Analysis Date2015-07-27 15:54:03
MD5a4e36420c72296ef5e03bec96ac5a455
SHA15e813afe44456fdedb5ec17ab938a2e4d75003dd

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 8e9e8c79a7ed0adb1339ce479f510130 sha1: 9726da91b5dbcd7e654ec36ad599b9ee5168ee85 size: 1011200
Section.rdata md5: 116192afa132dfbb597292e2fe9a2305 sha1: 79057765cfadf42917dc171e84fbae3635d4921c size: 512
Section.data md5: 2adb2e86be10cc98a2319358250f6350 sha1: c66e00ed75326c7e6748c179ee839661910a139c size: 512
Section.rsrc md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Timestamp2015-02-07 09:53:36
PEhashae74c784530e25a0e5aef6f3d5280a095e792311
IMPhash1ebdc6fd0ead81c11c0497272d4eff67
AVRisingTrojan.Win32.PolyRansom.a
AVMcafeeW32/VirRansom.b
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVTwisterW32.PolyRansom.b.brnk.mg
AVAd-AwareWin32.Virlock.Gen.2
AVAlwil (avast)Evo-gen [Susp]
AVEset (nod32)Win32/Virlock.I virus
AVGrisoft (avg)LockScreen.BO
AVSymantecno_virus
AVFortinetW32/Zegost.ATDB!tr
AVBitDefenderWin32.Virlock.Gen.2
AVK7Trojan ( 0040fa481 )
AVMicrosoft Security EssentialsVirus:Win32/Nabucur.C
AVMicroWorld (escan)Win32.Virlock.Gen.2
AVMalwareBytesno_virus
AVAuthentiumW32/S-4ad0513c!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusno_virus
AVEmsisoftWin32.Virlock.Gen.2
AVZillya!Virus.Virlock.Win32.1
AVKasperskyVirus.Win32.PolyRansom.b
AVTrend Microno_virus
AVCAT (quickheal)Error Scanning File
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardWin32.Virlock.Gen.2
AVArcabit (arcavir)Win32.Virlock.Gen.2
AVClamAVno_virus
AVDr. WebWin32.VirLock.10
AVF-SecureWin32.Virlock.Gen.2
AVCA (E-Trust Ino)Win32/Nabucur.C

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit ➝
C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe,
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\HUEcIEkg.exe ➝
C:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\igEsYooY.exe ➝
C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\5e813afe44456fdedb5ec17ab938a2e4d75003dd
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\rEMswEEk.bat
Creates FileC:\Documents and Settings\All Users\BGIwEQog\wAYUMkIw.exe
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
Creates FilePIPE\samr
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nwksoEQc.bat
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\rEMswEEk.bat
Creates Process"C:\5e813afe44456fdedb5ec17ab938a2e4d75003dd"
Creates ProcessC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
Creates Process""C:\Documents and Settings\Administrator\Local Settings\Temp\nwksoEQc.bat" "C:\malware.exe""
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Creates ProcessC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates Processreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Creates MutexvWcsggUA
Creates MutexScUMMMcQ
Creates ServiceBgMMsMHT - C:\Documents and Settings\All Users\BGIwEQog\wAYUMkIw.exe
Starts ServiceBgMMsMHT

Process
↳ ""C:\Documents and Settings\Administrator\Local Settings\Temp\nwksoEQc.bat" "C:\malware.exe""

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\file.vbs
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nwksoEQc.bat
Creates Processcscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt ➝
1

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt ➝
1

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
2

Process
↳ C:\5e813afe44456fdedb5ec17ab938a2e4d75003dd

Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\TmMMwQcY.bat
Creates FileC:\5e813afe44456fdedb5ec17ab938a2e4d75003dd
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\iYUAEkMw.bat
Creates FilePIPE\samr
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\iYUAEkMw.bat
Creates Process""C:\Documents and Settings\Administrator\Local Settings\Temp\TmMMwQcY.bat" "C:\malware.exe""
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Creates Processreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Creates Process"C:\5e813afe44456fdedb5ec17ab938a2e4d75003dd"
Creates MutexvWcsggUA
Creates MutexScUMMMcQ

Process
↳ reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
NULL

Process
↳ ""C:\Documents and Settings\Administrator\Local Settings\Temp\TmMMwQcY.bat" "C:\malware.exe""

Process
↳ "C:\5e813afe44456fdedb5ec17ab938a2e4d75003dd"

Creates ProcessC:\5e813afe44456fdedb5ec17ab938a2e4d75003dd

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
2

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt ➝
1

Process
↳ reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
NULL

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
2

Process
↳ reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
NULL

Process
↳ C:\5e813afe44456fdedb5ec17ab938a2e4d75003dd

Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\sogEIgkw.bat
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates FileC:\5e813afe44456fdedb5ec17ab938a2e4d75003dd
Creates File\Device\Afd\Endpoint
Creates MutexvWcsggUA
Creates MutexScUMMMcQ

Process
↳ "C:\5e813afe44456fdedb5ec17ab938a2e4d75003dd"

Creates ProcessC:\5e813afe44456fdedb5ec17ab938a2e4d75003dd

Process
↳ ""C:\Documents and Settings\Administrator\Local Settings\Temp\NWAEUYUE.bat" "C:\malware.exe""

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\file.vbs
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\NWAEUYUE.bat
Creates Processcscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Process
↳ C:\5e813afe44456fdedb5ec17ab938a2e4d75003dd

Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\hykssUwA.bat
Creates FileC:\5e813afe44456fdedb5ec17ab938a2e4d75003dd
Creates FilePIPE\samr
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\NWAEUYUE.bat
Creates File\Device\Afd\Endpoint
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\hykssUwA.bat
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Creates Processreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Creates Process"C:\5e813afe44456fdedb5ec17ab938a2e4d75003dd"
Creates Process""C:\Documents and Settings\Administrator\Local Settings\Temp\NWAEUYUE.bat" "C:\malware.exe""
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Creates MutexvWcsggUA
Creates MutexScUMMMcQ

Process
↳ "C:\5e813afe44456fdedb5ec17ab938a2e4d75003dd"

Creates ProcessC:\5e813afe44456fdedb5ec17ab938a2e4d75003dd

Process
↳ C:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\HUEcIEkg.exe ➝
C:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
Creates FileC:\RCX9.tmp
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
Creates FilemwYi.exe
Creates FileOwMm.exe
Creates FileC:\RCX2.tmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
Creates FileC:\Documents and Settings\All Users\ICUk.txt
Creates FileKMcE.ico
Creates FileYwEQ.exe
Creates FileikMm.exe
Creates FileC:\RCX8.tmp
Creates FileC:\RCX5.tmp
Creates FileGssW.exe
Creates FileAsoY.ico
Creates FilezMYs.ico
Creates FileC:\RCX3.tmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
Creates FileaUok.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
Creates FileuIcA.ico
Creates FileioYQ.ico
Creates FileOiog.ico
Creates FileCkEA.exe
Creates FileWgYK.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
Creates FileC:\RCX7.tmp
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates FileSSAk.ico
Creates FileKkIQ.ico
Creates FileC:\RCX1.tmp
Creates File\Device\Afd\Endpoint
Creates FileeEoW.exe
Creates FileC:\RCX6.tmp
Creates FileC:\RCXA.tmp
Creates FileC:\RCX4.tmp
Creates FileSIYk.ico
Creates FileGQEu.exe
Creates FilemqMQ.ico
Creates FileKoEQ.ico
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe
Creates FileugkS.exe
Deletes FileWgYK.exe
Deletes FileOwMm.exe
Deletes FileKMcE.ico
Deletes FileYwEQ.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp
Deletes FileKkIQ.ico
Deletes FileeEoW.exe
Deletes FileikMm.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp
Deletes FileGssW.exe
Deletes FileAsoY.ico
Deletes FilezMYs.ico
Deletes FileaUok.exe
Deletes FileSIYk.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp
Deletes FileGQEu.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp
Deletes FilemqMQ.ico
Deletes FileioYQ.ico
Deletes FileuIcA.ico
Deletes FileOiog.ico
Deletes FileKoEQ.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp
Deletes FileCkEA.exe
Deletes FileugkS.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp
Creates Mutex$1@
Creates Mutex\\x141@
Creates Mutex,1@
Creates Mutex41@
Creates MutexnwYEEQIw0
Creates MutexrIwsEEEo0
Creates MutexScUMMMcQ
Creates MutexvWcsggUA
Creates Mutex\\x1c1@

Process
↳ C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe

RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\igEsYooY.exe ➝
C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates Mutex$1@
Creates Mutex\\x141@
Creates Mutex,1@
Creates Mutex41@
Creates MutexnwYEEQIw0
Creates MutexrIwsEEEo0
Creates MutexScUMMMcQ
Creates MutexvWcsggUA
Creates Mutex\\x1c1@

Process
↳ C:\Documents and Settings\All Users\BGIwEQog\wAYUMkIw.exe

RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\igEsYooY.exe ➝
C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates Filepipe\net\NtControlPipe10
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\LocalService\sckowYEM\HUEcIEkg
Creates MutexvWcsggUA
Creates MutexScUMMMcQ

Process
↳ Pid 816

Process
↳ Pid 860

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1120

Process
↳ Pid 1216

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1876

Process
↳ Pid 1188

Process
↳ cscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Creates FilePIPE\lsarpc

Process
↳ cscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Creates FilePIPE\lsarpc

Network Details:

DNSblock.io
Type: A
104.237.132.39
DNSgoogle.com
Type: A
173.194.46.65
DNSgoogle.com
Type: A
173.194.46.64
DNSgoogle.com
Type: A
173.194.46.78
DNSgoogle.com
Type: A
173.194.46.73
DNSgoogle.com
Type: A
173.194.46.72
DNSgoogle.com
Type: A
173.194.46.71
DNSgoogle.com
Type: A
173.194.46.70
DNSgoogle.com
Type: A
173.194.46.69
DNSgoogle.com
Type: A
173.194.46.68
DNSgoogle.com
Type: A
173.194.46.67
DNSgoogle.com
Type: A
173.194.46.66
HTTP GEThttp://google.com/
User-Agent:
HTTP GEThttp://google.com/
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1032 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1033 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1034 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1035 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1036 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1037 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1038 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1039 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1040 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1041 ➝ 173.194.46.65:80
Flows TCP192.168.1.1:1042 ➝ 173.194.46.65:80
Flows TCP192.168.1.1:1043 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1044 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1045 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1046 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1047 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1048 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1049 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1050 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1051 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1052 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1053 ➝ 104.237.132.39:443

Raw Pcap
0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   486f7374 3a20676f 6f676c65 2e636f6d   Host: google.com
0x00000020 (00032)   0d0a0d0a 8e7cd3d9 12                  .....|...

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   486f7374 3a20676f 6f676c65 2e636f6d   Host: google.com
0x00000020 (00032)   0d0a0d0a 45b891f2 914ba4              ....E....K.


Strings