Analysis Date2013-07-15 16:29:22
MD55cf2ce9ad6e20434a96073af77ead860
SHA13303a47a4cfa0547a56d2bb380edb697a4cf4048

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 90e2e3d48f6d88d4eee126555b520365 sha1: 405f2f385319446891d0a3a79f8cb6a7f027fa3f size: 1024
Section.rdata md5: a2feaf3ba629027ed0b7b0663a4836e0 sha1: 3b0ef5c293336d1f6446110672af463e64f55392 size: 512
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: c9486865dfd50bfdf775313f280af3e8 sha1: 74deb6a009b7cb455d12891afef2efadf65480db size: 37888
Timestamp2006-02-15 23:39:24
VersionLegalCopyright: Copyright (C) 2000
InternalName: MPIRing
FileVersion: 1, 0, 0, 1
CompanyName:
LegalTrademarks:
ProductName: MPIRing Application
ProductVersion: 1, 0, 0, 1
FileDescription: MPIRing MFC Application
OriginalFilename: MPIRing.EXE
PEhashbf471dc64704c73f2e726b42040b59207263ad33

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\dealigtulwaw ➝
C:\Documents and Settings\Administrator\dealigtulwaw.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\iies[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\drexel[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\worldnetatt[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\lyuchta[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\cmich[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\supernet[1].htm
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\brettlarson[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\terra[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\go2[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\markbrent[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\xtra.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\sccoast[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\beeone[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\optonline[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\parrotcay.como[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\apollo[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tartarus.uwa.edu[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\people[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tahoo[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\backaviation[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\roadrunner[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\the-wild-west[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\surewest[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\flemingc.on[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\optonline[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\cascademarble[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\gallatinriver[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\music[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\uwsp[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\centrum[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\freenet.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\oregonstate[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\gci[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\csrlink[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\surewest[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\wildmail[1].htm
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\primeline[1].htm
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\dealigtulwaw.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\worldonline.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\nifty.ne[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\csrlink[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\wiredsolutions[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\frostburg[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\orst[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\the-wild-west[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\flemingc.on[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\uol.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\tushifire[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\creighton[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\stupid[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\uymail[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\csrlink[1].htm
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexdealigtulwaw
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSuwsp.edu
Winsock DNSglobalcrossing.com
Winsock DNSsurewest.net
Winsock DNSorst.edu
Winsock DNSbackaviation.com
Winsock DNStushifire.com
Winsock DNSmarkbrent.com
Winsock DNSoregonstate.edu
Winsock DNSwww.optonline.com
Winsock DNScascademarble.com
Winsock DNSroadrunner.com
Winsock DNSlyuchta.org
Winsock DNSbrettlarson.com
Winsock DNSbeeone.de
Winsock DNSdrexel.edu
Winsock DNSprimeline.com
Winsock DNSnifty.ne.jp
Winsock DNSwildmail.com
Winsock DNScreighton.edu
Winsock DNSapollo.lv
Winsock DNSgci.net
Winsock DNSmusic.com
Winsock DNSsccoast.net
Winsock DNSuymail.com
Winsock DNSgallatinriver.net
Winsock DNScentrum.cz
Winsock DNSgo2.pl
Winsock DNSfreenet.co.uk
Winsock DNSxtra.co.nz
Winsock DNSuol.com.br
Winsock DNSterra.es
Winsock DNSsupernet.net
Winsock DNStartarus.uwa.edu.au
Winsock DNSiies.es
Winsock DNSstupid.com
Winsock DNSfrostburg.edu
Winsock DNSdicksmail.com
Winsock DNSwiredsolutions.net
Winsock DNScmich.edu
Winsock DNSworldnetatt.net
Winsock DNStahoo.com
Winsock DNSthe-wild-west.com
Winsock DNScsrlink.net
Winsock DNSpeople.com
Winsock DNSworldonline.co.uk
Winsock DNSparrotcay.como.bz
Winsock DNSflemingc.on.ca

Network Details:

DNScytanet.com.cy
Type: A
195.14.130.176
DNScitigroup.com
Type: A
192.193.103.222
DNScitigroup.com
Type: A
192.193.219.58
DNSprimeline.com
Type: A
69.74.231.232
DNSbeeone.de
Type: A
193.227.203.172
DNSsirius.com
Type: A
209.196.216.50
DNSricochet.com
Type: A
54.225.145.175
DNSjjay.cuny.edu
Type: A
74.205.89.35
DNSpru-nw.com
Type: A
69.25.128.172
DNSpandora.be
Type: A
195.130.131.38
DNSpandora.be
Type: A
195.130.131.39
DNSlansdownecollege.com
Type: A
109.203.126.209
DNSoptonline.com
Type: A
66.54.17.31
DNSverizonwireless.com
Type: A
137.188.80.90
DNSverizonwireless.com
Type: A
162.115.16.90
DNSverizonwireless.com
Type: A
162.115.208.90
DNSwildfun.com
Type: A
82.98.86.178
DNSconnections-etc.net
Type: A
162.39.145.20
DNSsccoast.net
Type: A
66.153.203.212
DNSgo2.pl
Type: A
193.17.41.103
DNSroadrunner.com
Type: A
24.28.199.168
DNSdicksmail.com
Type: A
127.0.0.1
DNSstupid.com
Type: A
198.144.18.63
DNSstupid.com
Type: A
198.144.18.62
DNSstupid.com
Type: A
198.144.18.64
DNSstupid.com
Type: A
198.144.18.61
DNSstupid.com
Type: A
75.126.29.212
DNSflemingc.on.ca
Type: A
192.197.148.244
DNSorst.edu
Type: A
128.193.4.112
DNSfreenet.co.uk
Type: A
217.28.130.160
DNSwww.optonline.net
Type: A
66.54.17.31
DNSmarkbrent.com
Type: A
50.63.127.1
DNSwildmail.com
Type: A
217.70.184.38
DNStahoo.com
Type: A
222.76.216.170
DNScsrlink.net
Type: A
207.69.200.195
DNScsrlink.net
Type: A
207.69.200.194
DNSoregonstate.edu
Type: A
128.193.4.112
DNSterra.es
Type: A
208.84.244.10
DNSuwsp.edu
Type: A
143.236.32.121
DNSuol.com.br
Type: A
200.147.67.142
DNSuol.com.br
Type: A
200.221.2.45
DNSgci.net
Type: A
209.165.131.24
DNSpeople.com
Type: A
205.216.30.207
DNSpeople.com
Type: A
216.35.74.102
DNSpeople.com
Type: A
64.70.28.82
DNSxtra.co.nz
Type: A
202.27.184.102
DNStartarus.uwa.edu.au
Type: A
130.95.128.3
DNSbrettlarson.com
Type: A
50.62.243.1
DNScascademarble.com
Type: A
184.168.221.19
DNSthe-wild-west.com
Type: A
1.2.3.4
DNScentrum.cz
Type: A
46.255.224.60
DNStushifire.com
Type: A
5.9.61.148
DNSworldnetatt.net
Type: A
144.160.36.42
DNSworldnetatt.net
Type: A
144.160.155.43
DNSgallatinriver.net
Type: A
208.47.185.65
DNSlyuchta.org
Type: A
178.79.190.156
DNSintuit.com
Type: A
206.108.40.108
DNShoymail.com
Type: A
65.55.39.12
DNShoymail.com
Type: A
207.46.31.61
DNSfrostburg.edu
Type: A
131.118.80.40
DNSolemiss.edu
Type: A
130.74.120.3
DNSaol.co
Type: A
72.13.32.43
DNSsurewest.net
Type: A
64.8.70.120
DNSmusic.com
Type: A
108.168.139.2
DNSbackaviation.com
Type: A
193.23.116.131
DNSsrcaccess.net
Type: A
69.49.208.29
DNSalice.it
Type: A
217.169.121.227
DNSapollo.lv
Type: A
78.28.227.182
DNSdrexel.edu
Type: A
144.118.66.83
DNSnifty.ne.jp
Type: A
210.131.4.217
DNSjotmail.com
Type: A
207.46.31.61
DNSjotmail.com
Type: A
65.55.39.12
DNSuymail.com
Type: A
50.22.218.215
DNSworldonline.co.uk
Type: A
212.74.99.30
DNSsupernet.net
Type: A
199.44.84.4
DNSparrotcay.como.bz
Type: A
82.196.228.76
DNSiies.es
Type: A
213.251.158.197
DNScmich.edu
Type: A
141.209.19.253
DNSwiredsolutions.net
Type: A
209.15.202.77
DNScreighton.edu
Type: A
147.134.13.145
DNSyatroo.com
Type: A
DNSwww.optonline.com
Type: A
HTTP POSThttp://go2.pl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://roadrunner.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://stupid.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://flemingc.on.ca/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://orst.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://freenet.co.uk/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://www.optonline.com/?ptrxcz_StJjAZ0QqGg6WxMmCc3StJi9ZzlGg7
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://markbrent.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://wildmail.com/?ptrxcz_rIi9YzPqGg7XyOpFf6VwMmDd4UvLlC
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tahoo.com/?ptrxcz_ZzPpFe5VvLkBa1QrGg6WwMlCb2RsIh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://csrlink.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://oregonstate.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://terra.es/?ptrxcz_StJjAa1RtJjAa1RsIi9Z0QsIlTvLkB
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://uwsp.edu/?ptrxcz_e5VwMmCc3TtJjAZ0QqGg7WxNoDd4Tu
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://uol.com.br/?ptrxcz_g8YzPqGg7XyOpFf6WxNoEe5VwMmtSt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://gci.net/?ptrxcz_a1QrGg6WwMlCb2SsIh8XyNoDd3TtJi
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://people.com/?ptrxcz_UvLlCc3TtJjAa0QsK2TuKkBb2StJkB
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://xtra.co.nz/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tartarus.uwa.edu.au/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://brettlarson.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cascademarble.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://the-wild-west.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://centrum.cz/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tushifire.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://www.optonline.com/?ptrxcz_Hi9YzPqGg7XyOpFf6WxOpFf6WxMmDd
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://worldnetatt.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://gallatinriver.net/?ptrxcz_TuKkAa0QqGf6VwLlBb1RrHh7XxNmDc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://lyuchta.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://sccoast.net/?ptrxcz_pFf5VwMlCc2SxmLlCc3StJ5WxNmDd4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://frostburg.edu/?ptrxcz_Gh8YzPpFf6WwMmDd3TuKjAa1RrHh8Y
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://primeline.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://surewest.net/?ptrxcz_Ba1QrGg7WxMmCc3StIi8YzOpEe5VvL
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://music.com/?ptrxcz_jAa0QrHg7WxNmDd3TuJjAZ0QqGg6Wx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://backaviation.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://apollo.lv/?ptrxcz_WyOpFe5VwMlCc3TuJjAa1QrHh8XyOp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://flemingc.on.ca/?ptrxcz_L5a0QrGg7XxNoEd4UvKkBb1RsIh8Yz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://drexel.edu/?ptrxcz_c3StJi9ZzPqFf6VwMlCc2StIi9YzPp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nifty.ne.jp/?ptrxcz_Cc3TtJjAa1RsIi9Z0QqGg7XyOqGf6W
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://uymail.com/?ptrxcz_b2StIiT0QrHh8XyOpFf6WwMmDd4UuK
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://the-wild-west.com/?ptrxcz_KjAZ0PqGf6VwLlBb1RrHg7XxNmDc3S
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://worldonline.co.uk/?ptrxcz_DTCd4UvKkBa1RrHh8XyOoEe4UvLkBb
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://supernet.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://csrlink.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://surewest.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://beeone.de/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://parrotcay.como.bz/?ptrxcz_5VwLlBb1RrGg6WwM5YyOoEe4UuKjAZ
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://iies.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cmich.edu/?ptrxcz_tJjAZ0PqFf5VweOqGf6WxMmDd4TuKk
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://wiredsolutions.net/?ptrxcz_3StJi9ZzPqFf5VwLlCb2SsIh8YyOpE
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://creighton.edu/?ptrxcz_uKjAZzPpFe5UuKjAZzPpFe4UuKjAZz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://worldnetatt.net/?ptrxcz_c3TuKjAZ0QqGf6VwMlCc2SsIi8YyOo
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1036 ➝ 209.196.216.50:25
Flows TCP192.168.1.1:1037 ➝ 69.74.231.232:25
Flows TCP192.168.1.1:1038 ➝ 195.14.130.176:25
Flows TCP192.168.1.1:1039 ➝ 192.193.103.222:25
Flows TCP192.168.1.1:1040 ➝ 193.227.203.172:25
Flows TCP192.168.1.1:1041 ➝ 54.225.145.175:25
Flows TCP192.168.1.1:1042 ➝ 74.205.89.35:25
Flows TCP192.168.1.1:1043 ➝ 69.25.128.172:25
Flows TCP192.168.1.1:1045 ➝ 54.225.145.175:25
Flows TCP192.168.1.1:1046 ➝ 195.130.131.38:25
Flows TCP192.168.1.1:1047 ➝ 109.203.126.209:25
Flows TCP192.168.1.1:1048 ➝ 66.54.17.31:25
Flows TCP192.168.1.1:1049 ➝ 137.188.80.90:25
Flows TCP192.168.1.1:1050 ➝ 82.98.86.178:25
Flows TCP192.168.1.1:1051 ➝ 162.39.145.20:25
Flows TCP192.168.1.1:1052 ➝ 66.153.203.212:25
Flows TCP192.168.1.1:1053 ➝ 193.17.41.103:80
Flows TCP192.168.1.1:1054 ➝ 24.28.199.168:80
Flows TCP192.168.1.1:1056 ➝ 198.144.18.63:80
Flows TCP192.168.1.1:1057 ➝ 192.197.148.244:80
Flows TCP192.168.1.1:1058 ➝ 128.193.4.112:80
Flows TCP192.168.1.1:1059 ➝ 217.28.130.160:80
Flows TCP192.168.1.1:1060 ➝ 66.54.17.31:80
Flows TCP192.168.1.1:1061 ➝ 50.63.127.1:80
Flows TCP192.168.1.1:1062 ➝ 217.70.184.38:80
Flows TCP192.168.1.1:1063 ➝ 222.76.216.170:80
Flows TCP192.168.1.1:1064 ➝ 207.69.200.195:80
Flows TCP192.168.1.1:1065 ➝ 128.193.4.112:80
Flows TCP192.168.1.1:1067 ➝ 208.84.244.10:80
Flows TCP192.168.1.1:1068 ➝ 143.236.32.121:80
Flows TCP192.168.1.1:1069 ➝ 200.147.67.142:80
Flows TCP192.168.1.1:1070 ➝ 209.165.131.24:80
Flows TCP192.168.1.1:1071 ➝ 205.216.30.207:80
Flows TCP192.168.1.1:1072 ➝ 202.27.184.102:80
Flows TCP192.168.1.1:1073 ➝ 130.95.128.3:80
Flows TCP192.168.1.1:1074 ➝ 50.62.243.1:80
Flows TCP192.168.1.1:1075 ➝ 184.168.221.19:80
Flows TCP192.168.1.1:1076 ➝ 1.2.3.4:80
Flows TCP192.168.1.1:1077 ➝ 46.255.224.60:80
Flows TCP192.168.1.1:1079 ➝ 5.9.61.148:80
Flows TCP192.168.1.1:1080 ➝ 66.54.17.31:80
Flows TCP192.168.1.1:1081 ➝ 144.160.36.42:80
Flows TCP192.168.1.1:1082 ➝ 208.47.185.65:80
Flows TCP192.168.1.1:1083 ➝ 178.79.190.156:80
Flows TCP192.168.1.1:1084 ➝ 66.153.203.212:80
Flows TCP192.168.1.1:1085 ➝ 206.108.40.108:25
Flows TCP192.168.1.1:1086 ➝ 65.55.39.12:25
Flows TCP192.168.1.1:1087 ➝ 131.118.80.40:80
Flows TCP192.168.1.1:1088 ➝ 192.193.103.222:25
Flows TCP192.168.1.1:1089 ➝ 69.74.231.232:80
Flows TCP192.168.1.1:1091 ➝ 130.74.120.3:25
Flows TCP192.168.1.1:1092 ➝ 72.13.32.43:25
Flows TCP192.168.1.1:1093 ➝ 64.8.70.120:80
Flows TCP192.168.1.1:1094 ➝ 108.168.139.2:80
Flows TCP192.168.1.1:1095 ➝ 193.23.116.131:80
Flows TCP192.168.1.1:1096 ➝ 69.49.208.29:25
Flows TCP192.168.1.1:1097 ➝ 217.169.121.227:25
Flows TCP192.168.1.1:1098 ➝ 78.28.227.182:80
Flows TCP192.168.1.1:1099 ➝ 192.197.148.244:80
Flows TCP192.168.1.1:1100 ➝ 144.118.66.83:80
Flows TCP192.168.1.1:1101 ➝ 210.131.4.217:80
Flows TCP192.168.1.1:1102 ➝ 50.22.218.215:80
Flows TCP192.168.1.1:1103 ➝ 207.46.31.61:25
Flows TCP192.168.1.1:1104 ➝ 1.2.3.4:80
Flows TCP192.168.1.1:1105 ➝ 212.74.99.30:80
Flows TCP192.168.1.1:1106 ➝ 199.44.84.4:80
Flows TCP192.168.1.1:1107 ➝ 207.69.200.195:80
Flows TCP192.168.1.1:1108 ➝ 64.8.70.120:80
Flows TCP192.168.1.1:1109 ➝ 193.227.203.172:80
Flows TCP192.168.1.1:1110 ➝ 82.196.228.76:80
Flows TCP192.168.1.1:1111 ➝ 213.251.158.197:80
Flows TCP192.168.1.1:1112 ➝ 141.209.19.253:80
Flows TCP192.168.1.1:1113 ➝ 209.15.202.77:80
Flows TCP192.168.1.1:1114 ➝ 147.134.13.145:80
Flows TCP192.168.1.1:1115 ➝ 144.160.36.42:80

Raw Pcap

Strings