Analysis Date2015-09-17 09:26:51
MD5a599b829b1e783d83057ad3c81a817d8
SHA154b4990a67984dbfffd60fcd54f5a247fe608d2c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e4e186c9efa673d43ec54d685bb9447a sha1: e8bc35fbc974499f46aa52eb85aaf23fd0fe3a70 size: 795136
Section.rdata md5: 97fc0c3022744bf1f758fddac0a621c5 sha1: 2ac0104db47ef69b7874a95ba96bc7c5473a15e4 size: 59904
Section.data md5: 82eafca6bda52ad1e6a796d9551f581e sha1: 66c2256c39f03e0a69cce3f5256f2c806fd19805 size: 398336
Timestamp2014-10-29 23:58:16
PackerMicrosoft Visual C++ ?.?
PEhash48c13088c37ac3fe0eea45b40611ead5b1a0c9c4
IMPhashdfe83dc5a8e8eedd51f70ca170e92927
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)TR/Crypt.Xpack.14512
AVTwisterno_virus
AVAd-AwareGen:Variant.Symmi.22722
AVAlwil (avast)Downloader-TLD [Trj]
AVEset (nod32)Win32/Kryptik.CCLE
AVGrisoft (avg)Win32/Cryptor
AVSymantecDownloader.Upatre!g15
AVFortinetW32/Kryptik.DDQD!tr
AVBitDefenderGen:Variant.Symmi.22722
AVK7Trojan ( 004cd0081 )
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.AE
AVMicroWorld (escan)Gen:Variant.Symmi.22722
AVMalwareBytesno_virus
AVAuthentiumW32/Nivdort.A.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Crypt3
AVEmsisoftGen:Variant.Symmi.22722
AVZillya!Trojan.Kryptik.Win32.777057
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTROJ_WONTON.SMJ1
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Symmi.22722
AVArcabit (arcavir)Gen:Variant.Symmi.22722
AVClamAVno_virus
AVDr. WebTrojan.DownLoader11.61967
AVF-SecureGen:Variant.Symmi.22722
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\fncy4y1lydvltw6ecae.exe
Creates FileC:\WINDOWS\system32\vipagashcugul\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\fncy4y1lydvltw6ecae.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\fncy4y1lydvltw6ecae.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Interactive Shell Discovery UserMode UPnP ➝
C:\WINDOWS\system32\pkaplnprsbsz.exe
Creates FileC:\WINDOWS\system32\pkaplnprsbsz.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\vipagashcugul\tst
Creates FileC:\WINDOWS\system32\vipagashcugul\etc
Creates FileC:\WINDOWS\system32\vipagashcugul\lck
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\pkaplnprsbsz.exe
Creates ServiceVolume Drive WebClient Thread - C:\WINDOWS\system32\pkaplnprsbsz.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 856

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates Filepipe\PCHFaultRepExecPipe

Process
↳ Pid 1116

Process
↳ Pid 1212

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1872

Process
↳ Pid 1192

Process
↳ C:\WINDOWS\system32\pkaplnprsbsz.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\vipagashcugul\lck
Creates FileC:\WINDOWS\system32\vipagashcugul\rng
Creates FileC:\WINDOWS\system32\joiikxvujea.exe
Creates FileC:\WINDOWS\system32\vipagashcugul\tst
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\TEMP\fncy4y1t0pvlt.exe
Creates FileC:\WINDOWS\system32\vipagashcugul\run
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\vipagashcugul\cfg
Creates ProcessWATCHDOGPROC "c:\windows\system32\pkaplnprsbsz.exe"
Creates ProcessC:\WINDOWS\TEMP\fncy4y1t0pvlt.exe -r 29810 tcp

Process
↳ C:\WINDOWS\system32\pkaplnprsbsz.exe

Creates FileC:\WINDOWS\system32\vipagashcugul\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\pkaplnprsbsz.exe"

Creates FileC:\WINDOWS\system32\vipagashcugul\tst

Process
↳ C:\WINDOWS\TEMP\fncy4y1t0pvlt.exe -r 29810 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSsaltsecond.net
Type: A
74.220.199.6
DNSwifefruit.net
Type: A
208.91.197.241
DNSpickgrave.net
Type: A
208.91.197.241
DNSroomstock.net
Type: A
208.91.197.241
DNSwatcheasy.net
Type: A
208.91.197.241
DNSuponmail.net
Type: A
208.91.197.241
DNStakenhand.net
Type: A
208.91.197.241
DNSdeepedge.net
Type: A
46.30.211.32
DNSlongstudy.net
Type: A
223.4.7.89
DNSballuncle.net
Type: A
195.22.26.252
DNSballuncle.net
Type: A
195.22.26.253
DNSballuncle.net
Type: A
195.22.26.254
DNSballuncle.net
Type: A
195.22.26.231
DNSlifestudy.com
Type: A
66.252.139.75
DNSenemyloss.net
Type: A
95.211.230.75
DNSlifeloss.net
Type: A
64.99.80.30
DNSmouthonce.net
Type: A
98.139.135.129
DNSfridaystudy.net
Type: A
74.220.215.214
DNSsouthblood.net
Type: A
DNSableread.net
Type: A
DNSdeepapril.net
Type: A
DNSshallarmy.net
Type: A
DNSdeeparmy.net
Type: A
DNSshalledge.net
Type: A
DNSpushgray.net
Type: A
DNSfridaygray.net
Type: A
DNSpushapril.net
Type: A
DNSfridayapril.net
Type: A
DNSpusharmy.net
Type: A
DNSfridayarmy.net
Type: A
DNSpushedge.net
Type: A
DNSfridayedge.net
Type: A
DNSalonggray.net
Type: A
DNSdecembergray.net
Type: A
DNSalongapril.net
Type: A
DNSdecemberapril.net
Type: A
DNSalongarmy.net
Type: A
DNSdecemberarmy.net
Type: A
DNSalongedge.net
Type: A
DNSdecemberedge.net
Type: A
DNSlonguncle.net
Type: A
DNSsoiluncle.net
Type: A
DNSsoilstudy.net
Type: A
DNSlongloss.net
Type: A
DNSsoilloss.net
Type: A
DNSlongonce.net
Type: A
DNSsoilonce.net
Type: A
DNSwheeluncle.net
Type: A
DNSsaiduncle.net
Type: A
DNSwheelstudy.net
Type: A
DNSsaidstudy.net
Type: A
DNSwheelloss.net
Type: A
DNSsaidloss.net
Type: A
DNSwheelonce.net
Type: A
DNSsaidonce.net
Type: A
DNSstickuncle.net
Type: A
DNSstickstudy.net
Type: A
DNSballstudy.net
Type: A
DNSstickloss.net
Type: A
DNSballloss.net
Type: A
DNSstickonce.net
Type: A
DNSballonce.net
Type: A
DNSenemyuncle.net
Type: A
DNSlifeuncle.net
Type: A
DNSenemystudy.net
Type: A
DNSlifestudy.net
Type: A
DNSenemyonce.net
Type: A
DNSlifeonce.net
Type: A
DNSmouthuncle.net
Type: A
DNStilluncle.net
Type: A
DNSmouthstudy.net
Type: A
DNStillstudy.net
Type: A
DNSmouthloss.net
Type: A
DNStillloss.net
Type: A
DNStillonce.net
Type: A
DNSshalluncle.net
Type: A
DNSdeepuncle.net
Type: A
DNSshallstudy.net
Type: A
DNSdeepstudy.net
Type: A
DNSshallloss.net
Type: A
DNSdeeploss.net
Type: A
DNSshallonce.net
Type: A
DNSdeeponce.net
Type: A
DNSpushuncle.net
Type: A
DNSfridayuncle.net
Type: A
DNSpushstudy.net
Type: A
DNSpushloss.net
Type: A
DNSfridayloss.net
Type: A
DNSpushonce.net
Type: A
DNSfridayonce.net
Type: A
DNSalonguncle.net
Type: A
DNSdecemberuncle.net
Type: A
DNSalongstudy.net
Type: A
DNSdecemberstudy.net
Type: A
DNSalongloss.net
Type: A
DNSdecemberloss.net
Type: A
DNSalongonce.net
Type: A
DNSdecemberonce.net
Type: A
DNSlongfree.net
Type: A
HTTP GEThttp://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://deepedge.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://longstudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://balluncle.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://lifestudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://enemyloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://lifeloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://mouthonce.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://fridaystudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://deepedge.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://longstudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://balluncle.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://lifestudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://enemyloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://lifeloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://mouthonce.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
HTTP GEThttp://fridaystudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 74.220.199.6:80
Flows TCP192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1043 ➝ 46.30.211.32:80
Flows TCP192.168.1.1:1044 ➝ 223.4.7.89:80
Flows TCP192.168.1.1:1045 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1046 ➝ 66.252.139.75:80
Flows TCP192.168.1.1:1047 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1048 ➝ 64.99.80.30:80
Flows TCP192.168.1.1:1050 ➝ 98.139.135.129:80
Flows TCP192.168.1.1:1051 ➝ 74.220.215.214:80
Flows TCP192.168.1.1:1052 ➝ 74.220.199.6:80
Flows TCP192.168.1.1:1053 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1054 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1055 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1056 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1057 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1058 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1059 ➝ 46.30.211.32:80
Flows TCP192.168.1.1:1060 ➝ 223.4.7.89:80
Flows TCP192.168.1.1:1061 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1062 ➝ 66.252.139.75:80
Flows TCP192.168.1.1:1063 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1064 ➝ 64.99.80.30:80
Flows TCP192.168.1.1:1065 ➝ 98.139.135.129:80
Flows TCP192.168.1.1:1066 ➝ 74.220.215.214:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207361 6c747365 636f6e64 2e6e6574   : saltsecond.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 66656672 7569742e 6e65740d   : wifefruit.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207069 636b6772 6176652e 6e65740d   : pickgrave.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 6f6d7374 6f636b2e 6e65740d   : roomstock.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636865 6173792e 6e65740d   : watcheasy.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207570 6f6e6d61 696c2e6e 65740d0a   : uponmail.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b656e68 616e642e 6e65740d   : takenhand.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706564 67652e6e 65740d0a   : deepedge.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 6e677374 7564792e 6e65740d   : longstudy.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c756e 636c652e 6e65740d   : balluncle.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66657374 7564792e 6e65740d   : lifestudy.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20656e 656d796c 6f73732e 6e65740d   : enemyloss.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66656c6f 73732e6e 65740d0a   : lifeloss.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 7574686f 6e63652e 6e65740d   : mouthonce.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 69646179 73747564 792e6e65   : fridaystudy.ne
0x00000080 (00128)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207361 6c747365 636f6e64 2e6e6574   : saltsecond.net
0x00000080 (00128)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 66656672 7569742e 6e65740d   : wifefruit.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207069 636b6772 6176652e 6e65740d   : pickgrave.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 6f6d7374 6f636b2e 6e65740d   : roomstock.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636865 6173792e 6e65740d   : watcheasy.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207570 6f6e6d61 696c2e6e 65740d0a   : uponmail.net..
0x00000080 (00128)   0d0a0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b656e68 616e642e 6e65740d   : takenhand.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706564 67652e6e 65740d0a   : deepedge.net..
0x00000080 (00128)   0d0a0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 6e677374 7564792e 6e65740d   : longstudy.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c756e 636c652e 6e65740d   : balluncle.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66657374 7564792e 6e65740d   : lifestudy.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20656e 656d796c 6f73732e 6e65740d   : enemyloss.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66656c6f 73732e6e 65740d0a   : lifeloss.net..
0x00000080 (00128)   0d0a0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 7574686f 6e63652e 6e65740d   : mouthonce.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 69646179 73747564 792e6e65   : fridaystudy.ne
0x00000080 (00128)   740d0a0d 0a                           t....


Strings