Analysis | #totalhash

Analysis Date	2015-11-01 17:14:16
MD5	a9d844c91fefadf80ec22d2e6e55b786
SHA1	26fc467579c2c8c2dcc04bc4c83f451862494dde

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 1d3702131f379da3590331d30e4af78e sha1: 620b6a47871bbcbc258f3ea5665ea366ddf89748 size: 821248
Section	.rdata md5: f695e541e80bca56034d6835391c353b sha1: 44a84b848c4e2023b3d26e368175035a2eadf005 size: 313856
Section	.data md5: cedd01ead5adddff9b184af585c4f723 sha1: e58ea3919d0a5769f1beed67c89b3f9c6082ec88 size: 8192
Timestamp	2015-04-03 04:12:41
Packer	Microsoft Visual C++ ?.?
PEhash	3106c7e5b5db5695e0616d58183715eb97dbaa3f
IMPhash	e51d9db932ade15c28a48832f5c4d432
AV	Ad-Aware	Gen:Variant.Zusy.133308
AV	Grisoft (avg)	Win32/Cryptor
AV	CAT (quickheal)	no_virus
AV	Ikarus	Trojan.Win32.Crypt
AV	Avira (antivir)	TR/Crypt.XPACK.Gen2
AV	K7	Trojan ( 004cd0081 )
AV	ClamAV	no_virus
AV	Kaspersky	Trojan.Win32.Generic
AV	Arcabit (arcavir)	Gen:Variant.Zusy.133308
AV	MalwareBytes	no_virus
AV	Dr. Web	Trojan.DownLoader17.35950
AV	Mcafee	no_virus
AV	BitDefender	Gen:Variant.Zusy.133308
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort!rfn
AV	Emsisoft	Gen:Variant.Zusy.133308
AV	MicroWorld (escan)	Gen:Variant.Zusy.133308
AV	Alwil (avast)	Malware-gen:Win32:Malware-gen
AV	Padvish	no_virus
AV	Eset (nod32)	Win32/Kryptik.DDQD
AV	Rising	no_virus
AV	BullGuard	Gen:Variant.Zusy.133308
AV	Fortinet	W32/Kryptik.DDQD!tr
AV	Symantec	Downloader.Upatre!g15
AV	Authentium	W32/Zusy.X.gen!Eldorado
AV	Trend Micro	no_virus
AV	Frisk (f-prot)	no_virus
AV	Twister	no_virus
AV	CA (E-Trust Ino)	no_virus
AV	VirusBlokAda (vba32)	no_virus
AV	F-Secure	Gen:Variant.Zusy.133308
AV	Zillya!	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\bpojtxf1m40wfdnefiu.exe
Creates File	C:\WINDOWS\system32\wnzltlciggx\tst
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\bpojtxf1m40wfdnefiu.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\bpojtxf1m40wfdnefiu.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Instrumentation CardSpace SNMP ➝ C:\WINDOWS\system32\izyuupsa.exe
Creates File	C:\WINDOWS\system32\drivers\etc\hosts
Creates File	C:\WINDOWS\system32\izyuupsa.exe
Creates File	C:\WINDOWS\system32\wnzltlciggx\lck
Creates File	C:\WINDOWS\system32\wnzltlciggx\tst
Creates File	C:\WINDOWS\system32\wnzltlciggx\etc
Deletes File	C:\WINDOWS\system32\\drivers\etc\hosts
Creates Process	C:\WINDOWS\system32\izyuupsa.exe
Creates Service	Bus Program Superfetch Browser Window - C:\WINDOWS\system32\izyuupsa.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 800

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝ NULL
Creates File	PIPE\lsarpc
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates File	C:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7
Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1864

Process
↳ Pid 1136

Process
↳ C:\WINDOWS\system32\izyuupsa.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1
Creates File	C:\WINDOWS\system32\wnzltlciggx\cfg
Creates File	C:\WINDOWS\system32\wyjzctxvs.exe
Creates File	pipe\net\NtControlPipe10
Creates File	C:\WINDOWS\system32\wnzltlciggx\run
Creates File	C:\WINDOWS\TEMP\bpojtxf1t51wf.exe
Creates File	C:\WINDOWS\system32\wnzltlciggx\tst
Creates File	C:\WINDOWS\system32\wnzltlciggx\lck
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\wnzltlciggx\rng
Creates Process	C:\WINDOWS\TEMP\bpojtxf1t51wf.exe -r 23676 tcp
Creates Process	WATCHDOGPROC "c:\windows\system32\izyuupsa.exe"

Process
↳ C:\WINDOWS\system32\izyuupsa.exe

Creates File	C:\WINDOWS\system32\wnzltlciggx\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\izyuupsa.exe"

Creates File	C:\WINDOWS\system32\wnzltlciggx\tst

Process
↳ C:\WINDOWS\TEMP\bpojtxf1t51wf.exe -r 23676 tcp

Creates File	\Device\Afd\Endpoint
Winsock DNS	239.255.255.250

Network Details:

DNS	melbourneit.hotkeysparking.com Type: A 8.5.1.16
DNS	nailthere.net Type: A 98.139.135.129
DNS	bothplain.net Type: A 208.91.197.241
DNS	groupgrain.net Type: A 208.91.197.241
DNS	naildeep.com Type: A 74.220.215.218
DNS	musiconly.net Type: A 207.148.248.143
DNS	spendhigh.net Type: A 208.100.26.234
DNS	frontfeel.net Type: A 195.22.26.252
DNS	frontfeel.net Type: A 195.22.26.253
DNS	frontfeel.net Type: A 195.22.26.254
DNS	frontfeel.net Type: A 195.22.26.231
DNS	wishhigh.net Type: A 69.64.147.242
DNS	rockfeel.net Type: A 211.196.153.94
DNS	humanguide.net Type: A 141.8.226.15
DNS	hairguide.net Type: A 69.172.201.208
DNS	yardguide.net Type: A 202.40.165.47
DNS	musicguide.net Type: A 69.172.201.208
DNS	ableread.net Type: A
DNS	fearstate.net Type: A
DNS	longcold.net Type: A
DNS	fridayloss.net Type: A
DNS	wrongbelow.net Type: A
DNS	eggbraker.com Type: A
DNS	ithouneed.com Type: A
DNS	musiccolor.net Type: A
DNS	yardonly.net Type: A
DNS	wentfeel.net Type: A
DNS	spendfeel.net Type: A
DNS	wenthigh.net Type: A
DNS	wentcolor.net Type: A
DNS	spendcolor.net Type: A
DNS	wentonly.net Type: A
DNS	spendonly.net Type: A
DNS	offerfeel.net Type: A
DNS	fronthigh.net Type: A
DNS	offerhigh.net Type: A
DNS	frontcolor.net Type: A
DNS	offercolor.net Type: A
DNS	frontonly.net Type: A
DNS	offeronly.net Type: A
DNS	hangfeel.net Type: A
DNS	septemberfeel.net Type: A
DNS	hanghigh.net Type: A
DNS	septemberhigh.net Type: A
DNS	hangcolor.net Type: A
DNS	septembercolor.net Type: A
DNS	hangonly.net Type: A
DNS	septemberonly.net Type: A
DNS	joinfeel.net Type: A
DNS	wishfeel.net Type: A
DNS	joinhigh.net Type: A
DNS	joincolor.net Type: A
DNS	wishcolor.net Type: A
DNS	joinonly.net Type: A
DNS	wishonly.net Type: A
DNS	deadfeel.net Type: A
DNS	deadhigh.net Type: A
DNS	rockhigh.net Type: A
DNS	deadcolor.net Type: A
DNS	rockcolor.net Type: A
DNS	deadonly.net Type: A
DNS	rockonly.net Type: A
DNS	wrongfeel.net Type: A
DNS	madefeel.net Type: A
DNS	wronghigh.net Type: A
DNS	madehigh.net Type: A
DNS	wrongcolor.net Type: A
DNS	madecolor.net Type: A
DNS	wrongonly.net Type: A
DNS	madeonly.net Type: A
DNS	humanhalf.net Type: A
DNS	hairhalf.net Type: A
DNS	humanname.net Type: A
DNS	hairname.net Type: A
DNS	humanlate.net Type: A
DNS	hairlate.net Type: A
DNS	yardhalf.net Type: A
DNS	musichalf.net Type: A
DNS	yardname.net Type: A
DNS	musicname.net Type: A
DNS	yardlate.net Type: A
DNS	musiclate.net Type: A
DNS	wenthalf.net Type: A
DNS	spendhalf.net Type: A
DNS	wentname.net Type: A
DNS	spendname.net Type: A
DNS	wentguide.net Type: A
DNS	spendguide.net Type: A
DNS	wentlate.net Type: A
DNS	spendlate.net Type: A
DNS	fronthalf.net Type: A
DNS	offerhalf.net Type: A
DNS	frontname.net Type: A
DNS	offername.net Type: A
DNS	frontguide.net Type: A
DNS	offerguide.net Type: A
DNS	frontlate.net Type: A
DNS	offerlate.net Type: A
DNS	hanghalf.net Type: A
DNS	septemberhalf.net Type: A
HTTP GET	http://ableread.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://nailthere.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://bothplain.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://groupgrain.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://naildeep.com/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://musiconly.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://spendhigh.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://frontfeel.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://wishhigh.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://rockfeel.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://humanguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://hairguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://yardguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://musicguide.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
HTTP GET	http://ableread.net/index.php?method=validate&mode=sox&v=044&sox=48104212&lenhdr User-Agent:
Flows TCP	192.168.1.1:1036 ➝ 8.5.1.16:80
Flows TCP	192.168.1.1:1038 ➝ 98.139.135.129:80
Flows TCP	192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1041 ➝ 74.220.215.218:80
Flows TCP	192.168.1.1:1042 ➝ 207.148.248.143:80
Flows TCP	192.168.1.1:1043 ➝ 208.100.26.234:80
Flows TCP	192.168.1.1:1044 ➝ 195.22.26.252:80
Flows TCP	192.168.1.1:1045 ➝ 69.64.147.242:80
Flows TCP	192.168.1.1:1046 ➝ 211.196.153.94:80
Flows TCP	192.168.1.1:1047 ➝ 141.8.226.15:80
Flows TCP	192.168.1.1:1048 ➝ 69.172.201.208:80
Flows TCP	192.168.1.1:1049 ➝ 202.40.165.47:80
Flows TCP	192.168.1.1:1050 ➝ 69.172.201.208:80
Flows TCP	192.168.1.1:1051 ➝ 8.5.1.16:80

Raw Pcap

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206162 6c657265 61642e6e 65740d0a   : ableread.net..
0x00000080 (00128)   0d0a                                  ..

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c7468 6572652e 6e65740d   : nailthere.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20626f 7468706c 61696e2e 6e65740d   : bothplain.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206772 6f757067 7261696e 2e6e6574   : groupgrain.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206e61 696c6465 65702e63 6f6d0d0a   : naildeep.com..
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 7369636f 6e6c792e 6e65740d   : musiconly.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207370 656e6468 6967682e 6e65740d   : spendhigh.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 6f6e7466 65656c2e 6e65740d   : frontfeel.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 73686869 67682e6e 65740d0a   : wishhigh.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 636b6665 656c2e6e 65740d0a   : rockfeel.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206875 6d616e67 75696465 2e6e6574   : humanguide.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206861 69726775 6964652e 6e65740d   : hairguide.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207961 72646775 6964652e 6e65740d   : yardguide.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 73696367 75696465 2e6e6574   : musicguide.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68703f6d   GET /index.php?m
0x00000010 (00016)   6574686f 643d7661 6c696461 7465266d   ethod=validate&m
0x00000020 (00032)   6f64653d 736f7826 763d3034 3426736f   ode=sox&v=044&so
0x00000030 (00048)   783d3438 31303432 3132266c 656e6864   x=48104212&lenhd
0x00000040 (00064)   72204854 54502f31 2e300d0a 41636365   r HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206162 6c657265 61642e6e 65740d0a   : ableread.net..
0x00000080 (00128)   0d0a0d0a                              ....

Strings