Analysis Date2015-07-29 04:35:08
MD59abc6930e6e97d3b2bb78ed0153dad26
SHA132d897a5892719c9e1793bd03c8d26bba93edb47

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4635fad38c99c33de8b63cc88be6aa4b sha1: 2d05ad2714cc60b7b583af2d41cf18f9f918d30e size: 802304
Section.rdata md5: 47294a493a3232d91164a52585df9c1c sha1: a1229b56b3573ff54310a6b1a720f29c866da2de size: 60416
Section.data md5: 1e021b1e8666d1f11ab25a9bae0b7992 sha1: ea8e4d30eb536490ab6b5cdac7e9dd6854dbbe7c size: 420864
Timestamp2014-10-30 00:07:28
PackerMicrosoft Visual C++ ?.?
PEhash9ef269f35a4b776589baee6305df5aeb6de3b434
IMPhash7dd74a0eb689f8f4aca2d4dda8395d3c
AVMcafeeno_virus
AVVirusBlokAda (vba32)no_virus
AVDr. Webno_virus
AVBitDefenderGen:Variant.Symmi.22722
AVKasperskyTrojan.Win32.Generic
AVAvira (antivir)TR/Crypt.ZPACK.90764
AVClamAVno_virus
AVBullGuardGen:Variant.Symmi.22722
AVFrisk (f-prot)no_virus
AVMicroWorld (escan)Gen:Variant.Symmi.22722
AVSymantecDownloader.Upatre!g15
AVF-SecureGen:Variant.Symmi.22722
AVK7Trojan ( 0049a7ec1 )
AVAuthentiumW32/Nivdort.A.gen!Eldorado
AVMalwareBytesno_virus
AVFortinetW32/Kryptik.DDQD!tr
AVCAT (quickheal)Trojan.Generic.g3
AVEset (nod32)Win32/Kryptik.CCLE
AVZillya!no_virus
AVEmsisoftGen:Variant.Symmi.22722
AVIkarusTrojan.Win32.Crypt
AVAd-AwareGen:Variant.Symmi.22722
AVAlwil (avast)Downloader-TLD [Trj]
AVTwisterno_virus
AVArcabit (arcavir)Gen:Variant.Symmi.22722
AVCA (E-Trust Ino)no_virus
AVPadvishno_virus
AVRisingno_virus
AVTrend MicroTROJ_WONTON.SMJ1
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.AE
AVGrisoft (avg)Win32/Cryptor

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\oihybkub1lydrpsrprlefc.exe
Creates FileC:\WINDOWS\system32\tahrovfgecb\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\oihybkub1lydrpsrprlefc.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\oihybkub1lydrpsrprlefc.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VC Networking CardSpace Tracking Internet ➝
C:\WINDOWS\system32\uspazoor.exe
Creates FileC:\WINDOWS\system32\uspazoor.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\tahrovfgecb\lck
Creates FileC:\WINDOWS\system32\tahrovfgecb\tst
Creates FileC:\WINDOWS\system32\tahrovfgecb\etc
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\uspazoor.exe
Creates ServiceSecondary Fax Logs Information RPC - C:\WINDOWS\system32\uspazoor.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1872

Process
↳ Pid 1176

Process
↳ C:\WINDOWS\system32\uspazoor.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\drhpqpb.exe
Creates FileC:\WINDOWS\system32\tahrovfgecb\lck
Creates FileC:\WINDOWS\TEMP\oihybkub1sqqrpsr.exe
Creates FileC:\WINDOWS\system32\tahrovfgecb\cfg
Creates FileC:\WINDOWS\system32\tahrovfgecb\rng
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\tahrovfgecb\tst
Creates FileC:\WINDOWS\system32\tahrovfgecb\run
Creates File\Device\Afd\Endpoint
Creates ProcessC:\WINDOWS\TEMP\oihybkub1sqqrpsr.exe -r 21757 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\uspazoor.exe"

Process
↳ C:\WINDOWS\system32\uspazoor.exe

Creates FileC:\WINDOWS\system32\tahrovfgecb\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\uspazoor.exe"

Creates FileC:\WINDOWS\system32\tahrovfgecb\tst

Process
↳ C:\WINDOWS\TEMP\oihybkub1sqqrpsr.exe -r 21757 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSsaltsecond.net
Type: A
74.220.199.6
DNSwifefruit.net
Type: A
208.91.197.241
DNSpickgrave.net
Type: A
208.91.197.241
DNSroomstock.net
Type: A
208.91.197.241
DNSwatcheasy.net
Type: A
208.91.197.241
DNSuponmail.net
Type: A
208.91.197.241
DNStakenhand.net
Type: A
208.91.197.241
DNSstickmarch.net
Type: A
69.195.129.70
DNSballmarch.net
Type: A
95.211.230.75
DNSlifepure.net
Type: A
97.74.47.213
DNSlifedish.net
Type: A
203.189.109.129
DNSdeepdish.net
Type: A
103.224.182.248
DNSlifecount.net
Type: A
50.63.202.59
DNSmouthcount.net
Type: A
95.211.230.75
DNSroomstock.net
Type: A
208.91.197.241
DNSwatcheasy.net
Type: A
208.91.197.241
DNSuponmail.net
Type: A
208.91.197.241
DNStakenhand.net
Type: A
208.91.197.241
DNSsouthblood.net
Type: A
DNSableread.net
Type: A
DNSstickdish.net
Type: A
DNSballdish.net
Type: A
DNSstickjuly.net
Type: A
DNSballjuly.net
Type: A
DNSenemypure.net
Type: A
DNSenemymarch.net
Type: A
DNSlifemarch.net
Type: A
DNSenemydish.net
Type: A
DNSenemyjuly.net
Type: A
DNSlifejuly.net
Type: A
DNSmouthpure.net
Type: A
DNStillpure.net
Type: A
DNSmouthmarch.net
Type: A
DNStillmarch.net
Type: A
DNSmouthdish.net
Type: A
DNStilldish.net
Type: A
DNSmouthjuly.net
Type: A
DNStilljuly.net
Type: A
DNSshallpure.net
Type: A
DNSdeeppure.net
Type: A
DNSshallmarch.net
Type: A
DNSdeepmarch.net
Type: A
DNSshalldish.net
Type: A
DNSshalljuly.net
Type: A
DNSdeepjuly.net
Type: A
DNSpushpure.net
Type: A
DNSfridaypure.net
Type: A
DNSpushmarch.net
Type: A
DNSfridaymarch.net
Type: A
DNSpushdish.net
Type: A
DNSfridaydish.net
Type: A
DNSpushjuly.net
Type: A
DNSfridayjuly.net
Type: A
DNSalongpure.net
Type: A
DNSdecemberpure.net
Type: A
DNSalongmarch.net
Type: A
DNSdecembermarch.net
Type: A
DNSalongdish.net
Type: A
DNSdecemberdish.net
Type: A
DNSalongjuly.net
Type: A
DNSdecemberjuly.net
Type: A
DNSlongcompe.net
Type: A
DNSsoilcompe.net
Type: A
DNSlonghour.net
Type: A
DNSsoilhour.net
Type: A
DNSlongfell.net
Type: A
DNSsoilfell.net
Type: A
DNSlongcount.net
Type: A
DNSsoilcount.net
Type: A
DNSwheelcompe.net
Type: A
DNSsaidcompe.net
Type: A
DNSwheelhour.net
Type: A
DNSsaidhour.net
Type: A
DNSwheelfell.net
Type: A
DNSsaidfell.net
Type: A
DNSwheelcount.net
Type: A
DNSsaidcount.net
Type: A
DNSstickcompe.net
Type: A
DNSballcompe.net
Type: A
DNSstickhour.net
Type: A
DNSballhour.net
Type: A
DNSstickfell.net
Type: A
DNSballfell.net
Type: A
DNSstickcount.net
Type: A
DNSballcount.net
Type: A
DNSenemycompe.net
Type: A
DNSlifecompe.net
Type: A
DNSenemyhour.net
Type: A
DNSlifehour.net
Type: A
DNSenemyfell.net
Type: A
DNSlifefell.net
Type: A
DNSenemycount.net
Type: A
DNSmouthcompe.net
Type: A
DNStillcompe.net
Type: A
DNSmouthhour.net
Type: A
DNStillhour.net
Type: A
DNSmouthfell.net
Type: A
DNStillfell.net
Type: A
HTTP GEThttp://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://stickmarch.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://ballmarch.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://lifepure.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://lifedish.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://deepdish.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://lifecount.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://mouthcount.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://stickmarch.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://ballmarch.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://lifepure.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://lifedish.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://deepdish.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://lifecount.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
HTTP GEThttp://mouthcount.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 74.220.199.6:80
Flows TCP192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1043 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1044 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1045 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1046 ➝ 97.74.47.213:80
Flows TCP192.168.1.1:1047 ➝ 203.189.109.129:80
Flows TCP192.168.1.1:1048 ➝ 103.224.182.248:80
Flows TCP192.168.1.1:1049 ➝ 50.63.202.59:80
Flows TCP192.168.1.1:1050 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1051 ➝ 74.220.199.6:80
Flows TCP192.168.1.1:1052 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1053 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1054 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1055 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1056 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1057 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1058 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1059 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1060 ➝ 97.74.47.213:80
Flows TCP192.168.1.1:1061 ➝ 203.189.109.129:80
Flows TCP192.168.1.1:1062 ➝ 103.224.182.248:80
Flows TCP192.168.1.1:1063 ➝ 50.63.202.59:80
Flows TCP192.168.1.1:1064 ➝ 95.211.230.75:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207361 6c747365 636f6e64 2e6e6574   : saltsecond.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 66656672 7569742e 6e65740d   : wifefruit.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207069 636b6772 6176652e 6e65740d   : pickgrave.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 6f6d7374 6f636b2e 6e65740d   : roomstock.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636865 6173792e 6e65740d   : watcheasy.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207570 6f6e6d61 696c2e6e 65740d0a   : uponmail.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b656e68 616e642e 6e65740d   : takenhand.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c6d61 7263682e 6e65740d   : ballmarch.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66657075 72652e6e 65740d0a   : lifepure.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66656469 73682e6e 65740d0a   : lifedish.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706469 73682e6e 65740d0a   : deepdish.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 6665636f 756e742e 6e65740d   : lifecount.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 75746863 6f756e74 2e6e6574   : mouthcount.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207361 6c747365 636f6e64 2e6e6574   : saltsecond.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 66656672 7569742e 6e65740d   : wifefruit.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207069 636b6772 6176652e 6e65740d   : pickgrave.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 6f6d7374 6f636b2e 6e65740d   : roomstock.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636865 6173792e 6e65740d   : watcheasy.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207570 6f6e6d61 696c2e6e 65740d0a   : uponmail.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b656e68 616e642e 6e65740d   : takenhand.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c6d61 7263682e 6e65740d   : ballmarch.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66657075 72652e6e 65740d0a   : lifepure.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66656469 73682e6e 65740d0a   : lifedish.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706469 73682e6e 65740d0a   : deepdish.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 6665636f 756e742e 6e65740d   : lifecount.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 75746863 6f756e74 2e6e6574   : mouthcount.net
0x00000080 (00128)   0d0a0d0a                              ....


Strings