Analysis | #totalhash

Analysis Date	2015-07-29 04:35:08
MD5	9abc6930e6e97d3b2bb78ed0153dad26
SHA1	32d897a5892719c9e1793bd03c8d26bba93edb47

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 4635fad38c99c33de8b63cc88be6aa4b sha1: 2d05ad2714cc60b7b583af2d41cf18f9f918d30e size: 802304
Section	.rdata md5: 47294a493a3232d91164a52585df9c1c sha1: a1229b56b3573ff54310a6b1a720f29c866da2de size: 60416
Section	.data md5: 1e021b1e8666d1f11ab25a9bae0b7992 sha1: ea8e4d30eb536490ab6b5cdac7e9dd6854dbbe7c size: 420864
Timestamp	2014-10-30 00:07:28
Packer	Microsoft Visual C++ ?.?
PEhash	9ef269f35a4b776589baee6305df5aeb6de3b434
IMPhash	7dd74a0eb689f8f4aca2d4dda8395d3c
AV	Mcafee	no_virus
AV	VirusBlokAda (vba32)	no_virus
AV	Dr. Web	no_virus
AV	BitDefender	Gen:Variant.Symmi.22722
AV	Kaspersky	Trojan.Win32.Generic
AV	Avira (antivir)	TR/Crypt.ZPACK.90764
AV	ClamAV	no_virus
AV	BullGuard	Gen:Variant.Symmi.22722
AV	Frisk (f-prot)	no_virus
AV	MicroWorld (escan)	Gen:Variant.Symmi.22722
AV	Symantec	Downloader.Upatre!g15
AV	F-Secure	Gen:Variant.Symmi.22722
AV	K7	Trojan ( 0049a7ec1 )
AV	Authentium	W32/Nivdort.A.gen!Eldorado
AV	MalwareBytes	no_virus
AV	Fortinet	W32/Kryptik.DDQD!tr
AV	CAT (quickheal)	Trojan.Generic.g3
AV	Eset (nod32)	Win32/Kryptik.CCLE
AV	Zillya!	no_virus
AV	Emsisoft	Gen:Variant.Symmi.22722
AV	Ikarus	Trojan.Win32.Crypt
AV	Ad-Aware	Gen:Variant.Symmi.22722
AV	Alwil (avast)	Downloader-TLD [Trj]
AV	Twister	no_virus
AV	Arcabit (arcavir)	Gen:Variant.Symmi.22722
AV	CA (E-Trust Ino)	no_virus
AV	Padvish	no_virus
AV	Rising	no_virus
AV	Trend Micro	TROJ_WONTON.SMJ1
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort.AE
AV	Grisoft (avg)	Win32/Cryptor

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\oihybkub1lydrpsrprlefc.exe
Creates File	C:\WINDOWS\system32\tahrovfgecb\tst
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\oihybkub1lydrpsrprlefc.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\oihybkub1lydrpsrprlefc.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VC Networking CardSpace Tracking Internet ➝ C:\WINDOWS\system32\uspazoor.exe
Creates File	C:\WINDOWS\system32\uspazoor.exe
Creates File	C:\WINDOWS\system32\drivers\etc\hosts
Creates File	C:\WINDOWS\system32\tahrovfgecb\lck
Creates File	C:\WINDOWS\system32\tahrovfgecb\tst
Creates File	C:\WINDOWS\system32\tahrovfgecb\etc
Deletes File	C:\WINDOWS\system32\\drivers\etc\hosts
Creates Process	C:\WINDOWS\system32\uspazoor.exe
Creates Service	Secondary Fax Logs Information RPC - C:\WINDOWS\system32\uspazoor.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝ NULL
Creates File	PIPE\lsarpc
Creates File	C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates File	C:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7
Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1872

Process
↳ Pid 1176

Process
↳ C:\WINDOWS\system32\uspazoor.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1
Creates File	C:\WINDOWS\system32\drhpqpb.exe
Creates File	C:\WINDOWS\system32\tahrovfgecb\lck
Creates File	C:\WINDOWS\TEMP\oihybkub1sqqrpsr.exe
Creates File	C:\WINDOWS\system32\tahrovfgecb\cfg
Creates File	C:\WINDOWS\system32\tahrovfgecb\rng
Creates File	pipe\net\NtControlPipe10
Creates File	C:\WINDOWS\system32\tahrovfgecb\tst
Creates File	C:\WINDOWS\system32\tahrovfgecb\run
Creates File	\Device\Afd\Endpoint
Creates Process	C:\WINDOWS\TEMP\oihybkub1sqqrpsr.exe -r 21757 tcp
Creates Process	WATCHDOGPROC "c:\windows\system32\uspazoor.exe"

Process
↳ C:\WINDOWS\system32\uspazoor.exe

Creates File	C:\WINDOWS\system32\tahrovfgecb\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\uspazoor.exe"

Creates File	C:\WINDOWS\system32\tahrovfgecb\tst

Process
↳ C:\WINDOWS\TEMP\oihybkub1sqqrpsr.exe -r 21757 tcp

Creates File	\Device\Afd\Endpoint
Winsock DNS	239.255.255.250

Network Details:

DNS	saltsecond.net Type: A 74.220.199.6
DNS	wifefruit.net Type: A 208.91.197.241
DNS	pickgrave.net Type: A 208.91.197.241
DNS	roomstock.net Type: A 208.91.197.241
DNS	watcheasy.net Type: A 208.91.197.241
DNS	uponmail.net Type: A 208.91.197.241
DNS	takenhand.net Type: A 208.91.197.241
DNS	stickmarch.net Type: A 69.195.129.70
DNS	ballmarch.net Type: A 95.211.230.75
DNS	lifepure.net Type: A 97.74.47.213
DNS	lifedish.net Type: A 203.189.109.129
DNS	deepdish.net Type: A 103.224.182.248
DNS	lifecount.net Type: A 50.63.202.59
DNS	mouthcount.net Type: A 95.211.230.75
DNS	roomstock.net Type: A 208.91.197.241
DNS	watcheasy.net Type: A 208.91.197.241
DNS	uponmail.net Type: A 208.91.197.241
DNS	takenhand.net Type: A 208.91.197.241
DNS	southblood.net Type: A
DNS	ableread.net Type: A
DNS	stickdish.net Type: A
DNS	balldish.net Type: A
DNS	stickjuly.net Type: A
DNS	balljuly.net Type: A
DNS	enemypure.net Type: A
DNS	enemymarch.net Type: A
DNS	lifemarch.net Type: A
DNS	enemydish.net Type: A
DNS	enemyjuly.net Type: A
DNS	lifejuly.net Type: A
DNS	mouthpure.net Type: A
DNS	tillpure.net Type: A
DNS	mouthmarch.net Type: A
DNS	tillmarch.net Type: A
DNS	mouthdish.net Type: A
DNS	tilldish.net Type: A
DNS	mouthjuly.net Type: A
DNS	tilljuly.net Type: A
DNS	shallpure.net Type: A
DNS	deeppure.net Type: A
DNS	shallmarch.net Type: A
DNS	deepmarch.net Type: A
DNS	shalldish.net Type: A
DNS	shalljuly.net Type: A
DNS	deepjuly.net Type: A
DNS	pushpure.net Type: A
DNS	fridaypure.net Type: A
DNS	pushmarch.net Type: A
DNS	fridaymarch.net Type: A
DNS	pushdish.net Type: A
DNS	fridaydish.net Type: A
DNS	pushjuly.net Type: A
DNS	fridayjuly.net Type: A
DNS	alongpure.net Type: A
DNS	decemberpure.net Type: A
DNS	alongmarch.net Type: A
DNS	decembermarch.net Type: A
DNS	alongdish.net Type: A
DNS	decemberdish.net Type: A
DNS	alongjuly.net Type: A
DNS	decemberjuly.net Type: A
DNS	longcompe.net Type: A
DNS	soilcompe.net Type: A
DNS	longhour.net Type: A
DNS	soilhour.net Type: A
DNS	longfell.net Type: A
DNS	soilfell.net Type: A
DNS	longcount.net Type: A
DNS	soilcount.net Type: A
DNS	wheelcompe.net Type: A
DNS	saidcompe.net Type: A
DNS	wheelhour.net Type: A
DNS	saidhour.net Type: A
DNS	wheelfell.net Type: A
DNS	saidfell.net Type: A
DNS	wheelcount.net Type: A
DNS	saidcount.net Type: A
DNS	stickcompe.net Type: A
DNS	ballcompe.net Type: A
DNS	stickhour.net Type: A
DNS	ballhour.net Type: A
DNS	stickfell.net Type: A
DNS	ballfell.net Type: A
DNS	stickcount.net Type: A
DNS	ballcount.net Type: A
DNS	enemycompe.net Type: A
DNS	lifecompe.net Type: A
DNS	enemyhour.net Type: A
DNS	lifehour.net Type: A
DNS	enemyfell.net Type: A
DNS	lifefell.net Type: A
DNS	enemycount.net Type: A
DNS	mouthcompe.net Type: A
DNS	tillcompe.net Type: A
DNS	mouthhour.net Type: A
DNS	tillhour.net Type: A
DNS	mouthfell.net Type: A
DNS	tillfell.net Type: A
HTTP GET	http://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://stickmarch.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://ballmarch.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://lifepure.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://lifedish.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://deepdish.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://lifecount.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://mouthcount.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://stickmarch.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://ballmarch.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://lifepure.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://lifedish.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://deepdish.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://lifecount.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
HTTP GET	http://mouthcount.net/index.php?method=validate&mode=sox&v=033&sox=4764ee03&lenhdr User-Agent:
Flows TCP	192.168.1.1:1036 ➝ 74.220.199.6:80
Flows TCP	192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1043 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1044 ➝ 69.195.129.70:80
Flows TCP	192.168.1.1:1045 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1046 ➝ 97.74.47.213:80
Flows TCP	192.168.1.1:1047 ➝ 203.189.109.129:80
Flows TCP	192.168.1.1:1048 ➝ 103.224.182.248:80
Flows TCP	192.168.1.1:1049 ➝ 50.63.202.59:80
Flows TCP	192.168.1.1:1050 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1051 ➝ 74.220.199.6:80
Flows TCP	192.168.1.1:1052 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1053 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1054 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1055 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1056 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1057 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1058 ➝ 69.195.129.70:80
Flows TCP	192.168.1.1:1059 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1060 ➝ 97.74.47.213:80
Flows TCP	192.168.1.1:1061 ➝ 203.189.109.129:80
Flows TCP	192.168.1.1:1062 ➝ 103.224.182.248:80
Flows TCP	192.168.1.1:1063 ➝ 50.63.202.59:80
Flows TCP	192.168.1.1:1064 ➝ 95.211.230.75:80

Raw Pcap

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207361 6c747365 636f6e64 2e6e6574   : saltsecond.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 66656672 7569742e 6e65740d   : wifefruit.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207069 636b6772 6176652e 6e65740d   : pickgrave.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 6f6d7374 6f636b2e 6e65740d   : roomstock.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636865 6173792e 6e65740d   : watcheasy.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207570 6f6e6d61 696c2e6e 65740d0a   : uponmail.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b656e68 616e642e 6e65740d   : takenhand.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c6d61 7263682e 6e65740d   : ballmarch.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66657075 72652e6e 65740d0a   : lifepure.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66656469 73682e6e 65740d0a   : lifedish.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706469 73682e6e 65740d0a   : deepdish.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 6665636f 756e742e 6e65740d   : lifecount.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 75746863 6f756e74 2e6e6574   : mouthcount.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207361 6c747365 636f6e64 2e6e6574   : saltsecond.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 66656672 7569742e 6e65740d   : wifefruit.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207069 636b6772 6176652e 6e65740d   : pickgrave.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 6f6d7374 6f636b2e 6e65740d   : roomstock.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636865 6173792e 6e65740d   : watcheasy.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207570 6f6e6d61 696c2e6e 65740d0a   : uponmail.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b656e68 616e642e 6e65740d   : takenhand.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c6d61 7263682e 6e65740d   : ballmarch.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66657075 72652e6e 65740d0a   : lifepure.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66656469 73682e6e 65740d0a   : lifedish.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706469 73682e6e 65740d0a   : deepdish.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 6665636f 756e742e 6e65740d   : lifecount.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3437 36346565 3033266c 656e6864   x=4764ee03&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 75746863 6f756e74 2e6e6574   : mouthcount.net
0x00000080 (00128)   0d0a0d0a                              ....

Strings