Analysis Date2013-07-17 11:16:45
MD58c6bbf77905ee120241de74e80bb3840
SHA1d55b039ad73e6bfddf85715748806aa336da585b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d8db9915c076fd4eb0b8bc955335e502 sha1: 2b65f5320d28b7dde8317a2e10f4c71be6ce1cde size: 1024
Section.rdata md5: 767b698805487e74c147d508833089be sha1: 34dfccae1fcadeabfa26c2b212dd21e172914996 size: 512
Section.data md5: f2cb642557dbf40a7639facc4bbd393e sha1: 589c9359c5dc9b37557d39ba365acefc95505758 size: 512
Section.rsrc md5: 94a8bb3c62d308c62762e6d09fdd788d sha1: f5a689176e169c340baacab70be73ecbe718317d size: 43008
Section.reloc md5: 2348d91287beade643c94e5eb400396f sha1: dd79fc15f82a688ab36006f2ed21627739469ad5 size: 512
Timestamp2005-04-01 04:04:30
VersionLegalCopyright: Copyright (C) 2000
InternalName: MPDRing
FileVersion: 1, 0, 0, 1
CompanyName:
LegalTrademarks:
ProductName: MPDRing Application
ProductVersion: 1, 0, 0, 1
FileDescription: MPDRing MFC Application
OriginalFilename: MPDRing.EXE
PackerPE Diminisher v0.1
PEhashb6f736b5a532834c10f95db6cde997f166609732
AVmsseVirTool:Win32/Obfuscator.AHU

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\zaxwamyffuwy ➝
C:\Documents and Settings\Administrator\zaxwamyffuwy.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\badactor[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\gmx[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\caramail[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\ricochet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\job-index[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\comcast[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\soccer[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\shtandvare[1].htm
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\juno[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\aol[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\air-internet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\genesys[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\gallatinriver[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\clarksville[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\cmich[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\micron[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\ciudad.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\cocmast[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\t-mobel[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\cableone[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\collegeclub[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\birds[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\cablelan[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\picsnet[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\comcast[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\free[1].htm
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\juno[1].htm
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\idea[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\nifty.ne[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\excite[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\flemingc.on[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\telus[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\agilent[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tiscali[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\nordnet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\netsync[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\skynet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\sirius[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\willinet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\picsnet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\markbrent[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\motivators[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\vampirefreaks[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\tartarus.uwa.edu[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\o2[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\terra[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\walmart[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\comcast[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\tylerknott[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\cmich[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\citigroup[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\sympatico[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\picsnet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\ia.telecom[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\excite[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\knology[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\reihtec[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\mchsi[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\netscape[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\sky[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\spray[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\ciudad.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\rowdee[1].htm
Creates FileC:\Documents and Settings\Administrator\zaxwamyffuwy.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\centrum[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\allstate[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\trib[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\hotmiail[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\naver[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\metrocast[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\vampirefreaks[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\t-mobel[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\orst[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\a-znet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\telus[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tigers-net[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\markbrent[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\terra[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\lyuchta[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\mailshell[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\zeelandnet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\vodafone[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\cancun.com[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\t-mobel[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\vampirefreaks[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\picsnet[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\juno[1].htm
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexzaxwamyffuwy
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSreihtec.com
Winsock DNScancun.com.mx
Winsock DNSjuno.net
Winsock DNSmotivators.com
Winsock DNSbirds.com
Winsock DNSorst.edu
Winsock DNSmarkbrent.com
Winsock DNSnetsync.net
Winsock DNSschoolsports.com
Winsock DNSlyuchta.org
Winsock DNSjob-index.ch
Winsock DNStylerknott.com
Winsock DNScocmast.net
Winsock DNSagilent.com
Winsock DNSnifty.ne.jp
Winsock DNSgenesys.com
Winsock DNStigers-net.com
Winsock DNSterra.cl
Winsock DNScollegeclub.com
Winsock DNSvampirefreaks.com
Winsock DNScomcast.com
Winsock DNSciudad.com.ar
Winsock DNScentrum.cz
Winsock DNSsoccer.com
Winsock DNSt-mobel.com
Winsock DNSknology.net
Winsock DNSskynet.be
Winsock DNSrowdee.com
Winsock DNSasteriks.be
Winsock DNScablelan.net
Winsock DNSnaver.com
Winsock DNSclarksville.com
Winsock DNShotmiail.com
Winsock DNScomcast.net
Winsock DNSmailshell.com
Winsock DNScmich.edu
Winsock DNSnetscape.net
Winsock DNScableone.net
Winsock DNScaramail.com
Winsock DNStelus.net
Winsock DNSwalmart.com
Winsock DNSmetrocast.net
Winsock DNSwillinet.net
Winsock DNSgmx.com
Winsock DNSshtandvare.com
Winsock DNSterra.com
Winsock DNSsirius.com
Winsock DNSexcite.fr
Winsock DNScitigroup.com
Winsock DNSmchsi.com
Winsock DNSsky.com
Winsock DNSneobright.net
Winsock DNSia.telecom.net
Winsock DNStiscali.it
Winsock DNSgallatinriver.net
Winsock DNSair-internet.com
Winsock DNSspray.se
Winsock DNSmicron.net
Winsock DNSsympatico.ca
Winsock DNSo2.pl
Winsock DNSfree.fr
Winsock DNSnordnet.fr
Winsock DNSallstate.com
Winsock DNSidea.com
Winsock DNStartarus.uwa.edu.au
Winsock DNSa-znet.com
Winsock DNSvodafone.com
Winsock DNSricochet.com
Winsock DNSaol.de
Winsock DNSzeelandnet.nl
Winsock DNStrib.com
Winsock DNSflemingc.on.ca
Winsock DNSpicsnet.com
Winsock DNSbadactor.us

Network Details:

DNSconnections-etc.net
Type: A
162.39.145.20
DNScatt.com
Type: A
64.18.100.105
DNSadt.com
Type: A
205.145.185.243
DNSbuffalo.edu
Type: A
128.205.7.144
DNScomcast.com
Type: A
76.96.111.23
DNScomcast.com
Type: A
69.241.45.20
DNScomcast.com
Type: A
69.241.54.5
DNScomcast.com
Type: A
69.241.54.4
DNScomcast.com
Type: A
69.241.45.4
DNScomcast.com
Type: A
76.96.69.96
DNSia.telecom.net
Type: A
209.15.13.134
DNSdangerous-minds.com
Type: A
69.197.35.115
DNSxtra.co.nz
Type: A
202.27.184.102
DNSgallatinriver.net
Type: A
208.47.185.65
DNSt-mobel.com
Type: A
82.98.86.178
DNSshtandvare.com
Type: A
37.59.37.160
DNSerre.net
Type: A
209.15.13.134
DNSmetrocast.net
Type: A
65.175.128.188
DNSskynet.be
Type: A
195.238.10.70
DNSsky.com
Type: A
80.238.9.179
DNSmail.unomaha.edu
Type: A
137.48.1.6
DNSvampirefreaks.com
Type: A
38.106.205.131
DNSallstate.com
Type: A
167.127.109.184
DNStelus.net
Type: A
67.205.66.14
DNScmich.edu
Type: A
141.209.19.253
DNScomcast.net
Type: A
162.150.0.50
DNSciudad.com.ar
Type: A
200.42.143.77
DNSmotivators.com
Type: A
173.239.47.198
DNSzeelandnet.nl
Type: A
62.238.255.67
DNScableone.net
Type: A
24.116.1.80
DNSnetsync.net
Type: A
65.98.89.218
DNSspray.se
Type: A
91.196.241.10
DNSnaver.com
Type: A
220.95.233.171
DNSnaver.com
Type: A
220.95.233.172
DNSnaver.com
Type: A
202.131.30.11
DNSnaver.com
Type: A
202.131.30.12
DNStrib.com
Type: A
192.104.182.109
DNStrib.com
Type: A
192.104.182.209
DNSwillinet.net
Type: A
162.39.145.20
DNSverizonwireless.com
Type: A
162.115.208.90
DNSverizonwireless.com
Type: A
137.188.80.90
DNSverizonwireless.com
Type: A
162.115.16.90
DNScrosspaths.net
Type: A
162.39.145.20
DNStiscali.it
Type: A
213.205.32.10
DNSoakwood.org
Type: A
204.16.249.195
DNSfree.fr
Type: A
212.27.48.10
DNSfree.fr
Type: A
212.27.48.10
DNSmadrid.com
Type: A
89.30.105.26
DNSaol.de
Type: A
205.188.101.58
DNSaol.de
Type: A
207.200.74.38
DNSaol.de
Type: A
64.12.79.57
DNSaol.de
Type: A
64.12.89.186
DNSaol.de
Type: A
205.188.100.58
DNSlyuchta.org
Type: A
178.79.190.156
DNSnordnet.fr
Type: A
195.146.235.33
DNSgmx.com
Type: A
213.165.64.179
DNSterra.com
Type: A
208.70.188.151
DNSyahoo.hk
Type: A
98.139.102.145
DNSyahoo.hk
Type: A
68.180.206.184
DNSmarkbrent.com
Type: A
50.63.127.1
DNSnifty.ne.jp
Type: A
210.131.4.217
DNSknology.net
Type: A
64.29.151.81
DNSexcite.fr
Type: A
80.239.202.35
DNSmailshell.com
Type: A
209.157.66.253
DNSwalmart.com
Type: A
161.170.248.20
DNSwalmart.com
Type: A
161.170.244.20
DNSjuno.net
Type: A
64.136.45.169
DNSjuno.net
Type: A
64.136.53.169
DNSo2.pl
Type: A
193.17.41.103
DNSsirius.com
Type: A
209.196.216.50
DNScocmast.net
Type: A
108.175.168.94
DNSagilent.com
Type: A
192.25.126.206
DNScollegeclub.com
Type: A
66.150.124.66
DNScablelan.net
Type: A
50.21.229.2
DNSterra.cl
Type: A
208.84.244.25
DNSpicsnet.com
Type: A
184.168.81.139
DNStartarus.uwa.edu.au
Type: A
130.95.128.3
DNSbadactor.us
Type: A
67.195.61.65
DNScancun.com.mx
Type: A
200.33.188.1
DNSfit.za.net
Type: A
DNSschoolsports.com
Type: A
DNSninemsn.com.au
Type: A
DNSparrotcay.como.bz
Type: A
DNSair-internet.com
Type: A
DNScentrum.cz
Type: A
HTTP POSThttp://t-mobel.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vampirefreaks.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://telus.net/?ptrxcz_KkBa1QrHg7WxMmDc3StIi9YzOpFe5U
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://allstate.com/?ptrxcz_5UvKkAZ0PpFe4UuKj9ZzOrlLHi9YzO
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cmich.edu/?ptrxcz_i9ZzPpFe5qLlBb2RsHh8XyNoEd4UuK
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://comcast.net/?ptrxcz_oEd4TuJj9ZzPpFe5UvKkAa0PqFf5Vv
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ciudad.com.ar/?ptrxcz_vLkBa0QqGf6VvLkBa1QqGf96f6WwMl
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://motivators.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ia.telecom.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://zeelandnet.nl/?ptrxcz_PqFf6WxMmDc3THh8XyOpEe5UvLkBb2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cableone.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://netsync.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://spray.se/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://naver.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://trib.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://willinet.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://shtandvare.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://aol.de/?ptrxcz_Z0QqGf6VvLkBa1QqGf6VvLkBa1QrGg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://lyuchta.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nordnet.fr/?ptrxcz_Z0QrHg7XxNoEd4UvKkBb1RsIh8YzOp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tiscali.it/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://gmx.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://terra.com/?ptrxcz_LlCb2RsHh7WxMmCc2SsIh7XxNmDc2S
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://markbrent.com/?ptrxcz_jAa0QrGg6WwMmCc2StIi8YzO9c3TtJ
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nifty.ne.jp/?ptrxcz_d4UuKjAZ0PqFf5VvLkBa1QrGg6WwMl
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://knology.net/?ptrxcz_QrGg6WwMlCb2RsHh7XxNmDc2SsIh8X
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://sky.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://markbrent.com/?ptrxcz_yOpEe5UvKkBa1QrHg7WxMmDc3StJi9
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://excite.fr/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://mailshell.com/?ptrxcz_TuKj9ZzPpFe5UvKkAa0QqGf5VwoVxM
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://walmart.com/?ptrxcz_sHh7XxNmCc2SsIh7XxNmCc2SsIh7Xx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://juno.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://o2.pl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://sirius.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cocmast.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://agilent.com/?ptrxcz_StJi9YzOpEe4UuKjAZ0PqFf5VvLkBa
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cmich.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://telus.net/?ptrxcz_oDd3TtIi8YyOoDd3TtJi9YzOpEe4Tu
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://free.fr/?ptrxcz_h8YzOpEe4UuKjAZ0iEe4UvbKlCb2Rs
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://collegeclub.com/?ptrxcz_qGg6WxNmDd3TtJj9ZzPqFf6VwLlCb2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://juno.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://comcast.com/?ptrxcz_RsIi9Z0QrHh8YzPqGg7XyOpFf6WxNo
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cablelan.net/?ptrxcz_e5VwMlCc2SHi9YzOpFe5UvKkBa1QrG
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://terra.cl/?ptrxcz_UzUzTySxRwQvPuOtyOpFe5VwLlCc2S
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://t-mobel.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ciudad.com.ar/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tartarus.uwa.edu.au/?ptrxcz_pFe5VvLkAa0QqGf6VwLkBa1QrGg6Ww
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://gallatinriver.net/?ptrxcz_3TuJj9ZzPpFe5UvKkAZ0PqFf5VvLkB
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://badactor.us/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cancun.com.mx/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1039 ➝ 162.39.145.20:25
Flows TCP192.168.1.1:1040 ➝ 64.18.100.105:25
Flows TCP192.168.1.1:1041 ➝ 205.145.185.243:25
Flows TCP192.168.1.1:1038 ➝ 128.205.7.144:25
Flows TCP192.168.1.1:1042 ➝ 76.96.111.23:25
Flows TCP192.168.1.1:1043 ➝ 209.15.13.134:25
Flows TCP192.168.1.1:1044 ➝ 69.197.35.115:25
Flows TCP192.168.1.1:1045 ➝ 202.27.184.102:25
Flows TCP192.168.1.1:1046 ➝ 208.47.185.65:25
Flows TCP192.168.1.1:1047 ➝ 82.98.86.178:25
Flows TCP192.168.1.1:1048 ➝ 37.59.37.160:25
Flows TCP192.168.1.1:1049 ➝ 209.15.13.134:25
Flows TCP192.168.1.1:1050 ➝ 65.175.128.188:25
Flows TCP192.168.1.1:1051 ➝ 195.238.10.70:25
Flows TCP192.168.1.1:1052 ➝ 80.238.9.179:25
Flows TCP192.168.1.1:1053 ➝ 137.48.1.6:25
Flows TCP192.168.1.1:1054 ➝ 82.98.86.178:80
Flows TCP192.168.1.1:1055 ➝ 38.106.205.131:80
Flows TCP192.168.1.1:1056 ➝ 67.205.66.14:80
Flows TCP192.168.1.1:1057 ➝ 167.127.109.184:80
Flows TCP192.168.1.1:1058 ➝ 141.209.19.253:80
Flows TCP192.168.1.1:1059 ➝ 162.150.0.50:80
Flows TCP192.168.1.1:1060 ➝ 200.42.143.77:80
Flows TCP192.168.1.1:1061 ➝ 173.239.47.198:80
Flows TCP192.168.1.1:1062 ➝ 209.15.13.134:80
Flows TCP192.168.1.1:1063 ➝ 62.238.255.67:80
Flows TCP192.168.1.1:1064 ➝ 24.116.1.80:80
Flows TCP192.168.1.1:1065 ➝ 65.98.89.218:80
Flows TCP192.168.1.1:1066 ➝ 91.196.241.10:80
Flows TCP192.168.1.1:1067 ➝ 220.95.233.171:80
Flows TCP192.168.1.1:1068 ➝ 192.104.182.109:80
Flows TCP192.168.1.1:1069 ➝ 162.39.145.20:80
Flows TCP192.168.1.1:1070 ➝ 162.115.208.90:25
Flows TCP192.168.1.1:1071 ➝ 162.39.145.20:25
Flows TCP192.168.1.1:1072 ➝ 213.205.32.10:25
Flows TCP192.168.1.1:1074 ➝ 204.16.249.195:25
Flows TCP192.168.1.1:1073 ➝ 37.59.37.160:80
Flows TCP192.168.1.1:1075 ➝ 212.27.48.10:25
Flows TCP192.168.1.1:1076 ➝ 212.27.48.10:25
Flows TCP192.168.1.1:1077 ➝ 89.30.105.26:25
Flows TCP192.168.1.1:1078 ➝ 205.188.101.58:80
Flows TCP192.168.1.1:1079 ➝ 178.79.190.156:80
Flows TCP192.168.1.1:1080 ➝ 195.146.235.33:80
Flows TCP192.168.1.1:1081 ➝ 213.205.32.10:80
Flows TCP192.168.1.1:1082 ➝ 213.165.64.179:80
Flows TCP192.168.1.1:1083 ➝ 208.70.188.151:80
Flows TCP192.168.1.1:1084 ➝ 50.63.127.1:80
Flows TCP192.168.1.1:1085 ➝ 98.139.102.145:25
Flows TCP192.168.1.1:1086 ➝ 210.131.4.217:80
Flows TCP192.168.1.1:1087 ➝ 64.29.151.81:80
Flows TCP192.168.1.1:1088 ➝ 80.238.9.179:80
Flows TCP192.168.1.1:1089 ➝ 50.63.127.1:80
Flows TCP192.168.1.1:1090 ➝ 80.239.202.35:80
Flows TCP192.168.1.1:1091 ➝ 209.157.66.253:80
Flows TCP192.168.1.1:1092 ➝ 161.170.248.20:80
Flows TCP192.168.1.1:1093 ➝ 64.136.45.169:80
Flows TCP192.168.1.1:1094 ➝ 193.17.41.103:80
Flows TCP192.168.1.1:1095 ➝ 209.196.216.50:80
Flows TCP192.168.1.1:1096 ➝ 108.175.168.94:80
Flows TCP192.168.1.1:1097 ➝ 192.25.126.206:80
Flows TCP192.168.1.1:1098 ➝ 141.209.19.253:80
Flows TCP192.168.1.1:1099 ➝ 67.205.66.14:80
Flows TCP192.168.1.1:1100 ➝ 212.27.48.10:80
Flows TCP192.168.1.1:1101 ➝ 66.150.124.66:80
Flows TCP192.168.1.1:1102 ➝ 64.136.45.169:80
Flows TCP192.168.1.1:1103 ➝ 76.96.111.23:80
Flows TCP192.168.1.1:1104 ➝ 50.21.229.2:80
Flows TCP192.168.1.1:1105 ➝ 208.84.244.25:80
Flows TCP192.168.1.1:1106 ➝ 66.150.124.66:25
Flows TCP192.168.1.1:1107 ➝ 184.168.81.139:25
Flows TCP192.168.1.1:1108 ➝ 76.96.111.23:25
Flows TCP192.168.1.1:1109 ➝ 76.96.111.23:25
Flows TCP192.168.1.1:1110 ➝ 50.63.127.1:25
Flows TCP192.168.1.1:1111 ➝ 82.98.86.178:80
Flows TCP192.168.1.1:1112 ➝ 193.17.41.103:25
Flows TCP192.168.1.1:1113 ➝ 200.42.143.77:80
Flows TCP192.168.1.1:1114 ➝ 130.95.128.3:80
Flows TCP192.168.1.1:1115 ➝ 208.47.185.65:80
Flows TCP192.168.1.1:1116 ➝ 67.195.61.65:80
Flows TCP192.168.1.1:1117 ➝ 200.33.188.1:80

Raw Pcap

Strings