Analysis Date2015-11-01 17:14:16
MD5a9d844c91fefadf80ec22d2e6e55b786
SHA126fc467579c2c8c2dcc04bc4c83f451862494dde

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 1d3702131f379da3590331d30e4af78e sha1: 620b6a47871bbcbc258f3ea5665ea366ddf89748 size: 821248
Section.rdata md5: f695e541e80bca56034d6835391c353b sha1: 44a84b848c4e2023b3d26e368175035a2eadf005 size: 313856
Section.data md5: cedd01ead5adddff9b184af585c4f723 sha1: e58ea3919d0a5769f1beed67c89b3f9c6082ec88 size: 8192
Timestamp2015-04-03 04:12:41
PackerMicrosoft Visual C++ ?.?
PEhash3106c7e5b5db5695e0616d58183715eb97dbaa3f
IMPhashe51d9db932ade15c28a48832f5c4d432
AVAd-AwareGen:Variant.Zusy.133308
AVGrisoft (avg)Win32/Cryptor
AVCAT (quickheal)no_virus
AVIkarusTrojan.Win32.Crypt
AVAvira (antivir)TR/Crypt.XPACK.Gen2
AVK7Trojan ( 004cd0081 )
AVClamAVno_virus
AVKasperskyTrojan.Win32.Generic
AVArcabit (arcavir)Gen:Variant.Zusy.133308
AVMalwareBytesno_virus
AVDr. WebTrojan.DownLoader17.35950
AVMcafeeno_virus
AVBitDefenderGen:Variant.Zusy.133308
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort!rfn
AVEmsisoftGen:Variant.Zusy.133308
AVMicroWorld (escan)Gen:Variant.Zusy.133308
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVPadvishno_virus
AVEset (nod32)Win32/Kryptik.DDQD
AVRisingno_virus
AVBullGuardGen:Variant.Zusy.133308
AVFortinetW32/Kryptik.DDQD!tr
AVSymantecDownloader.Upatre!g15
AVAuthentiumW32/Zusy.X.gen!Eldorado
AVTrend Microno_virus
AVFrisk (f-prot)no_virus
AVTwisterno_virus
AVCA (E-Trust Ino)no_virus
AVVirusBlokAda (vba32)no_virus
AVF-SecureGen:Variant.Zusy.133308
AVZillya!no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\bpojtxf1m40wfdnefiu.exe
Creates FileC:\WINDOWS\system32\wnzltlciggx\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\bpojtxf1m40wfdnefiu.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\bpojtxf1m40wfdnefiu.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Instrumentation CardSpace SNMP ➝
C:\WINDOWS\system32\izyuupsa.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\izyuupsa.exe
Creates FileC:\WINDOWS\system32\wnzltlciggx\lck
Creates FileC:\WINDOWS\system32\wnzltlciggx\tst
Creates FileC:\WINDOWS\system32\wnzltlciggx\etc
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\izyuupsa.exe
Creates ServiceBus Program Superfetch Browser Window - C:\WINDOWS\system32\izyuupsa.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 800

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1864

Process
↳ Pid 1136

Process
↳ C:\WINDOWS\system32\izyuupsa.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\wnzltlciggx\cfg
Creates FileC:\WINDOWS\system32\wyjzctxvs.exe
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\wnzltlciggx\run
Creates FileC:\WINDOWS\TEMP\bpojtxf1t51wf.exe
Creates FileC:\WINDOWS\system32\wnzltlciggx\tst
Creates FileC:\WINDOWS\system32\wnzltlciggx\lck
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\wnzltlciggx\rng
Creates ProcessC:\WINDOWS\TEMP\bpojtxf1t51wf.exe -r 23676 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\izyuupsa.exe"

Process
↳ C:\WINDOWS\system32\izyuupsa.exe

Creates FileC:\WINDOWS\system32\wnzltlciggx\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\izyuupsa.exe"

Creates FileC:\WINDOWS\system32\wnzltlciggx\tst

Process
↳ C:\WINDOWS\TEMP\bpojtxf1t51wf.exe -r 23676 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSmelbourneit.hotkeysparking.com
Type: A
8.5.1.16
DNSnailthere.net
Type: A
98.139.135.129
DNSbothplain.net
Type: A
208.91.197.241
DNSgroupgrain.net
Type: A
208.91.197.241
DNSnaildeep.com
Type: A
74.220.215.218
DNSmusiconly.net
Type: A
207.148.248.143
DNSspendhigh.net
Type: A
208.100.26.234
DNSfrontfeel.net
Type: A
195.22.26.252
DNSfrontfeel.net
Type: A
195.22.26.253
DNSfrontfeel.net
Type: A
195.22.26.254
DNSfrontfeel.net
Type: A
195.22.26.231
DNSwishhigh.net
Type: A
69.64.147.242
DNSrockfeel.net
Type: A
211.196.153.94
DNShumanguide.net
Type: A
141.8.226.15
DNShairguide.net
Type: A
69.172.201.208
DNSyardguide.net
Type: A
202.40.165.47
DNSmusicguide.net
Type: A
69.172.201.208
DNSableread.net
Type: A
DNSfearstate.net
Type: A
DNSlongcold.net
Type: A
DNSfridayloss.net
Type: A
DNSwrongbelow.net
Type: A
DNSeggbraker.com
Type: A
DNSithouneed.com
Type: A
DNSmusiccolor.net
Type: A
DNSyardonly.net
Type: A
DNSwentfeel.net
Type: A
DNSspendfeel.net
Type: A
DNSwenthigh.net
Type: A
DNSwentcolor.net
Type: A
DNSspendcolor.net
Type: A
DNSwentonly.net
Type: A
DNSspendonly.net
Type: A
DNSofferfeel.net
Type: A
DNSfronthigh.net
Type: A
DNSofferhigh.net
Type: A
DNSfrontcolor.net
Type: A
DNSoffercolor.net
Type: A
DNSfrontonly.net
Type: A
DNSofferonly.net
Type: A
DNShangfeel.net
Type: A
DNSseptemberfeel.net
Type: A
DNShanghigh.net
Type: A
DNSseptemberhigh.net
Type: A
DNShangcolor.net
Type: A
DNSseptembercolor.net
Type: A
DNShangonly.net
Type: A
DNSseptemberonly.net
Type: A
DNSjoinfeel.net
Type: A
DNSwishfeel.net
Type: A
DNSjoinhigh.net
Type: A
DNSjoincolor.net
Type: A
DNSwishcolor.net
Type: A
DNSjoinonly.net
Type: A
DNSwishonly.net
Type: A
DNSdeadfeel.net
Type: A
DNSdeadhigh.net
Type: A
DNSrockhigh.net
Type: A
DNSdeadcolor.net
Type: A
DNSrockcolor.net
Type: A
DNSdeadonly.net
Type: A
DNSrockonly.net
Type: A
DNSwrongfeel.net
Type: A
DNSmadefeel.net
Type: A
DNSwronghigh.net
Type: A
DNSmadehigh.net
Type: A
DNSwrongcolor.net
Type: A
DNSmadecolor.net
Type: A
DNSwrongonly.net
Type: A
DNSmadeonly.net
Type: A
DNShumanhalf.net
Type: A
DNShairhalf.net
Type: A
DNShumanname.net
Type: A
DNShairname.net
Type: A
DNShumanlate.net
Type: A
DNShairlate.net
Type: A
DNSyardhalf.net
Type: A
DNSmusichalf.net
Type: A
DNSyardname.net
Type: A
DNSmusicname.net
Type: A
DNSyardlate.net
Type: A
DNSmusiclate.net
Type: A
DNSwenthalf.net
Type: A
DNSspendhalf.net
Type: A
DNSwentname.net
Type: A
DNSspendname.net
Type: A
DNSwentguide.net
Type: A
DNSspendguide.net
Type: A
DNSwentlate.net
Type: A
DNSspendlate.net
Type: A
DNSfronthalf.net
Type: A
DNSofferhalf.net
Type: A
DNSfrontname.net
Type: A
DNSoffername.net
Type: A
DNSfrontguide.net
Type: A
DNSofferguide.net
Type: A
DNSfrontlate.net
Type: A
DNSofferlate.net
Type: A
DNShanghalf.net
Type: A
DNSseptemberhalf.net
Type: A
HTTP GEThttp://ableread.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://nailthere.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://bothplain.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://groupgrain.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://musiconly.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://spendhigh.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://frontfeel.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://wishhigh.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://rockfeel.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://humanguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://hairguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://yardguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://musicguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
HTTP GEThttp://ableread.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1038 ➝ 98.139.135.129:80
Flows TCP192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1041 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1042 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1043 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1044 ➝ 195.22.26.252:80
Flows TCP192.168.1.1:1045 ➝ 69.64.147.242:80
Flows TCP192.168.1.1:1046 ➝ 211.196.153.94:80
Flows TCP192.168.1.1:1047 ➝ 141.8.226.15:80
Flows TCP192.168.1.1:1048 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1049 ➝ 202.40.165.47:80
Flows TCP192.168.1.1:1050 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1051 ➝ 8.5.1.16:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206162 6c657265 61642e6e 65740d0a   : ableread.net..
0x00000080 (00128)   0d0a                                  ..

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c7468 6572652e 6e65740d   : nailthere.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20626f 7468706c 61696e2e 6e65740d   : bothplain.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206772 6f757067 7261696e 2e6e6574   : groupgrain.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c6465 65702e63 6f6d0d0a   : naildeep.com..
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 7369636f 6e6c792e 6e65740d   : musiconly.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207370 656e6468 6967682e 6e65740d   : spendhigh.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 6f6e7466 65656c2e 6e65740d   : frontfeel.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 73686869 67682e6e 65740d0a   : wishhigh.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 636b6665 656c2e6e 65740d0a   : rockfeel.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206875 6d616e67 75696465 2e6e6574   : humanguide.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206861 69726775 6964652e 6e65740d   : hairguide.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207961 72646775 6964652e 6e65740d   : yardguide.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 73696367 75696465 2e6e6574   : musicguide.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206162 6c657265 61642e6e 65740d0a   : ableread.net..
0x00000080 (00128)   0d0a0d0a                              ....


Strings