Analysis Date2015-11-05 10:00:33
MD5365649a8ce12b2c477281bca182fac96
SHA1c552d79db750981674a1c90273350255f78c4636

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: be72e37622bb608af3da716c88f3b774 sha1: 60618368b424b0fd369035491677a3c790f73c8f size: 61440
Section.rsrc md5: 6a2a44ee53d7612c991991166dedaef1 sha1: b802d2a548e7857373928ab3fa4ce132a3d1c546 size: 1536
Timestamp2013-01-31 10:16:54
VersionLegalCopyright:
InternalName:
FileVersion: 1, 0, 3, 131
CompanyName: svchost
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: svchost.exe
SpecialBuild:
ProductVersion: 0, 0, 0, 0
FileDescription: svchost
OriginalFilename:
PackerUPX -> www.upx.sourceforge.net
PEhash18a76b38f2f6f539076104ee9fdf8ef582876290
IMPhashaa6e1a29b844e068c356186882706542
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)TR/Crypt.FKM.Gen
AVTwisterTrojan.6E67CF105F085553
AVAd-AwareGen:Win32.ExplorerHijack.dmKfaCHenBdb
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/TrojanDownloader.Agent.RFS
AVGrisoft (avg)Downloader.Generic13.ADQY
AVSymantecno_virus
AVFortinetW32/Agent.RFS!tr.dldr
AVBitDefenderGen:Win32.ExplorerHijack.dmKfaCHenBdb
AVK7Backdoor ( 04c511261 )
AVMicrosoft Security EssentialsTrojan:Win32/AgentBypass.gen!G
AVMicroWorld (escan)Gen:Win32.ExplorerHijack.dmKfaCHenBdb
AVMalwareBytesTrojan.Dropper
AVAuthentiumW32/Trojan.ZEQK-3574
AVFrisk (f-prot)no_virus
AVIkarusPUA.Zzinfor
AVEmsisoftGen:Win32.ExplorerHijack.dmKfaCHenBdb
AVZillya!Downloader.Agent.Win32.167786
AVKasperskyTrojan.Win32.Generic
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Win32.ExplorerHijack.dmKfaCHenBdb
AVArcabit (arcavir)Gen:Win32.ExplorerHijack.dmKfaCHenBdb
AVClamAVno_virus
AVDr. WebTrojan.Carberp.1022
AVF-SecureGen:Win32.ExplorerHijack.dmKfaCHenBdb

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Process
↳ C:\WINDOWS\Explorer.EXE

RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
NULL

Network Details:

DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.21
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.22
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.235.201
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.237.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.2
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.3
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.5
DNS1st.ecoma.ourwebpic.com
Type: A
8.37.236.6
DNS1st.ecoma.ourwebpic.com
Type: A
220.243.234.20
DNSplus.soomeng.com
Type: A
DNSplus.zzinfor.cn
Type: A
DNSplus.icafeads.com
Type: A
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.soomeng.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.zzinfor.cn/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
HTTP GEThttp://plus.icafeads.com/plus/cfg/394324270.1.bin?ver=3.131&lip=192.168.1.2&mac=XXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;)
Flows TCP192.168.1.1:1031 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1032 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1033 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1034 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1035 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1036 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1037 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1038 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1039 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1040 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1041 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1042 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1043 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1044 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1045 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1046 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1047 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1048 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1049 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1050 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1051 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1052 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1053 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1054 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1055 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1056 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1057 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1058 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1059 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1060 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1061 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1062 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1063 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1064 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1065 ➝ 220.243.235.201:80
Flows TCP192.168.1.1:1066 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1067 ➝ 220.243.234.21:80
Flows TCP192.168.1.1:1068 ➝ 220.243.234.20:80
Flows TCP192.168.1.1:1069 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1070 ➝ 220.243.234.21:80
Flows TCP192.168.1.1:1071 ➝ 220.243.234.20:80
Flows TCP192.168.1.1:1072 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1073 ➝ 220.243.234.21:80
Flows TCP192.168.1.1:1074 ➝ 220.243.234.20:80
Flows TCP192.168.1.1:1075 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1076 ➝ 220.243.234.21:80
Flows TCP192.168.1.1:1077 ➝ 220.243.234.20:80
Flows TCP192.168.1.1:1078 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1079 ➝ 220.243.234.21:80
Flows TCP192.168.1.1:1080 ➝ 220.243.234.20:80
Flows TCP192.168.1.1:1081 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1082 ➝ 220.243.234.21:80
Flows TCP192.168.1.1:1083 ➝ 220.243.234.20:80
Flows TCP192.168.1.1:1084 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1085 ➝ 8.37.236.6:80
Flows TCP192.168.1.1:1086 ➝ 8.37.236.5:80
Flows TCP192.168.1.1:1087 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1088 ➝ 8.37.236.6:80
Flows TCP192.168.1.1:1089 ➝ 8.37.236.5:80
Flows TCP192.168.1.1:1090 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1091 ➝ 8.37.236.6:80
Flows TCP192.168.1.1:1092 ➝ 8.37.236.5:80
Flows TCP192.168.1.1:1093 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1094 ➝ 8.37.236.6:80
Flows TCP192.168.1.1:1095 ➝ 8.37.236.5:80
Flows TCP192.168.1.1:1096 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1097 ➝ 8.37.236.2:80
Flows TCP192.168.1.1:1098 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1099 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1100 ➝ 8.37.236.2:80
Flows TCP192.168.1.1:1101 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1102 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1103 ➝ 8.37.236.2:80
Flows TCP192.168.1.1:1104 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1105 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1106 ➝ 8.37.236.2:80
Flows TCP192.168.1.1:1107 ➝ 220.243.237.3:80
Flows TCP192.168.1.1:1108 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1109 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1110 ➝ 220.243.234.21:80
Flows TCP192.168.1.1:1111 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1112 ➝ 220.243.234.22:80
Flows TCP192.168.1.1:1113 ➝ 220.243.234.21:80
Flows TCP192.168.1.1:1114 ➝ 220.243.234.22:80

Raw Pcap

Strings