Analysis Date2015-11-16 23:27:13
MD5f39af73546d646748566832231592353
SHA1063c079777838edb5f70f076970d80ba5299117b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 1385a9fae5a6df7abb8001aaebc8ad9c sha1: 0141743a33372aba3174cb63ce4c4800d9ad9db9 size: 49152
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 1d8ed826bd7a69ac9796bfdd68afde3e sha1: 6269f431b01dec411c6d8a954da3739e4735cd96 size: 32768
Timestamp2015-10-31 13:45:32
Version:
Comments: This Internet Slang page is designed to explain what the meaning of FGJ is.
CompanyName: Flash game This Internet
PackerMicrosoft Visual Basic v5.0
PEhash3445818e2ddfde8acb33b92fd1daa24177b2fa3c
IMPhash8b49aca93c32f4c085a7eef5d8ac4c69
AVRisingno_virus
AVMcafeeGenericR-EYO!F39AF73546D6
AVAvira (antivir)TR/AD.Crowti.Y.522
AVTwisterno_virus
AVAd-AwareGen:Variant.Strictor.98618
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Injector.CLWQ
AVGrisoft (avg)Zbot.AJDP
AVSymantecno_virus
AVFortinetW32/Injector.CLOB!tr
AVBitDefenderGen:Variant.Strictor.98618
AVK7Trojan ( 004d65271 )
AVMicrosoft Security EssentialsTrojan:Win32/Kovter
AVMicroWorld (escan)Gen:Variant.Strictor.98618
AVMalwareBytesTrojan.Kovter
AVAuthentiumW32/Trojan.CDTY-7860
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Injector
AVEmsisoftGen:Variant.Strictor.98618
AVZillya!no_virus
AVKasperskyTrojan-Downloader.Win32.Upatre.fgiq
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)TScope.Trojan.VB
AVPadvishno_virus
AVBullGuardGen:Variant.Strictor.98618
AVArcabit (arcavir)Gen:Variant.Strictor.98618
AVClamAVno_virus
AVDr. WebTrojan.Inject2.8466
AVF-SecureGen:Variant.Strictor.98618
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeGenericR-EYO!F39AF73546D6
AVAvira (antivir)TR/AD.Crowti.Y.522
AVTwisterno_virus
AVAd-AwareGen:Variant.Strictor.98618
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Injector.CLWQ
AVGrisoft (avg)Zbot.AJDP
AVSymantecno_virus
AVFortinetW32/Injector.CLOB!tr
AVBitDefenderGen:Variant.Strictor.98618
AVK7Trojan ( 004d65271 )
AVMicrosoft Security EssentialsTrojan:Win32/Kovter
AVMicroWorld (escan)Gen:Variant.Strictor.98618
AVMalwareBytesTrojan.Kovter
AVAuthentiumW32/Trojan.CDTY-7860
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Injector

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Processvssadmin.exe Delete Shadows /All /Quiet
Creates Process-k netsvcs

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSdallaselectricalsurplus.com
Winsock DNScircuitbreakerhub.com
Winsock DNSbloccailmutuo.com
Winsock DNSdestinycruiseandtravel.com
Winsock DNScamirate.com
Winsock DNSanabolicsteroidsrx.com
Winsock DNSanunciamicasa.com
Winsock DNSallreadytravel.com
Winsock DNScameroonmarket.com
Winsock DNSbreakerhub.com
Winsock DNScurlmyip.com
Winsock DNScywellness.com
Winsock DNSagentclicktocall.com
Winsock DNSarmangarzon.info
Winsock DNSbreathtakingsolutions.com
Winsock DNSdallasreconditionedtransformers.com
Winsock DNSairconditioning12601.com
Winsock DNSmyexternalip.com
Winsock DNScruises-travelandmore.com
Winsock DNScruisewithdawn.com
Winsock DNSbiznal.com
Winsock DNStarkshyainc.com
Winsock DNSip-addr.es
Winsock DNSabettertravelagency.com
Winsock DNSchuckwhitlock.com
Winsock DNSdallascircuitbreaker.co
Winsock DNSbigboattravel.com
Winsock DNScolebar.com
Winsock DNScruisetravelpros.com
Winsock DNSallgroupstravel.com
Winsock DNSall-inclusiveresortstravel.com
Winsock DNSdesigntravelagency.com
Winsock DNS0tv.co
Winsock DNScarltonchambers.co.uk
Winsock DNSdawat-restaurant.com
Winsock DNSboilersandfurnaces.com
Winsock DNScruisingatdawn.com
Winsock DNSenterrealtyny.com
Winsock DNSciiapparelblog.com
Winsock DNScertifiedphytoceramides.com
Winsock DNSameliastyle.com
Winsock DNScruiseandtravel.agency
Winsock DNSabettertravelagent.com
Winsock DNSbenediktas.com
Winsock DNSdesigningartinstitute.com
Winsock DNSaprovechatudia.com
Winsock DNSbeachhouseplans.com
Winsock DNSdangerousgarciniacambogia.com
Winsock DNScpasolutiononline.com
Winsock DNSdallascircuitbreaker.com
Winsock DNSdesignbrossard.com
Winsock DNSsuperfunshoes.com
Winsock DNSbrindegenie.com
Winsock DNSdallascircuitbreakers.com

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSameliastyle.com
Type: A
192.232.215.26
DNSbreakerhub.com
Type: A
192.185.16.67
DNScruisewithdawn.com
Type: A
108.167.140.175
DNSdallascircuitbreaker.com
Type: A
192.185.4.19
DNSdesignbrossard.com
Type: A
192.232.215.26
DNSbrindegenie.com
Type: A
192.232.215.26
DNSaprovechatudia.com
Type: A
192.254.186.85
DNSbiznal.com
Type: A
162.144.12.115
DNSbeachhouseplans.com
Type: A
192.185.183.81
DNSdallascircuitbreaker.co
Type: A
192.185.4.19
DNScywellness.com
Type: A
192.254.234.204
DNSallgroupstravel.com
Type: A
108.167.140.175
DNS0tv.co
Type: A
192.185.5.142
DNSbigboattravel.com
Type: A
108.167.140.175
DNSagentclicktocall.com
Type: A
192.185.5.33
DNSbreathtakingsolutions.com
Type: A
192.185.21.162
DNScpasolutiononline.com
Type: A
192.254.186.85
DNScruises-travelandmore.com
Type: A
108.167.140.175
DNSchuckwhitlock.com
Type: A
192.185.152.133
DNScircuitbreakerhub.com
Type: A
192.185.4.19
DNSall-inclusiveresortstravel.com
Type: A
192.185.71.169
DNStarkshyainc.com
Type: A
50.87.151.145
DNSanunciamicasa.com
Type: A
198.57.244.38
DNSsuperfunshoes.com
Type: A
50.87.144.249
DNScarltonchambers.co.uk
Type: A
192.185.226.164
DNSabettertravelagent.com
Type: A
108.167.140.175
DNSbloccailmutuo.com
Type: A
192.254.231.138
DNSdawat-restaurant.com
Type: A
192.185.140.214
DNScamirate.com
Type: A
192.232.215.26
DNScruiseandtravel.agency
Type: A
108.167.140.175
DNSdallaselectricalsurplus.com
Type: A
192.185.16.67
DNScruisetravelpros.com
Type: A
108.167.140.175
DNSenterrealtyny.com
Type: A
162.144.0.215
DNScolebar.com
Type: A
192.185.5.33
DNScertifiedphytoceramides.com
Type: A
198.57.242.171
DNScameroonmarket.com
Type: A
192.185.90.237
DNSboilersandfurnaces.com
Type: A
108.167.140.175
DNScruisingatdawn.com
Type: A
108.167.140.175
DNSbenediktas.com
Type: A
198.57.242.171
DNSairconditioning12601.com
Type: A
108.167.140.175
DNSallreadytravel.com
Type: A
108.167.140.175
DNSciiapparelblog.com
Type: A
192.185.101.210
DNSabettertravelagency.com
Type: A
184.168.221.20
DNSanabolicsteroidsrx.com
Type: A
208.109.119.156
DNSdangerousgarciniacambogia.com
Type: A
198.57.242.171
DNSdallasreconditionedtransformers.com
Type: A
192.185.4.19
DNSdallascircuitbreakers.com
Type: A
192.185.16.67
DNSdesigningartinstitute.com
Type: A
103.21.58.122
DNSarmangarzon.info
Type: A
DNSdestinycruiseandtravel.com
Type: A
DNSdesigntravelagency.com
Type: A
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ameliastyle.com/fr/wc-logs/f80PTG.php?m=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://breakerhub.com/wp-includes/images/crystal/OKhW0f.php?r=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cruisewithdawn.com/files/theme/lHU1wj.php?o=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dallascircuitbreaker.com/cgi-bin/_ctrz0.php?f=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://designbrossard.com/old/wc-logs/GnMB1l.php?m=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://brindegenie.com/wp-includes/css/bCL27P.php?w=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://aprovechatudia.com/wp-content/themes/twentyfourteen/page-templates/PpRNtA.php?a=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://biznal.com/wp-includes/images/smilies/z43UNm.php?u=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://beachhouseplans.com/wp-admin/js/5d8gMe.php?t=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dallascircuitbreaker.co/cgi-bin/1kS5Q8.php?x=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cywellness.com/wp-includes/ID3/YlWGg2.php?t=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://allgroupstravel.com/files/theme/XjRJIC.php?w=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://0tv.co/i/Ns7TB2.php?z=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bigboattravel.com/uploads/3/5/4/5/3545341/header_images/NthjHz.php?e=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://agentclicktocall.com/wp-admin/css/rfe3ai.php?d=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://breathtakingsolutions.com/wp-includes/Text/Diff/Renderer/KQJlXE.php?z=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cpasolutiononline.com/wp-content/themes/twentyfourteen/page-templates/aPY6hv.php?u=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cruises-travelandmore.com/uploads/3/5/3/8/3538503/header_images/bwU1TO.php?q=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://chuckwhitlock.com/wp-includes/js/jquery/ui/91zpeD.php?p=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://circuitbreakerhub.com/images/gallery/iUHldw.php?q=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://all-inclusiveresortstravel.com/files/theme/wCM9gb.php?x=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tarkshyainc.com/wp-includes/theme-compat/JFSo69.php?m=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://anunciamicasa.com/wp-admin/network/uwbzts.php?f=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://superfunshoes.com/css/store/arKBF_.php?w=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://carltonchambers.co.uk/rHCxjD.php?g=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://abettertravelagent.com/uploads/3/5/4/5/3545952/header_images/Cu4MYc.php?o=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bloccailmutuo.com/wp-includes/images/crystal/GalSgw.php?z=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dawat-restaurant.com/wp-includes/fonts/UJeXQV.php?t=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://camirate.com/fr/wp-includes/css/gjtmN6.php?v=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cruiseandtravel.agency/uploads/3/5/2/1/3521981/header_images/caeSXR.php?q=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dallaselectricalsurplus.com/wp-includes/images/crystal/RnsFwc.php?b=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cruisetravelpros.com/uploads/3/5/6/9/3569932/xDvag4.php?c=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://enterrealtyny.com/wp-admin/js/EdSDWF.php?q=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://colebar.com/wp-admin/css/wEHf2D.php?z=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://certifiedphytoceramides.com/wp-content/plugins/si-contact-form/attachments/Xplv2F.php?h=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cameroonmarket.com/wp-admin/includes/Ynr7Ek.php?v=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://boilersandfurnaces.com/uploads/3/5/1/6/3516773/RPyH2q.php?t=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cruisingatdawn.com/uploads/3/5/4/9/3549187/header_images/ohjUGA.php?i=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://benediktas.com/wp-content/plugins/facebook-button-plugin/bws_menu/css/gUd0qe.php?r=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://airconditioning12601.com/uploads/3/5/7/6/3576233/V5k3Za.php?n=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://allreadytravel.com/uploads/3/5/4/9/3549731/header_images/ToMaE1.php?a=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ciiapparelblog.com/wp-admin/css/colors/sunrise/zHCUet.php?a=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://abettertravelagency.com/wp-admin/network/6cY7pV.php?b=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://anabolicsteroidsrx.com/wp-includes/fonts/nW8axr.php?h=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dangerousgarciniacambogia.com/wp-content/plugins/w3-total-cache/wp-content/Dcr03q.php?j=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dallasreconditionedtransformers.com/wp-includes/js/tinymce/plugins/wpeditimage/fDQA4J.php?h=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dallascircuitbreakers.com/wp-includes/images/crystal/9TgxVJ.php?l=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://designingartinstitute.com/wp-includes/ID3/AWxa5Y.php?t=6y36n6v88l47
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ameliastyle.com/fr/wc-logs/f80PTG.php?k=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://breakerhub.com/wp-includes/images/crystal/OKhW0f.php?g=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cruisewithdawn.com/files/theme/lHU1wj.php?k=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dallascircuitbreaker.com/cgi-bin/_ctrz0.php?b=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://designbrossard.com/old/wc-logs/GnMB1l.php?d=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://brindegenie.com/wp-includes/css/bCL27P.php?y=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://aprovechatudia.com/wp-content/themes/twentyfourteen/page-templates/PpRNtA.php?p=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://biznal.com/wp-includes/images/smilies/z43UNm.php?a=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://beachhouseplans.com/wp-admin/js/5d8gMe.php?e=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dallascircuitbreaker.co/cgi-bin/1kS5Q8.php?k=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cywellness.com/wp-includes/ID3/YlWGg2.php?z=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://allgroupstravel.com/files/theme/XjRJIC.php?h=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://0tv.co/i/Ns7TB2.php?r=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bigboattravel.com/uploads/3/5/4/5/3545341/header_images/NthjHz.php?m=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://agentclicktocall.com/wp-admin/css/rfe3ai.php?j=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://breathtakingsolutions.com/wp-includes/Text/Diff/Renderer/KQJlXE.php?m=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cpasolutiononline.com/wp-content/themes/twentyfourteen/page-templates/aPY6hv.php?f=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cruises-travelandmore.com/uploads/3/5/3/8/3538503/header_images/bwU1TO.php?c=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://chuckwhitlock.com/wp-includes/js/jquery/ui/91zpeD.php?m=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://circuitbreakerhub.com/images/gallery/iUHldw.php?o=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://all-inclusiveresortstravel.com/files/theme/wCM9gb.php?l=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tarkshyainc.com/wp-includes/theme-compat/JFSo69.php?c=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://anunciamicasa.com/wp-admin/network/uwbzts.php?q=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://superfunshoes.com/css/store/arKBF_.php?u=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://carltonchambers.co.uk/rHCxjD.php?a=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://abettertravelagent.com/uploads/3/5/4/5/3545952/header_images/Cu4MYc.php?t=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bloccailmutuo.com/wp-includes/images/crystal/GalSgw.php?m=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dawat-restaurant.com/wp-includes/fonts/UJeXQV.php?x=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://camirate.com/fr/wp-includes/css/gjtmN6.php?h=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cruiseandtravel.agency/uploads/3/5/2/1/3521981/header_images/caeSXR.php?y=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dallaselectricalsurplus.com/wp-includes/images/crystal/RnsFwc.php?y=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cruisetravelpros.com/uploads/3/5/6/9/3569932/xDvag4.php?o=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://enterrealtyny.com/wp-admin/js/EdSDWF.php?t=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://colebar.com/wp-admin/css/wEHf2D.php?g=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://certifiedphytoceramides.com/wp-content/plugins/si-contact-form/attachments/Xplv2F.php?y=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cameroonmarket.com/wp-admin/includes/Ynr7Ek.php?u=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://boilersandfurnaces.com/uploads/3/5/1/6/3516773/RPyH2q.php?a=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cruisingatdawn.com/uploads/3/5/4/9/3549187/header_images/ohjUGA.php?g=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://benediktas.com/wp-content/plugins/facebook-button-plugin/bws_menu/css/gUd0qe.php?j=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://airconditioning12601.com/uploads/3/5/7/6/3576233/V5k3Za.php?m=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://allreadytravel.com/uploads/3/5/4/9/3549731/header_images/ToMaE1.php?z=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ciiapparelblog.com/wp-admin/css/colors/sunrise/zHCUet.php?d=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://abettertravelagency.com/wp-admin/network/6cY7pV.php?m=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://anabolicsteroidsrx.com/wp-includes/fonts/nW8axr.php?e=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dangerousgarciniacambogia.com/wp-content/plugins/w3-total-cache/wp-content/Dcr03q.php?k=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dallasreconditionedtransformers.com/wp-includes/js/tinymce/plugins/wpeditimage/fDQA4J.php?w=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dallascircuitbreakers.com/wp-includes/images/crystal/9TgxVJ.php?r=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://designingartinstitute.com/wp-includes/ID3/AWxa5Y.php?v=2bpzawxwq4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1034 ➝ 192.232.215.26:80
Flows TCP192.168.1.1:1035 ➝ 192.185.16.67:80
Flows TCP192.168.1.1:1036 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1037 ➝ 192.185.4.19:80
Flows TCP192.168.1.1:1038 ➝ 192.232.215.26:80
Flows TCP192.168.1.1:1039 ➝ 192.232.215.26:80
Flows TCP192.168.1.1:1040 ➝ 192.254.186.85:80
Flows TCP192.168.1.1:1041 ➝ 162.144.12.115:80
Flows TCP192.168.1.1:1042 ➝ 192.185.183.81:80
Flows TCP192.168.1.1:1043 ➝ 192.185.4.19:80
Flows TCP192.168.1.1:1044 ➝ 192.254.234.204:80
Flows TCP192.168.1.1:1045 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1046 ➝ 192.185.5.142:80
Flows TCP192.168.1.1:1047 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1048 ➝ 192.185.5.33:80
Flows TCP192.168.1.1:1049 ➝ 192.185.21.162:80
Flows TCP192.168.1.1:1050 ➝ 192.254.186.85:80
Flows TCP192.168.1.1:1051 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1052 ➝ 192.185.152.133:80
Flows TCP192.168.1.1:1053 ➝ 192.185.4.19:80
Flows TCP192.168.1.1:1054 ➝ 192.185.71.169:80
Flows TCP192.168.1.1:1055 ➝ 50.87.151.145:80
Flows TCP192.168.1.1:1056 ➝ 198.57.244.38:80
Flows TCP192.168.1.1:1057 ➝ 50.87.144.249:80
Flows TCP192.168.1.1:1058 ➝ 192.185.226.164:80
Flows TCP192.168.1.1:1059 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1060 ➝ 192.254.231.138:80
Flows TCP192.168.1.1:1061 ➝ 192.185.140.214:80
Flows TCP192.168.1.1:1062 ➝ 192.232.215.26:80
Flows TCP192.168.1.1:1063 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1064 ➝ 192.185.16.67:80
Flows TCP192.168.1.1:1065 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1066 ➝ 162.144.0.215:80
Flows TCP192.168.1.1:1067 ➝ 192.185.5.33:80
Flows TCP192.168.1.1:1068 ➝ 198.57.242.171:80
Flows TCP192.168.1.1:1069 ➝ 192.185.90.237:80
Flows TCP192.168.1.1:1070 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1071 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1072 ➝ 198.57.242.171:80
Flows TCP192.168.1.1:1073 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1074 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1075 ➝ 192.185.101.210:80
Flows TCP192.168.1.1:1076 ➝ 184.168.221.20:80
Flows TCP192.168.1.1:1077 ➝ 208.109.119.156:80
Flows TCP192.168.1.1:1078 ➝ 198.57.242.171:80
Flows TCP192.168.1.1:1079 ➝ 192.185.4.19:80
Flows TCP192.168.1.1:1080 ➝ 192.185.16.67:80
Flows TCP192.168.1.1:1081 ➝ 103.21.58.122:80
Flows TCP192.168.1.1:1082 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1083 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1084 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1085 ➝ 192.232.215.26:80
Flows TCP192.168.1.1:1086 ➝ 192.185.16.67:80
Flows TCP192.168.1.1:1087 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1088 ➝ 192.185.4.19:80
Flows TCP192.168.1.1:1089 ➝ 192.232.215.26:80
Flows TCP192.168.1.1:1090 ➝ 192.232.215.26:80
Flows TCP192.168.1.1:1091 ➝ 192.254.186.85:80
Flows TCP192.168.1.1:1092 ➝ 162.144.12.115:80
Flows TCP192.168.1.1:1093 ➝ 192.185.183.81:80
Flows TCP192.168.1.1:1094 ➝ 192.185.4.19:80
Flows TCP192.168.1.1:1095 ➝ 192.254.234.204:80
Flows TCP192.168.1.1:1096 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1097 ➝ 192.185.5.142:80
Flows TCP192.168.1.1:1098 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1099 ➝ 192.185.5.33:80
Flows TCP192.168.1.1:1100 ➝ 192.185.21.162:80
Flows TCP192.168.1.1:1101 ➝ 192.254.186.85:80
Flows TCP192.168.1.1:1102 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1103 ➝ 192.185.152.133:80
Flows TCP192.168.1.1:1104 ➝ 192.185.4.19:80
Flows TCP192.168.1.1:1105 ➝ 192.185.71.169:80
Flows TCP192.168.1.1:1106 ➝ 50.87.151.145:80
Flows TCP192.168.1.1:1107 ➝ 198.57.244.38:80
Flows TCP192.168.1.1:1108 ➝ 50.87.144.249:80
Flows TCP192.168.1.1:1109 ➝ 192.185.226.164:80
Flows TCP192.168.1.1:1110 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1111 ➝ 192.254.231.138:80
Flows TCP192.168.1.1:1112 ➝ 192.185.140.214:80
Flows TCP192.168.1.1:1113 ➝ 192.232.215.26:80
Flows TCP192.168.1.1:1114 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1115 ➝ 192.185.16.67:80
Flows TCP192.168.1.1:1116 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1117 ➝ 162.144.0.215:80
Flows TCP192.168.1.1:1118 ➝ 192.185.5.33:80
Flows TCP192.168.1.1:1119 ➝ 198.57.242.171:80
Flows TCP192.168.1.1:1120 ➝ 192.185.90.237:80
Flows TCP192.168.1.1:1121 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1122 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1123 ➝ 198.57.242.171:80
Flows TCP192.168.1.1:1124 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1125 ➝ 108.167.140.175:80
Flows TCP192.168.1.1:1126 ➝ 192.185.101.210:80
Flows TCP192.168.1.1:1127 ➝ 184.168.221.20:80
Flows TCP192.168.1.1:1128 ➝ 208.109.119.156:80
Flows TCP192.168.1.1:1129 ➝ 198.57.242.171:80
Flows TCP192.168.1.1:1130 ➝ 192.185.4.19:80
Flows TCP192.168.1.1:1131 ➝ 192.185.16.67:80
Flows TCP192.168.1.1:1132 ➝ 103.21.58.122:80

Raw Pcap

Strings