Analysis Date2016-02-12 20:35:44
MD56f897b8e6cee759b9c6b00a36bbbdbc2
SHA1f90adfa9a368a54e657bb80ca0b26ed91c0d1626

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e9e503970c39ea4af7f55eb486c9d555 sha1: 652f5c1d1b34e01abf42db8436ce98a909f282c3 size: 180224
Section.rdata md5: 2081d3158f7857411bddb311e844d35c sha1: dfaad0afb6470a344c28024172cb32f0379e4d2c size: 2560
Section.data md5: 28253dd62ec9deffc714f3681e3463b5 sha1: be1aff850799e6cba8b9e055832db5020652f60c size: 15872
Section.reloc md5: cda96f82d826e24618818f4f25ca6fdc sha1: 306dc87f1c30cfc71743bf131ec36ff3a6806588 size: 29696
Timestamp2014-09-10 21:18:10
PEhash35fc2da7f69e977040334d421ac23b6614549ad5
IMPhash67531de0f97f928427d5708969cdca54
AVCA (E-Trust Ino)Gen:Variant.Razy.18137
AVF-SecureGen:Variant.Razy.18137
AVDr. WebTrojan.DownLoader19.23692
AVClamAVNo Virus
AVArcabit (arcavir)Gen:Variant.Razy.18137
AVBullGuardGen:Variant.Razy.18137
AVCAT (quickheal)TrojanSpy.Nivdort.r4
AVVirusBlokAda (vba32)No Virus
AVTrend MicroNo Virus
AVKasperskyTrojan.Win32.Generic
AVZillya!No Virus
AVIkarusTrojan.Win32.Bayrob
AVFrisk (f-prot)W32/Nivdort.G.gen!Eldorado
AVEmsisoftGen:Variant.Razy.18137
AVAuthentiumW32/Nivdort.G.gen!Eldorado
AVMalwareBytesNo Virus
AVMicroWorld (escan)Gen:Variant.Kazy.790778
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.DE
AVK7Trojan ( 004dc2a31 )
AVBitDefenderGen:Variant.Razy.18137
AVFortinetW32/Bayrob.AQ!tr
AVSymantecTrojan.Bayrob!gen6
AVGrisoft (avg)Generic37.AMRI
AVEset (nod32)Win32/Bayrob.BA
AVAlwil (avast)Vupa [Cryp]
AVRisingNo Virus
AVAd-AwareGen:Variant.Razy.18137
AVTwisterTrojan.DOMG.kqfy
AVAvira (antivir)TR/Nivdort.A.28331
AVMcafeeTrojan-FHQT!6F897B8E6CEE

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\tbngrozcxltuovi\b2mz1kvbra3oooomfo8nm.exe
Creates FileC:\WINDOWS\tbngrozcxltuovi\ajgmkmab
Creates FileC:\tbngrozcxltuovi\ajgmkmab
Deletes FileC:\WINDOWS\tbngrozcxltuovi\ajgmkmab
Creates ProcessC:\tbngrozcxltuovi\b2mz1kvbra3oooomfo8nm.exe

Process
↳ C:\tbngrozcxltuovi\b2mz1kvbra3oooomfo8nm.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Debugger DNS Registrar Security Play ➝
C:\tbngrozcxltuovi\wdznhqeek.exe
Creates FileC:\tbngrozcxltuovi\eymeolxhi
Creates FileC:\tbngrozcxltuovi\wdznhqeek.exe
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\tbngrozcxltuovi\ajgmkmab
Creates FileC:\tbngrozcxltuovi\ajgmkmab
Deletes FileC:\WINDOWS\tbngrozcxltuovi\ajgmkmab
Creates ProcessC:\tbngrozcxltuovi\wdznhqeek.exe
Creates ServiceDevice Machine Video Log Security Routing - C:\tbngrozcxltuovi\wdznhqeek.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 808

Process
↳ Pid 856

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1212

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Process
↳ Pid 1884

Process
↳ Pid 1188

Process
↳ C:\tbngrozcxltuovi\wdznhqeek.exe

Creates FileC:\tbngrozcxltuovi\cgbgezarzdey.exe
Creates FileC:\tbngrozcxltuovi\eymeolxhi
Creates Filepipe\net\NtControlPipe10
Creates FileC:\tbngrozcxltuovi\v0c9vgnxb7y6
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\tbngrozcxltuovi\ajgmkmab
Creates FileC:\tbngrozcxltuovi\ajgmkmab
Deletes FileC:\WINDOWS\tbngrozcxltuovi\ajgmkmab
Creates Processkzozxujjsws0 "c:\tbngrozcxltuovi\wdznhqeek.exe"

Process
↳ C:\tbngrozcxltuovi\wdznhqeek.exe

Creates FileC:\WINDOWS\tbngrozcxltuovi\ajgmkmab
Creates FileC:\tbngrozcxltuovi\ajgmkmab
Deletes FileC:\WINDOWS\tbngrozcxltuovi\ajgmkmab

Process
↳ kzozxujjsws0 "c:\tbngrozcxltuovi\wdznhqeek.exe"

Creates FileC:\WINDOWS\tbngrozcxltuovi\ajgmkmab
Creates FileC:\tbngrozcxltuovi\ajgmkmab
Deletes FileC:\WINDOWS\tbngrozcxltuovi\ajgmkmab

Network Details:

DNSlaughcondition.net
Type: A
195.22.28.196
DNSlaughcondition.net
Type: A
195.22.28.197
DNSlaughcondition.net
Type: A
195.22.28.198
DNSlaughcondition.net
Type: A
195.22.28.199
DNSsimplenation.net
Type: A
74.220.199.6
DNSmelbourneit.hotkeysparking.com
Type: A
8.5.1.16
DNSsimpleplease.net
Type: A
184.168.221.42
DNSpossiblenation.net
Type: A
50.63.202.52
DNSwindownation.net
Type: A
184.168.221.63
DNSwintersoldier.net
Type: A
198.185.159.144
DNSwintersoldier.net
Type: A
198.185.159.145
DNSwintersoldier.net
Type: A
198.49.23.144
DNSwintersoldier.net
Type: A
198.49.23.145
DNSlaughcountry.net
Type: A
195.22.28.199
DNSlaughcountry.net
Type: A
195.22.28.196
DNSlaughcountry.net
Type: A
195.22.28.197
DNSlaughcountry.net
Type: A
195.22.28.198
DNSsimplepower.net
Type: A
50.63.202.27
DNSmotherpower.net
Type: A
141.8.226.14
DNSmothercountry.net
Type: A
208.100.26.234
DNShdredirect-lb-399551664.us-east-1.elb.amazonaws.com
Type: A
52.71.117.99
DNShdredirect-lb-399551664.us-east-1.elb.amazonaws.com
Type: A
52.0.96.24
DNSmountaincountry.net
Type: A
75.119.220.11
DNSlaughletter.net
Type: A
184.168.221.36
DNSperhapsdifferent.net
Type: A
195.22.28.196
DNSperhapsdifferent.net
Type: A
195.22.28.197
DNSperhapsdifferent.net
Type: A
195.22.28.198
DNSperhapsdifferent.net
Type: A
195.22.28.199
DNSseverasoldier.net
Type: A
DNSlaughsoldier.net
Type: A
DNSseveraplease.net
Type: A
DNSlaughplease.net
Type: A
DNSseveracondition.net
Type: A
DNSmothernation.net
Type: A
DNSsimplesoldier.net
Type: A
DNSmothersoldier.net
Type: A
DNSmotherplease.net
Type: A
DNSsimplecondition.net
Type: A
DNSmothercondition.net
Type: A
DNSmountainnation.net
Type: A
DNSmountainsoldier.net
Type: A
DNSpossiblesoldier.net
Type: A
DNSmountainplease.net
Type: A
DNSpossibleplease.net
Type: A
DNSmountaincondition.net
Type: A
DNSpossiblecondition.net
Type: A
DNSperhapsnation.net
Type: A
DNSperhapssoldier.net
Type: A
DNSwindowsoldier.net
Type: A
DNSperhapsplease.net
Type: A
DNSwindowplease.net
Type: A
DNSperhapscondition.net
Type: A
DNSwindowcondition.net
Type: A
DNSwinternation.net
Type: A
DNSsubjectnation.net
Type: A
DNSsubjectsoldier.net
Type: A
DNSwinterplease.net
Type: A
DNSsubjectplease.net
Type: A
DNSwintercondition.net
Type: A
DNSsubjectcondition.net
Type: A
DNSfinishnation.net
Type: A
DNSleavenation.net
Type: A
DNSfinishsoldier.net
Type: A
DNSleavesoldier.net
Type: A
DNSfinishplease.net
Type: A
DNSleaveplease.net
Type: A
DNSfinishcondition.net
Type: A
DNSleavecondition.net
Type: A
DNSsweetnation.net
Type: A
DNSprobablynation.net
Type: A
DNSsweetsoldier.net
Type: A
DNSprobablysoldier.net
Type: A
DNSsweetplease.net
Type: A
DNSprobablyplease.net
Type: A
DNSsweetcondition.net
Type: A
DNSprobablycondition.net
Type: A
DNSseveralnation.net
Type: A
DNSmaterialnation.net
Type: A
DNSseveralsoldier.net
Type: A
DNSmaterialsoldier.net
Type: A
DNSseveralplease.net
Type: A
DNSmaterialplease.net
Type: A
DNSseveralcondition.net
Type: A
DNSmaterialcondition.net
Type: A
DNSseveracentury.net
Type: A
DNSlaughcentury.net
Type: A
DNSseverafamous.net
Type: A
DNSlaughfamous.net
Type: A
DNSseverapower.net
Type: A
DNSlaughpower.net
Type: A
DNSseveracountry.net
Type: A
DNSsimplecentury.net
Type: A
DNSmothercentury.net
Type: A
DNSsimplefamous.net
Type: A
DNSmotherfamous.net
Type: A
DNSsimplecountry.net
Type: A
DNSmountaincentury.net
Type: A
DNSpossiblecentury.net
Type: A
DNSmountainfamous.net
Type: A
DNSpossiblefamous.net
Type: A
DNSmountainpower.net
Type: A
DNSpossiblepower.net
Type: A
DNSpossiblecountry.net
Type: A
DNSperhapscentury.net
Type: A
DNSwindowcentury.net
Type: A
DNSperhapsfamous.net
Type: A
DNSwindowfamous.net
Type: A
DNSperhapspower.net
Type: A
DNSwindowpower.net
Type: A
DNSperhapscountry.net
Type: A
DNSwindowcountry.net
Type: A
DNSwintercentury.net
Type: A
DNSsubjectcentury.net
Type: A
DNSwinterfamous.net
Type: A
DNSsubjectfamous.net
Type: A
DNSwinterpower.net
Type: A
DNSsubjectpower.net
Type: A
DNSwintercountry.net
Type: A
DNSsubjectcountry.net
Type: A
DNSfinishcentury.net
Type: A
DNSleavecentury.net
Type: A
DNSfinishfamous.net
Type: A
DNSleavefamous.net
Type: A
DNSfinishpower.net
Type: A
DNSleavepower.net
Type: A
DNSfinishcountry.net
Type: A
DNSleavecountry.net
Type: A
DNSsweetcentury.net
Type: A
DNSprobablycentury.net
Type: A
DNSsweetfamous.net
Type: A
DNSprobablyfamous.net
Type: A
DNSsweetpower.net
Type: A
DNSprobablypower.net
Type: A
DNSsweetcountry.net
Type: A
DNSprobablycountry.net
Type: A
DNSseveralcentury.net
Type: A
DNSmaterialcentury.net
Type: A
DNSseveralfamous.net
Type: A
DNSmaterialfamous.net
Type: A
DNSseveralpower.net
Type: A
DNSmaterialpower.net
Type: A
DNSseveralcountry.net
Type: A
DNSmaterialcountry.net
Type: A
DNSseverasurprise.net
Type: A
DNSlaughsurprise.net
Type: A
DNSseverabeside.net
Type: A
DNSlaughbeside.net
Type: A
DNSseveraletter.net
Type: A
DNSseveradifferent.net
Type: A
DNSlaughdifferent.net
Type: A
DNSsimplesurprise.net
Type: A
DNSmothersurprise.net
Type: A
DNSsimplebeside.net
Type: A
DNSmotherbeside.net
Type: A
DNSsimpleletter.net
Type: A
DNSmotherletter.net
Type: A
DNSsimpledifferent.net
Type: A
DNSmotherdifferent.net
Type: A
DNSmountainsurprise.net
Type: A
DNSpossiblesurprise.net
Type: A
DNSmountainbeside.net
Type: A
DNSpossiblebeside.net
Type: A
DNSmountainletter.net
Type: A
DNSpossibleletter.net
Type: A
DNSmountaindifferent.net
Type: A
DNSpossibledifferent.net
Type: A
DNSperhapssurprise.net
Type: A
DNSwindowsurprise.net
Type: A
DNSperhapsbeside.net
Type: A
DNSwindowbeside.net
Type: A
DNSperhapsletter.net
Type: A
DNSwindowletter.net
Type: A
DNSwindowdifferent.net
Type: A
DNSwintersurprise.net
Type: A
DNSsubjectsurprise.net
Type: A
DNSwinterbeside.net
Type: A
DNSsubjectbeside.net
Type: A
DNSwinterletter.net
Type: A
DNSsubjectletter.net
Type: A
DNSwinterdifferent.net
Type: A
DNSsubjectdifferent.net
Type: A
DNSfinishsurprise.net
Type: A
DNSleavesurprise.net
Type: A
DNSfinishbeside.net
Type: A
DNSleavebeside.net
Type: A
HTTP GEThttp://laughcondition.net/index.php
User-Agent:
HTTP GEThttp://simplenation.net/index.php
User-Agent:
HTTP GEThttp://mothersoldier.net/index.php
User-Agent:
HTTP GEThttp://simpleplease.net/index.php
User-Agent:
HTTP GEThttp://possiblenation.net/index.php
User-Agent:
HTTP GEThttp://windownation.net/index.php
User-Agent:
HTTP GEThttp://wintersoldier.net/index.php
User-Agent:
HTTP GEThttp://laughcountry.net/index.php
User-Agent:
HTTP GEThttp://simplepower.net/index.php
User-Agent:
HTTP GEThttp://motherpower.net/index.php
User-Agent:
HTTP GEThttp://mothercountry.net/index.php
User-Agent:
HTTP GEThttp://mountainpower.net/index.php
User-Agent:
HTTP GEThttp://mountaincountry.net/index.php
User-Agent:
HTTP GEThttp://laughletter.net/index.php
User-Agent:
HTTP GEThttp://perhapsdifferent.net/index.php
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 195.22.28.196:80
Flows TCP192.168.1.1:1032 ➝ 74.220.199.6:80
Flows TCP192.168.1.1:1033 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1034 ➝ 184.168.221.42:80
Flows TCP192.168.1.1:1035 ➝ 50.63.202.52:80
Flows TCP192.168.1.1:1036 ➝ 184.168.221.63:80
Flows TCP192.168.1.1:1037 ➝ 198.185.159.144:80
Flows TCP192.168.1.1:1038 ➝ 195.22.28.199:80
Flows TCP192.168.1.1:1039 ➝ 50.63.202.27:80
Flows TCP192.168.1.1:1040 ➝ 141.8.226.14:80
Flows TCP192.168.1.1:1041 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1042 ➝ 52.71.117.99:80
Flows TCP192.168.1.1:1043 ➝ 75.119.220.11:80
Flows TCP192.168.1.1:1044 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1045 ➝ 195.22.28.196:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206c   : close..Host: l
0x00000040 (00064)   61756768 636f6e64 6974696f 6e2e6e65   aughcondition.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   696d706c 656e6174 696f6e2e 6e65740d   implenation.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6f746865 72736f6c 64696572 2e6e6574   othersoldier.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   696d706c 65706c65 6173652e 6e65740d   impleplease.net.
0x00000050 (00080)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   6f737369 626c656e 6174696f 6e2e6e65   ossiblenation.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   696e646f 776e6174 696f6e2e 6e65740d   indownation.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   696e7465 72736f6c 64696572 2e6e6574   intersoldier.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206c   : close..Host: l
0x00000040 (00064)   61756768 636f756e 7472792e 6e65740d   aughcountry.net.
0x00000050 (00080)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   696d706c 65706f77 65722e6e 65740d0a   implepower.net..
0x00000050 (00080)   0d0a0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6f746865 72706f77 65722e6e 65740d0a   otherpower.net..
0x00000050 (00080)   0d0a0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6f746865 72636f75 6e747279 2e6e6574   othercountry.net
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6f756e74 61696e70 6f776572 2e6e6574   ountainpower.net
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6f756e74 61696e63 6f756e74 72792e6e   ountaincountry.n
0x00000050 (00080)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206c   : close..Host: l
0x00000040 (00064)   61756768 6c657474 65722e6e 65740d0a   aughletter.net..
0x00000050 (00080)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   65726861 70736469 66666572 656e742e   erhapsdifferent.
0x00000050 (00080)   6e65740d 0a0d0a                       net....


Strings