Analysis Date2015-08-16 22:34:32
MD5d6a220d986d3017db69e778f25953f05
SHA1d654a49330cb217663441cef58be2e70393efbac

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 22a8fc0d4d12c4150ee80b6cddbed12c sha1: 5d9e60b54bf48272cb6146bb45d20df19872d0bc size: 1140736
Section.rdata md5: 597e0ce89ff04507fda058c7d712ea06 sha1: 70780e7c8111c7327c05b9c88d5cd82dad309571 size: 312320
Section.data md5: 20d9e1fcef4fca3ff59eaaa568daf93a sha1: 7649a83b1be4519d404eb85cf459d121ec853df5 size: 8192
Section.reloc md5: 235a503700783d1c9c8a1d222d2bb8b8 sha1: 88b4063b6a8240148a23658ccf170628bd1eb50c size: 139264
Timestamp2015-05-11 03:58:29
PackerVC8 -> Microsoft Corporation
PEhash4555cd84d17b6c079ed238853055ec5ed1e5b3ce
IMPhashcb1a40063f497e908052b04d0c4347f2
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Kazy.611782
AVDr. WebTrojan.Bayrob.5
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Kazy.611782
AVBullGuardGen:Variant.Kazy.611782
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyBackdoor.Win32.SoxGrave.ahz
AVZillya!Backdoor.SoxGrave.Win32.233
AVEmsisoftGen:Variant.Kazy.611782
AVIkarusTrojan.Win32.Bayrob
AVFrisk (f-prot)no_virus
AVAuthentiumW32/SoxGrave.A.gen!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Gen:Variant.Kazy.611782
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.BN
AVK7Trojan ( 004c77f41 )
AVBitDefenderGen:Variant.Kazy.611782
AVFortinetW32/Bayrob.X!tr
AVSymantecDownloader.Upatre!g15
AVGrisoft (avg)Win32/Cryptor
AVEset (nod32)Win32/Bayrob.Y
AVAlwil (avast)Dropper-OJQ [Drp]
AVAd-AwareGen:Variant.Kazy.611782
AVRisingno_virus
AVTwisterno_virus
AVAvira (antivir)TR/Crypt.Xpack.41178
AVMcafeeTrojan-FGIJ!D6A220D986D3

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\tst
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\annduq1mq5fmknbktmantt.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\annduq1mq5fmknbktmantt.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\annduq1mq5fmknbktmantt.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Level Tools Encryption Topology Process ➝
C:\WINDOWS\system32\oemlspjv.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\etc
Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\tst
Creates FileC:\WINDOWS\system32\oemlspjv.exe
Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\lck
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\oemlspjv.exe
Creates ServiceNetBIOS Upgrade Services Spooler Config Portable - C:\WINDOWS\system32\oemlspjv.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates FileWMIDataDevice

Process
↳ Pid 1872

Process
↳ Pid 1156

Process
↳ C:\WINDOWS\system32\oemlspjv.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\cfg
Creates FileC:\WINDOWS\system32\iefksplhdfd.exe
Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\tst
Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\rng
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\TEMP\annduq1u5yfmkn.exe
Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\run
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\lck
Creates ProcessC:\WINDOWS\TEMP\annduq1u5yfmkn.exe -r 39127 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\oemlspjv.exe"

Process
↳ C:\WINDOWS\system32\oemlspjv.exe

Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\oemlspjv.exe"

Creates FileC:\WINDOWS\system32\lzqvxhcihurlab\tst

Process
↳ C:\WINDOWS\TEMP\annduq1u5yfmkn.exe -r 39127 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSrecordsoldier.net
Type: A
208.91.197.241
DNSfliersurprise.net
Type: A
208.91.197.241
DNShistorybright.net
Type: A
208.91.197.241
DNSchiefsoldier.net
Type: A
208.91.197.241
DNSclasssurprise.net
Type: A
208.91.197.241
DNSthosecontinue.net
Type: A
208.91.197.241
DNSthroughcontain.net
Type: A
208.91.197.241
DNSbelongguard.net
Type: A
208.91.197.241
DNSmaybellinethaddeus.net
Type: A
208.91.197.241
DNSkimberleyshavonne.net
Type: A
208.91.197.241
DNSnaildeep.com
Type: A
74.220.215.218
DNSriddenstorm.net
Type: A
66.147.240.171
DNSdestroystorm.net
Type: A
216.239.138.86
DNSfridaylight.net
Type: A
184.168.221.40
DNSlongroad.net
Type: A
184.168.221.104
DNSlongmail.net
Type: A
185.26.230.130
DNSsoilmail.net
Type: A
184.168.221.43
DNSstickmail.net
Type: A
182.18.159.62
DNSballmail.net
Type: A
184.168.221.61
DNSenemyroad.net
Type: A
95.211.230.75
DNShusbandfound.net
Type: A
DNSleadershort.net
Type: A
DNSeggbraker.com
Type: A
DNSithouneed.com
Type: A
DNSshallgone.net
Type: A
DNSdeepgone.net
Type: A
DNSpushgoes.net
Type: A
DNSfridaygoes.net
Type: A
DNSpushfool.net
Type: A
DNSfridayfool.net
Type: A
DNSpushlight.net
Type: A
DNSpushgone.net
Type: A
DNSfridaygone.net
Type: A
DNSalonggoes.net
Type: A
DNSdecembergoes.net
Type: A
DNSalongfool.net
Type: A
DNSdecemberfool.net
Type: A
DNSalonglight.net
Type: A
DNSdecemberlight.net
Type: A
DNSalonggone.net
Type: A
DNSdecembergone.net
Type: A
DNSsoilroad.net
Type: A
DNSlongwore.net
Type: A
DNSsoilwore.net
Type: A
DNSlongwhere.net
Type: A
DNSsoilwhere.net
Type: A
DNSwheelroad.net
Type: A
DNSsaidroad.net
Type: A
DNSwheelmail.net
Type: A
DNSsaidmail.net
Type: A
DNSwheelwore.net
Type: A
DNSsaidwore.net
Type: A
DNSwheelwhere.net
Type: A
DNSsaidwhere.net
Type: A
DNSstickroad.net
Type: A
DNSballroad.net
Type: A
DNSstickwore.net
Type: A
DNSballwore.net
Type: A
DNSstickwhere.net
Type: A
DNSballwhere.net
Type: A
DNSliferoad.net
Type: A
DNSenemymail.net
Type: A
DNSlifemail.net
Type: A
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://fridaylight.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://longroad.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://longmail.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://soilmail.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://stickmail.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://ballmail.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
HTTP GEThttp://enemyroad.net/index.php?method=validate&mode=sox&v=050&sox=4fb71a0b&lenhdr
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1043 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1044 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1046 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1047 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1048 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1049 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1050 ➝ 184.168.221.40:80
Flows TCP192.168.1.1:1051 ➝ 184.168.221.104:80
Flows TCP192.168.1.1:1052 ➝ 185.26.230.130:80
Flows TCP192.168.1.1:1053 ➝ 184.168.221.43:80
Flows TCP192.168.1.1:1054 ➝ 182.18.159.62:80
Flows TCP192.168.1.1:1055 ➝ 184.168.221.61:80
Flows TCP192.168.1.1:1056 ➝ 95.211.230.75:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207265 636f7264 736f6c64 6965722e   : recordsoldier.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20666c 69657273 75727072 6973652e   : fliersurprise.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206869 73746f72 79627269 6768742e   : historybright.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206368 69656673 6f6c6469 65722e6e   : chiefsoldier.n
0x00000080 (00128)   65740d0a 0d0a0a                       et.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 61737373 75727072 6973652e   : classsurprise.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 6f736563 6f6e7469 6e75652e   : thosecontinue.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 726f7567 68636f6e 7461696e   : throughcontain
0x00000080 (00128)   2e6e6574 0d0a0d0a                     .net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206265 6c6f6e67 67756172 642e6e65   : belongguard.ne
0x00000080 (00128)   740d0a0d 0a0a0d0a                     t.......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d61 7962656c 6c696e65 74686164   : maybellinethad
0x00000080 (00128)   64657573 2e6e6574 0d0a0d0a            deus.net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206b69 6d626572 6c657973 6861766f   : kimberleyshavo
0x00000080 (00128)   6e6e652e 6e65740d 0a0d0a0a            nne.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c6465 65702e63 6f6d0d0a   : naildeep.com..
0x00000080 (00128)   0d0a652e 6e65740d 0a0d0a0a            ..e.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207269 6464656e 73746f72 6d2e6e65   : riddenstorm.ne
0x00000080 (00128)   740d0a0d 0a65740d 0a0d0a0a            t....et.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 7374726f 7973746f 726d2e6e   : destroystorm.n
0x00000080 (00128)   65740d0a 0d0a740d 0a0d0a0a            et....t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 69646179 6c696768 742e6e65   : fridaylight.ne
0x00000080 (00128)   740d0a0d 0a0a740d 0a0d0a0a            t.....t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 6e67726f 61642e6e 65740d0a   : longroad.net..
0x00000080 (00128)   0d0a0a0d 0a0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c6f 6e676d61 696c2e6e 65740d0a   : longmail.net..
0x00000080 (00128)   0d0a0a0d 0a0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20736f 696c6d61 696c2e6e 65740d0a   : soilmail.net..
0x00000080 (00128)   0d0a0a0d 0a0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61696c2e 6e65740d   : stickmail.net.
0x00000080 (00128)   0a0d0a0d 0a0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206261 6c6c6d61 696c2e6e 65740d0a   : ballmail.net..
0x00000080 (00128)   0d0a0a0d 0a0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3466 62373161 3062266c 656e6864   x=4fb71a0b&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20656e 656d7972 6f61642e 6e65740d   : enemyroad.net.
0x00000080 (00128)   0a0d0a0d 0a0a740d 20857701            ......t. .w.


Strings