SHA256: 065fdaa90c06c60f77fcae1420b1612eb266e55bbd417f60cedd33014be30529 File name: read.php?f=0.dat Detection ratio: 5 / 55 Analysis date: 2017-01-24 02:35:57 UTC ( 0 minutes ago )   Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20170123 CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024 ESET-NOD32 a variant of Win32/GenKryptik.RZM 20170124 Fortinet W32/Kryptik.FNGP!tr 20170124 Invincea virus.win32.jadtre.b 20170111 2017-01-23 20:52:10.544193 IP 192.168.1.102.50465 > 54.165.109.229.80: Flags [P.], seq 0:292, ack 1, win 256, length 292: HTTP: GET /read.php?f=0.dat HTTP/1.1 E..Lj.@…(….f6.m..!.P….k   ~.P…….GET /read.php?f=0.dat HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: smoeroota.top Connection: Keep-Alive 2017-01-23 20:52:40.577524 IP 192.168.1.102.63681 > 75.75.75.75.53: 49466+ A? mbfce24rgn65bx3g.rzunt3u2.com. (47) […]