Analysis Date | 2015-10-10 17:07:19 |
---|---|
MD5 | 9ace3e6747348b9e5f73bef3f5c5e1c7 |
SHA1 | bc571ac7bce96a5a3fb70d5339e165fd846ef49e |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 11877884b13416f9a8b188cbb4bc9d78 sha1: 582f5cf5b9ab785262568ac51712c57db566d242 size: 791552 | |
Section | .rdata md5: 98530afc892dadb577c3006cfd39ee2d sha1: 1c26e9bd54c3e8d7312d3f8947ce6a250ffe0dc9 size: 59392 | |
Section | .data md5: e316c914c8cfdd8fe0b792ee686ecf16 sha1: e8bcbd5d6c75fecfaf1f95d026125a3012d2e5cd size: 406528 | |
Timestamp | 2014-10-30 00:10:38 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | 8d94237895285697690dcc4e42cefb6c81e45490 | |
IMPhash | 2cd7bf5815eec2f1558947c32c30de58 | |
AV | Authentium | W32/Nivdort.A.gen!Eldorado |
AV | Zillya! | no_virus |
AV | Dr. Web | no_virus |
AV | Avira (antivir) | TR/Crypt.Xpack.285353 |
AV | Grisoft (avg) | Win32/Cryptor |
AV | Fortinet | W32/Kryptik.DDQD!tr |
AV | MicroWorld (escan) | Gen:Variant.Symmi.22722 |
AV | Kaspersky | Trojan.Win32.Generic |
AV | Rising | no_virus |
AV | CAT (quickheal) | no_virus |
AV | VirusBlokAda (vba32) | no_virus |
AV | BullGuard | Gen:Variant.Symmi.22722 |
AV | Eset (nod32) | Win32/Kryptik.DXVJ |
AV | Mcafee | no_virus |
AV | Alwil (avast) | Downloader-TLD [Trj] |
AV | Emsisoft | Gen:Variant.Symmi.22722 |
AV | Trend Micro | TROJ_WONTON.SMJ1 |
AV | Ikarus | Trojan.Win32.Crypt |
AV | Ad-Aware | Gen:Variant.Symmi.22722 |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.AE |
AV | BitDefender | Gen:Variant.Symmi.22722 |
AV | Twister | no_virus |
AV | Padvish | no_virus |
AV | K7 | Trojan ( 004cd0081 ) |
AV | Frisk (f-prot) | no_virus |
AV | Arcabit (arcavir) | Gen:Variant.Symmi.22722 |
AV | CA (E-Trust Ino) | no_virus |
AV | ClamAV | no_virus |
AV | MalwareBytes | Trojan.FakePDF |
AV | F-Secure | Gen:Variant.Symmi.22722 |
AV | Symantec | Downloader.Upatre!g15 |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\tst |
---|---|
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\wynmbev71lf9qir6igpvcm.exe |
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\wynmbev71lf9qir6igpvcm.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\wynmbev71lf9qir6igpvcm.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Resolution Thread Detection Notification ➝ C:\WINDOWS\system32\iwjdgrljrpb.exe |
---|---|
Creates File | C:\WINDOWS\system32\iwjdgrljrpb.exe |
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\lck |
Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\tst |
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\etc |
Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
Creates Process | C:\WINDOWS\system32\iwjdgrljrpb.exe |
Creates Service | Extensible Configuration TPM - C:\WINDOWS\system32\iwjdgrljrpb.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 812
Process
↳ Pid 860
Process
↳ C:\WINDOWS\System32\svchost.exe
Creates File | \Device\Afd\Endpoint |
---|---|
Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
Process
↳ Pid 1216
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
---|---|
Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Creates File | WMIDataDevice |
Process
↳ Pid 1132
Process
↳ C:\WINDOWS\system32\iwjdgrljrpb.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
---|---|
Creates File | C:\WINDOWS\system32\jsbodphxuneu.exe |
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\cfg |
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\rng |
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\lck |
Creates File | C:\WINDOWS\TEMP\wynmbev71rvwqi.exe |
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\tst |
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\run |
Creates File | pipe\net\NtControlPipe10 |
Creates File | \Device\Afd\Endpoint |
Creates Process | WATCHDOGPROC "c:\windows\system32\iwjdgrljrpb.exe" |
Creates Process | C:\WINDOWS\TEMP\wynmbev71rvwqi.exe -r 40092 tcp |
Process
↳ C:\WINDOWS\system32\iwjdgrljrpb.exe
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\tst |
---|
Process
↳ WATCHDOGPROC "c:\windows\system32\iwjdgrljrpb.exe"
Creates File | C:\WINDOWS\system32\tpcfejrwnyw\tst |
---|
Process
↳ C:\WINDOWS\TEMP\wynmbev71rvwqi.exe -r 40092 tcp
Creates File | \Device\Afd\Endpoint |
---|---|
Winsock DNS | 239.255.255.250 |
Network Details:
DNS | saltsecond.net Type: A 74.220.199.6 |
---|---|
DNS | wifefruit.net Type: A 208.91.197.241 |
DNS | pickgrave.net Type: A 208.91.197.241 |
DNS | roomstock.net Type: A 208.91.197.241 |
DNS | watcheasy.net Type: A 208.91.197.241 |
DNS | uponmail.net Type: A 208.91.197.241 |
DNS | takenhand.net Type: A 208.91.197.241 |
DNS | saltnice.net Type: A 208.100.26.234 |
DNS | gladelse.net Type: A 195.22.26.254 |
DNS | gladelse.net Type: A 195.22.26.231 |
DNS | gladelse.net Type: A 195.22.26.252 |
DNS | gladelse.net Type: A 195.22.26.253 |
DNS | watchfine.net Type: A 45.35.9.136 |
DNS | saltrain.net Type: A 208.73.211.70 |
DNS | southblood.net Type: A |
DNS | ableread.net Type: A |
DNS | ariveimportant.net Type: A |
DNS | southimportant.net Type: A |
DNS | uponfine.net Type: A |
DNS | whichfine.net Type: A |
DNS | uponnice.net Type: A |
DNS | whichnice.net Type: A |
DNS | uponelse.net Type: A |
DNS | whichelse.net Type: A |
DNS | uponimportant.net Type: A |
DNS | whichimportant.net Type: A |
DNS | spotfine.net Type: A |
DNS | saltfine.net Type: A |
DNS | spotnice.net Type: A |
DNS | spotelse.net Type: A |
DNS | saltelse.net Type: A |
DNS | spotimportant.net Type: A |
DNS | saltimportant.net Type: A |
DNS | gladfine.net Type: A |
DNS | takenfine.net Type: A |
DNS | gladnice.net Type: A |
DNS | takennice.net Type: A |
DNS | takenelse.net Type: A |
DNS | gladimportant.net Type: A |
DNS | takenimportant.net Type: A |
DNS | equalfine.net Type: A |
DNS | groupfine.net Type: A |
DNS | equalnice.net Type: A |
DNS | groupnice.net Type: A |
DNS | equalelse.net Type: A |
DNS | groupelse.net Type: A |
DNS | equalimportant.net Type: A |
DNS | groupimportant.net Type: A |
DNS | spokefine.net Type: A |
DNS | visitfine.net Type: A |
DNS | spokenice.net Type: A |
DNS | visitnice.net Type: A |
DNS | spokeelse.net Type: A |
DNS | visitelse.net Type: A |
DNS | spokeimportant.net Type: A |
DNS | visitimportant.net Type: A |
DNS | fairfine.net Type: A |
DNS | watchnice.net Type: A |
DNS | fairnice.net Type: A |
DNS | watchelse.net Type: A |
DNS | fairelse.net Type: A |
DNS | watchimportant.net Type: A |
DNS | fairimportant.net Type: A |
DNS | dreamfine.net Type: A |
DNS | thisfine.net Type: A |
DNS | dreamnice.net Type: A |
DNS | thisnice.net Type: A |
DNS | dreamelse.net Type: A |
DNS | thiselse.net Type: A |
DNS | dreamimportant.net Type: A |
DNS | thisimportant.net Type: A |
DNS | arivesleep.net Type: A |
DNS | southsleep.net Type: A |
DNS | ariveheight.net Type: A |
DNS | southheight.net Type: A |
DNS | ariveheld.net Type: A |
DNS | southheld.net Type: A |
DNS | ariverain.net Type: A |
DNS | southrain.net Type: A |
DNS | uponsleep.net Type: A |
DNS | whichsleep.net Type: A |
DNS | uponheight.net Type: A |
DNS | whichheight.net Type: A |
DNS | uponheld.net Type: A |
DNS | whichheld.net Type: A |
DNS | uponrain.net Type: A |
DNS | whichrain.net Type: A |
DNS | spotsleep.net Type: A |
DNS | saltsleep.net Type: A |
DNS | spotheight.net Type: A |
DNS | saltheight.net Type: A |
DNS | spotheld.net Type: A |
DNS | saltheld.net Type: A |
DNS | spotrain.net Type: A |
DNS | gladsleep.net Type: A |
DNS | takensleep.net Type: A |
DNS | gladheight.net Type: A |
HTTP GET | http://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://saltnice.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://gladelse.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://watchfine.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://saltrain.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://saltnice.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://gladelse.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://watchfine.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
HTTP GET | http://saltrain.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
Flows TCP | 192.168.1.1:1036 ➝ 74.220.199.6:80 |
Flows TCP | 192.168.1.1:1037 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1038 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1039 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1040 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1041 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1042 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1043 ➝ 208.100.26.234:80 |
Flows TCP | 192.168.1.1:1045 ➝ 195.22.26.254:80 |
Flows TCP | 192.168.1.1:1046 ➝ 45.35.9.136:80 |
Flows TCP | 192.168.1.1:1047 ➝ 208.73.211.70:80 |
Flows TCP | 192.168.1.1:1048 ➝ 74.220.199.6:80 |
Flows TCP | 192.168.1.1:1049 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1050 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1051 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1052 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1053 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1054 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1055 ➝ 208.100.26.234:80 |
Flows TCP | 192.168.1.1:1056 ➝ 195.22.26.254:80 |
Flows TCP | 192.168.1.1:1057 ➝ 45.35.9.136:80 |
Flows TCP | 192.168.1.1:1058 ➝ 208.73.211.70:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c747365 636f6e64 2e6e6574 : saltsecond.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207769 66656672 7569742e 6e65740d : wifefruit.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207069 636b6772 6176652e 6e65740d : pickgrave.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20726f 6f6d7374 6f636b2e 6e65740d : roomstock.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207761 74636865 6173792e 6e65740d : watcheasy.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207570 6f6e6d61 696c2e6e 65740d0a : uponmail.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 6b656e68 616e642e 6e65740d : takenhand.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c746e69 63652e6e 65740d0a : saltnice.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20676c 6164656c 73652e6e 65740d0a : gladelse.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207761 74636866 696e652e 6e65740d : watchfine.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c747261 696e2e6e 65740d0a : saltrain.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c747365 636f6e64 2e6e6574 : saltsecond.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207769 66656672 7569742e 6e65740d : wifefruit.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207069 636b6772 6176652e 6e65740d : pickgrave.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20726f 6f6d7374 6f636b2e 6e65740d : roomstock.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207761 74636865 6173792e 6e65740d : watcheasy.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207570 6f6e6d61 696c2e6e 65740d0a : uponmail.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 6b656e68 616e642e 6e65740d : takenhand.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c746e69 63652e6e 65740d0a : saltnice.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20676c 6164656c 73652e6e 65740d0a : gladelse.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207761 74636866 696e652e 6e65740d : watchfine.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c747261 696e2e6e 65740d0a : saltrain.net.. 0x00000080 (00128) 0d0a0a0a ....
Strings