blenderartists(gbot hosted in United States San Antonio Slicehost)

DNS QueriesDNS Query Text
blenderartists.org IN A +
zonetf.com IN A +
zonedg.com IN A +
freeonlinedatingtips.net: type A, class IN, addr 69.42.208.146
bigspiderwomen.com: type A, class IN, addr 64.191.90.101
sharewareconnection.com: type A, class IN, addr 216.240.159.81

HTTP QueriesHTTP Query Text
zonetf.com POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSvfuFuTLiv0agDgGxMl%2FvDr3WCGkrg%2B8OtBfBvOZTuxq00sD0OpLjRqAOpPRO%2FUq%2F3vleWbkY%3D HTTP/1.1
blenderartists.org GET /external/Banners/facebook2.jpg?tq=gHZutDyMv5rJcyG1J8K%2B1MWCJbP4lltXIA%3D%3D HTTP/1.0
zonedg.com GET /images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvcj0ujbwvgS917W65rJqlLfgPiWW1cg HTTP/1.0

Threads CreatedPId Process Name TId Start Start Mem Win32 Start Win32 Start Mem
0x2ac lsass.exe 0x310 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE
0x348 svchost.exe 0xf8 0x7c810856 MEM_IMAGE 0x7c910760 MEM_IMAGE
0x424 svchost.exe 0x610 0x7c810856 MEM_IMAGE 0x77df9981 MEM_IMAGE

Files CreatedName Size Last Write Time Creation Time Last Access Time Attr
C:Documents and SettingsUserApplication Data43CE.76B 300 2009.01.12 15:12:46.953 2009.01.12 15:12:46.750 2009.01.12 15:12:46.750 0x20
C:Documents and SettingsUserApplication DataMicrosoftconhost.exe 168960 2009.01.12 15:12:43.609 2009.01.12 15:12:43.593 2009.01.12 15:12:43.593 0x20

Values ChangedName Type Size Value
CUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnectionsDefaultConnectionSettings REG_BINARY/REG_BINARY 56/76 ?/?
CUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnectionsSavedLegacySettings REG_BINARY/REG_BINARY 52/76 ?/?
CUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsProxyEnable REG_DWORD/REG_DWORD 4/4 0x0/0x1

Values CreatedName Type Size Value
CUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsProxyServer REG_SZ 42 “http=127.0.0.1:58889”
LMSoftwareMicrosoftWindowsCurrentVersionRunconhost REG_SZ 140 “C:Documents and SettingsUserApplication DataMicrosoftconhost.exe”

infos about hosting:
http://whois.domaintools.com/174.143.170.86

Categories: Uncategorized