Analysis Date2013-07-22 23:51:18
MD57aa47064834987937fb03184906871e0
SHA1df8eea4082f453c93c4d8b1d8a61113c41349427

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c8d54ead1497e21ae3c0505b1c0885a0 sha1: 78e8e580d6659cb6040142a8c37628d410acc1c6 size: 1024
Section.rdata md5: a2feaf3ba629027ed0b7b0663a4836e0 sha1: 3b0ef5c293336d1f6446110672af463e64f55392 size: 512
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 6f807248d30aecb223c530c9b9231cad sha1: 827624c5562b05108b575df38028d57e0236a097 size: 37888
Timestamp2007-08-28 11:38:02
VersionLegalCopyright: Copyright (C) 2000
InternalName: MPIRing
FileVersion: 1, 0, 0, 1
CompanyName:
LegalTrademarks:
ProductName: MPIRing Application
ProductVersion: 1, 0, 0, 1
FileDescription: MPIRing MFC Application
OriginalFilename: MPIRing.EXE
PEhashbf471dc64704c73f2e726b42040b59207263ad33

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\kefmezybxuxo ➝
C:\Documents and Settings\Administrator\kefmezybxuxo.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\primusonline.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\walla[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\stupid[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\caionline[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\vci[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\hotmale[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\iol[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\virginia[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\pchome.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\atkearney[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\eresmas[1].htm
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\american[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\zoomtown[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\clds[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\nau[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\nau[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\sbcglobal[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\ninemsn.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\indiatimes[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\ciudad.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\tele2[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\uwsp[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\vci[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\dir[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\catt[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\lineone[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\free[2].htm
Creates FileC:\Documents and Settings\Administrator\kefmezybxuxo.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\good[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\verizonwireless[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\casagrande[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\talktalk[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\wp[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\oregonstate[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\happyhippo[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\iol[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tushifire[1].htm
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\vmw[1].htm
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\alice-dsl[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\cwnet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\aeroinc[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\verizonwireless[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\vmw[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\pchome.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\lyuchta[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\cbunited[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\good[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\markbrent[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\aussiestockforums[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\osu[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\wildmail[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\markbrent[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\free[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\hotmaik[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\su[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\nau[1].htm
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutexkefmezybxuxo
Winsock DNSwa-net.com
Winsock DNSuwsp.edu
Winsock DNSnau.edu
Winsock DNStushifire.com
Winsock DNSmarkbrent.com
Winsock DNSoregonstate.edu
Winsock DNSschoolsports.com
Winsock DNSlyuchta.org
Winsock DNSgood.com
Winsock DNSvci.net
Winsock DNSpchome.com.tw
Winsock DNSninemsn.com.au
Winsock DNSvmw.com
Winsock DNSlineone.net
Winsock DNStalktalk.net
Winsock DNScatt.com
Winsock DNShotmale.com
Winsock DNSwildmail.com
Winsock DNScasagrande.com
Winsock DNScaionline.org
Winsock DNSciudad.com.ar
Winsock DNSclds.net
Winsock DNSmsn.ca
Winsock DNSopotonline.net
Winsock DNSalice-dsl.de
Winsock DNSdir.bg
Winsock DNSaussiestockforums.com
Winsock DNSeresmas.com
Winsock DNSindiatimes.com
Winsock DNSzoomtown.com
Winsock DNSvirginia.edu
Winsock DNSwalla.com
Winsock DNSatkearney.com
Winsock DNSfree.fr
Winsock DNShawaiiantel.net
Winsock DNSprimusonline.com.au
Winsock DNScwnet.com
Winsock DNSverizonwireless.com
Winsock DNSsbcglobal.com
Winsock DNScbunited.com
Winsock DNSstupid.com
Winsock DNShotmaik.com
Winsock DNShappyhippo.com
Winsock DNSosu.edu
Winsock DNSiol.it
Winsock DNSamerican.edu
Winsock DNSsu.edu
Winsock DNStele2.at
Winsock DNSwp.pl
Winsock DNSaeroinc.net

Network Details:

DNSsgi.net
Type: A
209.166.171.92
DNSdreamwiz.com
Type: A
61.111.244.129
DNSdreamwiz.com
Type: A
61.111.244.139
DNSvodafone.nl
Type: A
47.73.8.15
DNStushifire.com
Type: A
5.9.61.148
DNSvci.net
Type: A
173.201.63.128
DNSvci.net
Type: A
173.201.63.128
DNSposten.se
Type: A
147.14.11.241
DNSmsn.ca
Type: A
65.55.206.229
DNSindiatimes.com
Type: A
223.165.27.13
DNSmtv.com
Type: A
206.220.43.92
DNSspray.se
Type: A
91.196.241.10
DNShappyhippo.com
Type: A
208.73.210.88
DNSair-internet.com
Type: A
12.110.32.68
DNSciudad.com.ar
Type: A
200.42.143.77
DNSmotivators.com
Type: A
173.239.47.198
DNSbackpacker.com
Type: A
107.22.234.56
DNSaussiestockforums.com
Type: A
108.162.198.131
DNSaussiestockforums.com
Type: A
108.162.199.131
DNSiol.it
Type: A
151.1.67.227
DNSiol.it
Type: A
151.1.67.215
DNSiol.it
Type: A
151.1.67.216
DNSiol.it
Type: A
151.1.67.221
DNSgood.com
Type: A
216.136.156.80
DNSlineone.net
Type: A
212.74.99.30
DNSverizonwireless.com
Type: A
162.115.16.90
DNSverizonwireless.com
Type: A
162.115.208.90
DNSverizonwireless.com
Type: A
137.188.80.90
DNScasagrande.com
Type: A
98.124.252.132
DNSdir.bg
Type: A
194.145.63.12
DNSclds.net
Type: A
208.47.185.65
DNStalktalk.net
Type: A
193.118.251.141
DNSmarkbrent.com
Type: A
50.63.127.1
DNSalice-dsl.de
Type: A
85.183.254.1
DNSatkearney.com
Type: A
4.26.46.40
DNScwnet.com
Type: A
38.102.40.244
DNSlyuchta.org
Type: A
178.79.190.156
DNSsu.edu
Type: A
190.93.240.29
DNSsu.edu
Type: A
141.101.123.29
DNSsu.edu
Type: A
141.101.112.29
DNSsu.edu
Type: A
190.93.241.29
DNSsu.edu
Type: A
141.101.113.29
DNSpchome.com.tw
Type: A
210.59.230.60
DNSvirginia.edu
Type: A
128.143.22.36
DNSvirginia.edu
Type: A
128.143.21.99
DNSvirginia.edu
Type: A
128.143.22.79
DNScaionline.org
Type: A
67.192.237.89
DNSaeroinc.net
Type: A
216.82.160.146
DNStelus.net
Type: A
67.205.66.14
DNSipa.net
Type: A
207.69.189.22
DNSipa.net
Type: A
207.69.189.23
DNSipa.net
Type: A
207.69.189.24
DNSipa.net
Type: A
207.69.189.25
DNSipa.net
Type: A
207.69.189.26
DNSipa.net
Type: A
207.69.189.27
DNSipa.net
Type: A
207.69.189.28
DNSipa.net
Type: A
207.69.189.21
DNSfedex.com
Type: A
204.135.8.175
DNSfedex.com
Type: A
204.135.13.50
DNSfedex.com
Type: A
204.135.13.155
DNSfedex.com
Type: A
204.135.13.175
DNSfedex.com
Type: A
199.81.218.50
DNSfedex.com
Type: A
199.81.216.50
DNSfedex.com
Type: A
199.81.217.50
DNSfedex.com
Type: A
199.81.218.155
DNSfedex.com
Type: A
199.81.216.155
DNSfedex.com
Type: A
199.81.217.155
DNSfedex.com
Type: A
204.135.8.50
DNSfedex.com
Type: A
204.135.8.155
DNStxstate.edu
Type: A
147.26.138.68
DNShotmaik.com
Type: A
108.175.168.94
DNSwalla.com
Type: A
192.118.82.157
DNScentrum.cz
Type: A
46.255.224.60
DNSstupid.com
Type: A
198.144.18.62
DNSstupid.com
Type: A
198.144.18.64
DNSstupid.com
Type: A
198.144.18.61
DNSstupid.com
Type: A
75.126.29.212
DNSstupid.com
Type: A
198.144.18.63
DNScaramail.com
Type: A
213.165.64.170
DNSvmw.com
Type: A
208.91.0.132
DNSnau.edu
Type: A
134.114.254.11
DNSsbcglobal.com
Type: A
144.160.155.43
DNSsbcglobal.com
Type: A
144.160.36.42
DNStele2.at
Type: A
212.152.190.190
DNSfree.fr
Type: A
212.27.48.10
DNShotmale.com
Type: A
208.94.66.20
DNSwildmail.com
Type: A
217.70.184.38
DNSamerican.edu
Type: A
147.9.1.186
DNSzoomtown.com
Type: A
64.8.70.102
DNScatt.com
Type: A
64.18.100.105
DNSeresmas.com
Type: A
62.37.237.15
DNSwp.pl
Type: A
212.77.100.101
DNSprimusonline.com.au
Type: A
211.27.226.8
DNSninemsn.com.au
Type: A
202.58.48.1
DNSuwsp.edu
Type: A
143.236.32.121
DNSopotonline.net
Type: A
127.0.0.1
DNSosu.edu
Type: A
140.254.112.210
DNSoregonstate.edu
Type: A
128.193.4.112
DNScbunited.com
Type: A
207.38.102.135
DNShawaiiantel.net
Type: A
64.8.70.102
DNSwa-net.com
Type: A
67.51.204.38
DNSinsightbb.com
Type: A
74.128.18.45
DNSinsightbb.com
Type: A
74.128.18.37
DNSbumbleandbumble.com
Type: A
170.224.105.243
DNSschoolsports.com
Type: A
HTTP POSThttp://indiatimes.com/?ptrxcz_KkCc4UvMmEe5WxOpFg7YzPrHi9Z1Rt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vci.net/?ptrxcz_yPDh9Z1StKkCd4VwNpFg7YzQsIjAb2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ciudad.com.ar/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://aussiestockforums.com/?ptrxcz_c4VTwNpGh8Z1SuLmDe6XzPrIjBb3Uw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://iol.it/?ptrxcz_1StJkBb2TuLlCd4UwMmEe5VxNpFf7L
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://good.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://lineone.net/?ptrxcz_4VxNpGg8Y0RsJjBb3UvMmEf6XyPrHi
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://verizonwireless.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://casagrande.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://dir.bg/?ptrxcz_XzQsIjBc3UwNoFg8Y0RtJkCd4VxOqG
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://clds.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tushifire.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://talktalk.net/?ptrxcz_wfZ3UvMoFg8Y0RtKlDd5WyPrIiAb3U
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://markbrent.com/?ptrxcz_Aa2StKkBb2TuKkCc3TvLlCc4UvLmDd
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://alice-dsl.de/?ptrxcz_lDe6XyPrIjBb3UwNpFg8Z1StKlDe6X
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://atkearney.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cwnet.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://lyuchta.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://iol.it/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://su.edu/?ptrxcz_PsIi9a1StJkBc3TvLmDe5VxNpFg7Xz
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vci.net/?ptrxcz_iBb3UvMoFf7YzQsIjBb3UvMoEf7XzQ
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://pchome.com.tw/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://virginia.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://caionline.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://aeroinc.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://happyhippo.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hotmaik.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://walla.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://stupid.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vmw.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nau.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://sbcglobal.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tele2.at/?ptrxcz_MoEf6WxOpFf7XyOqGg7XzPqGh8YzQr
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://free.fr/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://free.fr/?ptrxcz_IjAb2SuKlCc4UwMoEe6WyOpGg8YzQr
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://verizonwireless.com/?ptrxcz_9b3UvMmEe6WyOqGh8Z0RsJjBb3TvLm
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://pchome.com.tw/?ptrxcz_TwNoEf6WxOpFf7XyOqGg7YzPqHh8Y0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hotmale.com/?ptrxcz_0QsJjBb3UvMoEf7XzQrIjAb2TvLmEe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://wildmail.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://american.edu/?ptrxcz_OpGg7XyPqGg7YzPqGh8YzPrHh8YzQr
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://zoomtown.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://catt.com/?ptrxcz_xOqGh8Y0QrIi9a1RtJkBb3TvL6XzPq
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://markbrent.com/?ptrxcz_h8Z0RsJjAb2TuLlCd4VwNoFfJ4WyPq
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://eresmas.com/?ptrxcz_4Vx2VtUrrcg8jrROYDUyPqGh8Y0QsI
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://wp.pl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nau.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://primusonline.com.au/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ninemsn.com.au/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://uwsp.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://good.com/?ptrxcz_LmEf6YzQsJkCd4VxOqHi9a2TvMoFf7
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://osu.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vmw.com/?ptrxcz_VxOqHTEf7Y0RtJkCd4VxOqGh9a2SuL
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://oregonstate.edu/?ptrxcz_WyPrHh9Z1Stb8Z0RtKkCd5WxOqHi9a
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cbunited.com/?ptrxcz_XzQsIjBc4VxN8Z1RtJkBc3UvMmDe5W
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hawaiiantel.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1036 ➝ 147.14.11.241:25
Flows TCP192.168.1.1:1037 ➝ 47.73.8.15:25
Flows TCP192.168.1.1:1038 ➝ 209.166.171.92:25
Flows TCP192.168.1.1:1039 ➝ 61.111.244.129:25
Flows TCP192.168.1.1:1040 ➝ 5.9.61.148:25
Flows TCP192.168.1.1:1041 ➝ 173.201.63.128:25
Flows TCP192.168.1.1:1042 ➝ 173.201.63.128:25
Flows TCP192.168.1.1:1043 ➝ 65.55.206.229:25
Flows TCP192.168.1.1:1045 ➝ 208.73.210.88:25
Flows TCP192.168.1.1:1046 ➝ 206.220.43.92:25
Flows TCP192.168.1.1:1047 ➝ 12.110.32.68:25
Flows TCP192.168.1.1:1048 ➝ 223.165.27.13:25
Flows TCP192.168.1.1:1049 ➝ 91.196.241.10:25
Flows TCP192.168.1.1:1050 ➝ 200.42.143.77:25
Flows TCP192.168.1.1:1051 ➝ 173.239.47.198:25
Flows TCP192.168.1.1:1052 ➝ 107.22.234.56:25
Flows TCP192.168.1.1:1053 ➝ 223.165.27.13:80
Flows TCP192.168.1.1:1054 ➝ 173.201.63.128:80
Flows TCP192.168.1.1:1055 ➝ 200.42.143.77:80
Flows TCP192.168.1.1:1056 ➝ 108.162.198.131:80
Flows TCP192.168.1.1:1057 ➝ 151.1.67.227:80
Flows TCP192.168.1.1:1058 ➝ 216.136.156.80:80
Flows TCP192.168.1.1:1059 ➝ 212.74.99.30:80
Flows TCP192.168.1.1:1060 ➝ 162.115.16.90:80
Flows TCP192.168.1.1:1061 ➝ 98.124.252.132:80
Flows TCP192.168.1.1:1062 ➝ 194.145.63.12:80
Flows TCP192.168.1.1:1065 ➝ 208.47.185.65:80
Flows TCP192.168.1.1:1066 ➝ 5.9.61.148:80
Flows TCP192.168.1.1:1067 ➝ 193.118.251.141:80
Flows TCP192.168.1.1:1068 ➝ 50.63.127.1:80
Flows TCP192.168.1.1:1069 ➝ 85.183.254.1:80
Flows TCP192.168.1.1:1070 ➝ 4.26.46.40:80
Flows TCP192.168.1.1:1071 ➝ 38.102.40.244:80
Flows TCP192.168.1.1:1072 ➝ 178.79.190.156:80
Flows TCP192.168.1.1:1073 ➝ 151.1.67.227:80
Flows TCP192.168.1.1:1074 ➝ 190.93.240.29:80
Flows TCP192.168.1.1:1075 ➝ 173.201.63.128:80
Flows TCP192.168.1.1:1076 ➝ 210.59.230.60:80
Flows TCP192.168.1.1:1077 ➝ 128.143.22.36:80
Flows TCP192.168.1.1:1078 ➝ 67.192.237.89:80
Flows TCP192.168.1.1:1079 ➝ 12.110.32.68:25
Flows TCP192.168.1.1:1080 ➝ 4.26.46.40:25
Flows TCP192.168.1.1:1081 ➝ 216.82.160.146:80
Flows TCP192.168.1.1:1083 ➝ 67.205.66.14:25
Flows TCP192.168.1.1:1084 ➝ 207.69.189.22:25
Flows TCP192.168.1.1:1085 ➝ 204.135.8.175:25
Flows TCP192.168.1.1:1086 ➝ 208.73.210.88:80
Flows TCP192.168.1.1:1087 ➝ 108.175.168.94:80
Flows TCP192.168.1.1:1088 ➝ 147.26.138.68:25
Flows TCP192.168.1.1:1089 ➝ 192.118.82.157:80
Flows TCP192.168.1.1:1090 ➝ 198.144.18.62:80
Flows TCP192.168.1.1:1091 ➝ 46.255.224.60:25
Flows TCP192.168.1.1:1092 ➝ 213.165.64.170:25
Flows TCP192.168.1.1:1093 ➝ 208.91.0.132:80
Flows TCP192.168.1.1:1094 ➝ 134.114.254.11:80
Flows TCP192.168.1.1:1095 ➝ 144.160.155.43:80
Flows TCP192.168.1.1:1096 ➝ 212.152.190.190:80
Flows TCP192.168.1.1:1098 ➝ 212.27.48.10:80
Flows TCP192.168.1.1:1097 ➝ 212.27.48.10:80
Flows TCP192.168.1.1:1099 ➝ 162.115.16.90:80
Flows TCP192.168.1.1:1100 ➝ 210.59.230.60:80
Flows TCP192.168.1.1:1101 ➝ 208.94.66.20:80
Flows TCP192.168.1.1:1102 ➝ 217.70.184.38:80
Flows TCP192.168.1.1:1103 ➝ 147.9.1.186:80
Flows TCP192.168.1.1:1104 ➝ 64.8.70.102:80
Flows TCP192.168.1.1:1105 ➝ 64.18.100.105:80
Flows TCP192.168.1.1:1106 ➝ 50.63.127.1:80
Flows TCP192.168.1.1:1107 ➝ 62.37.237.15:80
Flows TCP192.168.1.1:1108 ➝ 212.77.100.101:80
Flows TCP192.168.1.1:1109 ➝ 134.114.254.11:80
Flows TCP192.168.1.1:1110 ➝ 211.27.226.8:80
Flows TCP192.168.1.1:1111 ➝ 202.58.48.1:80
Flows TCP192.168.1.1:1112 ➝ 143.236.32.121:80
Flows TCP192.168.1.1:1114 ➝ 216.136.156.80:80
Flows TCP192.168.1.1:1115 ➝ 140.254.112.210:80
Flows TCP192.168.1.1:1116 ➝ 208.91.0.132:80
Flows TCP192.168.1.1:1117 ➝ 128.193.4.112:80
Flows TCP192.168.1.1:1118 ➝ 207.38.102.135:80
Flows TCP192.168.1.1:1119 ➝ 64.8.70.102:80
Flows TCP192.168.1.1:1120 ➝ 67.51.204.38:80

Raw Pcap

Strings