Analysis Date2015-07-25 23:45:48
MD5b4803c98ef8b1e7f4845f70a6b2d31b0
SHA1f4afd7cab09238936b3767ed6f32cdd9d1484a43

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b2a6346bcc324220d1b4a63d1c70a9d6 sha1: 76b08b1ebe3b6d969798f8032c1f77d60e9f2285 size: 1211904
Section.rdata md5: cf87b5668d3d4f2a5b34318ddaa41ce8 sha1: 9b91bd71978a832ae27755d55a5e6f179cc614ec size: 309248
Section.data md5: 695c2e3aa096cbe99a310de0a6d48575 sha1: 220a3ee6d12346f539bfdf81930fe663929371fb size: 7680
Section.reloc md5: da9261a454b622fa2ab8495baa9fa357 sha1: 5bbdcdace9c85df404b063011a24e758ad25ba8c size: 156672
Timestamp2015-05-11 04:49:20
PackerVC8 -> Microsoft Corporation
PEhash51557e2e86b3e599c3bc32a8502892ed7b5397f4
IMPhashf825c511a14633f77951a11b850047a7
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Kazy.611782
AVDr. WebTrojan.Bayrob.5
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Kazy.611782
AVBullGuardGen:Variant.Kazy.611782
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyBackdoor.Win32.SoxGrave.uc
AVZillya!Backdoor.SoxGrave.Win32.576
AVEmsisoftGen:Variant.Kazy.611782
AVIkarusTrojan.Win32.Bayrob
AVFrisk (f-prot)no_virus
AVAuthentiumW32/SoxGrave.A2.gen!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Gen:Variant.Kazy.611782
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.BN
AVK7Trojan ( 004c77f41 )
AVBitDefenderGen:Variant.Kazy.611782
AVFortinetW32/Bayrob.X!tr
AVSymantecDownloader.Upatre!g15
AVGrisoft (avg)Crypt4.ADUO
AVEset (nod32)Win32/Bayrob.Z
AVAlwil (avast)Dropper-OJQ [Drp]
AVAd-AwareGen:Variant.Kazy.611782
AVTwisterno_virus
AVAvira (antivir)TR/Crypt.Xpack.265226
AVMcafeeTrojan-FGIJ!B4803C98EF8B
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dnztsi1ndlkbd7u2mid.exe
Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dnztsi1ndlkbd7u2mid.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\dnztsi1ndlkbd7u2mid.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UPnP Cache Spooler Call Base ➝
C:\WINDOWS\system32\uztsbvgiqbcm.exe
Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\etc
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\lck
Creates FileC:\WINDOWS\system32\uztsbvgiqbcm.exe
Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\tst
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\uztsbvgiqbcm.exe
Creates ServiceSSDP Host Themes Web Thread Offline - C:\WINDOWS\system32\uztsbvgiqbcm.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1112

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1840

Process
↳ Pid 1100

Process
↳ C:\WINDOWS\system32\uztsbvgiqbcm.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\cfg
Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\run
Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\rng
Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\tst
Creates FileC:\WINDOWS\TEMP\dnztsi1uo6kb.exe
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\lck
Creates FileC:\WINDOWS\system32\qaftpdvkmyh.exe
Creates File\Device\Afd\Endpoint
Creates ProcessC:\WINDOWS\TEMP\dnztsi1uo6kb.exe -r 33335 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\uztsbvgiqbcm.exe"

Process
↳ C:\WINDOWS\system32\uztsbvgiqbcm.exe

Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\uztsbvgiqbcm.exe"

Creates FileC:\WINDOWS\system32\hwiexavxgomjjx\tst

Process
↳ C:\WINDOWS\TEMP\dnztsi1uo6kb.exe -r 33335 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSrecordsoldier.net
Type: A
208.91.197.241
DNSfliersurprise.net
Type: A
208.91.197.241
DNShistorybright.net
Type: A
208.91.197.241
DNSchiefsoldier.net
Type: A
208.91.197.241
DNSclasssurprise.net
Type: A
208.91.197.241
DNSthosecontinue.net
Type: A
208.91.197.241
DNSthroughcontain.net
Type: A
208.91.197.241
DNSbelongguard.net
Type: A
208.91.197.241
DNSmaybellinethaddeus.net
Type: A
208.91.197.241
DNSkimberleyshavonne.net
Type: A
208.91.197.241
DNSnaildeep.com
Type: A
74.220.215.218
DNSriddenstorm.net
Type: A
66.147.240.171
DNSdestroystorm.net
Type: A
216.239.138.86
DNSfaceprice.net
Type: A
14.63.216.242
DNSfacereach.net
Type: A
95.211.230.75
DNSafterprice.net
Type: A
217.31.58.24
DNSsellprice.net
Type: A
79.99.134.187
DNSqueenfood.net
Type: A
103.3.245.71
DNShusbandfound.net
Type: A
DNSleadershort.net
Type: A
DNSeggbraker.com
Type: A
DNSithouneed.com
Type: A
DNSsellborn.net
Type: A
DNSwednesdayborn.net
Type: A
DNSdrivecloth.net
Type: A
DNSnailcloth.net
Type: A
DNSdrivepaid.net
Type: A
DNSnailpaid.net
Type: A
DNSdriveaugust.net
Type: A
DNSnailaugust.net
Type: A
DNSdriveborn.net
Type: A
DNSnailborn.net
Type: A
DNSfieldprice.net
Type: A
DNSqueenprice.net
Type: A
DNSfieldcroud.net
Type: A
DNSqueencroud.net
Type: A
DNSfieldraise.net
Type: A
DNSqueenraise.net
Type: A
DNSfieldreach.net
Type: A
DNSqueenreach.net
Type: A
DNSbothprice.net
Type: A
DNSgainprice.net
Type: A
DNSbothcroud.net
Type: A
DNSgaincroud.net
Type: A
DNSbothraise.net
Type: A
DNSgainraise.net
Type: A
DNSbothreach.net
Type: A
DNSgainreach.net
Type: A
DNSleastprice.net
Type: A
DNSleastcroud.net
Type: A
DNSfacecroud.net
Type: A
DNSleastraise.net
Type: A
DNSfaceraise.net
Type: A
DNSleastreach.net
Type: A
DNSmonthprice.net
Type: A
DNSwalkprice.net
Type: A
DNSmonthcroud.net
Type: A
DNSwalkcroud.net
Type: A
DNSmonthraise.net
Type: A
DNSwalkraise.net
Type: A
DNSmonthreach.net
Type: A
DNSwalkreach.net
Type: A
DNSstoryprice.net
Type: A
DNSweakprice.net
Type: A
DNSstorycroud.net
Type: A
DNSweakcroud.net
Type: A
DNSstoryraise.net
Type: A
DNSweakraise.net
Type: A
DNSstoryreach.net
Type: A
DNSweakreach.net
Type: A
DNSforceprice.net
Type: A
DNSaftercroud.net
Type: A
DNSforcecroud.net
Type: A
DNSafterraise.net
Type: A
DNSforceraise.net
Type: A
DNSafterreach.net
Type: A
DNSforcereach.net
Type: A
DNSwednesdayprice.net
Type: A
DNSsellcroud.net
Type: A
DNSwednesdaycroud.net
Type: A
DNSsellraise.net
Type: A
DNSwednesdayraise.net
Type: A
DNSsellreach.net
Type: A
DNSwednesdayreach.net
Type: A
DNSdriveprice.net
Type: A
DNSnailprice.net
Type: A
DNSdrivecroud.net
Type: A
DNSnailcroud.net
Type: A
DNSdriveraise.net
Type: A
DNSnailraise.net
Type: A
DNSdrivereach.net
Type: A
DNSnailreach.net
Type: A
DNSfieldneck.net
Type: A
DNSqueenneck.net
Type: A
DNSfieldshown.net
Type: A
DNSqueenshown.net
Type: A
DNSfieldfood.net
Type: A
DNSfieldmeet.net
Type: A
DNSqueenmeet.net
Type: A
DNSbothneck.net
Type: A
DNSgainneck.net
Type: A
DNSbothshown.net
Type: A
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://faceprice.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://facereach.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://afterprice.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://sellprice.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://queenfood.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4ea95400&lenhdr
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1044 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1045 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1046 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1047 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1048 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1049 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1050 ➝ 14.63.216.242:80
Flows TCP192.168.1.1:1051 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1052 ➝ 217.31.58.24:80
Flows TCP192.168.1.1:1053 ➝ 79.99.134.187:80
Flows TCP192.168.1.1:1054 ➝ 103.3.245.71:80
Flows TCP192.168.1.1:1055 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1056 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1057 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1058 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1059 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1060 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1061 ➝ 208.91.197.241:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207265 636f7264 736f6c64 6965722e   : recordsoldier.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20666c 69657273 75727072 6973652e   : fliersurprise.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206869 73746f72 79627269 6768742e   : historybright.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206368 69656673 6f6c6469 65722e6e   : chiefsoldier.n
0x00000080 (00128)   65740d0a 0d0a0a                       et.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 61737373 75727072 6973652e   : classsurprise.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 6f736563 6f6e7469 6e75652e   : thosecontinue.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 726f7567 68636f6e 7461696e   : throughcontain
0x00000080 (00128)   2e6e6574 0d0a0d0a                     .net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206265 6c6f6e67 67756172 642e6e65   : belongguard.ne
0x00000080 (00128)   740d0a0d 0a0a0d0a                     t.......

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d61 7962656c 6c696e65 74686164   : maybellinethad
0x00000080 (00128)   64657573 2e6e6574 0d0a0d0a            deus.net....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206b69 6d626572 6c657973 6861766f   : kimberleyshavo
0x00000080 (00128)   6e6e652e 6e65740d 0a0d0a0a            nne.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c6465 65702e63 6f6d0d0a   : naildeep.com..
0x00000080 (00128)   0d0a652e 6e65740d 0a0d0a0a            ..e.net.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207269 6464656e 73746f72 6d2e6e65   : riddenstorm.ne
0x00000080 (00128)   740d0a0d 0a65740d 0a0d0a0a            t....et.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 7374726f 7973746f 726d2e6e   : destroystorm.n
0x00000080 (00128)   65740d0a 0d0a740d 0a0d0a0a            et....t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206661 63657072 6963652e 6e65740d   : faceprice.net.
0x00000080 (00128)   0a0d0a0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206661 63657265 6163682e 6e65740d   : facereach.net.
0x00000080 (00128)   0a0d0a0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206166 74657270 72696365 2e6e6574   : afterprice.net
0x00000080 (00128)   0d0a0d0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207365 6c6c7072 6963652e 6e65740d   : sellprice.net.
0x00000080 (00128)   0a0d0a0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207175 65656e66 6f6f642e 6e65740d   : queenfood.net.
0x00000080 (00128)   0a0d0a0a 0d0a740d 0a0d0a0a            ......t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207265 636f7264 736f6c64 6965722e   : recordsoldier.
0x00000080 (00128)   6e65740d 0a0d0a0d 0a0d0a0a            net.........

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20666c 69657273 75727072 6973652e   : fliersurprise.
0x00000080 (00128)   6e65740d 0a0d0a0d 0a0d0a0a            net.........

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206869 73746f72 79627269 6768742e   : historybright.
0x00000080 (00128)   6e65740d 0a0d0a0d 0a0d0a0a            net.........

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206368 69656673 6f6c6469 65722e6e   : chiefsoldier.n
0x00000080 (00128)   65740d0a 0d0a0a0d 0a0d0a0a            et..........

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20636c 61737373 75727072 6973652e   : classsurprise.
0x00000080 (00128)   6e65740d 0a0d0a0d 0a0d0a0a            net.........

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 6f736563 6f6e7469 6e75652e   : thosecontinue.
0x00000080 (00128)   6e65740d 0a0d0a0d 0a0d0a0a            net.........

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3035 3026736f   ode=sox&v=050&so
0x00000030 (00048)   783d3465 61393534 3030266c 656e6864   x=4ea95400&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 726f7567 68636f6e 7461696e   : throughcontain
0x00000080 (00128)   2e6e6574 0d0a0d0a 0a0d0a0a            .net........


Strings