Analysis Date2015-11-15 16:58:25
MD5953e680ecde465ddec653bb6f83c1084
SHA10f6706e7bad2225c7a3c935def575d124eb46cf4

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 031b01fb343593beec45fe55c9878777 sha1: a034aebe87d4f05e3268716650afd6ac99414f50 size: 28160
Section.rdata md5: 473ba9362591e49fff022a256fc70124 sha1: 8309aff51fdab6f718dc258c3c60a620e65efc7e size: 9216
Section.data md5: 056ca476f74b3cda4656c7c49b7cce17 sha1: 4957a92f09c025627cf20915300d6cead3dbe3a7 size: 8704
Section.trhdtr md5: 01c42d5ad3c8f5e1c5ae1fc37c492501 sha1: 995c5ee7975be7e1562a03633f7205f6ab77bfce size: 84992
Section.reloc md5: 0c04393071b406e1f9488db8394bd4c7 sha1: 152bd22902ecdf9cb600b2bfa2fe4b38dbfc4ab3 size: 4096
Timestamp2015-11-03 14:37:54
PackerMicrosoft Visual C++ ?.?
PEhash8c7f60945bb587b42a8d5edbb0d820ac486e5387
IMPhash45e0e9918078daae0248a783fee1bf83
AVF-SecureTrojan.GenericKD.2851131
AVAuthentiumW32/Trojan.EEZL-5286
AVMalwareBytesWorm.Gamarue
AVDr. WebTrojan.Encoder.514
AVGrisoft (avg)Inject3.NPA
AVMalwareBytesWorm.Gamarue
AVEset (nod32)Win32/Kryptik.EDIH
AVMicroWorld (escan)Trojan.GenericKD.2851131
AVTrend MicroTROJ_CR.EF1E6723
AVClamAVno_virus
AVTwisterno_virus
AVEset (nod32)Win32/Kryptik.EDIH
AVBitDefenderTrojan.GenericKD.2851131
AVMicroWorld (escan)Trojan.GenericKD.2851131
AVAvira (antivir)TR/Crypt.Xpack.313035
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVFortinetW32/Kryptik.ECIL!tr
AVMicrosoft Security EssentialsRansom:Win32/Crowti
AVIkarusTrojan.Crypt2
AVKasperskyTrojan-Ransom.Win32.Cryptodef.aarl
AVVirusBlokAda (vba32)no_virus
AVArcabit (arcavir)Trojan.GenericKD.2851131
AVMcafeeGeneric.xo
AVAvira (antivir)TR/Crypt.Xpack.313035
AVAd-AwareTrojan.GenericKD.2851131
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVSymantecTrojan.Gen
AVFortinetW32/Kryptik.ECIL!tr
AVK7Trojan ( 004d5e121 )
AVMicrosoft Security EssentialsRansom:Win32/Crowti
AVRisingno_virus
AVMcafeeGeneric.xo
AVTwisterno_virus
AVAd-AwareTrojan.GenericKD.2851131
AVGrisoft (avg)Inject3.NPA
AVSymantecTrojan.Gen
AVBitDefenderTrojan.GenericKD.2851131
AVK7Trojan ( 004d5e121 )
AVAuthentiumW32/Trojan.EEZL-5286
AVFrisk (f-prot)no_virus
AVEmsisoftTrojan.GenericKD.2851131
AVZillya!no_virus
AVCAT (quickheal)TrojanRansom.Cryptodef.r5
AVPadvishno_virus
AVBullGuardTrojan.GenericKD.2851131
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVIkarusTrojan.Crypt2
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Process-k netsvcs
Creates Processvssadmin.exe Delete Shadows /All /Quiet

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSdescargar-facebook-messenger.com
Winsock DNSmyfacecom.com
Winsock DNSasistent.su
Winsock DNSwebandnoticias.com
Winsock DNSsnocmobilya.com
Winsock DNSthecarnivalfest.com
Winsock DNSeuro-dom.de
Winsock DNSnobilighting.com
Winsock DNSsadefuar.com
Winsock DNSspideragroscience.com
Winsock DNStravancy.com
Winsock DNSnaimselmonaj.com
Winsock DNStamazawatokuichiro.com
Winsock DNSperpabaskievi.net
Winsock DNSvirginia-education.com
Winsock DNSzemamranews.com
Winsock DNScurlmyip.com
Winsock DNSkonstructmarketing.com
Winsock DNSabenorbenin.com
Winsock DNSfreeapkipa.com
Winsock DNSconectcon.com
Winsock DNSprimemovies.net
Winsock DNSnoblevisage.com
Winsock DNSmyexternalip.com
Winsock DNSshopshe.com
Winsock DNSengagedforpeace.org
Winsock DNShandmade.co.id
Winsock DNSsudatrain.net
Winsock DNSbefitster.com
Winsock DNSip-addr.es
Winsock DNStheboomerzblog.com
Winsock DNSsuttonfarms.net
Winsock DNSreanimator-service.com
Winsock DNSsparshsewa.com
Winsock DNSfengfeifei.net
Winsock DNSdoozfriend.com
Winsock DNSproject976.org
Winsock DNSwpwarriors.com
Winsock DNSmeaarts.com
Winsock DNSpromofordbekasi.com
Winsock DNSxn--e1asbeck.xn--p1ai
Winsock DNSrationwalaaa.com
Winsock DNSbookstower.com
Winsock DNSbasketball256.com
Winsock DNSicanconsultancy.org
Winsock DNSgrupointernex.com.br
Winsock DNSforexinsuracembard.com
Winsock DNSipmon.net
Winsock DNSipanema-penthouse.com
Winsock DNSpretor.su
Winsock DNSvlsex.net
Winsock DNSdamozhai.com
Winsock DNStherealdiehls.com
Winsock DNScentroinformativoviral.com
Winsock DNSdroidmaza.com
Winsock DNSimmigrating.xsrv.jp
Winsock DNSsafepeace.com
Winsock DNSgainsenligne.info
Winsock DNSbolle-immobilien.de
Winsock DNStmp3malinium.com

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSthecarnivalfest.com
Type: A
103.21.59.171
DNStmp3malinium.com
Type: A
193.37.145.25
DNSwebandnoticias.com
Type: A
143.95.251.123
DNSsadefuar.com
Type: A
94.73.151.78
DNSprimemovies.net
Type: A
185.63.252.62
DNSabenorbenin.com
Type: A
91.216.107.152
DNSnobilighting.com
Type: A
112.78.2.45
DNSgainsenligne.info
Type: A
193.37.145.77
DNSwpwarriors.com
Type: A
66.96.147.101
DNStheboomerzblog.com
Type: A
184.168.47.225
DNSspideragroscience.com
Type: A
103.21.59.171
DNSgrupointernex.com.br
Type: A
192.198.195.229
DNSsafepeace.com
Type: A
103.21.59.171
DNSbookstower.com
Type: A
143.95.252.199
DNSipanema-penthouse.com
Type: A
91.216.107.154
DNSasistent.su
Type: A
78.110.50.124
DNSdoozfriend.com
Type: A
208.91.198.220
DNSvlsex.net
Type: A
104.28.16.110
DNSvlsex.net
Type: A
104.28.17.110
DNSbefitster.com
Type: A
208.91.199.77
DNSconectcon.com
Type: A
186.202.127.240
DNSdescargar-facebook-messenger.com
Type: A
185.86.210.42
DNSsuttonfarms.net
Type: A
63.135.124.25
DNSmeaarts.com
Type: A
103.21.59.171
DNSdamozhai.com
Type: A
118.193.216.44
DNSxn--e1asbeck.xn--p1ai
Type: A
195.208.1.155
DNSzemamranews.com
Type: A
51.254.207.181
DNSforexinsuracembard.com
Type: A
37.187.154.90
DNSbasketball256.com
Type: A
205.144.171.82
DNSsparshsewa.com
Type: A
103.21.59.171
DNSimmigrating.xsrv.jp
Type: A
183.90.232.29
DNSipmon.net
Type: A
79.140.41.112
DNSsudatrain.net
Type: A
185.15.244.81
DNSsnocmobilya.com
Type: A
94.73.147.150
DNSproject976.org
Type: A
193.37.145.124
DNSdroidmaza.com
Type: A
173.233.76.118
DNSpretor.su
Type: A
195.208.1.155
DNSeuro-dom.de
Type: A
213.239.234.111
DNSperpabaskievi.net
Type: A
77.245.149.18
DNSpromofordbekasi.com
Type: A
198.23.72.4
DNSkonstructmarketing.com
Type: A
69.73.182.77
DNSnoblevisage.com
Type: A
90.156.201.16
DNSnoblevisage.com
Type: A
90.156.201.35
DNSnoblevisage.com
Type: A
90.156.201.70
DNSnoblevisage.com
Type: A
90.156.201.87
DNStamazawatokuichiro.com
Type: A
209.54.52.223
DNSnaimselmonaj.com
Type: A
51.254.207.61
DNSreanimator-service.com
Type: A
176.114.1.110
DNStravancy.com
Type: A
199.79.62.19
DNSrationwalaaa.com
Type: A
103.21.59.171
DNSicanconsultancy.org
Type: A
111.118.215.210
DNSfreeapkipa.com
Type: A
178.17.168.34
DNSshopshe.com
Type: A
184.168.47.225
DNSvirginia-education.com
Type: A
37.210.196.227
DNSengagedforpeace.org
Type: A
193.37.145.75
DNSbolle-immobilien.de
Type: A
213.239.234.111
DNStherealdiehls.com
Type: A
192.169.57.44
DNScentroinformativoviral.com
Type: A
205.144.171.80
DNSmyfacecom.com
Type: A
DNSfengfeifei.net
Type: A
DNShandmade.co.id
Type: A
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://thecarnivalfest.com/mQF14M.php?m=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tmp3malinium.com/7DSCmu.php?a=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://webandnoticias.com/t6xe1z.php?c=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://sadefuar.com/xdqHcr.php?e=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://primemovies.net/z6Hfan.php?x=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://abenorbenin.com/jcMISv.php?g=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://nobilighting.com/eX8yjr.php?t=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gainsenligne.info/TiWyMt.php?g=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://wpwarriors.com/gnHPMv.php?e=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://theboomerzblog.com/fQu7UH.php?m=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://spideragroscience.com/cWo1T2.php?p=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://grupointernex.com.br/4cJIAr.php?r=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://safepeace.com/_QXEd6.php?e=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bookstower.com/bmrWeQ.php?i=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ipanema-penthouse.com/lxUs6S.php?c=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://asistent.su/docs/xdEjFf.php?q=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://doozfriend.com/T9Hqj0.php?l=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://vlsex.net/O4vH1A.php?y=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://befitster.com/Bfv30s.php?s=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://conectcon.com/evYR0G.php?t=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://descargar-facebook-messenger.com/UjZHsJ.php?p=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://suttonfarms.net/gqd1aw.php?h=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://meaarts.com/bMUmqv.php?i=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://asistent.su/F3eRnj.php?g=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://damozhai.com/aJPK4y.php?n=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://xn--e1asbeck.xn--p1ai/7xSCFU.php?v=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://zemamranews.com/jxke9u.php?c=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://forexinsuracembard.com/j97S0E.php?t=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://basketball256.com/9xnMgP.php?e=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://sparshsewa.com/5a8CTM.php?c=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://immigrating.xsrv.jp/5OUAvK.php?w=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ipmon.net/CLuOIk.php?h=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://sudatrain.net/De1uQF.php?e=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://snocmobilya.com/XqDZ4I.php?u=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://project976.org/zyS9Kf.php?v=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://droidmaza.com/eHViNt.php?f=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://pretor.su/ZLoNyf.php?s=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://euro-dom.de/TzmNHk.php?z=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://perpabaskievi.net/VCOzj5.php?k=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://promofordbekasi.com/6jVb5D.php?h=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://konstructmarketing.com/Ml63Pu.php?o=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://noblevisage.com/2qs9Rr.php?x=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tamazawatokuichiro.com/TkCs3y.php?s=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://naimselmonaj.com/QoYx31.php?c=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://reanimator-service.com/Y1U5s7.php?c=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://travancy.com/8GBn_t.php?z=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://rationwalaaa.com/QOPYrs.php?m=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://icanconsultancy.org/nm9Eul.php?s=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://freeapkipa.com/Zw6oOb.php?i=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://shopshe.com/jECfKN.php?y=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://virginia-education.com/8Ycy6k.php?f=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://engagedforpeace.org/R4uGnH.php?y=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bolle-immobilien.de/Idvn79.php?s=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://therealdiehls.com/K3_J96.php?s=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://centroinformativoviral.com/k6dYbZ.php?u=mzfk13lkqb746je
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1034 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1035 ➝ 193.37.145.25:80
Flows TCP192.168.1.1:1036 ➝ 143.95.251.123:80
Flows TCP192.168.1.1:1037 ➝ 94.73.151.78:80
Flows TCP192.168.1.1:1038 ➝ 185.63.252.62:80
Flows TCP192.168.1.1:1039 ➝ 91.216.107.152:80
Flows TCP192.168.1.1:1040 ➝ 112.78.2.45:80
Flows TCP192.168.1.1:1041 ➝ 193.37.145.77:80
Flows TCP192.168.1.1:1042 ➝ 66.96.147.101:80
Flows TCP192.168.1.1:1043 ➝ 184.168.47.225:80
Flows TCP192.168.1.1:1044 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1045 ➝ 192.198.195.229:80
Flows TCP192.168.1.1:1046 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1047 ➝ 143.95.252.199:80
Flows TCP192.168.1.1:1048 ➝ 91.216.107.154:80
Flows TCP192.168.1.1:1049 ➝ 78.110.50.124:80
Flows TCP192.168.1.1:1050 ➝ 208.91.198.220:80
Flows TCP192.168.1.1:1051 ➝ 104.28.16.110:80
Flows TCP192.168.1.1:1052 ➝ 208.91.199.77:80
Flows TCP192.168.1.1:1053 ➝ 186.202.127.240:80
Flows TCP192.168.1.1:1054 ➝ 185.86.210.42:80
Flows TCP192.168.1.1:1055 ➝ 63.135.124.25:80
Flows TCP192.168.1.1:1056 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1057 ➝ 78.110.50.124:80
Flows TCP192.168.1.1:1058 ➝ 118.193.216.44:80
Flows TCP192.168.1.1:1059 ➝ 195.208.1.155:80
Flows TCP192.168.1.1:1060 ➝ 51.254.207.181:80
Flows TCP192.168.1.1:1061 ➝ 37.187.154.90:80
Flows TCP192.168.1.1:1062 ➝ 205.144.171.82:80
Flows TCP192.168.1.1:1063 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1064 ➝ 183.90.232.29:80
Flows TCP192.168.1.1:1065 ➝ 79.140.41.112:80
Flows TCP192.168.1.1:1066 ➝ 185.15.244.81:80
Flows TCP192.168.1.1:1067 ➝ 94.73.147.150:80
Flows TCP192.168.1.1:1068 ➝ 193.37.145.124:80
Flows TCP192.168.1.1:1069 ➝ 173.233.76.118:80
Flows TCP192.168.1.1:1070 ➝ 195.208.1.155:80
Flows TCP192.168.1.1:1071 ➝ 213.239.234.111:80
Flows TCP192.168.1.1:1072 ➝ 77.245.149.18:80
Flows TCP192.168.1.1:1073 ➝ 198.23.72.4:80
Flows TCP192.168.1.1:1074 ➝ 69.73.182.77:80
Flows TCP192.168.1.1:1075 ➝ 90.156.201.16:80
Flows TCP192.168.1.1:1076 ➝ 209.54.52.223:80
Flows TCP192.168.1.1:1077 ➝ 51.254.207.61:80
Flows TCP192.168.1.1:1078 ➝ 176.114.1.110:80
Flows TCP192.168.1.1:1079 ➝ 199.79.62.19:80
Flows TCP192.168.1.1:1080 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1081 ➝ 111.118.215.210:80
Flows TCP192.168.1.1:1082 ➝ 178.17.168.34:80
Flows TCP192.168.1.1:1083 ➝ 184.168.47.225:80
Flows TCP192.168.1.1:1084 ➝ 37.210.196.227:80
Flows TCP192.168.1.1:1085 ➝ 193.37.145.75:80
Flows TCP192.168.1.1:1086 ➝ 213.239.234.111:80
Flows TCP192.168.1.1:1087 ➝ 192.169.57.44:80
Flows TCP192.168.1.1:1088 ➝ 205.144.171.80:80

Raw Pcap

Strings