Analysis Date2015-11-18 01:59:33
MD529c5f34541fdbabe403f9268958765ce
SHA1b681c9605467452a41482976cc5527cb6feaed53

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 2d9667f06202737a8e43cc4d94a6d4ea sha1: 3ce1da1a669af1838f18bab72632d1b9c6ae97be size: 60928
Section.rdata md5: e268175816eb0a93053e605d11ce50c4 sha1: 35037d382d3a99691da1a365ec42d9f1c35cb9a2 size: 12800
Section.data md5: d3573e69d64073c52b5b090f45bc7d48 sha1: 0eeff4fa9cf8088c0cdb02f2911eaa060c4acc98 size: 6144
Section.rsrc md5: fdc6c4f169d599bb702c2cfe8865b7ee sha1: c3c3e3e192271181f305ad72bd189a188b68e6a9 size: 457216
Timestamp2015-02-01 14:37:41
VersionLegalCopyright: Copyright © 2013
Assembly Version: 0.8.1.49
InternalName: Snippets.exe
FileVersion: 0.8.1.49
CompanyName: Snippets
ProductName: Snippets
ProductVersion: 0.8.1
FileDescription: Snippets
OriginalFilename: Snippets.exe
PackerMicrosoft Visual C++ ?.?
PEhasha0e9afc2cb9cc0bcef560abca79c181debb6fce9
IMPhash8e236fd15d2f61b2fdd250fc42de55c6
AVF-SecureTrojan.Lethic.Gen.1
AVAuthentiumW32/Rovnix.A.gen!Eldorado
AVMalwareBytesTrojan.Agent.0BGen
AVDr. WebTrojan.Packed.18626
AVGrisoft (avg)Crypt3.BXSF
AVMalwareBytesTrojan.Agent.0BGen
AVEset (nod32)Win32/Kryptik.CWZM
AVMicroWorld (escan)Trojan.Lethic.Gen.1
AVTrend Microno_virus
AVClamAVWin.Trojan.Agent-954719
AVAd-AwareTrojan.Lethic.Gen.1
AVEset (nod32)Win32/Kryptik.CWZM
AVBitDefenderTrojan.Lethic.Gen.1
AVMicroWorld (escan)Trojan.Lethic.Gen.1
AVAvira (antivir)TR/Crypt.ZPACK.125365
AVAlwil (avast)Dropper-gen [Drp]
AVFortinetW32/Injector.CBUB!tr
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.GF
AVIkarusTrojan.Win32.Crypt
AVKasperskyTrojan.Win32.Generic
AVVirusBlokAda (vba32)SScope.Trojan.Agent.2315
AVArcabit (arcavir)Trojan.Lethic.Gen.1
AVMcafeeGenericR-EGI!29C5F34541FD
AVTwisterTrojan.Generic.dmog
AVAvira (antivir)TR/Crypt.ZPACK.125365
AVAlwil (avast)Dropper-gen [Drp]
AVSymantecTrojan.Asprox.B
AVFortinetW32/Injector.CBUB!tr
AVK7Trojan ( 004b4d981 )
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.GF
AVRisingno_virus
AVMcafeeGenericR-EGI!29C5F34541FD
AVTwisterTrojan.Generic.dmog
AVAd-AwareTrojan.Lethic.Gen.1
AVGrisoft (avg)Crypt3.BXSF
AVSymantecTrojan.Asprox.B
AVBitDefenderTrojan.Lethic.Gen.1
AVK7Trojan ( 004b4d981 )
AVAuthentiumW32/Rovnix.A.gen!Eldorado
AVFrisk (f-prot)no_virus
AVEmsisoftTrojan.Lethic.Gen.1
AVZillya!Trojan.Foreign.Win32.48757
AVCAT (quickheal)TrojanRansom.Crowti.MUE.A4
AVPadvishno_virus
AVBullGuardTrojan.Lethic.Gen.1
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\2.tmp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\2.tmp

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\2.tmp

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp

Creates FileC:\WINDOWS\FrameworkUpdate\Update.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\\\xe9\\xfa\\xbd\\xe9\\xce\\x92\\xe9\\xe7\\x93\\xe8\\xa6\\x9c
Creates Mutex_HSJ909NJJNJ90203_
Creates ServiceEnables the detection, download and installation of updates for Windows. - C:\WINDOWS\FrameworkUpdate\Update.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Processvssadmin.exe Delete Shadows /All /Quiet
Creates Process-k netsvcs

Process
↳ C:\WINDOWS\FrameworkUpdate\Update.exe

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNS5.199.165.160
Winsock DNSfleep.com
Winsock DNSevidentis.tv
Winsock DNStgp.com.my
Winsock DNSddiss.com
Winsock DNSformagrafic.com
Winsock DNStgp.my
Winsock DNSlensprojapan.com
Winsock DNSnaomis-kitchen.com
Winsock DNSterreal.com.my
Winsock DNSaquionics.net
Winsock DNS173.230.130.167
Winsock DNSandyknife.com
Winsock DNSfleep.jp
Winsock DNScurlmyip.com
Winsock DNSblessedcode.net
Winsock DNSfutbolenelbar.com
Winsock DNSentramuntanats.org
Winsock DNSamaru.me
Winsock DNSmacrobiotics-japan.com
Winsock DNSkslcity.com.my
Winsock DNS94.247.28.29
Winsock DNSfleep.net
Winsock DNS91.121.12.127
Winsock DNSmyexternalip.com
Winsock DNSmlmsoftware.com.my
Winsock DNSlacubana.es
Winsock DNSip-addr.es

Process
↳ Pid 808

Process
↳ Pid 856

Process
↳ C:\WINDOWS\System32\svchost.exe

Process
↳ Pid 1116

Process
↳ Pid 1212

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates FileWMIDataDevice

Process
↳ Pid 1884

Process
↳ Pid 1164

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSlensprojapan.com
Type: A
204.11.56.48
DNSandyknife.com
Type: A
95.215.62.77
DNSfleep.jp
Type: A
219.94.235.33
DNSmacrobiotics-japan.com
Type: A
219.94.235.33
DNSkslcity.com.my
Type: A
103.18.247.250
DNSformagrafic.com
Type: A
95.215.62.77
DNSddiss.com
Type: A
54.175.122.20
DNSfleep.com
Type: A
219.94.235.33
DNSaquionics.net
Type: A
103.18.247.250
DNSentramuntanats.org
Type: A
95.215.62.77
DNStgp.my
Type: A
103.18.247.250
DNStgp.com.my
Type: A
103.18.247.250
DNSterreal.com.my
Type: A
103.18.247.250
DNSfleep.net
Type: A
219.94.235.33
DNSlacubana.es
Type: A
95.215.62.77
DNSmlmsoftware.com.my
Type: A
43.252.215.197
DNSfutbolenelbar.com
Type: A
95.215.62.77
DNSnaomis-kitchen.com
Type: A
DNSblessedcode.net
Type: A
DNSamaru.me
Type: A
DNSevidentis.tv
Type: A
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://lensprojapan.com:8081/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://andyknife.com:65535/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fleep.jp:65535/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://macrobiotics-japan.com:65535/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://94.247.28.29:8080/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://5.199.165.160:2525/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://kslcity.com.my:2525/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://formagrafic.com:8585/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://91.121.12.127:81/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ddiss.com:8585/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://173.230.130.167:8080/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fleep.com:8081/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://aquionics.net:2525/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://entramuntanats.org:65535/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tgp.my:65535/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tgp.com.my:65535/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://terreal.com.my:65535/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fleep.net:65535/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://lacubana.es:8585/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mlmsoftware.com.my:65535/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://futbolenelbar.com:65535/mzk9s2wkep6ie2t
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://lensprojapan.com:8081/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://andyknife.com:65535/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fleep.jp:65535/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://macrobiotics-japan.com:65535/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://94.247.28.29:8080/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://5.199.165.160:2525/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://kslcity.com.my:2525/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://formagrafic.com:8585/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://91.121.12.127:81/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ddiss.com:8585/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://173.230.130.167:8080/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fleep.com:8081/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://aquionics.net:2525/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://entramuntanats.org:65535/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tgp.my:65535/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tgp.com.my:65535/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://terreal.com.my:65535/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fleep.net:65535/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://lacubana.es:8585/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mlmsoftware.com.my:65535/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://futbolenelbar.com:65535/e5dtqn71zgv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://lensprojapan.com:8081/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://andyknife.com:65535/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fleep.jp:65535/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://macrobiotics-japan.com:65535/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://94.247.28.29:8080/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://5.199.165.160:2525/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://kslcity.com.my:2525/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://formagrafic.com:8585/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://91.121.12.127:81/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ddiss.com:8585/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://173.230.130.167:8080/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fleep.com:8081/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://aquionics.net:2525/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://entramuntanats.org:65535/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tgp.my:65535/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tgp.com.my:65535/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://terreal.com.my:65535/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fleep.net:65535/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://lacubana.es:8585/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mlmsoftware.com.my:65535/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://futbolenelbar.com:65535/9n978aydmouru
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1034 ➝ 204.11.56.48:8081
Flows TCP192.168.1.1:1035 ➝ 95.215.62.77:65535
Flows TCP192.168.1.1:1036 ➝ 219.94.235.33:65535
Flows TCP192.168.1.1:1037 ➝ 219.94.235.33:65535
Flows TCP192.168.1.1:1038 ➝ 94.247.28.29:8080
Flows TCP192.168.1.1:1039 ➝ 5.199.165.160:2525
Flows TCP192.168.1.1:1040 ➝ 103.18.247.250:2525
Flows TCP192.168.1.1:1041 ➝ 95.215.62.77:8585
Flows TCP192.168.1.1:1042 ➝ 91.121.12.127:81
Flows TCP192.168.1.1:1043 ➝ 54.175.122.20:8585
Flows TCP192.168.1.1:1044 ➝ 173.230.130.167:8080
Flows TCP192.168.1.1:1045 ➝ 219.94.235.33:8081
Flows TCP192.168.1.1:1046 ➝ 103.18.247.250:2525
Flows TCP192.168.1.1:1047 ➝ 95.215.62.77:65535
Flows TCP192.168.1.1:1048 ➝ 103.18.247.250:65535
Flows TCP192.168.1.1:1049 ➝ 103.18.247.250:65535
Flows TCP192.168.1.1:1050 ➝ 103.18.247.250:65535
Flows TCP192.168.1.1:1051 ➝ 219.94.235.33:65535
Flows TCP192.168.1.1:1052 ➝ 95.215.62.77:8585
Flows TCP192.168.1.1:1053 ➝ 43.252.215.197:65535
Flows TCP192.168.1.1:1054 ➝ 95.215.62.77:65535
Flows TCP192.168.1.1:1055 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1056 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1057 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1058 ➝ 204.11.56.48:8081
Flows TCP192.168.1.1:1059 ➝ 95.215.62.77:65535
Flows TCP192.168.1.1:1060 ➝ 219.94.235.33:65535
Flows TCP192.168.1.1:1061 ➝ 219.94.235.33:65535
Flows TCP192.168.1.1:1062 ➝ 94.247.28.29:8080
Flows TCP192.168.1.1:1063 ➝ 5.199.165.160:2525
Flows TCP192.168.1.1:1064 ➝ 103.18.247.250:2525
Flows TCP192.168.1.1:1065 ➝ 95.215.62.77:8585
Flows TCP192.168.1.1:1066 ➝ 91.121.12.127:81
Flows TCP192.168.1.1:1067 ➝ 54.175.122.20:8585
Flows TCP192.168.1.1:1068 ➝ 173.230.130.167:8080
Flows TCP192.168.1.1:1069 ➝ 219.94.235.33:8081
Flows TCP192.168.1.1:1070 ➝ 103.18.247.250:2525
Flows TCP192.168.1.1:1071 ➝ 95.215.62.77:65535
Flows TCP192.168.1.1:1072 ➝ 103.18.247.250:65535
Flows TCP192.168.1.1:1073 ➝ 103.18.247.250:65535
Flows TCP192.168.1.1:1074 ➝ 103.18.247.250:65535
Flows TCP192.168.1.1:1075 ➝ 219.94.235.33:65535
Flows TCP192.168.1.1:1076 ➝ 95.215.62.77:8585
Flows TCP192.168.1.1:1077 ➝ 43.252.215.197:65535
Flows TCP192.168.1.1:1078 ➝ 95.215.62.77:65535
Flows TCP192.168.1.1:1079 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1080 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1081 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1082 ➝ 204.11.56.48:8081
Flows TCP192.168.1.1:1083 ➝ 95.215.62.77:65535
Flows TCP192.168.1.1:1084 ➝ 219.94.235.33:65535
Flows TCP192.168.1.1:1085 ➝ 219.94.235.33:65535
Flows TCP192.168.1.1:1086 ➝ 94.247.28.29:8080
Flows TCP192.168.1.1:1087 ➝ 5.199.165.160:2525
Flows TCP192.168.1.1:1088 ➝ 103.18.247.250:2525
Flows TCP192.168.1.1:1089 ➝ 95.215.62.77:8585
Flows TCP192.168.1.1:1090 ➝ 91.121.12.127:81
Flows TCP192.168.1.1:1091 ➝ 54.175.122.20:8585
Flows TCP192.168.1.1:1092 ➝ 173.230.130.167:8080
Flows TCP192.168.1.1:1093 ➝ 219.94.235.33:8081
Flows TCP192.168.1.1:1094 ➝ 103.18.247.250:2525
Flows TCP192.168.1.1:1095 ➝ 95.215.62.77:65535
Flows TCP192.168.1.1:1096 ➝ 103.18.247.250:65535
Flows TCP192.168.1.1:1097 ➝ 103.18.247.250:65535
Flows TCP192.168.1.1:1098 ➝ 103.18.247.250:65535
Flows TCP192.168.1.1:1099 ➝ 219.94.235.33:65535
Flows TCP192.168.1.1:1100 ➝ 95.215.62.77:8585
Flows TCP192.168.1.1:1101 ➝ 43.252.215.197:65535
Flows TCP192.168.1.1:1102 ➝ 95.215.62.77:65535

Raw Pcap

Strings