Analysis Date | 2015-07-25 23:45:48 |
---|---|
MD5 | b4803c98ef8b1e7f4845f70a6b2d31b0 |
SHA1 | f4afd7cab09238936b3767ed6f32cdd9d1484a43 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: b2a6346bcc324220d1b4a63d1c70a9d6 sha1: 76b08b1ebe3b6d969798f8032c1f77d60e9f2285 size: 1211904 | |
Section | .rdata md5: cf87b5668d3d4f2a5b34318ddaa41ce8 sha1: 9b91bd71978a832ae27755d55a5e6f179cc614ec size: 309248 | |
Section | .data md5: 695c2e3aa096cbe99a310de0a6d48575 sha1: 220a3ee6d12346f539bfdf81930fe663929371fb size: 7680 | |
Section | .reloc md5: da9261a454b622fa2ab8495baa9fa357 sha1: 5bbdcdace9c85df404b063011a24e758ad25ba8c size: 156672 | |
Timestamp | 2015-05-11 04:49:20 | |
Packer | VC8 -> Microsoft Corporation | |
PEhash | 51557e2e86b3e599c3bc32a8502892ed7b5397f4 | |
IMPhash | f825c511a14633f77951a11b850047a7 | |
AV | CA (E-Trust Ino) | no_virus |
AV | F-Secure | Gen:Variant.Kazy.611782 |
AV | Dr. Web | Trojan.Bayrob.5 |
AV | ClamAV | no_virus |
AV | Arcabit (arcavir) | Gen:Variant.Kazy.611782 |
AV | BullGuard | Gen:Variant.Kazy.611782 |
AV | Padvish | no_virus |
AV | VirusBlokAda (vba32) | no_virus |
AV | CAT (quickheal) | no_virus |
AV | Trend Micro | no_virus |
AV | Kaspersky | Backdoor.Win32.SoxGrave.uc |
AV | Zillya! | Backdoor.SoxGrave.Win32.576 |
AV | Emsisoft | Gen:Variant.Kazy.611782 |
AV | Ikarus | Trojan.Win32.Bayrob |
AV | Frisk (f-prot) | no_virus |
AV | Authentium | W32/SoxGrave.A2.gen!Eldorado |
AV | MalwareBytes | no_virus |
AV | MicroWorld (escan) | Gen:Variant.Kazy.611782 |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.BN |
AV | K7 | Trojan ( 004c77f41 ) |
AV | BitDefender | Gen:Variant.Kazy.611782 |
AV | Fortinet | W32/Bayrob.X!tr |
AV | Symantec | Downloader.Upatre!g15 |
AV | Grisoft (avg) | Crypt4.ADUO |
AV | Eset (nod32) | Win32/Bayrob.Z |
AV | Alwil (avast) | Dropper-OJQ [Drp] |
AV | Ad-Aware | Gen:Variant.Kazy.611782 |
AV | Twister | no_virus |
AV | Avira (antivir) | TR/Crypt.Xpack.265226 |
AV | Mcafee | Trojan-FGIJ!B4803C98EF8B |
AV | Rising | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\dnztsi1ndlkbd7u2mid.exe |
---|---|
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\tst |
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\dnztsi1ndlkbd7u2mid.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\dnztsi1ndlkbd7u2mid.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UPnP Cache Spooler Call Base ➝ C:\WINDOWS\system32\uztsbvgiqbcm.exe |
---|---|
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\etc |
Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\lck |
Creates File | C:\WINDOWS\system32\uztsbvgiqbcm.exe |
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\tst |
Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
Creates Process | C:\WINDOWS\system32\uztsbvgiqbcm.exe |
Creates Service | SSDP Host Themes Web Thread Offline - C:\WINDOWS\system32\uztsbvgiqbcm.exe |
Process
↳ Pid 804
Process
↳ Pid 852
Process
↳ C:\WINDOWS\System32\svchost.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝ NULL |
---|---|
Creates File | PIPE\lsarpc |
Creates File | C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG |
Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
Process
↳ Pid 1112
Process
↳ Pid 1208
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
---|---|
Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Process
↳ Pid 1840
Process
↳ Pid 1100
Process
↳ C:\WINDOWS\system32\uztsbvgiqbcm.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
---|---|
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\cfg |
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\run |
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\rng |
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\tst |
Creates File | C:\WINDOWS\TEMP\dnztsi1uo6kb.exe |
Creates File | pipe\net\NtControlPipe10 |
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\lck |
Creates File | C:\WINDOWS\system32\qaftpdvkmyh.exe |
Creates File | \Device\Afd\Endpoint |
Creates Process | C:\WINDOWS\TEMP\dnztsi1uo6kb.exe -r 33335 tcp |
Creates Process | WATCHDOGPROC "c:\windows\system32\uztsbvgiqbcm.exe" |
Process
↳ C:\WINDOWS\system32\uztsbvgiqbcm.exe
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\tst |
---|
Process
↳ WATCHDOGPROC "c:\windows\system32\uztsbvgiqbcm.exe"
Creates File | C:\WINDOWS\system32\hwiexavxgomjjx\tst |
---|
Process
↳ C:\WINDOWS\TEMP\dnztsi1uo6kb.exe -r 33335 tcp
Creates File | \Device\Afd\Endpoint |
---|---|
Winsock DNS | 239.255.255.250 |
Network Details:
DNS | recordsoldier.net Type: A 208.91.197.241 |
---|---|
DNS | fliersurprise.net Type: A 208.91.197.241 |
DNS | historybright.net Type: A 208.91.197.241 |
DNS | chiefsoldier.net Type: A 208.91.197.241 |
DNS | classsurprise.net Type: A 208.91.197.241 |
DNS | thosecontinue.net Type: A 208.91.197.241 |
DNS | throughcontain.net Type: A 208.91.197.241 |
DNS | belongguard.net Type: A 208.91.197.241 |
DNS | maybellinethaddeus.net Type: A 208.91.197.241 |
DNS | kimberleyshavonne.net Type: A 208.91.197.241 |
DNS | naildeep.com Type: A 74.220.215.218 |
DNS | riddenstorm.net Type: A 66.147.240.171 |
DNS | destroystorm.net Type: A 216.239.138.86 |
DNS | faceprice.net Type: A 14.63.216.242 |
DNS | facereach.net Type: A 95.211.230.75 |
DNS | afterprice.net Type: A 217.31.58.24 |
DNS | sellprice.net Type: A 79.99.134.187 |
DNS | queenfood.net Type: A 103.3.245.71 |
DNS | husbandfound.net Type: A |
DNS | leadershort.net Type: A |
DNS | eggbraker.com Type: A |
DNS | ithouneed.com Type: A |
DNS | sellborn.net Type: A |
DNS | wednesdayborn.net Type: A |
DNS | drivecloth.net Type: A |
DNS | nailcloth.net Type: A |
DNS | drivepaid.net Type: A |
DNS | nailpaid.net Type: A |
DNS | driveaugust.net Type: A |
DNS | nailaugust.net Type: A |
DNS | driveborn.net Type: A |
DNS | nailborn.net Type: A |
DNS | fieldprice.net Type: A |
DNS | queenprice.net Type: A |
DNS | fieldcroud.net Type: A |
DNS | queencroud.net Type: A |
DNS | fieldraise.net Type: A |
DNS | queenraise.net Type: A |
DNS | fieldreach.net Type: A |
DNS | queenreach.net Type: A |
DNS | bothprice.net Type: A |
DNS | gainprice.net Type: A |
DNS | bothcroud.net Type: A |
DNS | gaincroud.net Type: A |
DNS | bothraise.net Type: A |
DNS | gainraise.net Type: A |
DNS | bothreach.net Type: A |
DNS | gainreach.net Type: A |
DNS | leastprice.net Type: A |
DNS | leastcroud.net Type: A |
DNS | facecroud.net Type: A |
DNS | leastraise.net Type: A |
DNS | faceraise.net Type: A |
DNS | leastreach.net Type: A |
DNS | monthprice.net Type: A |
DNS | walkprice.net Type: A |
DNS | monthcroud.net Type: A |
DNS | walkcroud.net Type: A |
DNS | monthraise.net Type: A |
DNS | walkraise.net Type: A |
DNS | monthreach.net Type: A |
DNS | walkreach.net Type: A |
DNS | storyprice.net Type: A |
DNS | weakprice.net Type: A |
DNS | storycroud.net Type: A |
DNS | weakcroud.net Type: A |
DNS | storyraise.net Type: A |
DNS | weakraise.net Type: A |
DNS | storyreach.net Type: A |
DNS | weakreach.net Type: A |
DNS | forceprice.net Type: A |
DNS | aftercroud.net Type: A |
DNS | forcecroud.net Type: A |
DNS | afterraise.net Type: A |
DNS | forceraise.net Type: A |
DNS | afterreach.net Type: A |
DNS | forcereach.net Type: A |
DNS | wednesdayprice.net Type: A |
DNS | sellcroud.net Type: A |
DNS | wednesdaycroud.net Type: A |
DNS | sellraise.net Type: A |
DNS | wednesdayraise.net Type: A |
DNS | sellreach.net Type: A |
DNS | wednesdayreach.net Type: A |
DNS | driveprice.net Type: A |
DNS | nailprice.net Type: A |
DNS | drivecroud.net Type: A |
DNS | nailcroud.net Type: A |
DNS | driveraise.net Type: A |
DNS | nailraise.net Type: A |
DNS | drivereach.net Type: A |
DNS | nailreach.net Type: A |
DNS | fieldneck.net Type: A |
DNS | queenneck.net Type: A |
DNS | fieldshown.net Type: A |
DNS | queenshown.net Type: A |
DNS | fieldfood.net Type: A |
DNS | fieldmeet.net Type: A |
DNS | queenmeet.net Type: A |
DNS | bothneck.net Type: A |
DNS | gainneck.net Type: A |
DNS | bothshown.net Type: A |
HTTP GET | http://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://faceprice.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://facereach.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://afterprice.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://sellprice.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://queenfood.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
HTTP GET | http://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr User-Agent: |
Flows TCP | 192.168.1.1:1036 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1037 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1038 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1039 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1040 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1041 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1042 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1044 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1045 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1046 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1047 ➝ 74.220.215.218:80 |
Flows TCP | 192.168.1.1:1048 ➝ 66.147.240.171:80 |
Flows TCP | 192.168.1.1:1049 ➝ 216.239.138.86:80 |
Flows TCP | 192.168.1.1:1050 ➝ 14.63.216.242:80 |
Flows TCP | 192.168.1.1:1051 ➝ 95.211.230.75:80 |
Flows TCP | 192.168.1.1:1052 ➝ 217.31.58.24:80 |
Flows TCP | 192.168.1.1:1053 ➝ 79.99.134.187:80 |
Flows TCP | 192.168.1.1:1054 ➝ 103.3.245.71:80 |
Flows TCP | 192.168.1.1:1055 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1056 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1057 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1058 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1059 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1060 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1061 ➝ 208.91.197.241:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207265 636f7264 736f6c64 6965722e : recordsoldier. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20666c 69657273 75727072 6973652e : fliersurprise. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206869 73746f72 79627269 6768742e : historybright. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206368 69656673 6f6c6469 65722e6e : chiefsoldier.n 0x00000080 (00128) 65740d0a 0d0a0a et..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20636c 61737373 75727072 6973652e : classsurprise. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207468 6f736563 6f6e7469 6e75652e : thosecontinue. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207468 726f7567 68636f6e 7461696e : throughcontain 0x00000080 (00128) 2e6e6574 0d0a0d0a .net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206265 6c6f6e67 67756172 642e6e65 : belongguard.ne 0x00000080 (00128) 740d0a0d 0a0a0d0a t....... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d61 7962656c 6c696e65 74686164 : maybellinethad 0x00000080 (00128) 64657573 2e6e6574 0d0a0d0a deus.net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206b69 6d626572 6c657973 6861766f : kimberleyshavo 0x00000080 (00128) 6e6e652e 6e65740d 0a0d0a0a nne.net..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206e61 696c6465 65702e63 6f6d0d0a : naildeep.com.. 0x00000080 (00128) 0d0a652e 6e65740d 0a0d0a0a ..e.net..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207269 6464656e 73746f72 6d2e6e65 : riddenstorm.ne 0x00000080 (00128) 740d0a0d 0a65740d 0a0d0a0a t....et..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206465 7374726f 7973746f 726d2e6e : destroystorm.n 0x00000080 (00128) 65740d0a 0d0a740d 0a0d0a0a et....t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206661 63657072 6963652e 6e65740d : faceprice.net. 0x00000080 (00128) 0a0d0a0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206661 63657265 6163682e 6e65740d : facereach.net. 0x00000080 (00128) 0a0d0a0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206166 74657270 72696365 2e6e6574 : afterprice.net 0x00000080 (00128) 0d0a0d0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207365 6c6c7072 6963652e 6e65740d : sellprice.net. 0x00000080 (00128) 0a0d0a0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207175 65656e66 6f6f642e 6e65740d : queenfood.net. 0x00000080 (00128) 0a0d0a0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207265 636f7264 736f6c64 6965722e : recordsoldier. 0x00000080 (00128) 6e65740d 0a0d0a0d 0a0d0a0a net......... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20666c 69657273 75727072 6973652e : fliersurprise. 0x00000080 (00128) 6e65740d 0a0d0a0d 0a0d0a0a net......... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206869 73746f72 79627269 6768742e : historybright. 0x00000080 (00128) 6e65740d 0a0d0a0d 0a0d0a0a net......... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206368 69656673 6f6c6469 65722e6e : chiefsoldier.n 0x00000080 (00128) 65740d0a 0d0a0a0d 0a0d0a0a et.......... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20636c 61737373 75727072 6973652e : classsurprise. 0x00000080 (00128) 6e65740d 0a0d0a0d 0a0d0a0a net......... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207468 6f736563 6f6e7469 6e75652e : thosecontinue. 0x00000080 (00128) 6e65740d 0a0d0a0d 0a0d0a0a net......... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3465 61393534 3030266c 656e6864 x=4ea95400&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207468 726f7567 68636f6e 7461696e : throughcontain 0x00000080 (00128) 2e6e6574 0d0a0d0a 0a0d0a0a .net........
Strings