Analysis | #totalhash

Analysis Date	2015-09-17 09:26:51
MD5	a599b829b1e783d83057ad3c81a817d8
SHA1	54b4990a67984dbfffd60fcd54f5a247fe608d2c

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: e4e186c9efa673d43ec54d685bb9447a sha1: e8bc35fbc974499f46aa52eb85aaf23fd0fe3a70 size: 795136
Section	.rdata md5: 97fc0c3022744bf1f758fddac0a621c5 sha1: 2ac0104db47ef69b7874a95ba96bc7c5473a15e4 size: 59904
Section	.data md5: 82eafca6bda52ad1e6a796d9551f581e sha1: 66c2256c39f03e0a69cce3f5256f2c806fd19805 size: 398336
Timestamp	2014-10-29 23:58:16
Packer	Microsoft Visual C++ ?.?
PEhash	48c13088c37ac3fe0eea45b40611ead5b1a0c9c4
IMPhash	dfe83dc5a8e8eedd51f70ca170e92927
AV	Rising	no_virus
AV	Mcafee	no_virus
AV	Avira (antivir)	TR/Crypt.Xpack.14512
AV	Twister	no_virus
AV	Ad-Aware	Gen:Variant.Symmi.22722
AV	Alwil (avast)	Downloader-TLD [Trj]
AV	Eset (nod32)	Win32/Kryptik.CCLE
AV	Grisoft (avg)	Win32/Cryptor
AV	Symantec	Downloader.Upatre!g15
AV	Fortinet	W32/Kryptik.DDQD!tr
AV	BitDefender	Gen:Variant.Symmi.22722
AV	K7	Trojan ( 004cd0081 )
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort.AE
AV	MicroWorld (escan)	Gen:Variant.Symmi.22722
AV	MalwareBytes	no_virus
AV	Authentium	W32/Nivdort.A.gen!Eldorado
AV	Frisk (f-prot)	no_virus
AV	Ikarus	Trojan.Crypt3
AV	Emsisoft	Gen:Variant.Symmi.22722
AV	Zillya!	Trojan.Kryptik.Win32.777057
AV	Kaspersky	Trojan.Win32.Generic
AV	Trend Micro	TROJ_WONTON.SMJ1
AV	CAT (quickheal)	no_virus
AV	VirusBlokAda (vba32)	no_virus
AV	Padvish	no_virus
AV	BullGuard	Gen:Variant.Symmi.22722
AV	Arcabit (arcavir)	Gen:Variant.Symmi.22722
AV	ClamAV	no_virus
AV	Dr. Web	Trojan.DownLoader11.61967
AV	F-Secure	Gen:Variant.Symmi.22722
AV	CA (E-Trust Ino)	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\fncy4y1lydvltw6ecae.exe
Creates File	C:\WINDOWS\system32\vipagashcugul\tst
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\fncy4y1lydvltw6ecae.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\fncy4y1lydvltw6ecae.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Interactive Shell Discovery UserMode UPnP ➝ C:\WINDOWS\system32\pkaplnprsbsz.exe
Creates File	C:\WINDOWS\system32\pkaplnprsbsz.exe
Creates File	C:\WINDOWS\system32\drivers\etc\hosts
Creates File	C:\WINDOWS\system32\vipagashcugul\tst
Creates File	C:\WINDOWS\system32\vipagashcugul\etc
Creates File	C:\WINDOWS\system32\vipagashcugul\lck
Deletes File	C:\WINDOWS\system32\\drivers\etc\hosts
Creates Process	C:\WINDOWS\system32\pkaplnprsbsz.exe
Creates Service	Volume Drive WebClient Thread - C:\WINDOWS\system32\pkaplnprsbsz.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 856

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates File	pipe\PCHFaultRepExecPipe

Process
↳ Pid 1116

Process
↳ Pid 1212

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7
Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1872

Process
↳ Pid 1192

Process
↳ C:\WINDOWS\system32\pkaplnprsbsz.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1
Creates File	C:\WINDOWS\system32\vipagashcugul\lck
Creates File	C:\WINDOWS\system32\vipagashcugul\rng
Creates File	C:\WINDOWS\system32\joiikxvujea.exe
Creates File	C:\WINDOWS\system32\vipagashcugul\tst
Creates File	pipe\net\NtControlPipe10
Creates File	C:\WINDOWS\TEMP\fncy4y1t0pvlt.exe
Creates File	C:\WINDOWS\system32\vipagashcugul\run
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\vipagashcugul\cfg
Creates Process	WATCHDOGPROC "c:\windows\system32\pkaplnprsbsz.exe"
Creates Process	C:\WINDOWS\TEMP\fncy4y1t0pvlt.exe -r 29810 tcp

Process
↳ C:\WINDOWS\system32\pkaplnprsbsz.exe

Creates File	C:\WINDOWS\system32\vipagashcugul\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\pkaplnprsbsz.exe"

Creates File	C:\WINDOWS\system32\vipagashcugul\tst

Process
↳ C:\WINDOWS\TEMP\fncy4y1t0pvlt.exe -r 29810 tcp

Creates File	\Device\Afd\Endpoint
Winsock DNS	239.255.255.250

Network Details:

DNS	saltsecond.net Type: A 74.220.199.6
DNS	wifefruit.net Type: A 208.91.197.241
DNS	pickgrave.net Type: A 208.91.197.241
DNS	roomstock.net Type: A 208.91.197.241
DNS	watcheasy.net Type: A 208.91.197.241
DNS	uponmail.net Type: A 208.91.197.241
DNS	takenhand.net Type: A 208.91.197.241
DNS	deepedge.net Type: A 46.30.211.32
DNS	longstudy.net Type: A 223.4.7.89
DNS	balluncle.net Type: A 195.22.26.252
DNS	balluncle.net Type: A 195.22.26.253
DNS	balluncle.net Type: A 195.22.26.254
DNS	balluncle.net Type: A 195.22.26.231
DNS	lifestudy.com Type: A 66.252.139.75
DNS	enemyloss.net Type: A 95.211.230.75
DNS	lifeloss.net Type: A 64.99.80.30
DNS	mouthonce.net Type: A 98.139.135.129
DNS	fridaystudy.net Type: A 74.220.215.214
DNS	southblood.net Type: A
DNS	ableread.net Type: A
DNS	deepapril.net Type: A
DNS	shallarmy.net Type: A
DNS	deeparmy.net Type: A
DNS	shalledge.net Type: A
DNS	pushgray.net Type: A
DNS	fridaygray.net Type: A
DNS	pushapril.net Type: A
DNS	fridayapril.net Type: A
DNS	pusharmy.net Type: A
DNS	fridayarmy.net Type: A
DNS	pushedge.net Type: A
DNS	fridayedge.net Type: A
DNS	alonggray.net Type: A
DNS	decembergray.net Type: A
DNS	alongapril.net Type: A
DNS	decemberapril.net Type: A
DNS	alongarmy.net Type: A
DNS	decemberarmy.net Type: A
DNS	alongedge.net Type: A
DNS	decemberedge.net Type: A
DNS	longuncle.net Type: A
DNS	soiluncle.net Type: A
DNS	soilstudy.net Type: A
DNS	longloss.net Type: A
DNS	soilloss.net Type: A
DNS	longonce.net Type: A
DNS	soilonce.net Type: A
DNS	wheeluncle.net Type: A
DNS	saiduncle.net Type: A
DNS	wheelstudy.net Type: A
DNS	saidstudy.net Type: A
DNS	wheelloss.net Type: A
DNS	saidloss.net Type: A
DNS	wheelonce.net Type: A
DNS	saidonce.net Type: A
DNS	stickuncle.net Type: A
DNS	stickstudy.net Type: A
DNS	ballstudy.net Type: A
DNS	stickloss.net Type: A
DNS	ballloss.net Type: A
DNS	stickonce.net Type: A
DNS	ballonce.net Type: A
DNS	enemyuncle.net Type: A
DNS	lifeuncle.net Type: A
DNS	enemystudy.net Type: A
DNS	lifestudy.net Type: A
DNS	enemyonce.net Type: A
DNS	lifeonce.net Type: A
DNS	mouthuncle.net Type: A
DNS	tilluncle.net Type: A
DNS	mouthstudy.net Type: A
DNS	tillstudy.net Type: A
DNS	mouthloss.net Type: A
DNS	tillloss.net Type: A
DNS	tillonce.net Type: A
DNS	shalluncle.net Type: A
DNS	deepuncle.net Type: A
DNS	shallstudy.net Type: A
DNS	deepstudy.net Type: A
DNS	shallloss.net Type: A
DNS	deeploss.net Type: A
DNS	shallonce.net Type: A
DNS	deeponce.net Type: A
DNS	pushuncle.net Type: A
DNS	fridayuncle.net Type: A
DNS	pushstudy.net Type: A
DNS	pushloss.net Type: A
DNS	fridayloss.net Type: A
DNS	pushonce.net Type: A
DNS	fridayonce.net Type: A
DNS	alonguncle.net Type: A
DNS	decemberuncle.net Type: A
DNS	alongstudy.net Type: A
DNS	decemberstudy.net Type: A
DNS	alongloss.net Type: A
DNS	decemberloss.net Type: A
DNS	alongonce.net Type: A
DNS	decemberonce.net Type: A
DNS	longfree.net Type: A
HTTP GET	http://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://deepedge.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://longstudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://balluncle.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://lifestudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://enemyloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://lifeloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://mouthonce.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://fridaystudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://deepedge.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://longstudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://balluncle.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://lifestudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://enemyloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://lifeloss.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://mouthonce.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
HTTP GET	http://fridaystudy.net/index.php?method=validate&mode=sox&v=033&sox=4324d400&lenhdr User-Agent:
Flows TCP	192.168.1.1:1036 ➝ 74.220.199.6:80
Flows TCP	192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1043 ➝ 46.30.211.32:80
Flows TCP	192.168.1.1:1044 ➝ 223.4.7.89:80
Flows TCP	192.168.1.1:1045 ➝ 195.22.26.252:80
Flows TCP	192.168.1.1:1046 ➝ 66.252.139.75:80
Flows TCP	192.168.1.1:1047 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1048 ➝ 64.99.80.30:80
Flows TCP	192.168.1.1:1050 ➝ 98.139.135.129:80
Flows TCP	192.168.1.1:1051 ➝ 74.220.215.214:80
Flows TCP	192.168.1.1:1052 ➝ 74.220.199.6:80
Flows TCP	192.168.1.1:1053 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1054 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1055 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1056 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1057 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1058 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1059 ➝ 46.30.211.32:80
Flows TCP	192.168.1.1:1060 ➝ 223.4.7.89:80
Flows TCP	192.168.1.1:1061 ➝ 195.22.26.252:80
Flows TCP	192.168.1.1:1062 ➝ 66.252.139.75:80
Flows TCP	192.168.1.1:1063 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1064 ➝ 64.99.80.30:80
Flows TCP	192.168.1.1:1065 ➝ 98.139.135.129:80
Flows TCP	192.168.1.1:1066 ➝ 74.220.215.214:80

Raw Pcap

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207361 6c747365 636f6e64 2e6e6574   : saltsecond.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 66656672 7569742e 6e65740d   : wifefruit.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207069 636b6772 6176652e 6e65740d   : pickgrave.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 6f6d7374 6f636b2e 6e65740d   : roomstock.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636865 6173792e 6e65740d   : watcheasy.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207570 6f6e6d61 696c2e6e 65740d0a   : uponmail.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b656e68 616e642e 6e65740d   : takenhand.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706564 67652e6e 65740d0a   : deepedge.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 6e677374 7564792e 6e65740d   : longstudy.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c756e 636c652e 6e65740d   : balluncle.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66657374 7564792e 6e65740d   : lifestudy.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20656e 656d796c 6f73732e 6e65740d   : enemyloss.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66656c6f 73732e6e 65740d0a   : lifeloss.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 7574686f 6e63652e 6e65740d   : mouthonce.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 69646179 73747564 792e6e65   : fridaystudy.ne
0x00000080 (00128)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207361 6c747365 636f6e64 2e6e6574   : saltsecond.net
0x00000080 (00128)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 66656672 7569742e 6e65740d   : wifefruit.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207069 636b6772 6176652e 6e65740d   : pickgrave.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 6f6d7374 6f636b2e 6e65740d   : roomstock.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636865 6173792e 6e65740d   : watcheasy.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207570 6f6e6d61 696c2e6e 65740d0a   : uponmail.net..
0x00000080 (00128)   0d0a0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b656e68 616e642e 6e65740d   : takenhand.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 65706564 67652e6e 65740d0a   : deepedge.net..
0x00000080 (00128)   0d0a0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 6e677374 7564792e 6e65740d   : longstudy.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c756e 636c652e 6e65740d   : balluncle.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66657374 7564792e 6e65740d   : lifestudy.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20656e 656d796c 6f73732e 6e65740d   : enemyloss.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c69 66656c6f 73732e6e 65740d0a   : lifeloss.net..
0x00000080 (00128)   0d0a0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 7574686f 6e63652e 6e65740d   : mouthonce.net.
0x00000080 (00128)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3033 3326736f   ode=sox&v=033&so
0x00000030 (00048)   783d3433 32346434 3030266c 656e6864   x=4324d400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 69646179 73747564 792e6e65   : fridaystudy.ne
0x00000080 (00128)   740d0a0d 0a                           t....

Strings