Analysis Date2016-04-24 01:21:50
MD5fd7deb1c12ec92f21be7caf880f10446
SHA17c6da3a445a32f5a9341a44b537be39e31e69bf6

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d769c6d7dcc09cdb28c5d278ab1cb95f sha1: 72ce9c466a181519edf297d9b823a9af55152182 size: 192512
Section.rdata md5: 48aa30aa23f4bccdf75c99cf2c874220 sha1: 31a36d95c6367783c6763b95373ccc6b70ea62a7 size: 17408
Section.data md5: 07b5472d347d42780469fb2654b7fc54 sha1: 943ae54f4818e52409fbbaf60ffd71318d966b0d size: 512
Section.reloc md5: 747f6b2142264450a5296eeba51198f7 sha1: 7ee6f2b18eb05c64406afa19d51cace3d70c27d6 size: 30720
Timestamp2016-01-06 15:54:43
PEhash574bfb2a810570335a8738b86cfe782359a173a3
IMPhashc8e30c6c35b8debc5e425c062d275d2a
AVRisingNo Virus
AVCA (E-Trust Ino)Gen:Variant.Razy.13721
AVF-SecureGen:Variant.Razy.13721
AVDr. WebNo Virus
AVClamAVNo Virus
AVArcabit (arcavir)Gen:Variant.Razy.13721
AVBullGuardGen:Variant.Razy.13721
AVVirusBlokAda (vba32)No Virus
AVCAT (quickheal)TrojanSpy.Nivdort.WR4
AVTrend MicroNo Virus
AVKasperskyTrojan.Win32.Generic
AVZillya!No Virus
AVEmsisoftGen:Variant.Razy.13721
AVIkarusTrojan.Win32.Bayrob
AVFrisk (f-prot)W32/Nivdort.G.gen!Eldorado
AVAuthentiumW32/Nivdort.G.gen!Eldorado
AVMalwareBytesNo Virus
AVMicroWorld (escan)Gen:Variant.Razy.13721
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.DD
AVK7Trojan ( 004db0c61 )
AVBitDefenderGen:Variant.Razy.13721
AVFortinetW32/Bayrob.AQ!tr
AVSymantecTrojan.Bayrob!gen6
AVGrisoft (avg)Win32/Heur
AVEset (nod32)Win32/Bayrob.AT.gen
AVAlwil (avast)Vupa [Cryp]
AVAd-AwareGen:Variant.Razy.13721
AVTwisterNo Virus
AVAvira (antivir)TR/Nivdort.gyno
AVMcafeeTrojan-FHPX!FD7DEB1C12EC

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\pxmchhfjfh\culik8mv
Creates FileC:\pxmchhfjfh\odojy1lxijyzziwm9suh.exe
Creates FileC:\WINDOWS\pxmchhfjfh\culik8mv
Deletes FileC:\WINDOWS\pxmchhfjfh\culik8mv
Creates ProcessC:\pxmchhfjfh\odojy1lxijyzziwm9suh.exe

Process
↳ C:\pxmchhfjfh\odojy1lxijyzziwm9suh.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Link Human Cache Access Performance Microsoft ➝
C:\pxmchhfjfh\lipearbfaum.exe
Creates FileC:\pxmchhfjfh\culik8mv
Creates FilePIPE\lsarpc
Creates FileC:\pxmchhfjfh\lipearbfaum.exe
Creates FileC:\pxmchhfjfh\imfgepsud3q
Creates FileC:\WINDOWS\pxmchhfjfh\culik8mv
Deletes FileC:\WINDOWS\pxmchhfjfh\culik8mv
Creates ProcessC:\pxmchhfjfh\lipearbfaum.exe
Creates ServiceWindows Web Coordinator Error Trap IP Bus - C:\pxmchhfjfh\lipearbfaum.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 808

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates Filepipe\PCHFaultRepExecPipe

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1868

Process
↳ Pid 1160

Process
↳ C:\pxmchhfjfh\lipearbfaum.exe

Creates Filepipe\net\NtControlPipe10
Creates FileC:\pxmchhfjfh\djjzkzrx.exe
Creates FileC:\pxmchhfjfh\culik8mv
Creates File\Device\Afd\Endpoint
Creates FileC:\pxmchhfjfh\imfgepsud3q
Creates FileC:\pxmchhfjfh\dvffjfb5we8
Creates FileC:\WINDOWS\pxmchhfjfh\culik8mv
Deletes FileC:\WINDOWS\pxmchhfjfh\culik8mv
Creates Processdn3yisxe5pv1 "c:\pxmchhfjfh\lipearbfaum.exe"

Process
↳ C:\pxmchhfjfh\lipearbfaum.exe

Creates FileC:\pxmchhfjfh\culik8mv
Creates FileC:\WINDOWS\pxmchhfjfh\culik8mv
Deletes FileC:\WINDOWS\pxmchhfjfh\culik8mv

Process
↳ dn3yisxe5pv1 "c:\pxmchhfjfh\lipearbfaum.exe"

Creates FileC:\pxmchhfjfh\culik8mv
Creates FileC:\WINDOWS\pxmchhfjfh\culik8mv
Deletes FileC:\WINDOWS\pxmchhfjfh\culik8mv

Network Details:

DNSweatherbeing.net
Type: A
195.22.28.196
DNSweatherbeing.net
Type: A
195.22.28.198
DNSweatherbeing.net
Type: A
195.22.28.197
DNSweatherbeing.net
Type: A
195.22.28.199
DNSweatherforever.net
Type: A
50.63.202.42
DNSclassbeyond.net
Type: A
50.63.202.50
DNSthinkflower.net
Type: A
194.117.254.31
DNSpresentflower.net
Type: A
54.199.157.86
DNScollegecorner.net
Type: A
68.94.84.52
DNSalonecorner.net
Type: A
195.22.28.199
DNSalonecorner.net
Type: A
195.22.28.198
DNSalonecorner.net
Type: A
195.22.28.197
DNSalonecorner.net
Type: A
195.22.28.196
DNSmiddleminute.net
Type: A
208.100.26.234
DNSmorningflower.net
Type: A
173.0.129.103
DNSclassminute.net
Type: A
208.100.26.234
DNSthinkadvance.net
Type: A
184.168.221.58
DNScollegeadvance.net
Type: A
97.74.42.79
DNShistoryadvance.net
Type: A
195.22.28.198
DNShistoryadvance.net
Type: A
195.22.28.197
DNShistoryadvance.net
Type: A
195.22.28.196
DNShistoryadvance.net
Type: A
195.22.28.199
DNSstrangestranger.net
Type: A
208.91.197.241
DNShistoryfortieth.net
Type: A
208.100.26.234
DNScollegeproblem.net
Type: A
208.100.26.234
DNShistoryforever.net
Type: A
DNSstrangebottom.net
Type: A
DNShistorybottom.net
Type: A
DNSamountbeyond.net
Type: A
DNSweatherbeyond.net
Type: A
DNSamountbeing.net
Type: A
DNSamountforever.net
Type: A
DNSamountbottom.net
Type: A
DNSweatherbottom.net
Type: A
DNSthickbeyond.net
Type: A
DNSthickbeing.net
Type: A
DNSclassbeing.net
Type: A
DNSthickforever.net
Type: A
DNSclassforever.net
Type: A
DNSthickbottom.net
Type: A
DNSclassbottom.net
Type: A
DNSthinkminute.net
Type: A
DNSpresentminute.net
Type: A
DNSthinkspecial.net
Type: A
DNSpresentspecial.net
Type: A
DNSthinkcorner.net
Type: A
DNSpresentcorner.net
Type: A
DNSchiefflower.net
Type: A
DNScollegeflower.net
Type: A
DNSchiefminute.net
Type: A
DNScollegeminute.net
Type: A
DNSchiefspecial.net
Type: A
DNScollegespecial.net
Type: A
DNSchiefcorner.net
Type: A
DNSoftenflower.net
Type: A
DNSaloneflower.net
Type: A
DNSoftenminute.net
Type: A
DNSaloneminute.net
Type: A
DNSoftenspecial.net
Type: A
DNSalonespecial.net
Type: A
DNSoftencorner.net
Type: A
DNSmiddleflower.net
Type: A
DNStwelveflower.net
Type: A
DNStwelveminute.net
Type: A
DNSmiddlespecial.net
Type: A
DNStwelvespecial.net
Type: A
DNSmiddlecorner.net
Type: A
DNStwelvecorner.net
Type: A
DNSratherflower.net
Type: A
DNSratherminute.net
Type: A
DNSmorningminute.net
Type: A
DNSratherspecial.net
Type: A
DNSmorningspecial.net
Type: A
DNSrathercorner.net
Type: A
DNSmorningcorner.net
Type: A
DNSstrangeflower.net
Type: A
DNShistoryflower.net
Type: A
DNSstrangeminute.net
Type: A
DNShistoryminute.net
Type: A
DNSstrangespecial.net
Type: A
DNShistoryspecial.net
Type: A
DNSstrangecorner.net
Type: A
DNShistorycorner.net
Type: A
DNSamountflower.net
Type: A
DNSweatherflower.net
Type: A
DNSamountminute.net
Type: A
DNSweatherminute.net
Type: A
DNSamountspecial.net
Type: A
DNSweatherspecial.net
Type: A
DNSamountcorner.net
Type: A
DNSweathercorner.net
Type: A
DNSthickflower.net
Type: A
DNSclassflower.net
Type: A
DNSthickminute.net
Type: A
DNSthickspecial.net
Type: A
DNSclassspecial.net
Type: A
DNSthickcorner.net
Type: A
DNSclasscorner.net
Type: A
DNSpresentadvance.net
Type: A
DNSthinkstranger.net
Type: A
DNSpresentstranger.net
Type: A
DNSthinkgoodbye.net
Type: A
DNSpresentgoodbye.net
Type: A
DNSthinkfortieth.net
Type: A
DNSpresentfortieth.net
Type: A
DNSchiefadvance.net
Type: A
DNSchiefstranger.net
Type: A
DNScollegestranger.net
Type: A
DNSchiefgoodbye.net
Type: A
DNScollegegoodbye.net
Type: A
DNSchieffortieth.net
Type: A
DNScollegefortieth.net
Type: A
DNSoftenadvance.net
Type: A
DNSaloneadvance.net
Type: A
DNSoftenstranger.net
Type: A
DNSalonestranger.net
Type: A
DNSoftengoodbye.net
Type: A
DNSalonegoodbye.net
Type: A
DNSoftenfortieth.net
Type: A
DNSalonefortieth.net
Type: A
DNSmiddleadvance.net
Type: A
DNStwelveadvance.net
Type: A
DNSmiddlestranger.net
Type: A
DNStwelvestranger.net
Type: A
DNSmiddlegoodbye.net
Type: A
DNStwelvegoodbye.net
Type: A
DNSmiddlefortieth.net
Type: A
DNStwelvefortieth.net
Type: A
DNSratheradvance.net
Type: A
DNSmorningadvance.net
Type: A
DNSratherstranger.net
Type: A
DNSmorningstranger.net
Type: A
DNSrathergoodbye.net
Type: A
DNSmorninggoodbye.net
Type: A
DNSratherfortieth.net
Type: A
DNSmorningfortieth.net
Type: A
DNSstrangeadvance.net
Type: A
DNShistorystranger.net
Type: A
DNSstrangegoodbye.net
Type: A
DNShistorygoodbye.net
Type: A
DNSstrangefortieth.net
Type: A
DNSamountadvance.net
Type: A
DNSweatheradvance.net
Type: A
DNSamountstranger.net
Type: A
DNSweatherstranger.net
Type: A
DNSamountgoodbye.net
Type: A
DNSweathergoodbye.net
Type: A
DNSamountfortieth.net
Type: A
DNSweatherfortieth.net
Type: A
DNSthickadvance.net
Type: A
DNSclassadvance.net
Type: A
DNSthickstranger.net
Type: A
DNSclassstranger.net
Type: A
DNSthickgoodbye.net
Type: A
DNSclassgoodbye.net
Type: A
DNSthickfortieth.net
Type: A
DNSclassfortieth.net
Type: A
DNSthinkescape.net
Type: A
DNSpresentescape.net
Type: A
DNSthinkanimal.net
Type: A
DNSpresentanimal.net
Type: A
DNSthinkproblem.net
Type: A
DNSpresentproblem.net
Type: A
DNSthinkmodern.net
Type: A
DNSpresentmodern.net
Type: A
DNSchiefescape.net
Type: A
DNScollegeescape.net
Type: A
DNSchiefanimal.net
Type: A
DNScollegeanimal.net
Type: A
DNSchiefproblem.net
Type: A
DNSchiefmodern.net
Type: A
DNScollegemodern.net
Type: A
DNSoftenescape.net
Type: A
DNSaloneescape.net
Type: A
DNSoftenanimal.net
Type: A
DNSaloneanimal.net
Type: A
DNSoftenproblem.net
Type: A
DNSaloneproblem.net
Type: A
DNSoftenmodern.net
Type: A
HTTP GEThttp://weatherbeing.net/index.php
User-Agent:
HTTP GEThttp://weatherforever.net/index.php
User-Agent:
HTTP GEThttp://classbeyond.net/index.php
User-Agent:
HTTP GEThttp://thinkflower.net/index.php
User-Agent:
HTTP GEThttp://presentflower.net/index.php
User-Agent:
HTTP GEThttp://collegecorner.net/index.php
User-Agent:
HTTP GEThttp://alonecorner.net/index.php
User-Agent:
HTTP GEThttp://middleminute.net/index.php
User-Agent:
HTTP GEThttp://morningflower.net/index.php
User-Agent:
HTTP GEThttp://classminute.net/index.php
User-Agent:
HTTP GEThttp://thinkadvance.net/index.php
User-Agent:
HTTP GEThttp://collegeadvance.net/index.php
User-Agent:
HTTP GEThttp://historyadvance.net/index.php
User-Agent:
HTTP GEThttp://strangestranger.net/index.php
User-Agent:
HTTP GEThttp://historyfortieth.net/index.php
User-Agent:
HTTP GEThttp://collegeproblem.net/index.php
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 195.22.28.196:80
Flows TCP192.168.1.1:1032 ➝ 50.63.202.42:80
Flows TCP192.168.1.1:1033 ➝ 50.63.202.50:80
Flows TCP192.168.1.1:1034 ➝ 194.117.254.31:80
Flows TCP192.168.1.1:1035 ➝ 54.199.157.86:80
Flows TCP192.168.1.1:1036 ➝ 68.94.84.52:80
Flows TCP192.168.1.1:1037 ➝ 195.22.28.199:80
Flows TCP192.168.1.1:1038 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1039 ➝ 173.0.129.103:80
Flows TCP192.168.1.1:1040 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1041 ➝ 184.168.221.58:80
Flows TCP192.168.1.1:1042 ➝ 97.74.42.79:80
Flows TCP192.168.1.1:1043 ➝ 195.22.28.198:80
Flows TCP192.168.1.1:1044 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1045 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1046 ➝ 208.100.26.234:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   65617468 65726265 696e672e 6e65740d   eatherbeing.net.
0x00000050 (00080)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   65617468 6572666f 72657665 722e6e65   eatherforever.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6c617373 6265796f 6e642e6e 65740d0a   lassbeyond.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   68696e6b 666c6f77 65722e6e 65740d0a   hinkflower.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657365 6e74666c 6f776572 2e6e6574   resentflower.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 6765636f 726e6572 2e6e6574   ollegecorner.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2061   : close..Host: a
0x00000040 (00064)   6c6f6e65 636f726e 65722e6e 65740d0a   lonecorner.net..
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6964646c 656d696e 7574652e 6e65740d   iddleminute.net.
0x00000050 (00080)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6f726e69 6e67666c 6f776572 2e6e6574   orningflower.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6c617373 6d696e75 74652e6e 65740d0a   lassminute.net..
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   68696e6b 61647661 6e63652e 6e65740d   hinkadvance.net.
0x00000050 (00080)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67656164 76616e63 652e6e65   ollegeadvance.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2068   : close..Host: h
0x00000040 (00064)   6973746f 72796164 76616e63 652e6e65   istoryadvance.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   7472616e 67657374 72616e67 65722e6e   trangestranger.n
0x00000050 (00080)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2068   : close..Host: h
0x00000040 (00064)   6973746f 7279666f 72746965 74682e6e   istoryfortieth.n
0x00000050 (00080)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67657072 6f626c65 6d2e6e65   ollegeproblem.ne
0x00000050 (00080)   740d0a0d 0a0a                         t.....


Strings