Analysis Date2015-09-30 15:51:02
MD55ab7b3af8f3da794e6d5227147a18488
SHA193a4493d40747cd73e30bf1202286b53e61cdf01

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 81a061b969ec98261a9ae07d8def48b3 sha1: 8fd90abb894ba4ccc38822709d43f167558cf57a size: 684544
Section.rdata md5: e77707f739515a13d750f0a2c3b94438 sha1: 7533f89adfbdd15e158558264d79f23007bc77f1 size: 54272
Section.data md5: b10d713205479053abd782be1cf921bf sha1: 9b1da3bd836f7f948b12563d6134a7ab6493c53a size: 418816
Timestamp2014-05-09 20:17:29
PackerMicrosoft Visual C++ ?.?
PEhash6cf88d815f0088a74fdf3a623b66f97a9ae5132f
IMPhashd279cb7f47ca9f58402fa775d2e545e4
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Symmi.22722
AVDr. WebTrojan.DownLoader16.24312
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Symmi.22722
AVBullGuardGen:Variant.Symmi.22722
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend MicroTSPY_NIVDORT.SMA
AVKasperskyTrojan.Win32.Generic
AVZillya!no_virus
AVEmsisoftGen:Variant.Symmi.22722
AVIkarusVirus.Win32.Cryptor
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Nivdort.A.gen!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Gen:Variant.Symmi.22722
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.Y
AVK7Trojan ( 004cd0081 )
AVBitDefenderGen:Variant.Symmi.22722
AVFortinetRiskware/Agent
AVSymantecDownloader.Upatre!g15
AVGrisoft (avg)Win32/Cryptor
AVEset (nod32)Win32/Kryptik.CCLE
AVAlwil (avast)Kryptik-PLS [Trj]
AVAd-AwareGen:Variant.Symmi.22722
AVTwisterTrojan.Girtk.BCFJ.cpsn.mg
AVAvira (antivir)TR/Crypt.ZPACK.Gen8
AVMcafeeno_virus
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\twlfp8mj1kp8bpbguzmvg9.exe
Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\twlfp8mj1kp8bpbguzmvg9.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\twlfp8mj1kp8bpbguzmvg9.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WebClient Plug Proxy Connect Isolation System ➝
C:\WINDOWS\system32\vftctuugeas.exe
Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\etc
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\tst
Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\lck
Creates FileC:\WINDOWS\system32\vftctuugeas.exe
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\vftctuugeas.exe
Creates ServiceActiveX Font Encrypting Grouping Link - C:\WINDOWS\system32\vftctuugeas.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 800

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates Filepipe\PCHFaultRepExecPipe

Process
↳ Pid 1204

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1148

Process
↳ C:\WINDOWS\system32\vftctuugeas.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\TEMP\twlfp8mj1qv0bpb.exe
Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\run
Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\lck
Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\cfg
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\tst
Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\rng
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\iucvktsimcif.exe
Creates ProcessC:\WINDOWS\TEMP\twlfp8mj1qv0bpb.exe -r 42377 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\vftctuugeas.exe"

Process
↳ C:\WINDOWS\system32\vftctuugeas.exe

Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\vftctuugeas.exe"

Creates FileC:\WINDOWS\system32\rkxhtjcpndiqmk\tst

Process
↳ C:\WINDOWS\TEMP\twlfp8mj1qv0bpb.exe -r 42377 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNStablefruit.net
Type: A
52.4.209.250
DNSlooktalk.net
Type: A
184.168.221.104
DNSfeltshirt.net
Type: A
95.211.230.75
DNSdrinktalk.net
Type: A
141.8.224.169
DNSwifetalk.net
Type: A
173.255.220.222
DNSablecause.net
Type: A
195.22.26.252
DNSablecause.net
Type: A
195.22.26.253
DNSablecause.net
Type: A
195.22.26.254
DNSablecause.net
Type: A
195.22.26.231
DNSsignback.net
Type: A
74.208.212.178
DNSmovesure.net
Type: A
50.63.202.13
DNSjumpshot.net
Type: A
72.52.4.121
DNSmoveback.net
Type: A
184.168.221.104
DNSjumpback.net
Type: A
198.251.74.229
DNSlookback.net
Type: A
207.148.248.143
DNSthreeback.net
Type: A
192.145.238.198
DNSmightglossary.net
Type: A
DNSgentlefriend.net
Type: A
DNSglasshealth.net
Type: A
DNSnecessarydress.net
Type: A
DNSrememberpaint.net
Type: A
DNSlittleappear.net
Type: A
DNSthroughcountry.net
Type: A
DNSfrontride.net
Type: A
DNSspendmarry.net
Type: A
DNSuponloud.net
Type: A
DNSwrongthrew.net
Type: A
DNSjinoplasker.com
Type: A
DNSfeltbelow.net
Type: A
DNSlookbelow.net
Type: A
DNSfelttalk.net
Type: A
DNSlookshirt.net
Type: A
DNSthreewash.net
Type: A
DNSlordwash.net
Type: A
DNSthreebelow.net
Type: A
DNSlordbelow.net
Type: A
DNSthreetalk.net
Type: A
DNSlordtalk.net
Type: A
DNSthreeshirt.net
Type: A
DNSlordshirt.net
Type: A
DNSdrinkwash.net
Type: A
DNSwifewash.net
Type: A
DNSdrinkbelow.net
Type: A
DNSwifebelow.net
Type: A
DNSdrinkshirt.net
Type: A
DNSwifeshirt.net
Type: A
DNSknowsure.net
Type: A
DNSablesure.net
Type: A
DNSknowcause.net
Type: A
DNSknowshot.net
Type: A
DNSableshot.net
Type: A
DNSknowback.net
Type: A
DNSableback.net
Type: A
DNSpicksure.net
Type: A
DNSsongsure.net
Type: A
DNSpickcause.net
Type: A
DNSsongcause.net
Type: A
DNSpickshot.net
Type: A
DNSsongshot.net
Type: A
DNSpickback.net
Type: A
DNSsongback.net
Type: A
DNSroomsure.net
Type: A
DNSsignsure.net
Type: A
DNSroomcause.net
Type: A
DNSsigncause.net
Type: A
DNSroomshot.net
Type: A
DNSsignshot.net
Type: A
DNSroomback.net
Type: A
DNSjumpsure.net
Type: A
DNSmovecause.net
Type: A
DNSjumpcause.net
Type: A
DNSmoveshot.net
Type: A
DNShillsure.net
Type: A
DNSwhomsure.net
Type: A
DNShillcause.net
Type: A
DNSwhomcause.net
Type: A
DNShillshot.net
Type: A
DNSwhomshot.net
Type: A
DNShillback.net
Type: A
DNSwhomback.net
Type: A
DNSfeltsure.net
Type: A
DNSlooksure.net
Type: A
DNSfeltcause.net
Type: A
DNSlookcause.net
Type: A
DNSfeltshot.net
Type: A
DNSlookshot.net
Type: A
DNSfeltback.net
Type: A
DNSthreesure.net
Type: A
DNSlordsure.net
Type: A
DNSthreecause.net
Type: A
DNSlordcause.net
Type: A
DNSthreeshot.net
Type: A
DNSlordshot.net
Type: A
DNSlordback.net
Type: A
DNSdrinksure.net
Type: A
DNSwifesure.net
Type: A
DNSdrinkcause.net
Type: A
DNSwifecause.net
Type: A
DNSdrinkshot.net
Type: A
DNSwifeshot.net
Type: A
DNSdrinkback.net
Type: A
HTTP GEThttp://tablefruit.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://looktalk.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://feltshirt.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://drinktalk.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://wifetalk.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://ablecause.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://signback.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://movesure.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://jumpshot.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://moveback.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://jumpback.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://lookback.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://threeback.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://tablefruit.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://looktalk.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://feltshirt.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://drinktalk.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://wifetalk.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://ablecause.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://signback.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://movesure.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://jumpshot.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://moveback.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://jumpback.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://lookback.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
HTTP GEThttp://threeback.net/index.php?method=validate&mode=sox&v=029&sox=30846a00
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 52.4.209.250:80
Flows TCP192.168.1.1:1037 ➝ 184.168.221.104:80
Flows TCP192.168.1.1:1881 ➝ 216.119.143.211:80
Flows TCP192.168.1.1:1039 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1040 ➝ 141.8.224.169:80
Flows TCP192.168.1.1:1041 ➝ 173.255.220.222:80
Flows TCP192.168.1.1:1042 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1043 ➝ 74.208.212.178:80
Flows TCP192.168.1.1:1044 ➝ 50.63.202.13:80
Flows TCP192.168.1.1:1045 ➝ 72.52.4.121:80
Flows TCP192.168.1.1:1046 ➝ 184.168.221.104:80
Flows TCP192.168.1.1:1047 ➝ 198.251.74.229:80
Flows TCP192.168.1.1:1048 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1049 ➝ 192.145.238.198:80
Flows TCP192.168.1.1:1050 ➝ 52.4.209.250:80
Flows TCP192.168.1.1:1051 ➝ 184.168.221.104:80
Flows TCP192.168.1.1:1052 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1053 ➝ 141.8.224.169:80
Flows TCP192.168.1.1:1054 ➝ 173.255.220.222:80
Flows TCP192.168.1.1:1055 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1056 ➝ 74.208.212.178:80
Flows TCP192.168.1.1:1057 ➝ 50.63.202.13:80
Flows TCP192.168.1.1:1058 ➝ 72.52.4.121:80
Flows TCP192.168.1.1:1059 ➝ 184.168.221.104:80
Flows TCP192.168.1.1:1060 ➝ 198.251.74.229:80
Flows TCP192.168.1.1:1061 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1062 ➝ 192.145.238.198:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2074 61626c65   ose..Host: table
0x00000070 (00112)   66727569 742e6e65 740d0a0d 0a         fruit.net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206c 6f6f6b74   ose..Host: lookt
0x00000070 (00112)   616c6b2e 6e65740d 0a0d0a0d 0a         alk.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2066 656c7473   ose..Host: felts
0x00000070 (00112)   68697274 2e6e6574 0d0a0d0a 0a         hirt.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2064 72696e6b   ose..Host: drink
0x00000070 (00112)   74616c6b 2e6e6574 0d0a0d0a 0a         talk.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2077 69666574   ose..Host: wifet
0x00000070 (00112)   616c6b2e 6e65740d 0a0d0a0a 0a         alk.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2061 626c6563   ose..Host: ablec
0x00000070 (00112)   61757365 2e6e6574 0d0a0d0a 0a         ause.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2073 69676e62   ose..Host: signb
0x00000070 (00112)   61636b2e 6e65740d 0a0d0a0a 0a         ack.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206d 6f766573   ose..Host: moves
0x00000070 (00112)   7572652e 6e65740d 0a0d0a0a 0a         ure.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206a 756d7073   ose..Host: jumps
0x00000070 (00112)   686f742e 6e65740d 0a0d0a0a 0a         hot.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206d 6f766562   ose..Host: moveb
0x00000070 (00112)   61636b2e 6e65740d 0a0d0a0a 0a         ack.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206a 756d7062   ose..Host: jumpb
0x00000070 (00112)   61636b2e 6e65740d 0a0d0a0a 0a         ack.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206c 6f6f6b62   ose..Host: lookb
0x00000070 (00112)   61636b2e 6e65740d 0a0d0a0a 0a         ack.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2074 68726565   ose..Host: three
0x00000070 (00112)   6261636b 2e6e6574 0d0a0d0a 0a         back.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2074 61626c65   ose..Host: table
0x00000070 (00112)   66727569 742e6e65 740d0a0d 0a         fruit.net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206c 6f6f6b74   ose..Host: lookt
0x00000070 (00112)   616c6b2e 6e65740d 0a0d0a0d 0a         alk.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2066 656c7473   ose..Host: felts
0x00000070 (00112)   68697274 2e6e6574 0d0a0d0a 0a         hirt.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2064 72696e6b   ose..Host: drink
0x00000070 (00112)   74616c6b 2e6e6574 0d0a0d0a 0a         talk.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2077 69666574   ose..Host: wifet
0x00000070 (00112)   616c6b2e 6e65740d 0a0d0a0a 0a         alk.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2061 626c6563   ose..Host: ablec
0x00000070 (00112)   61757365 2e6e6574 0d0a0d0a 0a         ause.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2073 69676e62   ose..Host: signb
0x00000070 (00112)   61636b2e 6e65740d 0a0d0a0a 0a         ack.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206d 6f766573   ose..Host: moves
0x00000070 (00112)   7572652e 6e65740d 0a0d0a0a 0a         ure.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206a 756d7073   ose..Host: jumps
0x00000070 (00112)   686f742e 6e65740d 0a0d0a0a 0a         hot.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206d 6f766562   ose..Host: moveb
0x00000070 (00112)   61636b2e 6e65740d 0a0d0a0a 0a         ack.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206a 756d7062   ose..Host: jumpb
0x00000070 (00112)   61636b2e 6e65740d 0a0d0a0a 0a         ack.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a206c 6f6f6b62   ose..Host: lookb
0x00000070 (00112)   61636b2e 6e65740d 0a0d0a0a 0a         ack.net......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3032 3926736f   ode=sox&v=029&so
0x00000030 (00048)   783d3330 38343661 30302048 5454502f   x=30846a00 HTTP/
0x00000040 (00064)   312e300d 0a416363 6570743a 202a2f2a   1.0..Accept: */*
0x00000050 (00080)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000060 (00096)   6f73650d 0a486f73 743a2074 68726565   ose..Host: three
0x00000070 (00112)   6261636b 2e6e6574 0d0a0d0a 0a         back.net.....


Strings