Analysis Date2013-07-15 14:56:15
MD54c4d6b5c19d76c7ef8ca191e9cb450b0
SHA1511b0882b2368e9ce28f44c962cfd83115562738

Static Details:

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\xucwexxadbak ➝
C:\Documents and Settings\Administrator\xucwexxadbak.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\linuxmail[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\freenet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\ricochet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\uakron[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\conwaycorp[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\vaxxine[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\xtra.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\yahoo.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\unison[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\penn[1].htm
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\waupacafoundry[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\aol[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\feton[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\tdn[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\licensedtokill[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\vip[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\madasfish[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\sympatico[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\online[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\att[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\voicestream[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\caionline[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mzsg[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\blackplanet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\skynet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\brettlarson[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\comporium[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\talktalk[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\staples[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\picsnet[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\vail[1].htm
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\cytanet.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\sexstories[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\buffalo[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\licensedtokill[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\planet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\su[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\iowatelecom[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\mail[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\udel[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\buffalo[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\sympatico[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\tvn[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\udel[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\cytanet.com[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\gotomy[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\hknetmail[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\zen.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\walla[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\vwr-inc[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\byu[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\coastalnow[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\ricochet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\chickensys[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\optonline[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\teknett[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\vianet.com[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\karoo.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\allstate[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\optonline[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\crosspaths[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\metrocast[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\vianet.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\sscomputing[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\forum[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\volny[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\conwaycorp[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\yahoo[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\att[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\teknett[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\beautifuldecay[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\tushifire[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\volny[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\lyuchta[1].htm
Creates FileC:\Documents and Settings\Administrator\xucwexxadbak.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\catech-systems[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\buffalo[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\ricochet[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\conwaycorp[1].htm
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutexxucwexxadbak
Winsock DNShknetmail.com
Winsock DNSchickensys.com
Winsock DNSgotomy.com
Winsock DNSonline.ie
Winsock DNSunison.ie
Winsock DNSfeton.net
Winsock DNSlyuchta.org
Winsock DNStdn.com
Winsock DNSvip.hr
Winsock DNSbrettlarson.com
Winsock DNStalktalk.net
Winsock DNSvaxxine.com
Winsock DNSlicensedtokill.com
Winsock DNSbuffalo.edu
Winsock DNSvolny.cz
Winsock DNSiowatelecom.net
Winsock DNSyahoo.com.cn
Winsock DNSfreenet.de
Winsock DNScomporium.net
Winsock DNSbeautifuldecay.com
Winsock DNSskynet.be
Winsock DNSvwr-inc.com
Winsock DNSxtra.co.nz
Winsock DNSlinuxmail.org
Winsock DNSwalla.com
Winsock DNSatt.com
Winsock DNSzen.co.uk
Winsock DNSmail.com
Winsock DNSvoicestream.com
Winsock DNSmzsg.at
Winsock DNSkaroo.co.uk
Winsock DNSsympatico.com
Winsock DNSsu.edu
Winsock DNSteknett.com
Winsock DNSvianet.com.mx
Winsock DNSoptonline.net
Winsock DNSforum.dk
Winsock DNScytanet.com.cy
Winsock DNSmetrocast.net
Winsock DNSmadasfish.com
Winsock DNSbyu.edu
Winsock DNSblackplanet.com
Winsock DNScatech-systems.com
Winsock DNStushifire.com
Winsock DNSsexstories.com
Winsock DNSgeivimuzm.kz
Winsock DNSaol.co
Winsock DNSpenn.com
Winsock DNSrock.com
Winsock DNScrosspaths.net
Winsock DNSplanet.nl
Winsock DNScaionline.org
Winsock DNStvn.hu
Winsock DNSuakron.edu
Winsock DNSuafortsmith.edu
Winsock DNSudel.edu
Winsock DNSwaupacafoundry.com
Winsock DNSyahoo.dk
Winsock DNSvail.com
Winsock DNSstaples.com
Winsock DNSallstate.com
Winsock DNSsscomputing.com
Winsock DNSconwaycorp.net
Winsock DNSricochet.com
Winsock DNSdicksmail.com
Winsock DNScoastalnow.net
Winsock DNSpicsnet.com

Network Details:

DNSthe-wild-west.com
Type: A
1.2.3.4
DNSsexstories.com
Type: A
141.0.173.147
DNShealth.com
Type: A
64.70.28.82
DNShealth.com
Type: A
205.216.30.207
DNShealth.com
Type: A
216.35.74.102
DNScaomcast.net
Type: A
199.59.243.109
DNScaomcast.net
Type: A
199.59.243.107
DNScaomcast.net
Type: A
199.59.243.106
DNScaomcast.net
Type: A
199.59.243.108
DNScaomcast.net
Type: A
199.59.243.105
DNSlicensedtokill.com
Type: A
209.15.13.134
DNSonline.ie
Type: A
67.220.92.61
DNSudel.edu
Type: A
128.175.13.92
DNSsympatico.com
Type: A
206.47.72.104
DNSunison.ie
Type: A
217.78.15.211
DNScatech-systems.com
Type: A
216.251.32.98
DNSvaxxine.com
Type: A
209.159.189.4
DNSwaupacafoundry.com
Type: A
71.13.131.168
DNSuakron.edu
Type: A
130.101.217.69
DNStdn.com
Type: A
192.104.182.209
DNStdn.com
Type: A
192.104.182.109
DNSbuffalo.edu
Type: A
128.205.7.144
DNSvolny.cz
Type: A
62.44.29.30
DNSsu.edu
Type: A
190.93.248.162
DNSsu.edu
Type: A
190.93.249.162
DNSoptonline.net
Type: A
66.54.17.31
DNSlinuxmail.org
Type: A
50.22.218.215
DNSfeton.net
Type: A
209.15.13.134
DNSvwr-inc.com
Type: A
199.89.170.197
DNScytanet.com.cy
Type: A
195.14.130.176
DNSgotomy.com
Type: A
173.62.209.11
DNScaionline.org
Type: A
67.192.237.89
DNScomporium.net
Type: A
208.104.2.209
DNSconwaycorp.net
Type: A
24.144.0.51
DNSteknett.com
Type: A
70.34.34.93
DNSkaroo.co.uk
Type: A
87.102.50.138
DNSmzsg.at
Type: A
212.53.95.124
DNSricochet.com
Type: A
54.225.145.175
DNSmail.com
Type: A
213.165.66.221
DNSbrettlarson.com
Type: A
50.62.243.1
DNSchickensys.com
Type: A
108.162.199.118
DNSchickensys.com
Type: A
108.162.198.118
DNSsfr.fr
Type: A
80.125.163.172
DNSvail.com
Type: A
216.24.136.226
DNSwanadoo.es
Type: A
62.37.237.16
DNSwanadoo.es
Type: A
62.37.237.15
DNSallstate.com
Type: A
167.127.109.184
DNStushifire.com
Type: A
5.9.61.148
DNSmetrocast.net
Type: A
65.175.128.188
DNStampabay.rr.com
Type: A
209.16.121.16
DNSvianet.com.mx
Type: A
67.205.6.250
DNSatt.com
Type: A
144.160.155.43
DNSatt.com
Type: A
144.160.36.42
DNSvoicestream.com
Type: A
206.29.177.10
DNShknetmail.com
Type: A
69.64.147.249
DNSsscomputing.com
Type: A
108.162.204.111
DNSsscomputing.com
Type: A
108.162.203.111
DNSskynet.be
Type: A
195.238.10.70
DNSfreenet.de
Type: A
62.104.23.42
DNStalktalk.net
Type: A
193.118.251.141
DNSforum.dk
Type: A
77.66.26.219
DNSlyuchta.org
Type: A
178.79.190.156
DNScrosspaths.net
Type: A
162.39.145.20
DNSbyu.edu
Type: A
128.187.16.167
DNSiowatelecom.net
Type: A
162.39.145.20
DNSplanet.nl
Type: A
213.75.28.140
DNSmadasfish.com
Type: A
62.116.181.25
DNSyahoo.com.cn
Type: A
202.165.102.205
DNSzen.co.uk
Type: A
82.71.140.243
DNSdiamondcpu.com
Type: A
75.151.74.38
DNSstaples.com
Type: A
170.37.25.140
DNSpicsnet.com
Type: A
184.168.81.139
DNSaol.co
Type: A
72.13.32.43
DNSbeautifuldecay.com
Type: A
192.81.209.94
DNStvn.hu
Type: A
195.228.152.230
DNStvn.hu
Type: A
195.228.152.242
DNStvn.hu
Type: A
80.249.168.234
DNStvn.hu
Type: A
195.228.152.238
DNStvn.hu
Type: A
80.249.168.230
DNStvn.hu
Type: A
80.249.168.228
DNStvn.hu
Type: A
195.56.146.235
DNSblackplanet.com
Type: A
70.42.66.70
DNScoastalnow.net
Type: A
208.47.185.65
DNSvip.hr
Type: A
212.91.113.39
DNSrockford.edu
Type: A
24.73.102.184
DNSuos.net
Type: A
216.17.184.1
DNSgrayfoot.mailshell.com
Type: A
127.0.0.1
DNSdicksmail.com
Type: A
127.0.0.1
DNSyahoo.dk
Type: A
77.238.178.122
DNSyahoo.dk
Type: A
87.248.120.148
DNSpenn.com
Type: A
207.69.200.190
DNSpenn.com
Type: A
207.69.200.191
DNSwalla.com
Type: A
192.118.82.157
DNSxtra.co.nz
Type: A
202.27.184.102
DNSrock.com
Type: A
168.143.19.128
DNSuafortsmith.edu
Type: A
DNSgeivimuzm.kz
Type: A
HTTP POSThttp://sexstories.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://unison.ie/?ptrxcz_Gg6WxMmCc2SsIh8YyOoEd4UuKjAZ0P
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://catech-systems.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vaxxine.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://waupacafoundry.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://uakron.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tdn.com/?ptrxcz_SsIh7XxNmDc2SsHh7WxMlCb1RrGg6V
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://buffalo.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://udel.edu/?ptrxcz_uKjAa0QrGg7WxNmDc3TuJj9Z0QqGf6
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://volny.cz/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://su.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://optonline.net/?ptrxcz_YzPqFf6VwMlCc2StJ4XyOpEe5VwMmD
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://linuxmail.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://buffalo.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://feton.net/?ptrxcz_WxMmCc3StIi9YzOpFe5VvLkBb1RsHh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://udel.edu/?ptrxcz_oImHlFjEhmDc3TtlUwMmCc3StJi9Zz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vwr-inc.com/?ptrxcz_uKkBb1RsIi8YzPqGf6WxNHj9Z0QqGg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cytanet.com.cy/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cytanet.com.cy/?ptrxcz_Gg7XyNoEe5VvLlCc3StJjAa1RrHh8Y
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://gotomy.com/?ptrxcz_5WxhEe5VwMmDd4UvLlCc3TuKkBb2St
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://caionline.org/?ptrxcz_rHg7WxMlCb2RsHg7WxMlCb2RsHg7Wx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://comporium.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://conwaycorp.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://teknett.com/?ptrxcz_xNmDd3TtJjM6WyOpEe5VwMmDd4UvLl
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://karoo.co.uk/?ptrxcz_WxNmDc3StJi9YzOpEe4UvKkAa0QqGg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://mzsg.at/?ptrxcz_StJjBdziBb2StJjAa1RsIi9Z0QrHh8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ricochet.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://mail.com/?ptrxcz_yOpEeMsJjAa2StJkBb2SuKkBc3TuKl
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://brettlarson.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://chickensys.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://sympatico.com/?ptrxcz_Ii8YyOoEd3TuJj9ZzPpFe4UuKjAZzP
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vail.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://metrocast.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://att.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vianet.com.mx/?ptrxcz_2W1UzTySwQVvLmyh8YzOpEe4UvKkAa
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vianet.com.mx/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://voicestream.com/?ptrxcz_JjAa1RsIi9Z0QrHhBsb3TuLlCc3TuK
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hknetmail.com/?ptrxcz_sa2StJi9Z0QqGg7XyNoE9b2StJi9Z0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://sscomputing.com/?ptrxcz_1SyKkBb1RsHh8YyOpEe5VvLlCb2SsI
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://skynet.be/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://freenet.de/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://talktalk.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tushifire.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://forum.dk/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://lyuchta.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://crosspaths.net/?ptrxcz_WxNoDd4TuKjAa0QrGg6WxMmDc3TtJj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://byu.edu/?ptrxcz_YzQqGg6WxMmDd3TuKjAa0QrHh8K5Wx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://iowatelecom.net/?ptrxcz_XyOpFf6VwMmDd4TuKkBb2Txh9Z0PqG
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://teknett.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://planet.nl/?ptrxcz_Dd4UvKkBclWyOpFf6WxNoEe5VwMmDd
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://volny.cz/?ptrxcz_9Z0QqGf6VwN5WxNoEe5VxNoEwQrHh8
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://madasfish.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://yahoo.com.cn/?ptrxcz_NoEd3TtIi8XxNmCb2RrGg6VvLkAa0P
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://zen.co.uk/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://licensedtokill.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://staples.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://picsnet.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://conwaycorp.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://aol.co/?ptrxcz_uKkBb2RsIi9YzPqGg6WxNoEd4UvLkB
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://beautifuldecay.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tvn.hu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://sympatico.com/?ptrxcz_KkAa0QrGg6WwLlBb1RrHg7WxMmCc2S
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://blackplanet.com/?ptrxcz_a1RrHg6WwMlCb1Rs2kDd4UvLlCc3St
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://online.ie/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://coastalnow.net/?ptrxcz_7YyOpFf6WxNoEe5VwMmDd4UvLlCc3U
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://att.com/?ptrxcz_3TuKkBb2SsIi9Z0QrHh8YyOpFf6WxN
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vip.hr/?ptrxcz_RrHEg6WxNmDd3TuKjAa0QrGg7WxNmD
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://allstate.com/?ptrxcz_d4UvLlCb2StJi9Z0QrGhbLmDc3TtJj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://optonline.net/?ptrxcz_8Z0kGg7XyOpFe5VwMmDd4UvLlBb2St
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://yahoo.dk/?ptrxcz_YzQrHh9Z0QsIi9a1RsJjAa2StJkBb3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://penn.com/?ptrxcz_0QrHg7Wxzh9a1RsIi9Z0QrHh8YzQrH
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://licensedtokill.com/?ptrxcz_MoDd3TuKjAa0QrGg7WxNmDzUvKkBb2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://walla.com/?ptrxcz_wMlCb2RsHg7WxMmCb2RsHh7XxMmCc2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://xtra.co.nz/?ptrxcz_uKkAa0QqGf6VwLlBb1RrHg7WxMmCc2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ricochet.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1037 ➝ 67.220.92.61:25
Flows TCP192.168.1.1:1038 ➝ 209.15.13.134:25
Flows TCP192.168.1.1:1039 ➝ 199.59.243.109:25
Flows TCP192.168.1.1:1040 ➝ 64.70.28.82:25
Flows TCP192.168.1.1:1041 ➝ 141.0.173.147:25
Flows TCP192.168.1.1:1042 ➝ 1.2.3.4:25
Flows TCP192.168.1.1:1043 ➝ 128.175.13.92:25
Flows TCP192.168.1.1:1044 ➝ 206.47.72.104:25
Flows TCP192.168.1.1:1045 ➝ 141.0.173.147:80
Flows TCP192.168.1.1:1046 ➝ 217.78.15.211:80
Flows TCP192.168.1.1:1048 ➝ 216.251.32.98:80
Flows TCP192.168.1.1:1049 ➝ 209.159.189.4:80
Flows TCP192.168.1.1:1050 ➝ 71.13.131.168:80
Flows TCP192.168.1.1:1051 ➝ 130.101.217.69:80
Flows TCP192.168.1.1:1052 ➝ 192.104.182.209:80
Flows TCP192.168.1.1:1053 ➝ 128.205.7.144:80
Flows TCP192.168.1.1:1054 ➝ 128.175.13.92:80
Flows TCP192.168.1.1:1055 ➝ 62.44.29.30:80
Flows TCP192.168.1.1:1056 ➝ 190.93.248.162:80
Flows TCP192.168.1.1:1057 ➝ 66.54.17.31:80
Flows TCP192.168.1.1:1058 ➝ 50.22.218.215:80
Flows TCP192.168.1.1:1059 ➝ 128.205.7.144:80
Flows TCP192.168.1.1:1060 ➝ 209.15.13.134:80
Flows TCP192.168.1.1:1061 ➝ 128.175.13.92:80
Flows TCP192.168.1.1:1062 ➝ 199.89.170.197:80
Flows TCP192.168.1.1:1064 ➝ 195.14.130.176:80
Flows TCP192.168.1.1:1063 ➝ 195.14.130.176:80
Flows TCP192.168.1.1:1065 ➝ 173.62.209.11:80
Flows TCP192.168.1.1:1066 ➝ 67.192.237.89:80
Flows TCP192.168.1.1:1067 ➝ 208.104.2.209:80
Flows TCP192.168.1.1:1068 ➝ 24.144.0.51:80
Flows TCP192.168.1.1:1069 ➝ 70.34.34.93:80
Flows TCP192.168.1.1:1070 ➝ 87.102.50.138:80
Flows TCP192.168.1.1:1071 ➝ 212.53.95.124:80
Flows TCP192.168.1.1:1072 ➝ 54.225.145.175:80
Flows TCP192.168.1.1:1073 ➝ 213.165.66.221:80
Flows TCP192.168.1.1:1074 ➝ 50.62.243.1:80
Flows TCP192.168.1.1:1076 ➝ 213.165.66.221:25
Flows TCP192.168.1.1:1077 ➝ 108.162.199.118:80
Flows TCP192.168.1.1:1078 ➝ 66.54.17.31:25
Flows TCP192.168.1.1:1079 ➝ 206.47.72.104:80
Flows TCP192.168.1.1:1080 ➝ 80.125.163.172:25
Flows TCP192.168.1.1:1081 ➝ 216.24.136.226:80
Flows TCP192.168.1.1:1082 ➝ 62.37.237.16:25
Flows TCP192.168.1.1:1083 ➝ 167.127.109.184:25
Flows TCP192.168.1.1:1084 ➝ 5.9.61.148:25
Flows TCP192.168.1.1:1085 ➝ 65.175.128.188:80
Flows TCP192.168.1.1:1086 ➝ 144.160.155.43:80
Flows TCP192.168.1.1:1087 ➝ 67.205.6.250:80
Flows TCP192.168.1.1:1088 ➝ 209.16.121.16:25
Flows TCP192.168.1.1:1089 ➝ 67.205.6.250:80
Flows TCP192.168.1.1:1090 ➝ 206.29.177.10:80
Flows TCP192.168.1.1:1091 ➝ 69.64.147.249:80
Flows TCP192.168.1.1:1092 ➝ 108.162.204.111:80
Flows TCP192.168.1.1:1093 ➝ 195.238.10.70:80
Flows TCP192.168.1.1:1094 ➝ 62.104.23.42:80
Flows TCP192.168.1.1:1095 ➝ 193.118.251.141:80
Flows TCP192.168.1.1:1096 ➝ 5.9.61.148:80
Flows TCP192.168.1.1:1097 ➝ 77.66.26.219:80
Flows TCP192.168.1.1:1098 ➝ 178.79.190.156:80
Flows TCP192.168.1.1:1099 ➝ 162.39.145.20:80
Flows TCP192.168.1.1:1100 ➝ 128.187.16.167:80
Flows TCP192.168.1.1:1101 ➝ 162.39.145.20:80
Flows TCP192.168.1.1:1102 ➝ 70.34.34.93:80
Flows TCP192.168.1.1:1103 ➝ 213.75.28.140:80
Flows TCP192.168.1.1:1104 ➝ 62.44.29.30:80
Flows TCP192.168.1.1:1105 ➝ 62.116.181.25:80
Flows TCP192.168.1.1:1106 ➝ 202.165.102.205:80
Flows TCP192.168.1.1:1107 ➝ 82.71.140.243:80
Flows TCP192.168.1.1:1108 ➝ 75.151.74.38:25
Flows TCP192.168.1.1:1109 ➝ 209.15.13.134:80
Flows TCP192.168.1.1:1110 ➝ 170.37.25.140:80
Flows TCP192.168.1.1:1111 ➝ 184.168.81.139:80
Flows TCP192.168.1.1:1112 ➝ 24.144.0.51:80
Flows TCP192.168.1.1:1113 ➝ 72.13.32.43:80
Flows TCP192.168.1.1:1114 ➝ 192.81.209.94:80
Flows TCP192.168.1.1:1115 ➝ 195.228.152.230:80
Flows TCP192.168.1.1:1116 ➝ 206.47.72.104:80
Flows TCP192.168.1.1:1117 ➝ 70.42.66.70:80
Flows TCP192.168.1.1:1118 ➝ 67.220.92.61:80
Flows TCP192.168.1.1:1119 ➝ 208.47.185.65:80
Flows TCP192.168.1.1:1120 ➝ 192.104.182.209:25
Flows TCP192.168.1.1:1121 ➝ 144.160.155.43:80
Flows TCP192.168.1.1:1122 ➝ 77.66.26.219:25
Flows TCP192.168.1.1:1123 ➝ 212.91.113.39:80
Flows TCP192.168.1.1:1124 ➝ 24.73.102.184:25
Flows TCP192.168.1.1:1125 ➝ 62.44.29.30:25
Flows TCP192.168.1.1:1126 ➝ 216.17.184.1:25
Flows TCP192.168.1.1:1127 ➝ 77.66.26.219:25
Flows TCP192.168.1.1:1130 ➝ 167.127.109.184:80
Flows TCP192.168.1.1:1131 ➝ 66.54.17.31:80
Flows TCP192.168.1.1:1132 ➝ 77.238.178.122:80
Flows TCP192.168.1.1:1133 ➝ 207.69.200.190:80
Flows TCP192.168.1.1:1134 ➝ 209.15.13.134:80
Flows TCP192.168.1.1:1135 ➝ 192.118.82.157:80
Flows TCP192.168.1.1:1136 ➝ 202.27.184.102:80
Flows TCP192.168.1.1:1138 ➝ 167.127.109.184:25
Flows TCP192.168.1.1:1139 ➝ 54.225.145.175:80

Raw Pcap

Strings