Analysis | #totalhash

Analysis Date	2016-01-28 21:01:24
MD5	7172e81792fb94c6fd799f182608c5a0
SHA1	47e93ee44bb20c2d70f1a4175983d35c180d055d

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 0596932cd84370669d09bcfaf74a80a2 sha1: 97895e873b3697267f3295eaecf4dc335a37037a size: 261120
Section	.rdata md5: a8f366ef1392189a70f53bd0647802af sha1: afd4d44033fd0124b0ba938c0c57b40644392a3a size: 41472
Section	.data md5: 2411a97645dd11a72e5d58a8576e351e sha1: 15b55994da8521bd73e9296f3404e367a33f8101 size: 1536
Section	.reloc md5: 60efecc06f5b0efbc44a6ee893212054 sha1: 15b5be605987d76ceb0b83f669395fe44ed3bd2e size: 50688
Timestamp	2015-12-23 04:53:26
PEhash	b26cdbeb4abe189125e17eb4d849ea5afe0e4c3c
IMPhash	bf69f8b184fa719294015eed3ecfb423
AV	Rising	No Virus
AV	Mcafee	Trojan-FHPD!7172E81792FB
AV	Avira (antivir)	TR/Spy.Agent.355840.13
AV	Twister	No Virus
AV	Ad-Aware	Gen:Variant.Kazy.784853
AV	Alwil (avast)	Win32:Malware-gen
AV	Eset (nod32)	Win32/Bayrob.AQ
AV	Grisoft (avg)	Win32/Heur
AV	Symantec	Trojan.Bayrob!gen6
AV	Fortinet	W32/Bayrob.AQ!tr
AV	BitDefender	Gen:Variant.Kazy.784853
AV	K7	Trojan ( 004da1e61 )
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort!rfn
AV	MicroWorld (escan)	Gen:Variant.Kazy.784853
AV	MalwareBytes	No Virus
AV	Authentium	W32/Nivdort.F.gen!Eldorado
AV	Emsisoft	Gen:Variant.Kazy.784853
AV	Frisk (f-prot)	W32/Nivdort.F.gen!Eldorado
AV	Ikarus	Trojan.Win32.Bayrob
AV	Zillya!	Downloader.Somoto.Win32.1971
AV	Kaspersky	Trojan.Win32.Agent.netpca
AV	Trend Micro	No Virus
AV	VirusBlokAda (vba32)	BScope.Malware-Cryptor.Msgfake
AV	CAT (quickheal)	No Virus
AV	BullGuard	Gen:Variant.Kazy.784853
AV	Arcabit (arcavir)	Gen:Variant.Kazy.784853
AV	ClamAV	No Virus
AV	Dr. Web	Trojan.DownLoader18.57548
AV	F-Secure	Gen:Variant.Kazy.784853
AV	CA (E-Trust Ino)	No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\jxosifzzdtn\muby7wi
Creates File	C:\jxosifzzdtn\sclih1kedxbufulipxjrgd.exe
Creates File	C:\WINDOWS\jxosifzzdtn\muby7wi
Deletes File	C:\WINDOWS\jxosifzzdtn\muby7wi
Creates Process	C:\jxosifzzdtn\sclih1kedxbufulipxjrgd.exe

Process
↳ C:\jxosifzzdtn\sclih1kedxbufulipxjrgd.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Link Superfetch Net.Tcp Update ➝ C:\jxosifzzdtn\hipfwyxiirc.exe
Creates File	C:\jxosifzzdtn\muby7wi
Creates File	C:\jxosifzzdtn\hipfwyxiirc.exe
Creates File	PIPE\lsarpc
Creates File	C:\WINDOWS\jxosifzzdtn\muby7wi
Creates File	C:\jxosifzzdtn\apuwthiey
Deletes File	C:\WINDOWS\jxosifzzdtn\muby7wi
Creates Process	C:\jxosifzzdtn\hipfwyxiirc.exe
Creates Service	Link-Layer DNS Time ActiveX Bus - C:\jxosifzzdtn\hipfwyxiirc.exe

Process
↳ Pid 808

Process
↳ Pid 856

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates File	pipe\PCHFaultRepExecPipe

Process
↳ Pid 1136

Process
↳ Pid 1212

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Process
↳ Pid 1864

Process
↳ Pid 1164

Process
↳ C:\jxosifzzdtn\hipfwyxiirc.exe

Creates File	C:\jxosifzzdtn\gnuusqhxojp.exe
Creates File	C:\jxosifzzdtn\muby7wi
Creates File	pipe\net\NtControlPipe10
Creates File	C:\jxosifzzdtn\roquzyo
Creates File	C:\WINDOWS\jxosifzzdtn\muby7wi
Creates File	\Device\Afd\Endpoint
Creates File	C:\jxosifzzdtn\apuwthiey
Deletes File	C:\WINDOWS\jxosifzzdtn\muby7wi
Creates Process	jkwmroahlqvv "c:\jxosifzzdtn\hipfwyxiirc.exe"

Process
↳ C:\jxosifzzdtn\hipfwyxiirc.exe

Creates File	C:\jxosifzzdtn\muby7wi
Creates File	C:\WINDOWS\jxosifzzdtn\muby7wi
Deletes File	C:\WINDOWS\jxosifzzdtn\muby7wi

Process
↳ jkwmroahlqvv "c:\jxosifzzdtn\hipfwyxiirc.exe"

Creates File	C:\jxosifzzdtn\muby7wi
Creates File	C:\WINDOWS\jxosifzzdtn\muby7wi
Deletes File	C:\WINDOWS\jxosifzzdtn\muby7wi

Network Details:

DNS	mightplease.net Type: A 208.100.26.234
DNS	prettysoldier.net Type: A 184.168.221.52
DNS	prettyplease.net Type: A 207.148.248.143
DNS	brokennation.net Type: A 208.91.197.27
DNS	resultnation.net Type: A 208.91.197.27
DNS	brokensoldier.net Type: A 173.236.158.114
DNS	buildingpower.net Type: A 188.40.84.184
DNS	prettypower.net Type: A 208.91.197.23
DNS	doublefamous.net Type: A 210.157.1.134
DNS	fellowpower.net Type: A 98.139.135.129
DNS	brokenfamous.net Type: A 208.100.26.234
DNS	brokenpower.net Type: A 72.167.131.57
DNS	stillpower.net Type: A 184.168.221.34
DNS	doctorletter.net Type: A 162.255.119.251
DNS	doctordifferent.net Type: A 184.168.221.43
DNS	prettydifferent.net Type: A 23.236.62.147
DNS	stillsurprise.net Type: A 98.139.135.129
DNS	mightsoldier.net Type: A
DNS	storeplease.net Type: A
DNS	storecondition.net Type: A
DNS	mightcondition.net Type: A
DNS	doctornation.net Type: A
DNS	prettynation.net Type: A
DNS	doctorsoldier.net Type: A
DNS	doctorplease.net Type: A
DNS	doctorcondition.net Type: A
DNS	prettycondition.net Type: A
DNS	fellownation.net Type: A
DNS	doublenation.net Type: A
DNS	fellowsoldier.net Type: A
DNS	doublesoldier.net Type: A
DNS	fellowplease.net Type: A
DNS	doubleplease.net Type: A
DNS	fellowcondition.net Type: A
DNS	doublecondition.net Type: A
DNS	resultsoldier.net Type: A
DNS	brokenplease.net Type: A
DNS	resultplease.net Type: A
DNS	brokencondition.net Type: A
DNS	resultcondition.net Type: A
DNS	preparenation.net Type: A
DNS	desirenation.net Type: A
DNS	preparesoldier.net Type: A
DNS	desiresoldier.net Type: A
DNS	prepareplease.net Type: A
DNS	desireplease.net Type: A
DNS	preparecondition.net Type: A
DNS	desirecondition.net Type: A
DNS	strengthnation.net Type: A
DNS	stillnation.net Type: A
DNS	strengthsoldier.net Type: A
DNS	stillsoldier.net Type: A
DNS	strengthplease.net Type: A
DNS	stillplease.net Type: A
DNS	strengthcondition.net Type: A
DNS	stillcondition.net Type: A
DNS	movementcentury.net Type: A
DNS	outsidecentury.net Type: A
DNS	movementfamous.net Type: A
DNS	outsidefamous.net Type: A
DNS	movementpower.net Type: A
DNS	outsidepower.net Type: A
DNS	movementcountry.net Type: A
DNS	outsidecountry.net Type: A
DNS	buildingcentury.net Type: A
DNS	eveningcentury.net Type: A
DNS	buildingfamous.net Type: A
DNS	eveningfamous.net Type: A
DNS	eveningpower.net Type: A
DNS	buildingcountry.net Type: A
DNS	eveningcountry.net Type: A
DNS	storecentury.net Type: A
DNS	mightcentury.net Type: A
DNS	storefamous.net Type: A
DNS	mightfamous.net Type: A
DNS	storepower.net Type: A
DNS	mightpower.net Type: A
DNS	storecountry.net Type: A
DNS	mightcountry.net Type: A
DNS	doctorcentury.net Type: A
DNS	prettycentury.net Type: A
DNS	doctorfamous.net Type: A
DNS	prettyfamous.net Type: A
DNS	doctorpower.net Type: A
DNS	doctorcountry.net Type: A
DNS	prettycountry.net Type: A
DNS	fellowcentury.net Type: A
DNS	doublecentury.net Type: A
DNS	fellowfamous.net Type: A
DNS	doublepower.net Type: A
DNS	fellowcountry.net Type: A
DNS	doublecountry.net Type: A
DNS	brokencentury.net Type: A
DNS	resultcentury.net Type: A
DNS	resultfamous.net Type: A
DNS	resultpower.net Type: A
DNS	brokencountry.net Type: A
DNS	resultcountry.net Type: A
DNS	preparecentury.net Type: A
DNS	desirecentury.net Type: A
DNS	preparefamous.net Type: A
DNS	desirefamous.net Type: A
DNS	preparepower.net Type: A
DNS	desirepower.net Type: A
DNS	preparecountry.net Type: A
DNS	desirecountry.net Type: A
DNS	strengthcentury.net Type: A
DNS	stillcentury.net Type: A
DNS	strengthfamous.net Type: A
DNS	stillfamous.net Type: A
DNS	strengthpower.net Type: A
DNS	strengthcountry.net Type: A
DNS	stillcountry.net Type: A
DNS	movementsurprise.net Type: A
DNS	outsidesurprise.net Type: A
DNS	movementbeside.net Type: A
DNS	outsidebeside.net Type: A
DNS	movementletter.net Type: A
DNS	outsideletter.net Type: A
DNS	movementdifferent.net Type: A
DNS	outsidedifferent.net Type: A
DNS	buildingsurprise.net Type: A
DNS	eveningsurprise.net Type: A
DNS	buildingbeside.net Type: A
DNS	eveningbeside.net Type: A
DNS	buildingletter.net Type: A
DNS	eveningletter.net Type: A
DNS	buildingdifferent.net Type: A
DNS	eveningdifferent.net Type: A
DNS	storesurprise.net Type: A
DNS	mightsurprise.net Type: A
DNS	storebeside.net Type: A
DNS	mightbeside.net Type: A
DNS	storeletter.net Type: A
DNS	mightletter.net Type: A
DNS	storedifferent.net Type: A
DNS	mightdifferent.net Type: A
DNS	doctorsurprise.net Type: A
DNS	prettysurprise.net Type: A
DNS	doctorbeside.net Type: A
DNS	prettybeside.net Type: A
DNS	prettyletter.net Type: A
DNS	fellowsurprise.net Type: A
DNS	doublesurprise.net Type: A
DNS	fellowbeside.net Type: A
DNS	doublebeside.net Type: A
DNS	fellowletter.net Type: A
DNS	doubleletter.net Type: A
DNS	fellowdifferent.net Type: A
DNS	doubledifferent.net Type: A
DNS	brokensurprise.net Type: A
DNS	resultsurprise.net Type: A
DNS	brokenbeside.net Type: A
DNS	resultbeside.net Type: A
DNS	brokenletter.net Type: A
DNS	resultletter.net Type: A
DNS	brokendifferent.net Type: A
DNS	resultdifferent.net Type: A
DNS	preparesurprise.net Type: A
DNS	desiresurprise.net Type: A
DNS	preparebeside.net Type: A
DNS	desirebeside.net Type: A
DNS	prepareletter.net Type: A
DNS	desireletter.net Type: A
DNS	preparedifferent.net Type: A
DNS	desiredifferent.net Type: A
DNS	strengthsurprise.net Type: A
DNS	strengthbeside.net Type: A
DNS	stillbeside.net Type: A
DNS	strengthletter.net Type: A
HTTP GET	http://mightplease.net/index.php User-Agent:
HTTP GET	http://prettysoldier.net/index.php User-Agent:
HTTP GET	http://prettyplease.net/index.php User-Agent:
HTTP GET	http://brokennation.net/index.php User-Agent:
HTTP GET	http://resultnation.net/index.php User-Agent:
HTTP GET	http://brokensoldier.net/index.php User-Agent:
HTTP GET	http://buildingpower.net/index.php User-Agent:
HTTP GET	http://prettypower.net/index.php User-Agent:
HTTP GET	http://doublefamous.net/index.php User-Agent:
HTTP GET	http://fellowpower.net/index.php User-Agent:
HTTP GET	http://brokenfamous.net/index.php User-Agent:
HTTP GET	http://brokenpower.net/index.php User-Agent:
HTTP GET	http://stillpower.net/index.php User-Agent:
HTTP GET	http://doctorletter.net/index.php User-Agent:
HTTP GET	http://doctordifferent.net/index.php User-Agent:
HTTP GET	http://prettydifferent.net/index.php User-Agent:
HTTP GET	http://stillsurprise.net/index.php User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 208.100.26.234:80
Flows TCP	192.168.1.1:1032 ➝ 184.168.221.52:80
Flows TCP	192.168.1.1:1033 ➝ 207.148.248.143:80
Flows TCP	192.168.1.1:1034 ➝ 208.91.197.27:80
Flows TCP	192.168.1.1:1035 ➝ 208.91.197.27:80
Flows TCP	192.168.1.1:1036 ➝ 173.236.158.114:80
Flows TCP	192.168.1.1:1037 ➝ 188.40.84.184:80
Flows TCP	192.168.1.1:1038 ➝ 208.91.197.23:80
Flows TCP	192.168.1.1:1039 ➝ 210.157.1.134:80
Flows TCP	192.168.1.1:1040 ➝ 98.139.135.129:80
Flows TCP	192.168.1.1:1041 ➝ 208.100.26.234:80
Flows TCP	192.168.1.1:1042 ➝ 72.167.131.57:80
Flows TCP	192.168.1.1:1043 ➝ 184.168.221.34:80
Flows TCP	192.168.1.1:1044 ➝ 162.255.119.251:80
Flows TCP	192.168.1.1:1045 ➝ 184.168.221.43:80
Flows TCP	192.168.1.1:1046 ➝ 23.236.62.147:80
Flows TCP	192.168.1.1:1047 ➝ 98.139.135.129:80

Raw Pcap

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   69676874 706c6561 73652e6e 65740d0a   ightplease.net..
0x00000050 (00080)   0d0a                                  ..

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657474 79736f6c 64696572 2e6e6574   rettysoldier.net
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657474 79706c65 6173652e 6e65740d   rettyplease.net.
0x00000050 (00080)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   726f6b65 6e6e6174 696f6e2e 6e65740d   rokennation.net.
0x00000050 (00080)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2072   : close..Host: r
0x00000040 (00064)   6573756c 746e6174 696f6e2e 6e65740d   esultnation.net.
0x00000050 (00080)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   726f6b65 6e736f6c 64696572 2e6e6574   rokensoldier.net
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   75696c64 696e6770 6f776572 2e6e6574   uildingpower.net
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657474 79706f77 65722e6e 65740d0a   rettypower.net..
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2064   : close..Host: d
0x00000040 (00064)   6f75626c 6566616d 6f75732e 6e65740d   oublefamous.net.
0x00000050 (00080)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2066   : close..Host: f
0x00000040 (00064)   656c6c6f 77706f77 65722e6e 65740d0a   ellowpower.net..
0x00000050 (00080)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   726f6b65 6e66616d 6f75732e 6e65740d   rokenfamous.net.
0x00000050 (00080)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   726f6b65 6e706f77 65722e6e 65740d0a   rokenpower.net..
0x00000050 (00080)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   74696c6c 706f7765 722e6e65 740d0a0d   tillpower.net...
0x00000050 (00080)   0a                                    .

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2064   : close..Host: d
0x00000040 (00064)   6f63746f 726c6574 7465722e 6e65740d   octorletter.net.
0x00000050 (00080)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2064   : close..Host: d
0x00000040 (00064)   6f63746f 72646966 66657265 6e742e6e   octordifferent.n
0x00000050 (00080)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657474 79646966 66657265 6e742e6e   rettydifferent.n
0x00000050 (00080)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   74696c6c 73757270 72697365 2e6e6574   tillsurprise.net
0x00000050 (00080)   0d0a0d0a 0d0a                         ......

Strings