| Analysis Date | 2015-10-10 17:07:19 |
|---|---|
| MD5 | 9ace3e6747348b9e5f73bef3f5c5e1c7 |
| SHA1 | bc571ac7bce96a5a3fb70d5339e165fd846ef49e |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 11877884b13416f9a8b188cbb4bc9d78 sha1: 582f5cf5b9ab785262568ac51712c57db566d242 size: 791552 | |
| Section | .rdata md5: 98530afc892dadb577c3006cfd39ee2d sha1: 1c26e9bd54c3e8d7312d3f8947ce6a250ffe0dc9 size: 59392 | |
| Section | .data md5: e316c914c8cfdd8fe0b792ee686ecf16 sha1: e8bcbd5d6c75fecfaf1f95d026125a3012d2e5cd size: 406528 | |
| Timestamp | 2014-10-30 00:10:38 | |
| Packer | Microsoft Visual C++ ?.? | |
| PEhash | 8d94237895285697690dcc4e42cefb6c81e45490 | |
| IMPhash | 2cd7bf5815eec2f1558947c32c30de58 | |
| AV | Authentium | W32/Nivdort.A.gen!Eldorado |
| AV | Zillya! | no_virus |
| AV | Dr. Web | no_virus |
| AV | Avira (antivir) | TR/Crypt.Xpack.285353 |
| AV | Grisoft (avg) | Win32/Cryptor |
| AV | Fortinet | W32/Kryptik.DDQD!tr |
| AV | MicroWorld (escan) | Gen:Variant.Symmi.22722 |
| AV | Kaspersky | Trojan.Win32.Generic |
| AV | Rising | no_virus |
| AV | CAT (quickheal) | no_virus |
| AV | VirusBlokAda (vba32) | no_virus |
| AV | BullGuard | Gen:Variant.Symmi.22722 |
| AV | Eset (nod32) | Win32/Kryptik.DXVJ |
| AV | Mcafee | no_virus |
| AV | Alwil (avast) | Downloader-TLD [Trj] |
| AV | Emsisoft | Gen:Variant.Symmi.22722 |
| AV | Trend Micro | TROJ_WONTON.SMJ1 |
| AV | Ikarus | Trojan.Win32.Crypt |
| AV | Ad-Aware | Gen:Variant.Symmi.22722 |
| AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.AE |
| AV | BitDefender | Gen:Variant.Symmi.22722 |
| AV | Twister | no_virus |
| AV | Padvish | no_virus |
| AV | K7 | Trojan ( 004cd0081 ) |
| AV | Frisk (f-prot) | no_virus |
| AV | Arcabit (arcavir) | Gen:Variant.Symmi.22722 |
| AV | CA (E-Trust Ino) | no_virus |
| AV | ClamAV | no_virus |
| AV | MalwareBytes | Trojan.FakePDF |
| AV | F-Secure | Gen:Variant.Symmi.22722 |
| AV | Symantec | Downloader.Upatre!g15 |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\tst |
|---|---|
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\wynmbev71lf9qir6igpvcm.exe |
| Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\wynmbev71lf9qir6igpvcm.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\wynmbev71lf9qir6igpvcm.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Resolution Thread Detection Notification ➝ C:\WINDOWS\system32\iwjdgrljrpb.exe |
|---|---|
| Creates File | C:\WINDOWS\system32\iwjdgrljrpb.exe |
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\lck |
| Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\tst |
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\etc |
| Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
| Creates Process | C:\WINDOWS\system32\iwjdgrljrpb.exe |
| Creates Service | Extensible Configuration TPM - C:\WINDOWS\system32\iwjdgrljrpb.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 812
Process
↳ Pid 860
Process
↳ C:\WINDOWS\System32\svchost.exe
| Creates File | \Device\Afd\Endpoint |
|---|---|
| Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
Process
↳ Pid 1216
Process
↳ C:\WINDOWS\system32\spoolsv.exe
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
|---|---|
| Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
| Creates File | WMIDataDevice |
Process
↳ Pid 1132
Process
↳ C:\WINDOWS\system32\iwjdgrljrpb.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
|---|---|
| Creates File | C:\WINDOWS\system32\jsbodphxuneu.exe |
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\cfg |
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\rng |
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\lck |
| Creates File | C:\WINDOWS\TEMP\wynmbev71rvwqi.exe |
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\tst |
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\run |
| Creates File | pipe\net\NtControlPipe10 |
| Creates File | \Device\Afd\Endpoint |
| Creates Process | WATCHDOGPROC "c:\windows\system32\iwjdgrljrpb.exe" |
| Creates Process | C:\WINDOWS\TEMP\wynmbev71rvwqi.exe -r 40092 tcp |
Process
↳ C:\WINDOWS\system32\iwjdgrljrpb.exe
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\tst |
|---|
Process
↳ WATCHDOGPROC "c:\windows\system32\iwjdgrljrpb.exe"
| Creates File | C:\WINDOWS\system32\tpcfejrwnyw\tst |
|---|
Process
↳ C:\WINDOWS\TEMP\wynmbev71rvwqi.exe -r 40092 tcp
| Creates File | \Device\Afd\Endpoint |
|---|---|
| Winsock DNS | 239.255.255.250 |
Network Details:
| DNS | saltsecond.net Type: A 74.220.199.6 |
|---|---|
| DNS | wifefruit.net Type: A 208.91.197.241 |
| DNS | pickgrave.net Type: A 208.91.197.241 |
| DNS | roomstock.net Type: A 208.91.197.241 |
| DNS | watcheasy.net Type: A 208.91.197.241 |
| DNS | uponmail.net Type: A 208.91.197.241 |
| DNS | takenhand.net Type: A 208.91.197.241 |
| DNS | saltnice.net Type: A 208.100.26.234 |
| DNS | gladelse.net Type: A 195.22.26.254 |
| DNS | gladelse.net Type: A 195.22.26.231 |
| DNS | gladelse.net Type: A 195.22.26.252 |
| DNS | gladelse.net Type: A 195.22.26.253 |
| DNS | watchfine.net Type: A 45.35.9.136 |
| DNS | saltrain.net Type: A 208.73.211.70 |
| DNS | southblood.net Type: A |
| DNS | ableread.net Type: A |
| DNS | ariveimportant.net Type: A |
| DNS | southimportant.net Type: A |
| DNS | uponfine.net Type: A |
| DNS | whichfine.net Type: A |
| DNS | uponnice.net Type: A |
| DNS | whichnice.net Type: A |
| DNS | uponelse.net Type: A |
| DNS | whichelse.net Type: A |
| DNS | uponimportant.net Type: A |
| DNS | whichimportant.net Type: A |
| DNS | spotfine.net Type: A |
| DNS | saltfine.net Type: A |
| DNS | spotnice.net Type: A |
| DNS | spotelse.net Type: A |
| DNS | saltelse.net Type: A |
| DNS | spotimportant.net Type: A |
| DNS | saltimportant.net Type: A |
| DNS | gladfine.net Type: A |
| DNS | takenfine.net Type: A |
| DNS | gladnice.net Type: A |
| DNS | takennice.net Type: A |
| DNS | takenelse.net Type: A |
| DNS | gladimportant.net Type: A |
| DNS | takenimportant.net Type: A |
| DNS | equalfine.net Type: A |
| DNS | groupfine.net Type: A |
| DNS | equalnice.net Type: A |
| DNS | groupnice.net Type: A |
| DNS | equalelse.net Type: A |
| DNS | groupelse.net Type: A |
| DNS | equalimportant.net Type: A |
| DNS | groupimportant.net Type: A |
| DNS | spokefine.net Type: A |
| DNS | visitfine.net Type: A |
| DNS | spokenice.net Type: A |
| DNS | visitnice.net Type: A |
| DNS | spokeelse.net Type: A |
| DNS | visitelse.net Type: A |
| DNS | spokeimportant.net Type: A |
| DNS | visitimportant.net Type: A |
| DNS | fairfine.net Type: A |
| DNS | watchnice.net Type: A |
| DNS | fairnice.net Type: A |
| DNS | watchelse.net Type: A |
| DNS | fairelse.net Type: A |
| DNS | watchimportant.net Type: A |
| DNS | fairimportant.net Type: A |
| DNS | dreamfine.net Type: A |
| DNS | thisfine.net Type: A |
| DNS | dreamnice.net Type: A |
| DNS | thisnice.net Type: A |
| DNS | dreamelse.net Type: A |
| DNS | thiselse.net Type: A |
| DNS | dreamimportant.net Type: A |
| DNS | thisimportant.net Type: A |
| DNS | arivesleep.net Type: A |
| DNS | southsleep.net Type: A |
| DNS | ariveheight.net Type: A |
| DNS | southheight.net Type: A |
| DNS | ariveheld.net Type: A |
| DNS | southheld.net Type: A |
| DNS | ariverain.net Type: A |
| DNS | southrain.net Type: A |
| DNS | uponsleep.net Type: A |
| DNS | whichsleep.net Type: A |
| DNS | uponheight.net Type: A |
| DNS | whichheight.net Type: A |
| DNS | uponheld.net Type: A |
| DNS | whichheld.net Type: A |
| DNS | uponrain.net Type: A |
| DNS | whichrain.net Type: A |
| DNS | spotsleep.net Type: A |
| DNS | saltsleep.net Type: A |
| DNS | spotheight.net Type: A |
| DNS | saltheight.net Type: A |
| DNS | spotheld.net Type: A |
| DNS | saltheld.net Type: A |
| DNS | spotrain.net Type: A |
| DNS | gladsleep.net Type: A |
| DNS | takensleep.net Type: A |
| DNS | gladheight.net Type: A |
| HTTP GET | http://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://saltnice.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://gladelse.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://watchfine.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://saltrain.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://saltsecond.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://wifefruit.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://pickgrave.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://roomstock.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://watcheasy.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://uponmail.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://takenhand.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://saltnice.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://gladelse.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://watchfine.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| HTTP GET | http://saltrain.net/index.php?method=validate&mode=sox&v=033&sox=3ca05000&lenhdr User-Agent: |
| Flows TCP | 192.168.1.1:1036 ➝ 74.220.199.6:80 |
| Flows TCP | 192.168.1.1:1037 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1038 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1039 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1040 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1041 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1042 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1043 ➝ 208.100.26.234:80 |
| Flows TCP | 192.168.1.1:1045 ➝ 195.22.26.254:80 |
| Flows TCP | 192.168.1.1:1046 ➝ 45.35.9.136:80 |
| Flows TCP | 192.168.1.1:1047 ➝ 208.73.211.70:80 |
| Flows TCP | 192.168.1.1:1048 ➝ 74.220.199.6:80 |
| Flows TCP | 192.168.1.1:1049 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1050 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1051 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1052 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1053 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1054 ➝ 208.91.197.241:80 |
| Flows TCP | 192.168.1.1:1055 ➝ 208.100.26.234:80 |
| Flows TCP | 192.168.1.1:1056 ➝ 195.22.26.254:80 |
| Flows TCP | 192.168.1.1:1057 ➝ 45.35.9.136:80 |
| Flows TCP | 192.168.1.1:1058 ➝ 208.73.211.70:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c747365 636f6e64 2e6e6574 : saltsecond.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207769 66656672 7569742e 6e65740d : wifefruit.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207069 636b6772 6176652e 6e65740d : pickgrave.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20726f 6f6d7374 6f636b2e 6e65740d : roomstock.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207761 74636865 6173792e 6e65740d : watcheasy.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207570 6f6e6d61 696c2e6e 65740d0a : uponmail.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 6b656e68 616e642e 6e65740d : takenhand.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c746e69 63652e6e 65740d0a : saltnice.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20676c 6164656c 73652e6e 65740d0a : gladelse.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207761 74636866 696e652e 6e65740d : watchfine.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c747261 696e2e6e 65740d0a : saltrain.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c747365 636f6e64 2e6e6574 : saltsecond.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207769 66656672 7569742e 6e65740d : wifefruit.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207069 636b6772 6176652e 6e65740d : pickgrave.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20726f 6f6d7374 6f636b2e 6e65740d : roomstock.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207761 74636865 6173792e 6e65740d : watcheasy.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207570 6f6e6d61 696c2e6e 65740d0a : uponmail.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 6b656e68 616e642e 6e65740d : takenhand.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c746e69 63652e6e 65740d0a : saltnice.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20676c 6164656c 73652e6e 65740d0a : gladelse.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207761 74636866 696e652e 6e65740d : watchfine.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3033 3326736f ode=sox&v=033&so 0x00000030 (00048) 783d3363 61303530 3030266c 656e6864 x=3ca05000&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207361 6c747261 696e2e6e 65740d0a : saltrain.net.. 0x00000080 (00128) 0d0a0a0a ....
Strings