Analysis Date2016-02-14 06:56:18
MD5eb17d09e1eb4d5909cfb4d1cf1180972
SHA1ab9244129f230f02992a67e04d69e8ad45527ef2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 2c74b28a71b257ec0a9c24b98cb8b306 sha1: dd1f6f25e77a82cd33a10fc938fbfe30553951f9 size: 189440
Section.rdata md5: 8f1739ef395e0fe5d0ef518b81e979e2 sha1: 37c88f52383e9180d288da51eb8a9872fa0e1e87 size: 18432
Section.data md5: 07b5472d347d42780469fb2654b7fc54 sha1: 943ae54f4818e52409fbbaf60ffd71318d966b0d size: 512
Section.reloc md5: 8a139facddda4ba99b525bfccee72635 sha1: 5c7ebf448b10b0616feed5359829007086340261 size: 30720
Timestamp2016-01-06 16:10:08
PEhash61d586d7e362725919bd3581c0622335b4374b23
IMPhashce309a4cdd35b3e2031f3dd3b930c9d8
AVCA (E-Trust Ino)Gen:Variant.Razy.8021
AVF-SecureGen:Variant.Razy.8021
AVDr. WebTrojan.DownLoader19.23937
AVClamAVNo Virus
AVArcabit (arcavir)Gen:Variant.Razy.8021
AVBullGuardGen:Variant.Razy.8021
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVTrend MicroNo Virus
AVKasperskyTrojan.Win32.Bayrob.kab
AVZillya!Trojan.Bayrob.Win32.12852
AVIkarusTrojan.Win32.Bayrob
AVFrisk (f-prot)W32/Nivdort.G.gen!Eldorado
AVEmsisoftGen:Variant.Razy.8021
AVAuthentiumW32/Nivdort.G.gen!Eldorado
AVMalwareBytesNo Virus
AVMicroWorld (escan)Gen:Variant.Razy.8021
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.CZ
AVK7Trojan ( 004db0c61 )
AVBitDefenderGen:Variant.Razy.8021
AVFortinetW32/Bayrob.AQ!tr
AVSymantecTrojan.Bayrob!gen6
AVGrisoft (avg)Win32/Heur
AVEset (nod32)Win32/Bayrob.AT.gen
AVAlwil (avast)Win32:Malware-gen
AVRisingNo Virus
AVAd-AwareGen:Variant.Razy.8021
AVTwisterNo Virus
AVAvira (antivir)TR/Nivdort.A.29286
AVMcafeeTrojan-FHPX!EB17D09E1EB4

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\seutazx\nbyumdb
Creates FileC:\seutazx\nbyumdb
Creates FileC:\seutazx\cbel6xx42zxcn5oyfpz.exe
Deletes FileC:\WINDOWS\seutazx\nbyumdb
Creates ProcessC:\seutazx\cbel6xx42zxcn5oyfpz.exe

Process
↳ C:\seutazx\cbel6xx42zxcn5oyfpz.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Auto-Discovery Wired Client Services ➝
C:\seutazx\hxbxzlhi.exe
Creates FileC:\WINDOWS\seutazx\nbyumdb
Creates FileC:\seutazx\hxbxzlhi.exe
Creates FilePIPE\lsarpc
Creates FileC:\seutazx\nbyumdb
Creates FileC:\seutazx\uyfrdrhrwy
Deletes FileC:\WINDOWS\seutazx\nbyumdb
Creates ProcessC:\seutazx\hxbxzlhi.exe
Creates ServiceGateway Routing Microsoft Redirector Registry - C:\seutazx\hxbxzlhi.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates FileWMIDataDevice

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC69D2D.pf
Creates FileC:\WINDOWS\Prefetch\AB9244129F230F02992A67E04D69E-17B422A0.pf
Creates FileC:\WINDOWS\Prefetch\EEMOLSFEGEKJ.EXE-0784E312.pf
Creates FileC:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
Creates FileC:\WINDOWS\Prefetch\NET1.EXE-029B9DB4.pf
Creates FileC:\WINDOWS\Prefetch\HXBXZLHI.EXE-27CCAF00.pf
Creates FileC:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
Creates FileC:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
Creates FileC:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf
Creates FileC:\WINDOWS\Prefetch\monitor.exe-1949D260.pf
Creates FileC:\WINDOWS\Prefetch\CBEL6XX42ZXCN5OYFPZ.EXE-018B20CB.pf
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log
Creates FileC:\WINDOWS\Prefetch\svchost.EXE-0C867EC1.pf

Process
↳ Pid 1208

Process
↳ Pid 1296

Process
↳ Pid 1864

Process
↳ Pid 1540

Process
↳ C:\seutazx\hxbxzlhi.exe

Creates FileC:\WINDOWS\seutazx\nbyumdb
Creates Filepipe\net\NtControlPipe10
Creates FileC:\seutazx\ebmkrzqk3
Creates File\Device\Afd\Endpoint
Creates FileC:\seutazx\nbyumdb
Creates FileC:\seutazx\eemolsfegekj.exe
Creates FileC:\seutazx\uyfrdrhrwy
Deletes FileC:\WINDOWS\seutazx\nbyumdb
Creates Processjy6renjtmzbp "c:\seutazx\hxbxzlhi.exe"

Process
↳ C:\seutazx\hxbxzlhi.exe

Creates FileC:\WINDOWS\seutazx\nbyumdb
Creates FileC:\seutazx\nbyumdb
Deletes FileC:\WINDOWS\seutazx\nbyumdb

Process
↳ jy6renjtmzbp "c:\seutazx\hxbxzlhi.exe"

Creates FileC:\WINDOWS\seutazx\nbyumdb
Creates FileC:\seutazx\nbyumdb
Deletes FileC:\WINDOWS\seutazx\nbyumdb

Network Details:

DNSoutsidesupply.net
Type: A
98.124.243.47
DNSoutsideoffice.net
Type: A
104.24.16.64
DNSoutsideoffice.net
Type: A
104.24.17.64
DNSbuildingsupply.net
Type: A
67.212.232.207
DNSbuildingoffice.net
Type: A
46.20.7.163
DNSstoresupply.net
Type: A
69.172.201.208
DNSdoctorsupply.net
Type: A
184.168.221.96
DNSdoctoroffice.net
Type: A
69.172.201.208
DNSstillsupply.net
Type: A
50.63.202.15
DNSbuildingtrouble.net
Type: A
208.100.26.234
DNSprettystrong.net
Type: A
50.62.236.1
DNSdoubletrouble.net
Type: A
207.148.248.143
DNSstillstrong.net
Type: A
206.188.192.251
DNSbuildingmaster.net
Type: A
199.83.128.178
DNSbuildingmaster.net
Type: A
199.83.132.178
DNSstoremaster.net
Type: A
184.168.221.104
DNSdoctormaster.net
Type: A
212.48.86.202
DNSstillshould.net
Type: A
DNSstrengthshort.net
Type: A
DNSstillshort.net
Type: A
DNSstrengthopinion.net
Type: A
DNSstillopinion.net
Type: A
DNSstrengthpromise.net
Type: A
DNSstillpromise.net
Type: A
DNSmovementsupply.net
Type: A
DNSmovementdistance.net
Type: A
DNSoutsidedistance.net
Type: A
DNSmovementoffice.net
Type: A
DNSmovementarrive.net
Type: A
DNSoutsidearrive.net
Type: A
DNSeveningsupply.net
Type: A
DNSbuildingdistance.net
Type: A
DNSeveningdistance.net
Type: A
DNSeveningoffice.net
Type: A
DNSbuildingarrive.net
Type: A
DNSeveningarrive.net
Type: A
DNSmightsupply.net
Type: A
DNSstoredistance.net
Type: A
DNSmightdistance.net
Type: A
DNSstoreoffice.net
Type: A
DNSmightoffice.net
Type: A
DNSstorearrive.net
Type: A
DNSmightarrive.net
Type: A
DNSprettysupply.net
Type: A
DNSdoctordistance.net
Type: A
DNSprettydistance.net
Type: A
DNSprettyoffice.net
Type: A
DNSdoctorarrive.net
Type: A
DNSprettyarrive.net
Type: A
DNSfellowsupply.net
Type: A
DNSdoublesupply.net
Type: A
DNSfellowdistance.net
Type: A
DNSdoubledistance.net
Type: A
DNSfellowoffice.net
Type: A
DNSdoubleoffice.net
Type: A
DNSfellowarrive.net
Type: A
DNSdoublearrive.net
Type: A
DNSbrokensupply.net
Type: A
DNSresultsupply.net
Type: A
DNSbrokendistance.net
Type: A
DNSresultdistance.net
Type: A
DNSbrokenoffice.net
Type: A
DNSresultoffice.net
Type: A
DNSbrokenarrive.net
Type: A
DNSresultarrive.net
Type: A
DNSpreparesupply.net
Type: A
DNSdesiresupply.net
Type: A
DNSpreparedistance.net
Type: A
DNSdesiredistance.net
Type: A
DNSprepareoffice.net
Type: A
DNSdesireoffice.net
Type: A
DNSpreparearrive.net
Type: A
DNSdesirearrive.net
Type: A
DNSstrengthsupply.net
Type: A
DNSstrengthdistance.net
Type: A
DNSstilldistance.net
Type: A
DNSstrengthoffice.net
Type: A
DNSstilloffice.net
Type: A
DNSstrengtharrive.net
Type: A
DNSstillarrive.net
Type: A
DNSmovementstrong.net
Type: A
DNSoutsidestrong.net
Type: A
DNSmovementtrouble.net
Type: A
DNSoutsidetrouble.net
Type: A
DNSmovementpresident.net
Type: A
DNSoutsidepresident.net
Type: A
DNSmovementcaught.net
Type: A
DNSoutsidecaught.net
Type: A
DNSbuildingstrong.net
Type: A
DNSeveningstrong.net
Type: A
DNSeveningtrouble.net
Type: A
DNSbuildingpresident.net
Type: A
DNSeveningpresident.net
Type: A
DNSbuildingcaught.net
Type: A
DNSeveningcaught.net
Type: A
DNSstorestrong.net
Type: A
DNSmightstrong.net
Type: A
DNSstoretrouble.net
Type: A
DNSmighttrouble.net
Type: A
DNSstorepresident.net
Type: A
DNSmightpresident.net
Type: A
DNSstorecaught.net
Type: A
DNSmightcaught.net
Type: A
DNSdoctorstrong.net
Type: A
DNSdoctortrouble.net
Type: A
DNSprettytrouble.net
Type: A
DNSdoctorpresident.net
Type: A
DNSprettypresident.net
Type: A
DNSdoctorcaught.net
Type: A
DNSprettycaught.net
Type: A
DNSfellowstrong.net
Type: A
DNSdoublestrong.net
Type: A
DNSfellowtrouble.net
Type: A
DNSfellowpresident.net
Type: A
DNSdoublepresident.net
Type: A
DNSfellowcaught.net
Type: A
DNSdoublecaught.net
Type: A
DNSbrokenstrong.net
Type: A
DNSresultstrong.net
Type: A
DNSbrokentrouble.net
Type: A
DNSresulttrouble.net
Type: A
DNSbrokenpresident.net
Type: A
DNSresultpresident.net
Type: A
DNSbrokencaught.net
Type: A
DNSresultcaught.net
Type: A
DNSpreparestrong.net
Type: A
DNSdesirestrong.net
Type: A
DNSpreparetrouble.net
Type: A
DNSdesiretrouble.net
Type: A
DNSpreparepresident.net
Type: A
DNSdesirepresident.net
Type: A
DNSpreparecaught.net
Type: A
DNSdesirecaught.net
Type: A
DNSstrengthstrong.net
Type: A
DNSstrengthtrouble.net
Type: A
DNSstilltrouble.net
Type: A
DNSstrengthpresident.net
Type: A
DNSstillpresident.net
Type: A
DNSstrengthcaught.net
Type: A
DNSstillcaught.net
Type: A
DNSmovementcontinue.net
Type: A
DNSoutsidecontinue.net
Type: A
DNSmovementmaster.net
Type: A
DNSoutsidemaster.net
Type: A
DNSmovementwonder.net
Type: A
DNSoutsidewonder.net
Type: A
DNSmovementdiscover.net
Type: A
DNSoutsidediscover.net
Type: A
DNSbuildingcontinue.net
Type: A
DNSeveningcontinue.net
Type: A
DNSeveningmaster.net
Type: A
DNSbuildingwonder.net
Type: A
DNSeveningwonder.net
Type: A
DNSbuildingdiscover.net
Type: A
DNSeveningdiscover.net
Type: A
DNSstorecontinue.net
Type: A
DNSmightcontinue.net
Type: A
DNSmightmaster.net
Type: A
DNSstorewonder.net
Type: A
DNSmightwonder.net
Type: A
DNSstorediscover.net
Type: A
DNSmightdiscover.net
Type: A
DNSdoctorcontinue.net
Type: A
DNSprettycontinue.net
Type: A
DNSprettymaster.net
Type: A
DNSdoctorwonder.net
Type: A
DNSprettywonder.net
Type: A
DNSdoctordiscover.net
Type: A
DNSprettydiscover.net
Type: A
DNSfellowcontinue.net
Type: A
DNSdoublecontinue.net
Type: A
DNSfellowmaster.net
Type: A
HTTP GEThttp://outsidesupply.net/index.php
User-Agent:
HTTP GEThttp://outsideoffice.net/index.php
User-Agent:
HTTP GEThttp://buildingsupply.net/index.php
User-Agent:
HTTP GEThttp://buildingoffice.net/index.php
User-Agent:
HTTP GEThttp://storesupply.net/index.php
User-Agent:
HTTP GEThttp://doctorsupply.net/index.php
User-Agent:
HTTP GEThttp://doctoroffice.net/index.php
User-Agent:
HTTP GEThttp://stillsupply.net/index.php
User-Agent:
HTTP GEThttp://buildingtrouble.net/index.php
User-Agent:
HTTP GEThttp://prettystrong.net/index.php
User-Agent:
HTTP GEThttp://doubletrouble.net/index.php
User-Agent:
HTTP GEThttp://stillstrong.net/index.php
User-Agent:
HTTP GEThttp://buildingmaster.net/index.php
User-Agent:
HTTP GEThttp://storemaster.net/index.php
User-Agent:
HTTP GEThttp://doctormaster.net/index.php
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 98.124.243.47:80
Flows TCP192.168.1.1:1032 ➝ 104.24.16.64:80
Flows TCP192.168.1.1:1033 ➝ 67.212.232.207:80
Flows TCP192.168.1.1:1034 ➝ 46.20.7.163:80
Flows TCP192.168.1.1:1035 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1036 ➝ 184.168.221.96:80
Flows TCP192.168.1.1:1037 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1038 ➝ 50.63.202.15:80
Flows TCP192.168.1.1:1039 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1040 ➝ 50.62.236.1:80
Flows TCP192.168.1.1:1041 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1042 ➝ 206.188.192.251:80
Flows TCP192.168.1.1:1043 ➝ 199.83.128.178:80
Flows TCP192.168.1.1:1044 ➝ 184.168.221.104:80
Flows TCP192.168.1.1:1045 ➝ 212.48.86.202:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206f   : close..Host: o
0x00000040 (00064)   75747369 64657375 70706c79 2e6e6574   utsidesupply.net
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206f   : close..Host: o
0x00000040 (00064)   75747369 64656f66 66696365 2e6e6574   utsideoffice.net
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   75696c64 696e6773 7570706c 792e6e65   uildingsupply.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   75696c64 696e676f 66666963 652e6e65   uildingoffice.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   746f7265 73757070 6c792e6e 65740d0a   toresupply.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2064   : close..Host: d
0x00000040 (00064)   6f63746f 72737570 706c792e 6e65740d   octorsupply.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2064   : close..Host: d
0x00000040 (00064)   6f63746f 726f6666 6963652e 6e65740d   octoroffice.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   74696c6c 73757070 6c792e6e 65740d0a   tillsupply.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   75696c64 696e6774 726f7562 6c652e6e   uildingtrouble.n
0x00000050 (00080)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657474 79737472 6f6e672e 6e65740d   rettystrong.net.
0x00000050 (00080)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2064   : close..Host: d
0x00000040 (00064)   6f75626c 6574726f 75626c65 2e6e6574   oubletrouble.net
0x00000050 (00080)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   74696c6c 7374726f 6e672e6e 65740d0a   tillstrong.net..
0x00000050 (00080)   0d0a                                  ..

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   75696c64 696e676d 61737465 722e6e65   uildingmaster.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   746f7265 6d617374 65722e6e 65740d0a   toremaster.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2064   : close..Host: d
0x00000040 (00064)   6f63746f 726d6173 7465722e 6e65740d   octormaster.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....


Strings