Analysis Date2015-11-18 07:58:31
MD5645ae430c546a5bf42a8089491c855ce
SHA16ea59d2db32fd8f655741705f2db5ee807430fcd

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5a55c8ee1f7dfb2b0fdc9eb046f18d58 sha1: 6b45fc7c87ee806343687398fb778bc3f9d3fe17 size: 75264
Section.rdata md5: 193a4d77c8ab808fc1730d7e1132c9bd sha1: 4683da437b6d0e73549d06af2a2bbc7f0bea3d6b size: 15360
Section.data md5: 7f91ddc90bd5893489916db38b56b9a4 sha1: 702de3c451a21b5296c766b99ee34ac4f333475d size: 6144
Section.rsrc md5: 6549e609f4c9dc03b2128ccc70d6b078 sha1: 5edf96197d11343bbce1592133350c5d5595becb size: 237568
Timestamp2015-02-03 14:48:18
VersionLegalCopyright: Copyright (C) Bee 2007-2013
Legal Trademarks: Bee
Internal Name: Judge.exe
CompanyName: Thou perfectly reader - www.Bee.com
ProductName: Bee
Original Filename: Judge.exe
ProductVersion: 3.0
FileDescription: Refer lack operation
FileVersion: 1.0.0.1
PackerMicrosoft Visual C++ ?.?
PEhashd0bad0abe66e38e238c09ef51e00007eff765116
IMPhash7ff6c5166f388f61982d1991d4b86acd
AVF-SecureTrojan.Lethic.Gen.1
AVAuthentiumW32/Rovnix.A.gen!Eldorado
AVMalwareBytesTrojan.Agent.DED
AVDr. WebTrojan.DownLoad3.35619
AVGrisoft (avg)Crypt3.BYLA
AVMalwareBytesTrojan.Agent.DED
AVEset (nod32)Win32/Kryptik.CXFI
AVMicroWorld (escan)Trojan.Lethic.Gen.1
AVTrend Microno_virus
AVClamAVno_virus
AVAd-AwareTrojan.Lethic.Gen.1
AVEset (nod32)Win32/Kryptik.CXFI
AVBitDefenderTrojan.Lethic.Gen.1
AVMicroWorld (escan)Trojan.Lethic.Gen.1
AVAvira (antivir)TR/Crypt.ZPACK.66183
AVAlwil (avast)Androp [Drp]
AVFortinetW32/Kryptik.CXBS!tr
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVIkarusTrojan.Win32.Crypt
AVKasperskyTrojan.Win32.Generic
AVVirusBlokAda (vba32)Hoax.Foreign
AVArcabit (arcavir)Trojan.Lethic.Gen.1
AVMcafeeGeneric-FAVZ!645AE430C546
AVTwisterno_virus
AVAvira (antivir)TR/Crypt.ZPACK.66183
AVAlwil (avast)Androp [Drp]
AVSymantecTrojan.Gen
AVFortinetW32/Kryptik.CXBS!tr
AVK7Trojan ( 004b4f5c1 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVRisingno_virus
AVMcafeeGeneric-FAVZ!645AE430C546
AVTwisterno_virus
AVAd-AwareTrojan.Lethic.Gen.1
AVGrisoft (avg)Crypt3.BYLA
AVSymantecTrojan.Gen
AVBitDefenderTrojan.Lethic.Gen.1
AVK7Trojan ( 004b4f5c1 )
AVAuthentiumW32/Rovnix.A.gen!Eldorado
AVFrisk (f-prot)no_virus
AVEmsisoftTrojan.Lethic.Gen.1
AVZillya!Trojan.Cryptodef.Win32.280
AVCAT (quickheal)TrojanRansom.Crowti.MUE.A4
AVPadvishno_virus
AVBullGuardTrojan.Lethic.Gen.1
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\4.tmp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\4.tmp

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\4.tmp

Creates ProcessC:\WINDOWS\system32\msiexec.exe
Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Processvssadmin.exe Delete Shadows /All /Quiet
Creates Process-k netsvcs

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint

Process
↳ C:\WINDOWS\system32\msiexec.exe

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSmail.acquamarina.biz
Winsock DNSfermomia.it
Winsock DNSmail.barcausata.net
Winsock DNSbihartbass.org
Winsock DNS173.230.130.167
Winsock DNSshaktisudha.com
Winsock DNScurlmyip.com
Winsock DNSblessedcode.net
Winsock DNSpratikconsultancy.com
Winsock DNS94.247.28.29
Winsock DNSmail.ecobabybuys.com
Winsock DNS91.121.12.127
Winsock DNSmail.citta-futura.com
Winsock DNSbceceboard.com
Winsock DNSmyexternalip.com
Winsock DNSasthalproperties.com
Winsock DNSip-addr.es
Winsock DNSaffitti-studenti.it

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSpratikconsultancy.com
Type: A
76.72.167.140
DNSmail.ecobabybuys.com
Type: A
50.63.202.104
DNSshaktisudha.com
Type: A
76.72.167.139
DNSbihartbass.org
Type: A
76.72.167.139
DNSfermomia.it
Type: A
37.59.49.102
DNSmail.citta-futura.com
Type: A
37.59.49.102
DNSmail.acquamarina.biz
Type: A
37.59.49.102
DNSbceceboard.com
Type: A
76.72.167.141
DNSaffitti-studenti.it
Type: A
94.23.70.88
DNSasthalproperties.com
Type: A
76.72.167.139
DNSmail.barcausata.net
Type: A
DNSblessedcode.net
Type: A
DNSeurope.pool.ntp.org
Type: A
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://94.247.28.29:8080/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://pratikconsultancy.com:8080/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://91.121.12.127:81/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.ecobabybuys.com:3737/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://shaktisudha.com:2525/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bihartbass.org:2222/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fermomia.it:2025/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.citta-futura.com:8080/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://173.230.130.167:8080/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.acquamarina.biz:2525/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bceceboard.com:2525/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://affitti-studenti.it:2625/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://asthalproperties.com:4444/20e60z0h1om0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://94.247.28.29:8080/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://pratikconsultancy.com:8080/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://91.121.12.127:81/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.ecobabybuys.com:3737/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://shaktisudha.com:2525/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bihartbass.org:2222/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fermomia.it:2025/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.citta-futura.com:8080/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://173.230.130.167:8080/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.acquamarina.biz:2525/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bceceboard.com:2525/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://affitti-studenti.it:2625/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://asthalproperties.com:4444/y4psefghfvh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://94.247.28.29:8080/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://pratikconsultancy.com:8080/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://91.121.12.127:81/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.ecobabybuys.com:3737/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://shaktisudha.com:2525/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bihartbass.org:2222/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fermomia.it:2025/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.citta-futura.com:8080/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://173.230.130.167:8080/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.acquamarina.biz:2525/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bceceboard.com:2525/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://affitti-studenti.it:2625/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://asthalproperties.com:4444/fpihtn7ghur9u1h
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://94.247.28.29:8080/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://pratikconsultancy.com:8080/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://91.121.12.127:81/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.ecobabybuys.com:3737/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://shaktisudha.com:2525/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bihartbass.org:2222/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fermomia.it:2025/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.citta-futura.com:8080/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://173.230.130.167:8080/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.acquamarina.biz:2525/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bceceboard.com:2525/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://affitti-studenti.it:2625/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://asthalproperties.com:4444/kdobplvlduj1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://94.247.28.29:8080/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://pratikconsultancy.com:8080/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://91.121.12.127:81/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.ecobabybuys.com:3737/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://shaktisudha.com:2525/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bihartbass.org:2222/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fermomia.it:2025/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.citta-futura.com:8080/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://173.230.130.167:8080/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mail.acquamarina.biz:2525/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bceceboard.com:2525/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://affitti-studenti.it:2625/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://asthalproperties.com:4444/1gw6gpl7j22w1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1034 ➝ 94.247.28.29:8080
Flows TCP192.168.1.1:1035 ➝ 76.72.167.140:8080
Flows TCP192.168.1.1:1036 ➝ 91.121.12.127:81
Flows TCP192.168.1.1:1037 ➝ 50.63.202.104:3737
Flows TCP192.168.1.1:1038 ➝ 76.72.167.139:2525
Flows TCP192.168.1.1:1039 ➝ 76.72.167.139:2222
Flows TCP192.168.1.1:1040 ➝ 37.59.49.102:2025
Flows TCP192.168.1.1:1041 ➝ 37.59.49.102:8080
Flows TCP192.168.1.1:1042 ➝ 173.230.130.167:8080
Flows TCP192.168.1.1:1043 ➝ 37.59.49.102:2525
Flows TCP192.168.1.1:1044 ➝ 76.72.167.141:2525
Flows TCP192.168.1.1:1045 ➝ 94.23.70.88:2625
Flows TCP192.168.1.1:1046 ➝ 76.72.167.139:4444
Flows TCP192.168.1.1:1047 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1048 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1049 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1050 ➝ 94.247.28.29:8080
Flows TCP192.168.1.1:1051 ➝ 76.72.167.140:8080
Flows TCP192.168.1.1:1052 ➝ 91.121.12.127:81
Flows TCP192.168.1.1:1053 ➝ 50.63.202.104:3737
Flows TCP192.168.1.1:1054 ➝ 76.72.167.139:2525
Flows TCP192.168.1.1:1055 ➝ 76.72.167.139:2222
Flows TCP192.168.1.1:1056 ➝ 37.59.49.102:2025
Flows TCP192.168.1.1:1057 ➝ 37.59.49.102:8080
Flows TCP192.168.1.1:1058 ➝ 173.230.130.167:8080
Flows TCP192.168.1.1:1059 ➝ 37.59.49.102:2525
Flows TCP192.168.1.1:1060 ➝ 76.72.167.141:2525
Flows TCP192.168.1.1:1061 ➝ 94.23.70.88:2625
Flows TCP192.168.1.1:1062 ➝ 76.72.167.139:4444
Flows TCP192.168.1.1:1063 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1064 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1065 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1066 ➝ 94.247.28.29:8080
Flows TCP192.168.1.1:1067 ➝ 76.72.167.140:8080
Flows TCP192.168.1.1:1068 ➝ 91.121.12.127:81
Flows TCP192.168.1.1:1069 ➝ 50.63.202.104:3737
Flows TCP192.168.1.1:1070 ➝ 76.72.167.139:2525
Flows TCP192.168.1.1:1071 ➝ 76.72.167.139:2222
Flows TCP192.168.1.1:1072 ➝ 37.59.49.102:2025
Flows TCP192.168.1.1:1073 ➝ 37.59.49.102:8080
Flows TCP192.168.1.1:1074 ➝ 173.230.130.167:8080
Flows TCP192.168.1.1:1075 ➝ 37.59.49.102:2525
Flows TCP192.168.1.1:1076 ➝ 76.72.167.141:2525
Flows TCP192.168.1.1:1077 ➝ 94.23.70.88:2625
Flows TCP192.168.1.1:1078 ➝ 76.72.167.139:4444
Flows TCP192.168.1.1:1079 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1080 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1081 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1082 ➝ 94.247.28.29:8080
Flows TCP192.168.1.1:1083 ➝ 76.72.167.140:8080
Flows TCP192.168.1.1:1084 ➝ 91.121.12.127:81
Flows TCP192.168.1.1:1085 ➝ 50.63.202.104:3737
Flows TCP192.168.1.1:1086 ➝ 76.72.167.139:2525
Flows TCP192.168.1.1:1087 ➝ 76.72.167.139:2222
Flows TCP192.168.1.1:1088 ➝ 37.59.49.102:2025
Flows TCP192.168.1.1:1089 ➝ 37.59.49.102:8080
Flows TCP192.168.1.1:1090 ➝ 173.230.130.167:8080
Flows TCP192.168.1.1:1091 ➝ 37.59.49.102:2525
Flows TCP192.168.1.1:1092 ➝ 76.72.167.141:2525
Flows TCP192.168.1.1:1093 ➝ 94.23.70.88:2625
Flows TCP192.168.1.1:1094 ➝ 76.72.167.139:4444
Flows TCP192.168.1.1:1095 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1096 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1097 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1098 ➝ 94.247.28.29:8080
Flows TCP192.168.1.1:1099 ➝ 76.72.167.140:8080
Flows TCP192.168.1.1:1100 ➝ 91.121.12.127:81
Flows TCP192.168.1.1:1101 ➝ 50.63.202.104:3737
Flows UDP192.168.1.1:1102 ➝ 8.8.4.4:53
Flows TCP192.168.1.1:1103 ➝ 76.72.167.139:2525
Flows TCP192.168.1.1:1104 ➝ 76.72.167.139:2222
Flows TCP192.168.1.1:1105 ➝ 37.59.49.102:2025
Flows TCP192.168.1.1:1106 ➝ 37.59.49.102:8080
Flows TCP192.168.1.1:1107 ➝ 173.230.130.167:8080
Flows TCP192.168.1.1:1108 ➝ 37.59.49.102:2525
Flows TCP192.168.1.1:1109 ➝ 76.72.167.141:2525
Flows TCP192.168.1.1:1110 ➝ 94.23.70.88:2625
Flows TCP192.168.1.1:1111 ➝ 76.72.167.139:4444

Raw Pcap

Strings