Analysis Date2015-10-30 17:04:53
MD5051dc5d0aac270993c41b044f35af066
SHA1d5486a03aca0017bd0a1487b98376b663ba60d00

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e76b98b711a7e27d61a7cec32dfeea04 sha1: 0dca17038890910d820fe905d3cdf8bfe0dc3b9d size: 837120
Section.rdata md5: 3b3a0a831144ac65c75b43e03dcf9d11 sha1: cef6f716c211e0549f1bd71a9679a98d5232b7bc size: 300032
Section.data md5: bb9574e8611458ec50c22d083406f12f sha1: fa0c58e34cbfb92852c94d0fda8feb2d56f920d8 size: 7680
Timestamp2015-04-03 03:56:23
PackerMicrosoft Visual C++ ?.?
PEhashc39097883134c31b6a41200a5c2478e4d8a99e9f
IMPhash8ffa3b6ff817afe7d8ce2e02abaa368a
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)TR/Crypt.ZPACK.196007
AVTwisterno_virus
AVAd-AwareGen:Variant.Zusy.133308
AVAlwil (avast)Downloader-TLD [Trj]
AVEset (nod32)Win32/Kryptik.DDQD
AVGrisoft (avg)Win32/Cryptor
AVSymantecDownloader.Upatre!g15
AVFortinetW32/Kryptik.DDQD!tr
AVBitDefenderGen:Variant.Zusy.133308
AVK7Trojan ( 004cd0081 )
AVMicrosoft Security EssentialsTrojan:Win32/Dynamer!ac
AVMicroWorld (escan)Gen:Variant.Zusy.133308
AVMalwareBytesno_virus
AVAuthentiumW32/Zusy.X.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Crypt
AVEmsisoftGen:Variant.Zusy.133308
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Zusy.133308
AVArcabit (arcavir)Gen:Variant.Zusy.133308
AVClamAVno_virus
AVDr. WebTrojan.DownLoader17.34219
AVF-SecureGen:Variant.Zusy.133308

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\phkwnqrmxtl\tst
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\q8gcdx1klryauyytwrbgww.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\q8gcdx1klryauyytwrbgww.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\q8gcdx1klryauyytwrbgww.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Secondary Web Remote Intelligent Bluetooth ➝
C:\WINDOWS\system32\zhzokfn.exe
Creates FileC:\WINDOWS\system32\phkwnqrmxtl\etc
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\zhzokfn.exe
Creates FileC:\WINDOWS\system32\phkwnqrmxtl\lck
Creates FileC:\WINDOWS\system32\phkwnqrmxtl\tst
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\zhzokfn.exe
Creates ServiceLogon Isolation Offline - C:\WINDOWS\system32\zhzokfn.exe

Process
↳ Pid 816

Process
↳ Pid 860

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates File\Device\Afd\Endpoint

Process
↳ Pid 1124

Process
↳ Pid 1216

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Process
↳ Pid 1172

Process
↳ C:\WINDOWS\system32\zhzokfn.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\phkwnqrmxtl\run
Creates FileC:\WINDOWS\system32\phkwnqrmxtl\rng
Creates FileC:\WINDOWS\system32\phkwnqrmxtl\cfg
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\phkwnqrmxtl\lck
Creates FileC:\WINDOWS\system32\phkwnqrmxtl\tst
Creates FileC:\WINDOWS\TEMP\q8gcdx1qpdyauyy.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\iggsyfoxyxse.exe
Creates ProcessWATCHDOGPROC "c:\windows\system32\zhzokfn.exe"
Creates ProcessC:\WINDOWS\TEMP\q8gcdx1qpdyauyy.exe -r 41993 tcp

Process
↳ C:\WINDOWS\system32\zhzokfn.exe

Creates FileC:\WINDOWS\system32\phkwnqrmxtl\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\zhzokfn.exe"

Creates FileC:\WINDOWS\system32\phkwnqrmxtl\tst

Process
↳ C:\WINDOWS\TEMP\q8gcdx1qpdyauyy.exe -r 41993 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSmelbourneit.hotkeysparking.com
Type: A
8.5.1.16
DNSnailthere.net
Type: A
98.139.135.129
DNSbothplain.net
Type: A
208.91.197.241
DNSgroupgrain.net
Type: A
208.91.197.241
DNSnaildeep.com
Type: A
74.220.215.218
DNSfairlady.net
Type: A
69.172.201.208
DNSfairfish.net
Type: A
5.226.149.110
DNSdreamwing.net
Type: A
49.212.198.17
DNSdreamlady.net
Type: A
205.186.175.166
DNSdreamfish.net
Type: A
207.148.248.143
DNShumanpaid.net
Type: A
208.100.26.234
DNShairaugust.net
Type: A
195.22.26.254
DNShairaugust.net
Type: A
195.22.26.231
DNShairaugust.net
Type: A
195.22.26.252
DNShairaugust.net
Type: A
195.22.26.253
DNShairborn.net
Type: A
46.28.105.4
DNSmusicpaid.net
Type: A
184.168.221.38
DNSrockborn.net
Type: A
108.179.13.242
DNShumanpaid.net
Type: A
208.100.26.234
DNSableread.net
Type: A
DNSfearstate.net
Type: A
DNSlongcold.net
Type: A
DNSfridayloss.net
Type: A
DNSwrongbelow.net
Type: A
DNSeggbraker.com
Type: A
DNSithouneed.com
Type: A
DNSspokepast.net
Type: A
DNSvisitpast.net
Type: A
DNSspokelady.net
Type: A
DNSvisitlady.net
Type: A
DNSspokefish.net
Type: A
DNSvisitfish.net
Type: A
DNSwatchwing.net
Type: A
DNSfairwing.net
Type: A
DNSwatchpast.net
Type: A
DNSfairpast.net
Type: A
DNSwatchlady.net
Type: A
DNSwatchfish.net
Type: A
DNSthiswing.net
Type: A
DNSdreampast.net
Type: A
DNSthispast.net
Type: A
DNSthislady.net
Type: A
DNSthisfish.net
Type: A
DNShumancloth.net
Type: A
DNShaircloth.net
Type: A
DNShairpaid.net
Type: A
DNShumanaugust.net
Type: A
DNShumanborn.net
Type: A
DNSyardcloth.net
Type: A
DNSmusiccloth.net
Type: A
DNSyardpaid.net
Type: A
DNSyardaugust.net
Type: A
DNSmusicaugust.net
Type: A
DNSyardborn.net
Type: A
DNSmusicborn.net
Type: A
DNSwentcloth.net
Type: A
DNSspendcloth.net
Type: A
DNSwentpaid.net
Type: A
DNSspendpaid.net
Type: A
DNSwentaugust.net
Type: A
DNSspendaugust.net
Type: A
DNSwentborn.net
Type: A
DNSspendborn.net
Type: A
DNSfrontcloth.net
Type: A
DNSoffercloth.net
Type: A
DNSfrontpaid.net
Type: A
DNSofferpaid.net
Type: A
DNSfrontaugust.net
Type: A
DNSofferaugust.net
Type: A
DNSfrontborn.net
Type: A
DNSofferborn.net
Type: A
DNShangcloth.net
Type: A
DNSseptembercloth.net
Type: A
DNShangpaid.net
Type: A
DNSseptemberpaid.net
Type: A
DNShangaugust.net
Type: A
DNSseptemberaugust.net
Type: A
DNShangborn.net
Type: A
DNSseptemberborn.net
Type: A
DNSjoincloth.net
Type: A
DNSwishcloth.net
Type: A
DNSjoinpaid.net
Type: A
DNSwishpaid.net
Type: A
DNSjoinaugust.net
Type: A
DNSwishaugust.net
Type: A
DNSjoinborn.net
Type: A
DNSwishborn.net
Type: A
DNSdeadcloth.net
Type: A
DNSrockcloth.net
Type: A
DNSdeadpaid.net
Type: A
DNSrockpaid.net
Type: A
DNSdeadaugust.net
Type: A
DNSrockaugust.net
Type: A
DNSdeadborn.net
Type: A
DNSwrongcloth.net
Type: A
DNSmadecloth.net
Type: A
DNSwrongpaid.net
Type: A
DNSmadepaid.net
Type: A
DNSwrongaugust.net
Type: A
DNSmadeaugust.net
Type: A
DNSwrongborn.net
Type: A
HTTP GEThttp://ableread.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://nailthere.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://bothplain.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://groupgrain.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://fairlady.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://fairfish.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://dreamwing.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://dreamlady.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://dreamfish.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://humanpaid.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://hairaugust.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://hairborn.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://musicpaid.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://rockborn.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://ableread.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://nailthere.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://bothplain.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://groupgrain.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://fairlady.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://fairfish.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://dreamwing.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://dreamlady.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://dreamfish.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://humanpaid.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://hairaugust.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://hairborn.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://musicpaid.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
HTTP GEThttp://rockborn.net/index.php?method=validate&mode=sox&v=044&sox=48f0e20b&lenhdr
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1038 ➝ 98.139.135.129:80
Flows TCP192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1041 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1042 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1043 ➝ 5.226.149.110:80
Flows TCP192.168.1.1:1044 ➝ 49.212.198.17:80
Flows TCP192.168.1.1:1045 ➝ 205.186.175.166:80
Flows TCP192.168.1.1:1046 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1047 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1048 ➝ 195.22.26.254:80
Flows TCP192.168.1.1:1049 ➝ 46.28.105.4:80
Flows TCP192.168.1.1:1050 ➝ 184.168.221.38:80
Flows TCP192.168.1.1:1051 ➝ 108.179.13.242:80
Flows TCP192.168.1.1:1052 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1053 ➝ 98.139.135.129:80
Flows TCP192.168.1.1:1054 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1055 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1056 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1057 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1058 ➝ 5.226.149.110:80
Flows TCP192.168.1.1:1059 ➝ 49.212.198.17:80
Flows TCP192.168.1.1:1060 ➝ 205.186.175.166:80
Flows TCP192.168.1.1:1061 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1062 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1063 ➝ 195.22.26.254:80
Flows TCP192.168.1.1:1064 ➝ 46.28.105.4:80
Flows TCP192.168.1.1:1065 ➝ 184.168.221.38:80
Flows TCP192.168.1.1:1066 ➝ 108.179.13.242:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206162 6c657265 61642e6e 65740d0a   : ableread.net..
0x00000080 (00128)   0d0a                                  ..

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c7468 6572652e 6e65740d   : nailthere.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20626f 7468706c 61696e2e 6e65740d   : bothplain.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206772 6f757067 7261696e 2e6e6574   : groupgrain.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c6465 65702e63 6f6d0d0a   : naildeep.com..
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206661 69726c61 64792e6e 65740d0a   : fairlady.net..
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206661 69726669 73682e6e 65740d0a   : fairfish.net..
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d77 696e672e 6e65740d   : dreamwing.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d6c 6164792e 6e65740d   : dreamlady.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d66 6973682e 6e65740d   : dreamfish.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206875 6d616e70 6169642e 6e65740d   : humanpaid.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206861 69726175 67757374 2e6e6574   : hairaugust.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206861 6972626f 726e2e6e 65740d0a   : hairborn.net..
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 73696370 6169642e 6e65740d   : musicpaid.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 636b626f 726e2e6e 65740d0a   : rockborn.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206162 6c657265 61642e6e 65740d0a   : ableread.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c7468 6572652e 6e65740d   : nailthere.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20626f 7468706c 61696e2e 6e65740d   : bothplain.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206772 6f757067 7261696e 2e6e6574   : groupgrain.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c6465 65702e63 6f6d0d0a   : naildeep.com..
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206661 69726c61 64792e6e 65740d0a   : fairlady.net..
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206661 69726669 73682e6e 65740d0a   : fairfish.net..
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d77 696e672e 6e65740d   : dreamwing.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d6c 6164792e 6e65740d   : dreamlady.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d66 6973682e 6e65740d   : dreamfish.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206875 6d616e70 6169642e 6e65740d   : humanpaid.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206861 69726175 67757374 2e6e6574   : hairaugust.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206861 6972626f 726e2e6e 65740d0a   : hairborn.net..
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 73696370 6169642e 6e65740d   : musicpaid.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 66306532 3062266c 656e6864   x=48f0e20b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 636b626f 726e2e6e 65740d0a   : rockborn.net..
0x00000080 (00128)   0d0a0a0a                              ....


Strings