Analysis Date2015-12-18 16:53:39
MD5e313f6c730b0ad49257b157e83009653
SHA19f4b7170837f7a1c09b11de73d9c396d05f61d1c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: eb365a4c4711ac3254d26505ce1fdf14 sha1: fb021d31338579c07bc403d004034352bfc93df8 size: 1422848
Section.rdata md5: ae98075876e0a6cfecf8a0a70a6bcdc3 sha1: 49bf8e1146a0ac290a3d67635291eb1595ed5278 size: 335872
Section.data md5: 90d6de96286df946868853f024b73bb8 sha1: ccd0f66c8e063942032112a8a09b0ad0e826110b size: 7680
Section.reloc md5: 619921b2f091c64d40f1384c365a2f73 sha1: 6aca8d138744a433a77a7d41317adeb1f0985d0e size: 200192
Timestamp2015-05-11 03:55:05
PackerVC8 -> Microsoft Corporation
PEhash5b6f965f63e0cb9f501e4130de5a1ad7b796fa59
IMPhasha794490787d4dcec678b5486e7801f93
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeTrojan-FGIJ!E313F6C730B0
AVAvira (antivir)TR/Crypt.Xpack.336263
AVTwisterno_virus
AVAd-AwareGen:Variant.Kazy.611782
AVAlwil (avast)Dropper-OJQ [Drp]
AVEset (nod32)Win32/Bayrob.Y
AVGrisoft (avg)Win32/Cryptor
AVSymantecDownloader.Upatre!g15
AVFortinetW32/Kryptik.EETB!tr
AVBitDefenderGen:Variant.Kazy.611782
AVK7Trojan ( 004c2d9e1 )
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.BN
AVMicroWorld (escan)Gen:Variant.Kazy.611782
AVMalwareBytesno_virus
AVAuthentiumW32/SoxGrave.A.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Bayrob
AVEmsisoftGen:Variant.Kazy.611782
AVZillya!Backdoor.SoxGrave.Win32.569
AVKasperskyTrojan.Win32.Generic
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVBullGuardGen:Variant.Kazy.611782
AVArcabit (arcavir)Gen:Variant.Kazy.611782
AVClamAVno_virus
AVDr. WebTrojan.Bayrob.5
AVF-SecureGen:Variant.Kazy.611782

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\vhzitt1msbjl4znocbj.exe
Creates FileC:\WINDOWS\system32\lzsvyimyksk\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\vhzitt1msbjl4znocbj.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\vhzitt1msbjl4znocbj.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Hardware Shell Image Drive Themes Sharing ➝
C:\WINDOWS\system32\svzvfqqmt.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\lzsvyimyksk\lck
Creates FileC:\WINDOWS\system32\lzsvyimyksk\etc
Creates FileC:\WINDOWS\system32\lzsvyimyksk\tst
Creates FileC:\WINDOWS\system32\svzvfqqmt.exe
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\svzvfqqmt.exe
Creates ServiceIP Resource Assistant Locator Installer - C:\WINDOWS\system32\svzvfqqmt.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates FileWMIDataDevice

Process
↳ Pid 1852

Process
↳ Pid 1140

Process
↳ C:\WINDOWS\system32\svzvfqqmt.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\lzsvyimyksk\rng
Creates FileC:\WINDOWS\system32\lzsvyimyksk\lck
Creates FileC:\WINDOWS\TEMP\vhzitt1u7ojl4.exe
Creates FileC:\WINDOWS\system32\lzsvyimyksk\run
Creates FileC:\WINDOWS\system32\cgmpfpsgtmis.exe
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\lzsvyimyksk\cfg
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\lzsvyimyksk\tst
Creates ProcessC:\WINDOWS\TEMP\vhzitt1u7ojl4.exe -r 26609 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\svzvfqqmt.exe"

Process
↳ C:\WINDOWS\system32\svzvfqqmt.exe

Creates FileC:\WINDOWS\system32\lzsvyimyksk\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\svzvfqqmt.exe"

Creates FileC:\WINDOWS\system32\lzsvyimyksk\tst

Process
↳ C:\WINDOWS\TEMP\vhzitt1u7ojl4.exe -r 26609 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSrecordsoldier.net
Type: A
208.91.197.241
DNSfliersurprise.net
Type: A
208.91.197.241
DNShistorybright.net
Type: A
208.91.197.241
DNSchiefsoldier.net
Type: A
208.91.197.241
DNSclasssurprise.net
Type: A
208.91.197.241
DNSthosecontinue.net
Type: A
208.91.197.241
DNSthroughcontain.net
Type: A
208.91.197.241
DNSbelongguard.net
Type: A
208.91.197.241
DNSmaybellinethaddeus.net
Type: A
208.91.197.241
DNSkimberleyshavonne.net
Type: A
208.91.197.241
DNSnaildeep.com
Type: A
74.220.215.218
DNSriddenstorm.net
Type: A
66.147.240.171
DNSdestroystorm.net
Type: A
216.239.138.86
DNSmusichold.net
Type: A
209.99.40.222
DNSmusicocean.net
Type: A
141.8.224.239
DNSmusichave.net
Type: A
208.100.26.234
DNSfronthold.net
Type: A
195.22.28.198
DNSfronthold.net
Type: A
195.22.28.199
DNSfronthold.net
Type: A
195.22.28.196
DNSfronthold.net
Type: A
195.22.28.197
DNSwishocean.net
Type: A
93.89.226.17
DNSdeadhold.net
Type: A
184.168.221.40
DNSrockhold.net
Type: A
72.52.4.119
DNShairthere.net
Type: A
141.8.226.14
DNSmusicarms.net
Type: A
27.254.152.21
DNSmusicstone.net
Type: A
185.53.178.6
DNShusbandfound.net
Type: A
DNSleadershort.net
Type: A
DNSeggbraker.com
Type: A
DNSithouneed.com
Type: A
DNShumanhave.net
Type: A
DNShairhave.net
Type: A
DNSyardhold.net
Type: A
DNSyardsecond.net
Type: A
DNSmusicsecond.net
Type: A
DNSyardocean.net
Type: A
DNSyardhave.net
Type: A
DNSwenthold.net
Type: A
DNSspendhold.net
Type: A
DNSwentsecond.net
Type: A
DNSspendsecond.net
Type: A
DNSwentocean.net
Type: A
DNSspendocean.net
Type: A
DNSwenthave.net
Type: A
DNSspendhave.net
Type: A
DNSofferhold.net
Type: A
DNSfrontsecond.net
Type: A
DNSoffersecond.net
Type: A
DNSfrontocean.net
Type: A
DNSofferocean.net
Type: A
DNSfronthave.net
Type: A
DNSofferhave.net
Type: A
DNShanghold.net
Type: A
DNSseptemberhold.net
Type: A
DNShangsecond.net
Type: A
DNSseptembersecond.net
Type: A
DNShangocean.net
Type: A
DNSseptemberocean.net
Type: A
DNShanghave.net
Type: A
DNSseptemberhave.net
Type: A
DNSjoinhold.net
Type: A
DNSwishhold.net
Type: A
DNSjoinsecond.net
Type: A
DNSwishsecond.net
Type: A
DNSjoinocean.net
Type: A
DNSjoinhave.net
Type: A
DNSwishhave.net
Type: A
DNSdeadsecond.net
Type: A
DNSrocksecond.net
Type: A
DNSdeadocean.net
Type: A
DNSrockocean.net
Type: A
DNSdeadhave.net
Type: A
DNSrockhave.net
Type: A
DNSwronghold.net
Type: A
DNSmadehold.net
Type: A
DNSwrongsecond.net
Type: A
DNSmadesecond.net
Type: A
DNSwrongocean.net
Type: A
DNSmadeocean.net
Type: A
DNSwronghave.net
Type: A
DNSmadehave.net
Type: A
DNShumanthere.net
Type: A
DNShumanarms.net
Type: A
DNShairarms.net
Type: A
DNShumanstone.net
Type: A
DNShairstone.net
Type: A
DNShumanside.net
Type: A
DNShairside.net
Type: A
DNSyardthere.net
Type: A
DNSmusicthere.net
Type: A
DNSyardarms.net
Type: A
DNSyardstone.net
Type: A
DNSyardside.net
Type: A
DNSmusicside.net
Type: A
DNSwentthere.net
Type: A
DNSspendthere.net
Type: A
DNSwentarms.net
Type: A
DNSspendarms.net
Type: A
DNSwentstone.net
Type: A
DNSspendstone.net
Type: A
DNSwentside.net
Type: A
DNSspendside.net
Type: A
DNSfrontthere.net
Type: A
DNSofferthere.net
Type: A
DNSfrontarms.net
Type: A
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://musichold.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://musicocean.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://musichave.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://fronthold.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://wishocean.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://deadhold.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://rockhold.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://hairthere.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://musicarms.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://musicstone.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4f91b618&lenhdr
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1043 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1044 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1046 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1047 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1048 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1049 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1050 ➝ 209.99.40.222:80
Flows TCP192.168.1.1:1051 ➝ 141.8.224.239:80
Flows TCP192.168.1.1:1052 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1053 ➝ 195.22.28.198:80
Flows TCP192.168.1.1:1054 ➝ 93.89.226.17:80
Flows TCP192.168.1.1:1055 ➝ 184.168.221.40:80
Flows TCP192.168.1.1:1056 ➝ 72.52.4.119:80
Flows TCP192.168.1.1:1057 ➝ 141.8.226.14:80
Flows TCP192.168.1.1:1058 ➝ 27.254.152.21:80
Flows TCP192.168.1.1:1059 ➝ 185.53.178.6:80
Flows TCP192.168.1.1:1060 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1061 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1062 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1063 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1064 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1065 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1066 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1067 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1068 ➝ 208.91.197.241:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207265 636f7264 736f6c64 6965722e   : recordsoldier.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20666c 69657273 75727072 6973652e   : fliersurprise.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206869 73746f72 79627269 6768742e   : historybright.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206368 69656673 6f6c6469 65722e6e   : chiefsoldier.n
0x00000080 (00128)   65740d0a 0d0a0a                       et.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 61737373 75727072 6973652e   : classsurprise.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 6f736563 6f6e7469 6e75652e   : thosecontinue.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 726f7567 68636f6e 7461696e   : throughcontain
0x00000080 (00128)   2e6e6574 0d0a0d0a                     .net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206265 6c6f6e67 67756172 642e6e65   : belongguard.ne
0x00000080 (00128)   740d0a0d 0a0a0d0a                     t.......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d61 7962656c 6c696e65 74686164   : maybellinethad
0x00000080 (00128)   64657573 2e6e6574 0d0a0d0a            deus.net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206b69 6d626572 6c657973 6861766f   : kimberleyshavo
0x00000080 (00128)   6e6e652e 6e65740d 0a0d0a0a            nne.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c6465 65702e63 6f6d0d0a   : naildeep.com..
0x00000080 (00128)   0d0a652e 6e65740d 0a0d0a0a            ..e.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207269 6464656e 73746f72 6d2e6e65   : riddenstorm.ne
0x00000080 (00128)   740d0a0d 0a65740d 0a0d0a0a            t....et.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 7374726f 7973746f 726d2e6e   : destroystorm.n
0x00000080 (00128)   65740d0a 0d0a740d 0a0d0a0a            et....t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 73696368 6f6c642e 6e65740d   : musichold.net.
0x00000080 (00128)   0a0d0a0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 7369636f 6365616e 2e6e6574   : musicocean.net
0x00000080 (00128)   0d0a0d0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 73696368 6176652e 6e65740d   : musichave.net.
0x00000080 (00128)   0a0d0a0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 6f6e7468 6f6c642e 6e65740d   : fronthold.net.
0x00000080 (00128)   0a0d0a0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 73686f63 65616e2e 6e65740d   : wishocean.net.
0x00000080 (00128)   0a0d0a0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 6164686f 6c642e6e 65740d0a   : deadhold.net..
0x00000080 (00128)   0d0a0a0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 636b686f 6c642e6e 65740d0a   : rockhold.net..
0x00000080 (00128)   0d0a0a0a 0d0a740d 20a5db01            ......t. ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206861 69727468 6572652e 6e65740d   : hairthere.net.
0x00000080 (00128)   0a0d0a0a 0d0a740d 20a5db01            ......t. ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 73696361 726d732e 6e65740d   : musicarms.net.
0x00000080 (00128)   0a0d0a0a 0d0a740d 20a5db01            ......t. ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 73696373 746f6e65 2e6e6574   : musicstone.net
0x00000080 (00128)   0d0a0d0a 0d0a740d 20a5db01            ......t. ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207265 636f7264 736f6c64 6965722e   : recordsoldier.
0x00000080 (00128)   6e65740d 0a0d0a0d 20a5db01            net..... ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20666c 69657273 75727072 6973652e   : fliersurprise.
0x00000080 (00128)   6e65740d 0a0d0a0d 20a5db01            net..... ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206869 73746f72 79627269 6768742e   : historybright.
0x00000080 (00128)   6e65740d 0a0d0a0d 20a5db01            net..... ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206368 69656673 6f6c6469 65722e6e   : chiefsoldier.n
0x00000080 (00128)   65740d0a 0d0a0a0d 20a5db01            et...... ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 61737373 75727072 6973652e   : classsurprise.
0x00000080 (00128)   6e65740d 0a0d0a0d 20a5db01            net..... ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 6f736563 6f6e7469 6e75652e   : thosecontinue.
0x00000080 (00128)   6e65740d 0a0d0a0d 20a5db01            net..... ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 726f7567 68636f6e 7461696e   : throughcontain
0x00000080 (00128)   2e6e6574 0d0a0d0a 20a5db01            .net.... ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206265 6c6f6e67 67756172 642e6e65   : belongguard.ne
0x00000080 (00128)   740d0a0d 0a0a0d0a 20a5db01            t....... ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 39316236 3138266c 656e6864   x=4f91b618&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d61 7962656c 6c696e65 74686164   : maybellinethad
0x00000080 (00128)   64657573 2e6e6574 0d0a0d0a            deus.net....


Strings