 64.71.40.23:80
Flows TCP192.168.1.1:1046 ➝ 195.22.26.254:80
Flows TCP192.168.1.1:1047 ➝ 162.244.253.65:80
Flows TCP192.168.1.1:1048 ➝ 72.52.4.119:80
Flows TCP192.168.1.1:1049 ➝ 184.168.221.28:80
Flows TCP192.168.1.1:1050 ➝ 52.4.209.250:80
Flows TCP192.168.1.1:1051 ➝ 52.4.209.250:80
Flows TCP192.168.1.1:1052 ➝ 184.168.152.56:80
Flows TCP192.168.1.1:1053 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1054 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1055 ➝ 175.28.4.6:80
Flows TCP192.168.1.1:1056 ➝ 93.89.17.170:80
Flows TCP192.168.1.1:1057 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1058 ➝ 64.71.40.23:80
Flows TCP192.168.1.1:1059 ➝ 195.22.26.254:80
Flows TCP192.168.1.1:1060 ➝ 162.244.253.65:80
Flows TCP192.168.1.1:1061 ➝ 72.52.4.119:80
Flows TCP192.168.1.1:1062 ➝ 184.168.221.28:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206a75 6d70636f 6c6f722e 6e65740d   : jumpcolor.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 6f6b6665 656c2e6e 65740d0a   : lookfeel.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206665 6c746869 67682e6e 65740d0a   : felthigh.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 72656568 6967682e 6e65740d   : threehigh.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 72656563 6f6c6f72 2e6e6574   : threecolor.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 7265656f 6e6c792e 6e65740d   : threeonly.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 72646f6e 6c792e6e 65740d0a   : lordonly.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206162 6c656775 6964652e 6e65740d   : ableguide.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20736f 6e676e61 6d652e6e 65740d0a   : songname.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 6f6d6775 6964652e 6e65740d   : roomguide.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207369 676e6775 6964652e 6e65740d   : signguide.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206a75 6d70636f 6c6f722e 6e65740d   : jumpcolor.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 6f6b6665 656c2e6e 65740d0a   : lookfeel.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206665 6c746869 67682e6e 65740d0a   : felthigh.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 72656568 6967682e 6e65740d   : threehigh.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 72656563 6f6c6f72 2e6e6574   : threecolor.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 7265656f 6e6c792e 6e65740d   : threeonly.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 72646f6e 6c792e6e 65740d0a   : lordonly.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206162 6c656775 6964652e 6e65740d   : ableguide.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20736f 6e676e61 6d652e6e 65740d0a   : songname.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 6f6d6775 6964652e 6e65740d   : roomguide.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303237 26736f78 3d336333 30353030   =027&sox=3c30500
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207369 676e6775 6964652e 6e65740d   : signguide.net.
0x00000080 (00128)   0a0d0a0a                              ....


Strings