Analysis | #totalhash

Analysis Date	2015-11-15 16:58:25
MD5	953e680ecde465ddec653bb6f83c1084
SHA1	0f6706e7bad2225c7a3c935def575d124eb46cf4

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 031b01fb343593beec45fe55c9878777 sha1: a034aebe87d4f05e3268716650afd6ac99414f50 size: 28160
Section	.rdata md5: 473ba9362591e49fff022a256fc70124 sha1: 8309aff51fdab6f718dc258c3c60a620e65efc7e size: 9216
Section	.data md5: 056ca476f74b3cda4656c7c49b7cce17 sha1: 4957a92f09c025627cf20915300d6cead3dbe3a7 size: 8704
Section	.trhdtr md5: 01c42d5ad3c8f5e1c5ae1fc37c492501 sha1: 995c5ee7975be7e1562a03633f7205f6ab77bfce size: 84992
Section	.reloc md5: 0c04393071b406e1f9488db8394bd4c7 sha1: 152bd22902ecdf9cb600b2bfa2fe4b38dbfc4ab3 size: 4096
Timestamp	2015-11-03 14:37:54
Packer	Microsoft Visual C++ ?.?
PEhash	8c7f60945bb587b42a8d5edbb0d820ac486e5387
IMPhash	45e0e9918078daae0248a783fee1bf83
AV	F-Secure	Trojan.GenericKD.2851131
AV	Authentium	W32/Trojan.EEZL-5286
AV	MalwareBytes	Worm.Gamarue
AV	Dr. Web	Trojan.Encoder.514
AV	Grisoft (avg)	Inject3.NPA
AV	MalwareBytes	Worm.Gamarue
AV	Eset (nod32)	Win32/Kryptik.EDIH
AV	MicroWorld (escan)	Trojan.GenericKD.2851131
AV	Trend Micro	TROJ_CR.EF1E6723
AV	ClamAV	no_virus
AV	Twister	no_virus
AV	Eset (nod32)	Win32/Kryptik.EDIH
AV	BitDefender	Trojan.GenericKD.2851131
AV	MicroWorld (escan)	Trojan.GenericKD.2851131
AV	Avira (antivir)	TR/Crypt.Xpack.313035
AV	Alwil (avast)	Malware-gen:Win32:Malware-gen
AV	Fortinet	W32/Kryptik.ECIL!tr
AV	Microsoft Security Essentials	Ransom:Win32/Crowti
AV	Ikarus	Trojan.Crypt2
AV	Kaspersky	Trojan-Ransom.Win32.Cryptodef.aarl
AV	VirusBlokAda (vba32)	no_virus
AV	Arcabit (arcavir)	Trojan.GenericKD.2851131
AV	Mcafee	Generic.xo
AV	Avira (antivir)	TR/Crypt.Xpack.313035
AV	Ad-Aware	Trojan.GenericKD.2851131
AV	Alwil (avast)	Malware-gen:Win32:Malware-gen
AV	Symantec	Trojan.Gen
AV	Fortinet	W32/Kryptik.ECIL!tr
AV	K7	Trojan ( 004d5e121 )
AV	Microsoft Security Essentials	Ransom:Win32/Crowti
AV	Rising	no_virus
AV	Mcafee	Generic.xo
AV	Twister	no_virus
AV	Ad-Aware	Trojan.GenericKD.2851131
AV	Grisoft (avg)	Inject3.NPA
AV	Symantec	Trojan.Gen
AV	BitDefender	Trojan.GenericKD.2851131
AV	K7	Trojan ( 004d5e121 )
AV	Authentium	W32/Trojan.EEZL-5286
AV	Frisk (f-prot)	no_virus
AV	Emsisoft	Trojan.GenericKD.2851131
AV	Zillya!	no_virus
AV	CAT (quickheal)	TrojanRansom.Cryptodef.r5
AV	Padvish	no_virus
AV	BullGuard	Trojan.GenericKD.2851131
AV	CA (E-Trust Ino)	no_virus
AV	Rising	no_virus
AV	Ikarus	Trojan.Crypt2
AV	Frisk (f-prot)	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Process	C:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates File	C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates File	C:\6ff06165\6ff06165.exe
Creates File	C:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Process	-k netsvcs
Creates Process	vssadmin.exe Delete Shadows /All /Quiet

Process
↳ -k netsvcs

Registry	HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝ NULL
Registry	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝ 1
Creates File	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates File	C:\Documents and Settings\Administrator\Cookies\index.dat
Creates File	PIPE\lsarpc
Creates File	\Device\Afd\Endpoint
Creates File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutex	c:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex	c:!documents and settings!administrator!cookies!
Creates Mutex	c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNS	descargar-facebook-messenger.com
Winsock DNS	myfacecom.com
Winsock DNS	asistent.su
Winsock DNS	webandnoticias.com
Winsock DNS	snocmobilya.com
Winsock DNS	thecarnivalfest.com
Winsock DNS	euro-dom.de
Winsock DNS	nobilighting.com
Winsock DNS	sadefuar.com
Winsock DNS	spideragroscience.com
Winsock DNS	travancy.com
Winsock DNS	naimselmonaj.com
Winsock DNS	tamazawatokuichiro.com
Winsock DNS	perpabaskievi.net
Winsock DNS	virginia-education.com
Winsock DNS	zemamranews.com
Winsock DNS	curlmyip.com
Winsock DNS	konstructmarketing.com
Winsock DNS	abenorbenin.com
Winsock DNS	freeapkipa.com
Winsock DNS	conectcon.com
Winsock DNS	primemovies.net
Winsock DNS	noblevisage.com
Winsock DNS	myexternalip.com
Winsock DNS	shopshe.com
Winsock DNS	engagedforpeace.org
Winsock DNS	handmade.co.id
Winsock DNS	sudatrain.net
Winsock DNS	befitster.com
Winsock DNS	ip-addr.es
Winsock DNS	theboomerzblog.com
Winsock DNS	suttonfarms.net
Winsock DNS	reanimator-service.com
Winsock DNS	sparshsewa.com
Winsock DNS	fengfeifei.net
Winsock DNS	doozfriend.com
Winsock DNS	project976.org
Winsock DNS	wpwarriors.com
Winsock DNS	meaarts.com
Winsock DNS	promofordbekasi.com
Winsock DNS	xn--e1asbeck.xn--p1ai
Winsock DNS	rationwalaaa.com
Winsock DNS	bookstower.com
Winsock DNS	basketball256.com
Winsock DNS	icanconsultancy.org
Winsock DNS	grupointernex.com.br
Winsock DNS	forexinsuracembard.com
Winsock DNS	ipmon.net
Winsock DNS	ipanema-penthouse.com
Winsock DNS	pretor.su
Winsock DNS	vlsex.net
Winsock DNS	damozhai.com
Winsock DNS	therealdiehls.com
Winsock DNS	centroinformativoviral.com
Winsock DNS	droidmaza.com
Winsock DNS	immigrating.xsrv.jp
Winsock DNS	safepeace.com
Winsock DNS	gainsenligne.info
Winsock DNS	bolle-immobilien.de
Winsock DNS	tmp3malinium.com

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates File	PIPE\lsarpc

Network Details:

DNS	ip-addr.es Type: A 188.165.164.184
DNS	myexternalip.com Type: A 78.47.139.102
DNS	curlmyip.com Type: A 184.106.112.172
DNS	thecarnivalfest.com Type: A 103.21.59.171
DNS	tmp3malinium.com Type: A 193.37.145.25
DNS	webandnoticias.com Type: A 143.95.251.123
DNS	sadefuar.com Type: A 94.73.151.78
DNS	primemovies.net Type: A 185.63.252.62
DNS	abenorbenin.com Type: A 91.216.107.152
DNS	nobilighting.com Type: A 112.78.2.45
DNS	gainsenligne.info Type: A 193.37.145.77
DNS	wpwarriors.com Type: A 66.96.147.101
DNS	theboomerzblog.com Type: A 184.168.47.225
DNS	spideragroscience.com Type: A 103.21.59.171
DNS	grupointernex.com.br Type: A 192.198.195.229
DNS	safepeace.com Type: A 103.21.59.171
DNS	bookstower.com Type: A 143.95.252.199
DNS	ipanema-penthouse.com Type: A 91.216.107.154
DNS	asistent.su Type: A 78.110.50.124
DNS	doozfriend.com Type: A 208.91.198.220
DNS	vlsex.net Type: A 104.28.16.110
DNS	vlsex.net Type: A 104.28.17.110
DNS	befitster.com Type: A 208.91.199.77
DNS	conectcon.com Type: A 186.202.127.240
DNS	descargar-facebook-messenger.com Type: A 185.86.210.42
DNS	suttonfarms.net Type: A 63.135.124.25
DNS	meaarts.com Type: A 103.21.59.171
DNS	damozhai.com Type: A 118.193.216.44
DNS	xn--e1asbeck.xn--p1ai Type: A 195.208.1.155
DNS	zemamranews.com Type: A 51.254.207.181
DNS	forexinsuracembard.com Type: A 37.187.154.90
DNS	basketball256.com Type: A 205.144.171.82
DNS	sparshsewa.com Type: A 103.21.59.171
DNS	immigrating.xsrv.jp Type: A 183.90.232.29
DNS	ipmon.net Type: A 79.140.41.112
DNS	sudatrain.net Type: A 185.15.244.81
DNS	snocmobilya.com Type: A 94.73.147.150
DNS	project976.org Type: A 193.37.145.124
DNS	droidmaza.com Type: A 173.233.76.118
DNS	pretor.su Type: A 195.208.1.155
DNS	euro-dom.de Type: A 213.239.234.111
DNS	perpabaskievi.net Type: A 77.245.149.18
DNS	promofordbekasi.com Type: A 198.23.72.4
DNS	konstructmarketing.com Type: A 69.73.182.77
DNS	noblevisage.com Type: A 90.156.201.16
DNS	noblevisage.com Type: A 90.156.201.35
DNS	noblevisage.com Type: A 90.156.201.70
DNS	noblevisage.com Type: A 90.156.201.87
DNS	tamazawatokuichiro.com Type: A 209.54.52.223
DNS	naimselmonaj.com Type: A 51.254.207.61
DNS	reanimator-service.com Type: A 176.114.1.110
DNS	travancy.com Type: A 199.79.62.19
DNS	rationwalaaa.com Type: A 103.21.59.171
DNS	icanconsultancy.org Type: A 111.118.215.210
DNS	freeapkipa.com Type: A 178.17.168.34
DNS	shopshe.com Type: A 184.168.47.225
DNS	virginia-education.com Type: A 37.210.196.227
DNS	engagedforpeace.org Type: A 193.37.145.75
DNS	bolle-immobilien.de Type: A 213.239.234.111
DNS	therealdiehls.com Type: A 192.169.57.44
DNS	centroinformativoviral.com Type: A 205.144.171.80
DNS	myfacecom.com Type: A
DNS	fengfeifei.net Type: A
DNS	handmade.co.id Type: A
HTTP GET	http://ip-addr.es/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GET	http://myexternalip.com/raw User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GET	http://curlmyip.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://thecarnivalfest.com/mQF14M.php?m=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://tmp3malinium.com/7DSCmu.php?a=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://webandnoticias.com/t6xe1z.php?c=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://sadefuar.com/xdqHcr.php?e=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://primemovies.net/z6Hfan.php?x=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://abenorbenin.com/jcMISv.php?g=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://nobilighting.com/eX8yjr.php?t=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://gainsenligne.info/TiWyMt.php?g=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://wpwarriors.com/gnHPMv.php?e=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://theboomerzblog.com/fQu7UH.php?m=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://spideragroscience.com/cWo1T2.php?p=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://grupointernex.com.br/4cJIAr.php?r=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://safepeace.com/_QXEd6.php?e=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://bookstower.com/bmrWeQ.php?i=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://ipanema-penthouse.com/lxUs6S.php?c=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://asistent.su/docs/xdEjFf.php?q=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://doozfriend.com/T9Hqj0.php?l=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://vlsex.net/O4vH1A.php?y=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://befitster.com/Bfv30s.php?s=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://conectcon.com/evYR0G.php?t=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://descargar-facebook-messenger.com/UjZHsJ.php?p=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://suttonfarms.net/gqd1aw.php?h=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://meaarts.com/bMUmqv.php?i=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://asistent.su/F3eRnj.php?g=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://damozhai.com/aJPK4y.php?n=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://xn--e1asbeck.xn--p1ai/7xSCFU.php?v=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://zemamranews.com/jxke9u.php?c=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://forexinsuracembard.com/j97S0E.php?t=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://basketball256.com/9xnMgP.php?e=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://sparshsewa.com/5a8CTM.php?c=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://immigrating.xsrv.jp/5OUAvK.php?w=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://ipmon.net/CLuOIk.php?h=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://sudatrain.net/De1uQF.php?e=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://snocmobilya.com/XqDZ4I.php?u=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://project976.org/zyS9Kf.php?v=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://droidmaza.com/eHViNt.php?f=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://pretor.su/ZLoNyf.php?s=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://euro-dom.de/TzmNHk.php?z=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://perpabaskievi.net/VCOzj5.php?k=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://promofordbekasi.com/6jVb5D.php?h=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://konstructmarketing.com/Ml63Pu.php?o=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://noblevisage.com/2qs9Rr.php?x=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://tamazawatokuichiro.com/TkCs3y.php?s=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://naimselmonaj.com/QoYx31.php?c=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://reanimator-service.com/Y1U5s7.php?c=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://travancy.com/8GBn_t.php?z=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://rationwalaaa.com/QOPYrs.php?m=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://icanconsultancy.org/nm9Eul.php?s=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://freeapkipa.com/Zw6oOb.php?i=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://shopshe.com/jECfKN.php?y=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://virginia-education.com/8Ycy6k.php?f=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://engagedforpeace.org/R4uGnH.php?y=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://bolle-immobilien.de/Idvn79.php?s=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://therealdiehls.com/K3_J96.php?s=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POST	http://centroinformativoviral.com/k6dYbZ.php?u=mzfk13lkqb746je User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP	192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP	192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP	192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP	192.168.1.1:1034 ➝ 103.21.59.171:80
Flows TCP	192.168.1.1:1035 ➝ 193.37.145.25:80
Flows TCP	192.168.1.1:1036 ➝ 143.95.251.123:80
Flows TCP	192.168.1.1:1037 ➝ 94.73.151.78:80
Flows TCP	192.168.1.1:1038 ➝ 185.63.252.62:80
Flows TCP	192.168.1.1:1039 ➝ 91.216.107.152:80
Flows TCP	192.168.1.1:1040 ➝ 112.78.2.45:80
Flows TCP	192.168.1.1:1041 ➝ 193.37.145.77:80
Flows TCP	192.168.1.1:1042 ➝ 66.96.147.101:80
Flows TCP	192.168.1.1:1043 ➝ 184.168.47.225:80
Flows TCP	192.168.1.1:1044 ➝ 103.21.59.171:80
Flows TCP	192.168.1.1:1045 ➝ 192.198.195.229:80
Flows TCP	192.168.1.1:1046 ➝ 103.21.59.171:80
Flows TCP	192.168.1.1:1047 ➝ 143.95.252.199:80
Flows TCP	192.168.1.1:1048 ➝ 91.216.107.154:80
Flows TCP	192.168.1.1:1049 ➝ 78.110.50.124:80
Flows TCP	192.168.1.1:1050 ➝ 208.91.198.220:80
Flows TCP	192.168.1.1:1051 ➝ 104.28.16.110:80
Flows TCP	192.168.1.1:1052 ➝ 208.91.199.77:80
Flows TCP	192.168.1.1:1053 ➝ 186.202.127.240:80
Flows TCP	192.168.1.1:1054 ➝ 185.86.210.42:80
Flows TCP	192.168.1.1:1055 ➝ 63.135.124.25:80
Flows TCP	192.168.1.1:1056 ➝ 103.21.59.171:80
Flows TCP	192.168.1.1:1057 ➝ 78.110.50.124:80
Flows TCP	192.168.1.1:1058 ➝ 118.193.216.44:80
Flows TCP	192.168.1.1:1059 ➝ 195.208.1.155:80
Flows TCP	192.168.1.1:1060 ➝ 51.254.207.181:80
Flows TCP	192.168.1.1:1061 ➝ 37.187.154.90:80
Flows TCP	192.168.1.1:1062 ➝ 205.144.171.82:80
Flows TCP	192.168.1.1:1063 ➝ 103.21.59.171:80
Flows TCP	192.168.1.1:1064 ➝ 183.90.232.29:80
Flows TCP	192.168.1.1:1065 ➝ 79.140.41.112:80
Flows TCP	192.168.1.1:1066 ➝ 185.15.244.81:80
Flows TCP	192.168.1.1:1067 ➝ 94.73.147.150:80
Flows TCP	192.168.1.1:1068 ➝ 193.37.145.124:80
Flows TCP	192.168.1.1:1069 ➝ 173.233.76.118:80
Flows TCP	192.168.1.1:1070 ➝ 195.208.1.155:80
Flows TCP	192.168.1.1:1071 ➝ 213.239.234.111:80
Flows TCP	192.168.1.1:1072 ➝ 77.245.149.18:80
Flows TCP	192.168.1.1:1073 ➝ 198.23.72.4:80
Flows TCP	192.168.1.1:1074 ➝ 69.73.182.77:80
Flows TCP	192.168.1.1:1075 ➝ 90.156.201.16:80
Flows TCP	192.168.1.1:1076 ➝ 209.54.52.223:80
Flows TCP	192.168.1.1:1077 ➝ 51.254.207.61:80
Flows TCP	192.168.1.1:1078 ➝ 176.114.1.110:80
Flows TCP	192.168.1.1:1079 ➝ 199.79.62.19:80
Flows TCP	192.168.1.1:1080 ➝ 103.21.59.171:80
Flows TCP	192.168.1.1:1081 ➝ 111.118.215.210:80
Flows TCP	192.168.1.1:1082 ➝ 178.17.168.34:80
Flows TCP	192.168.1.1:1083 ➝ 184.168.47.225:80
Flows TCP	192.168.1.1:1084 ➝ 37.210.196.227:80
Flows TCP	192.168.1.1:1085 ➝ 193.37.145.75:80
Flows TCP	192.168.1.1:1086 ➝ 213.239.234.111:80
Flows TCP	192.168.1.1:1087 ➝ 192.169.57.44:80
Flows TCP	192.168.1.1:1088 ➝ 205.144.171.80:80

Raw Pcap

Strings