Analysis Date | 2015-09-17 09:26:51 |
---|---|
MD5 | a599b829b1e783d83057ad3c81a817d8 |
SHA1 | 54b4990a67984dbfffd60fcd54f5a247fe608d2c |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: e4e186c9efa673d43ec54d685bb9447a sha1: e8bc35fbc974499f46aa52eb85aaf23fd0fe3a70 size: 795136 | |
Section | .rdata md5: 97fc0c3022744bf1f758fddac0a621c5 sha1: 2ac0104db47ef69b7874a95ba96bc7c5473a15e4 size: 59904 | |
Section | .data md5: 82eafca6bda52ad1e6a796d9551f581e sha1: 66c2256c39f03e0a69cce3f5256f2c806fd19805 size: 398336 | |
Timestamp | 2014-10-29 23:58:16 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | 48c13088c37ac3fe0eea45b40611ead5b1a0c9c4 | |
IMPhash | dfe83dc5a8e8eedd51f70ca170e92927 | |
AV | Rising | no_virus |
AV | Mcafee | no_virus |
AV | Avira (antivir) | TR/Crypt.Xpack.14512 |
AV | Twister | no_virus |
AV | Ad-Aware | Gen:Variant.Symmi.22722 |
AV | Alwil (avast) | Downloader-TLD [Trj] |
AV | Eset (nod32) | Win32/Kryptik.CCLE |
AV | Grisoft (avg) | Win32/Cryptor |
AV | Symantec | Downloader.Upatre!g15 |
AV | Fortinet | W32/Kryptik.DDQD!tr |
AV | BitDefender | Gen:Variant.Symmi.22722 |
AV | K7 | Trojan ( 004cd0081 ) |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.AE |
AV | MicroWorld (escan) | Gen:Variant.Symmi.22722 |
AV | MalwareBytes | no_virus |
AV | Authentium | W32/Nivdort.A.gen!Eldorado |
AV | Frisk (f-prot) | no_virus |
AV | Ikarus | Trojan.Crypt3 |
AV | Emsisoft | Gen:Variant.Symmi.22722 |
AV | Zillya! | Trojan.Kryptik.Win32.777057 |
AV | Kaspersky | Trojan.Win32.Generic |
AV | Trend Micro | TROJ_WONTON.SMJ1 |
AV | CAT (quickheal) | no_virus |
AV | VirusBlokAda (vba32) | no_virus |
AV | Padvish | no_virus |
AV | BullGuard | Gen:Variant.Symmi.22722 |
AV | Arcabit (arcavir) | Gen:Variant.Symmi.22722 |
AV | ClamAV | no_virus |
AV | Dr. Web | Trojan.DownLoader11.61967 |
AV | F-Secure | Gen:Variant.Symmi.22722 |
AV | CA (E-Trust Ino) | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\fncy4y1lydvltw6ecae.exe |
---|---|
Creates File | C:\WINDOWS\system32\vipagashcugul\tst |
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\fncy4y1lydvltw6ecae.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\fncy4y1lydvltw6ecae.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Interactive Shell Discovery UserMode UPnP ➝ C:\WINDOWS\system32\pkaplnprsbsz.exe |
---|---|
Creates File | C:\WINDOWS\system32\pkaplnprsbsz.exe |
Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
Creates File | C:\WINDOWS\system32\vipagashcugul\tst |
Creates File | C:\WINDOWS\system32\vipagashcugul\etc |
Creates File | C:\WINDOWS\system32\vipagashcugul\lck |
Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
Creates Process | C:\WINDOWS\system32\pkaplnprsbsz.exe |
Creates Service | Volume Drive WebClient Thread - C:\WINDOWS\system32\pkaplnprsbsz.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 856
Process
↳ C:\WINDOWS\System32\svchost.exe
Creates File | pipe\PCHFaultRepExecPipe |
---|
Process
↳ Pid 1116
Process
↳ Pid 1212
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
---|---|
Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Process
↳ Pid 1872
Process
↳ Pid 1192
Process
↳ C:\WINDOWS\system32\pkaplnprsbsz.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
---|---|
Creates File | C:\WINDOWS\system32\vipagashcugul\lck |
Creates File | C:\WINDOWS\system32\vipagashcugul\rng |
Creates File | C:\WINDOWS\system32\joiikxvujea.exe |
Creates File | C:\WINDOWS\system32\vipagashcugul\tst |
Creates File | pipe\net\NtControlPipe10 |
Creates File | C:\WINDOWS\TEMP\fncy4y1t0pvlt.exe |
Creates File | C:\WINDOWS\system32\vipagashcugul\run |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\WINDOWS\system32\vipagashcugul\cfg |
Creates Process | WATCHDOGPROC "c:\windows\system32\pkaplnprsbsz.exe" |
Creates Process | C:\WINDOWS\TEMP\fncy4y1t0pvlt.exe -r 29810 tcp |
Process
↳ C:\WINDOWS\system32\pkaplnprsbsz.exe
Creates File | C:\WINDOWS\system32\vipagashcugul\tst |
---|
Process
↳ WATCHDOGPROC "c:\windows\system32\pkaplnprsbsz.exe"
Creates File | C:\WINDOWS\system32\vipagashcugul\tst |
---|
Process
↳ C:\WINDOWS\TEMP\fncy4y1t0pvlt.exe -r 29810 tcp
Creates File | \Device\Afd\Endpoint |
---|---|
Winsock DNS | 239.255.255.250 |
Network Details:
DNS | saltsecond.net Type: A 74.220.199.6 |
---|---|
DNS | wifefruit.net Type: A 208.91.197.241 |
DNS | pickgrave.net Type: A 208.91.197.241 |
DNS | roomstock.net Type: A 208.91.197.241 |
DNS | watcheasy.net Type: A 208.91.197.241 |
DNS | uponmail.net Type: A 208.91.197.241 |
DNS | takenhand.net Type: A 208.91.197.241 |
DNS | deepedge.net Type: A 46.30.211.32 |
DNS | longstudy.net Type: A 223.4.7.89 |
DNS | balluncle.net Type: A 195.22.26.252 |
DNS | balluncle.net Type: A 195.22.26.253 |
DNS | balluncle.net Type: A 195.22.26.254 |
DNS | balluncle.net Type: A 195.22.26.231 |
DNS | lifestudy.com Type: A 66.252.139.75 |
DNS | enemyloss.net Type: A 95.211.230.75 |
DNS | lifeloss.net Type: A 64.99.80.30 |
DNS | mouthonce.net Type: A 98.139.135.129 |
DNS | fridaystudy.net Type: A 74.220.215.214 |
DNS | southblood.net Type: A |
DNS | ableread.net Type: A |
DNS | deepapril.net Type: A |
DNS | shallarmy.net Type: A |
DNS | deeparmy.net Type: A |
DNS | shalledge.net Type: A |
DNS | pushgray.net Type: A |
DNS | fridaygray.net Type: A |
DNS | pushapril.net Type: A |
DNS | fridayapril.net Type: A |
DNS | pusharmy.net Type: A |
DNS | fridayarmy.net Type: A |
DNS | pushedge.net Type: A |
DNS | fridayedge.net Type: A |
DNS | alonggray.net Type: A |
DNS | decembergray.net Type: A |
DNS | alongapril.net Type: A |
DNS | decemberapril.net Type: A |
DNS | alongarmy.net Type: A |
DNS | decemberarmy.net Type: A |
DNS | alongedge.net Type: A |
DNS | decemberedge.net Type: A |
DNS | longuncle.net Type: A |
DNS | soiluncle.net Type: A |
DNS | soilstudy.net Type: A |
DNS | longloss.net Type: A |
DNS | soilloss.net Type: A |
DNS | longonce.net Type: A |
DNS | soilonce.net Type: A |
DNS | wheeluncle.net Type: A |
DNS | saiduncle.net Type: A |
DNS | wheelstudy.net Type: A |
DNS | saidstudy.net Type: A |
DNS | wheelloss.net Type: A |
DNS | saidloss.net Type: A |
DNS | wheelonce.net Type: A |
DNS | saidonce.net Type: A |
DNS | stickuncle.net Type: A |
DNS | stickstudy.net Type: A |
DNS | ballstudy.net Type: A |
DNS | stickloss.net Type: A |
DNS | ballloss.net Type: A |
DNS | stickonce.net Type: A |
DNS | ballonce.net Type: A |
DNS | enemyuncle.net Type: A |
DNS | lifeuncle.net Type: A |
DNS | enemystudy.net Type: A |
DNS | lifestudy.net Type: A |
DNS | enemyonce.net Type: A |
DNS | lifeonce.net Type: A |
DNS | mouthuncle.net Type: A |
DNS | tilluncle.net Type: A |
DNS | mouthstudy.net Type: A |
DNS | tillstudy.net Type: A |
DNS | mouthloss.net Type: A |
DNS | tillloss.net Type: A |
DNS | tillonce.net Type: A |
DNS | shalluncle.net Type: A |
DNS | deepuncle.net Type: A |
DNS | shallstudy.net Type: A |
DNS | deepstudy.net Type: A |
DNS | shallloss.net Type: A |
DNS | deeploss.net Type: A |
DNS | shallonce.net Type: A |
DNS | deeponce.net Type: A |
DNS | pushuncle.net Type: A |
DNS | fridayuncle.net Type: A |
DNS | pushstudy.net Type: A |
DNS | pushloss.net Type: A |
DNS | fridayloss.net Type: A |
DNS | pushonce.net Type: A |
DNS | fridayonce.net Type: A |
DNS | alonguncle.net Type: A |
DNS | decemberuncle.net Type: A |
DNS | alongstudy.net Type: A |
DNS | decemberstudy.net Type: A |
DNS | alongloss.net Type: A |
DNS | decemberloss.net Type: A |
DNS | alongonce.net Type: A |
DNS | decemberonce.net Type: A |
DNS | longfree.net Type: A |
HTTP GET | http://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://deepedge.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://longstudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://balluncle.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://lifestudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://enemyloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://lifeloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://mouthonce.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://fridaystudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://deepedge.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://longstudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://balluncle.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://lifestudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://enemyloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://lifeloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://mouthonce.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
HTTP GET | http://fridaystudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent: |
Flows TCP | 192.168.1.1:1036 ➝ 74.220.199.6:80 |
Flows TCP | 192.168.1.1:1037 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1038 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1039 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1040 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1041 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1042 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1043 ➝ 46.30.211.32:80 |
Flows TCP | 192.168.1.1:1044 ➝ 223.4.7.89:80 |
Flows TCP | 192.168.1.1:1045 ➝ 195.22.26.252:80 |
Flows TCP | 192.168.1.1:1046 ➝ 66.252.139.75:80 |
Flows TCP | 192.168.1.1:1047 ➝ 95.211.230.75:80 |
Flows TCP | 192.168.1.1:1048 ➝ 64.99.80.30:80 |
Flows TCP | 192.168.1.1:1050 ➝ 98.139.135.129:80 |
Flows TCP | 192.168.1.1:1051 ➝ 74.220.215.214:80 |
Flows TCP | 192.168.1.1:1052 ➝ 74.220.199.6:80 |
Flows TCP | 192.168.1.1:1053 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1054 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1055 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1056 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1057 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1058 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1059 ➝ 46.30.211.32:80 |
Flows TCP | 192.168.1.1:1060 ➝ 223.4.7.89:80 |
Flows TCP | 192.168.1.1:1061 ➝ 195.22.26.252:80 |
Flows TCP | 192.168.1.1:1062 ➝ 66.252.139.75:80 |
Flows TCP | 192.168.1.1:1063 ➝ 95.211.230.75:80 |
Flows TCP | 192.168.1.1:1064 ➝ 64.99.80.30:80 |
Flows TCP | 192.168.1.1:1065 ➝ 98.139.135.129:80 |
Flows TCP | 192.168.1.1:1066 ➝ 74.220.215.214:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c747365 636f6e64 2e6e6574 : saltsecond.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207769 66656672 7569742e 6e65740d : wifefruit.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207069 636b6772 6176652e 6e65740d : pickgrave.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20726f 6f6d7374 6f636b2e 6e65740d : roomstock.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207761 74636865 6173792e 6e65740d : watcheasy.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207570 6f6e6d61 696c2e6e 65740d0a : uponmail.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 6b656e68 616e642e 6e65740d : takenhand.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206465 65706564 67652e6e 65740d0a : deepedge.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c6f 6e677374 7564792e 6e65740d : longstudy.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206261 6c6c756e 636c652e 6e65740d : balluncle.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c69 66657374 7564792e 6e65740d : lifestudy.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20656e 656d796c 6f73732e 6e65740d : enemyloss.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c69 66656c6f 73732e6e 65740d0a : lifeloss.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d6f 7574686f 6e63652e 6e65740d : mouthonce.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206672 69646179 73747564 792e6e65 : fridaystudy.ne 0x00000080 (00128) 740d0a0d 0a t.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c747365 636f6e64 2e6e6574 : saltsecond.net 0x00000080 (00128) 0d0a0d0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207769 66656672 7569742e 6e65740d : wifefruit.net. 0x00000080 (00128) 0a0d0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207069 636b6772 6176652e 6e65740d : pickgrave.net. 0x00000080 (00128) 0a0d0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20726f 6f6d7374 6f636b2e 6e65740d : roomstock.net. 0x00000080 (00128) 0a0d0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207761 74636865 6173792e 6e65740d : watcheasy.net. 0x00000080 (00128) 0a0d0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207570 6f6e6d61 696c2e6e 65740d0a : uponmail.net.. 0x00000080 (00128) 0d0a0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 6b656e68 616e642e 6e65740d : takenhand.net. 0x00000080 (00128) 0a0d0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206465 65706564 67652e6e 65740d0a : deepedge.net.. 0x00000080 (00128) 0d0a0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c6f 6e677374 7564792e 6e65740d : longstudy.net. 0x00000080 (00128) 0a0d0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206261 6c6c756e 636c652e 6e65740d : balluncle.net. 0x00000080 (00128) 0a0d0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c69 66657374 7564792e 6e65740d : lifestudy.net. 0x00000080 (00128) 0a0d0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20656e 656d796c 6f73732e 6e65740d : enemyloss.net. 0x00000080 (00128) 0a0d0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c69 66656c6f 73732e6e 65740d0a : lifeloss.net.. 0x00000080 (00128) 0d0a0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d6f 7574686f 6e63652e 6e65740d : mouthonce.net. 0x00000080 (00128) 0a0d0a0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3433 32346434 3030266c 656e6864 x=4324d400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206672 69646179 73747564 792e6e65 : fridaystudy.ne 0x00000080 (00128) 740d0a0d 0a t....
Strings