Analysis Date | 2015-11-01 17:14:16 |
---|---|
MD5 | a9d844c91fefadf80ec22d2e6e55b786 |
SHA1 | 26fc467579c2c8c2dcc04bc4c83f451862494dde |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 1d3702131f379da3590331d30e4af78e sha1: 620b6a47871bbcbc258f3ea5665ea366ddf89748 size: 821248 | |
Section | .rdata md5: f695e541e80bca56034d6835391c353b sha1: 44a84b848c4e2023b3d26e368175035a2eadf005 size: 313856 | |
Section | .data md5: cedd01ead5adddff9b184af585c4f723 sha1: e58ea3919d0a5769f1beed67c89b3f9c6082ec88 size: 8192 | |
Timestamp | 2015-04-03 04:12:41 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | 3106c7e5b5db5695e0616d58183715eb97dbaa3f | |
IMPhash | e51d9db932ade15c28a48832f5c4d432 | |
AV | Ad-Aware | Gen:Variant.Zusy.133308 |
AV | Grisoft (avg) | Win32/Cryptor |
AV | CAT (quickheal) | no_virus |
AV | Ikarus | Trojan.Win32.Crypt |
AV | Avira (antivir) | TR/Crypt.XPACK.Gen2 |
AV | K7 | Trojan ( 004cd0081 ) |
AV | ClamAV | no_virus |
AV | Kaspersky | Trojan.Win32.Generic |
AV | Arcabit (arcavir) | Gen:Variant.Zusy.133308 |
AV | MalwareBytes | no_virus |
AV | Dr. Web | Trojan.DownLoader17.35950 |
AV | Mcafee | no_virus |
AV | BitDefender | Gen:Variant.Zusy.133308 |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort!rfn |
AV | Emsisoft | Gen:Variant.Zusy.133308 |
AV | MicroWorld (escan) | Gen:Variant.Zusy.133308 |
AV | Alwil (avast) | Malware-gen:Win32:Malware-gen |
AV | Padvish | no_virus |
AV | Eset (nod32) | Win32/Kryptik.DDQD |
AV | Rising | no_virus |
AV | BullGuard | Gen:Variant.Zusy.133308 |
AV | Fortinet | W32/Kryptik.DDQD!tr |
AV | Symantec | Downloader.Upatre!g15 |
AV | Authentium | W32/Zusy.X.gen!Eldorado |
AV | Trend Micro | no_virus |
AV | Frisk (f-prot) | no_virus |
AV | Twister | no_virus |
AV | CA (E-Trust Ino) | no_virus |
AV | VirusBlokAda (vba32) | no_virus |
AV | F-Secure | Gen:Variant.Zusy.133308 |
AV | Zillya! | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\bpojtxf1m40wfdnefiu.exe |
---|---|
Creates File | C:\WINDOWS\system32\wnzltlciggx\tst |
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\bpojtxf1m40wfdnefiu.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\bpojtxf1m40wfdnefiu.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Instrumentation CardSpace SNMP ➝ C:\WINDOWS\system32\izyuupsa.exe |
---|---|
Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
Creates File | C:\WINDOWS\system32\izyuupsa.exe |
Creates File | C:\WINDOWS\system32\wnzltlciggx\lck |
Creates File | C:\WINDOWS\system32\wnzltlciggx\tst |
Creates File | C:\WINDOWS\system32\wnzltlciggx\etc |
Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
Creates Process | C:\WINDOWS\system32\izyuupsa.exe |
Creates Service | Bus Program Superfetch Browser Window - C:\WINDOWS\system32\izyuupsa.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 800
Process
↳ Pid 848
Process
↳ C:\WINDOWS\System32\svchost.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝ NULL |
---|---|
Creates File | PIPE\lsarpc |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG |
Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
Process
↳ Pid 1208
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
---|---|
Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Process
↳ Pid 1864
Process
↳ Pid 1136
Process
↳ C:\WINDOWS\system32\izyuupsa.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
---|---|
Creates File | C:\WINDOWS\system32\wnzltlciggx\cfg |
Creates File | C:\WINDOWS\system32\wyjzctxvs.exe |
Creates File | pipe\net\NtControlPipe10 |
Creates File | C:\WINDOWS\system32\wnzltlciggx\run |
Creates File | C:\WINDOWS\TEMP\bpojtxf1t51wf.exe |
Creates File | C:\WINDOWS\system32\wnzltlciggx\tst |
Creates File | C:\WINDOWS\system32\wnzltlciggx\lck |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\WINDOWS\system32\wnzltlciggx\rng |
Creates Process | C:\WINDOWS\TEMP\bpojtxf1t51wf.exe -r 23676 tcp |
Creates Process | WATCHDOGPROC "c:\windows\system32\izyuupsa.exe" |
Process
↳ C:\WINDOWS\system32\izyuupsa.exe
Creates File | C:\WINDOWS\system32\wnzltlciggx\tst |
---|
Process
↳ WATCHDOGPROC "c:\windows\system32\izyuupsa.exe"
Creates File | C:\WINDOWS\system32\wnzltlciggx\tst |
---|
Process
↳ C:\WINDOWS\TEMP\bpojtxf1t51wf.exe -r 23676 tcp
Creates File | \Device\Afd\Endpoint |
---|---|
Winsock DNS | 239.255.255.250 |
Network Details:
DNS | melbourneit.hotkeysparking.com Type: A 8.5.1.16 |
---|---|
DNS | nailthere.net Type: A 98.139.135.129 |
DNS | bothplain.net Type: A 208.91.197.241 |
DNS | groupgrain.net Type: A 208.91.197.241 |
DNS | naildeep.com Type: A 74.220.215.218 |
DNS | musiconly.net Type: A 207.148.248.143 |
DNS | spendhigh.net Type: A 208.100.26.234 |
DNS | frontfeel.net Type: A 195.22.26.252 |
DNS | frontfeel.net Type: A 195.22.26.253 |
DNS | frontfeel.net Type: A 195.22.26.254 |
DNS | frontfeel.net Type: A 195.22.26.231 |
DNS | wishhigh.net Type: A 69.64.147.242 |
DNS | rockfeel.net Type: A 211.196.153.94 |
DNS | humanguide.net Type: A 141.8.226.15 |
DNS | hairguide.net Type: A 69.172.201.208 |
DNS | yardguide.net Type: A 202.40.165.47 |
DNS | musicguide.net Type: A 69.172.201.208 |
DNS | ableread.net Type: A |
DNS | fearstate.net Type: A |
DNS | longcold.net Type: A |
DNS | fridayloss.net Type: A |
DNS | wrongbelow.net Type: A |
DNS | eggbraker.com Type: A |
DNS | ithouneed.com Type: A |
DNS | musiccolor.net Type: A |
DNS | yardonly.net Type: A |
DNS | wentfeel.net Type: A |
DNS | spendfeel.net Type: A |
DNS | wenthigh.net Type: A |
DNS | wentcolor.net Type: A |
DNS | spendcolor.net Type: A |
DNS | wentonly.net Type: A |
DNS | spendonly.net Type: A |
DNS | offerfeel.net Type: A |
DNS | fronthigh.net Type: A |
DNS | offerhigh.net Type: A |
DNS | frontcolor.net Type: A |
DNS | offercolor.net Type: A |
DNS | frontonly.net Type: A |
DNS | offeronly.net Type: A |
DNS | hangfeel.net Type: A |
DNS | septemberfeel.net Type: A |
DNS | hanghigh.net Type: A |
DNS | septemberhigh.net Type: A |
DNS | hangcolor.net Type: A |
DNS | septembercolor.net Type: A |
DNS | hangonly.net Type: A |
DNS | septemberonly.net Type: A |
DNS | joinfeel.net Type: A |
DNS | wishfeel.net Type: A |
DNS | joinhigh.net Type: A |
DNS | joincolor.net Type: A |
DNS | wishcolor.net Type: A |
DNS | joinonly.net Type: A |
DNS | wishonly.net Type: A |
DNS | deadfeel.net Type: A |
DNS | deadhigh.net Type: A |
DNS | rockhigh.net Type: A |
DNS | deadcolor.net Type: A |
DNS | rockcolor.net Type: A |
DNS | deadonly.net Type: A |
DNS | rockonly.net Type: A |
DNS | wrongfeel.net Type: A |
DNS | madefeel.net Type: A |
DNS | wronghigh.net Type: A |
DNS | madehigh.net Type: A |
DNS | wrongcolor.net Type: A |
DNS | madecolor.net Type: A |
DNS | wrongonly.net Type: A |
DNS | madeonly.net Type: A |
DNS | humanhalf.net Type: A |
DNS | hairhalf.net Type: A |
DNS | humanname.net Type: A |
DNS | hairname.net Type: A |
DNS | humanlate.net Type: A |
DNS | hairlate.net Type: A |
DNS | yardhalf.net Type: A |
DNS | musichalf.net Type: A |
DNS | yardname.net Type: A |
DNS | musicname.net Type: A |
DNS | yardlate.net Type: A |
DNS | musiclate.net Type: A |
DNS | wenthalf.net Type: A |
DNS | spendhalf.net Type: A |
DNS | wentname.net Type: A |
DNS | spendname.net Type: A |
DNS | wentguide.net Type: A |
DNS | spendguide.net Type: A |
DNS | wentlate.net Type: A |
DNS | spendlate.net Type: A |
DNS | fronthalf.net Type: A |
DNS | offerhalf.net Type: A |
DNS | frontname.net Type: A |
DNS | offername.net Type: A |
DNS | frontguide.net Type: A |
DNS | offerguide.net Type: A |
DNS | frontlate.net Type: A |
DNS | offerlate.net Type: A |
DNS | hanghalf.net Type: A |
DNS | septemberhalf.net Type: A |
HTTP GET | http://ableread.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://nailthere.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://bothplain.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://groupgrain.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://naildeep.com/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://musiconly.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://spendhigh.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://frontfeel.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://wishhigh.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://rockfeel.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://humanguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://hairguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://yardguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://musicguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
HTTP GET | http://ableread.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent: |
Flows TCP | 192.168.1.1:1036 ➝ 8.5.1.16:80 |
Flows TCP | 192.168.1.1:1038 ➝ 98.139.135.129:80 |
Flows TCP | 192.168.1.1:1039 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1040 ➝ 208.91.197.241:80 |
Flows TCP | 192.168.1.1:1041 ➝ 74.220.215.218:80 |
Flows TCP | 192.168.1.1:1042 ➝ 207.148.248.143:80 |
Flows TCP | 192.168.1.1:1043 ➝ 208.100.26.234:80 |
Flows TCP | 192.168.1.1:1044 ➝ 195.22.26.252:80 |
Flows TCP | 192.168.1.1:1045 ➝ 69.64.147.242:80 |
Flows TCP | 192.168.1.1:1046 ➝ 211.196.153.94:80 |
Flows TCP | 192.168.1.1:1047 ➝ 141.8.226.15:80 |
Flows TCP | 192.168.1.1:1048 ➝ 69.172.201.208:80 |
Flows TCP | 192.168.1.1:1049 ➝ 202.40.165.47:80 |
Flows TCP | 192.168.1.1:1050 ➝ 69.172.201.208:80 |
Flows TCP | 192.168.1.1:1051 ➝ 8.5.1.16:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206162 6c657265 61642e6e 65740d0a : ableread.net.. 0x00000080 (00128) 0d0a .. 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206e61 696c7468 6572652e 6e65740d : nailthere.net. 0x00000080 (00128) 0a0d0a ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20626f 7468706c 61696e2e 6e65740d : bothplain.net. 0x00000080 (00128) 0a0d0a ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206772 6f757067 7261696e 2e6e6574 : groupgrain.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206e61 696c6465 65702e63 6f6d0d0a : naildeep.com.. 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d75 7369636f 6e6c792e 6e65740d : musiconly.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207370 656e6468 6967682e 6e65740d : spendhigh.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206672 6f6e7466 65656c2e 6e65740d : frontfeel.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207769 73686869 67682e6e 65740d0a : wishhigh.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20726f 636b6665 656c2e6e 65740d0a : rockfeel.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206875 6d616e67 75696465 2e6e6574 : humanguide.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206861 69726775 6964652e 6e65740d : hairguide.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207961 72646775 6964652e 6e65740d : yardguide.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d75 73696367 75696465 2e6e6574 : musicguide.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68703f6d GET /index.php?m 0x00000010 (00016) 6574686f 643d7661 6c696461 7465266d ethod=validate&m 0x00000020 (00032) 6f64653d 736f7826 763d3034 3426736f ode=sox&v=044&so 0x00000030 (00048) 783d3438 31303432 3132266c 656e6864 x=48104212&lenhd 0x00000040 (00064) 72204854 54502f31 2e300d0a 41636365 r HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206162 6c657265 61642e6e 65740d0a : ableread.net.. 0x00000080 (00128) 0d0a0d0a ....
Strings