Analysis Date2013-07-23 20:53:53
MD58ccb668190977d2e0761396bd19827e0
SHA10f5f071217cd45babc9bf9348b208a6798f0b61f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6b9665849f9d8ea7d757c98566569cf2 sha1: a9f47da2e954030d56e8acfd9bce01a75cf9c53a size: 1024
Section.rdata md5: a2feaf3ba629027ed0b7b0663a4836e0 sha1: 3b0ef5c293336d1f6446110672af463e64f55392 size: 512
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: e9f39884824c27b50b09a42554a61d0a sha1: 2f5b690b9578f136da2bc21d5f8d97d9ca3861ce size: 37888
Timestamp2004-07-15 19:24:53
VersionLegalCopyright: Copyright (C) 2000
InternalName: MPIRing
FileVersion: 1, 0, 0, 1
CompanyName:
LegalTrademarks:
ProductName: MPIRing Application
ProductVersion: 1, 0, 0, 1
FileDescription: MPIRing MFC Application
OriginalFilename: MPIRing.EXE
PEhashbf471dc64704c73f2e726b42040b59207263ad33

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\gilixdutykju ➝
C:\Documents and Settings\Administrator\gilixdutykju.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\mix947[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\olemiss[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\pink.livedoor[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\aussiestockforums[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\ipeg[1].htm
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\zoomtown[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\pga[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\excite[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\godpeople[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\zoomtown[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\mail.earthlink[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\eircom[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\madrid[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\24[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\rucls[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\zd[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\kettering[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\surewest[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\zoomnet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\saude.gov[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\motivators[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\vip[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\tiscali.co[1].htm
Creates FileC:\Documents and Settings\Administrator\gilixdutykju.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\comporium[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\alice-dsl[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\staples[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kilovan[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\cableone[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\mediom[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\wiredsolutions[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\dreamwiz[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\aussiestockforums[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\earthlink[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\floodcity[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\lyuchta[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\iol[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\staples[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\dsl[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\capecod[1].htm
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutexgilixdutykju
Winsock DNSgoldcockerelbooks.co.uk
Winsock DNSeircom.net
Winsock DNSmotivators.com
Winsock DNSsurewest.net
Winsock DNSearthlink.com
Winsock DNSfloodcity.net
Winsock DNSlyuchta.org
Winsock DNSvip.hr
Winsock DNSolemiss.edu
Winsock DNSmix947.com
Winsock DNSpga.com
Winsock DNSkilovan.net
Winsock DNSzoomnet.net
Winsock DNSgodpeople.com
Winsock DNSsaude.gov.br
Winsock DNSkettering.edu
Winsock DNScomporium.net
Winsock DNSalice-dsl.de
Winsock DNSaussiestockforums.com
Winsock DNSmediom.com
Winsock DNSdsl.com
Winsock DNSmadrid.com
Winsock DNSzoomtown.com
Winsock DNSiupui.edu
Winsock DNSrucls.net
Winsock DNSstaples.com
Winsock DNStiscali.co.uk
Winsock DNSpink.livedoor.com
Winsock DNSzd.com
Winsock DNSdreamwiz.com
Winsock DNSexcite.com
Winsock DNS24.com
Winsock DNSiol.it
Winsock DNSwiredsolutions.net
Winsock DNSvianet.com.mx
Winsock DNSipeg.com
Winsock DNSmail.earthlink.net
Winsock DNScableone.net
Winsock DNSpicsnet.com
Winsock DNScapecod.net

Network Details:

DNSwhitbreadhotels.com
Type: A
212.53.89.138
DNSearthlink.net
Type: A
209.86.93.206
DNSearthlink.net
Type: A
209.86.93.207
DNSearthlink.net
Type: A
209.86.93.208
DNSearthlink.net
Type: A
209.86.93.209
DNSearthlink.net
Type: A
209.86.93.210
DNSearthlink.net
Type: A
209.86.93.211
DNSearthlink.net
Type: A
209.86.93.201
DNSearthlink.net
Type: A
209.86.93.202
DNSearthlink.net
Type: A
209.86.93.203
DNSearthlink.net
Type: A
209.86.93.204
DNSearthlink.net
Type: A
209.86.93.205
DNScorreoweb.com
Type: A
209.15.13.134
DNSmix947.com
Type: A
67.72.16.137
DNSbigfoot.com
Type: A
184.168.178.1
DNSwaupacafoundry.com
Type: A
71.13.131.168
DNSexcite.fr
Type: A
80.239.202.35
DNSsaude.gov.br
Type: A
200.214.130.72
DNSaussiestockforums.com
Type: A
108.162.198.131
DNSaussiestockforums.com
Type: A
108.162.199.131
DNSsaude.gov.br
Type: A
200.214.130.72
DNSkilovan.net
Type: A
5.9.61.148
DNSmotivators.com
Type: A
173.239.47.198
DNSoakland.edu
Type: A
141.210.2.69
DNSoakland.edu
Type: A
141.210.2.69
DNScapecod.net
Type: A
209.86.93.20
DNScapecod.net
Type: A
209.86.93.21
DNScapecod.net
Type: A
209.86.93.19
DNSnmsu.edu
Type: A
128.123.3.2
DNSmail.earthlink.net
Type: A
209.86.93.202
DNSmail.earthlink.net
Type: A
209.86.93.203
DNSmail.earthlink.net
Type: A
209.86.93.204
DNSmail.earthlink.net
Type: A
209.86.93.205
DNSmail.earthlink.net
Type: A
209.86.93.206
DNSmail.earthlink.net
Type: A
209.86.93.207
DNSmail.earthlink.net
Type: A
209.86.93.208
DNSmail.earthlink.net
Type: A
209.86.93.209
DNSmail.earthlink.net
Type: A
209.86.93.210
DNSmail.earthlink.net
Type: A
209.86.93.211
DNSmail.earthlink.net
Type: A
209.86.93.201
DNSvampirefreaks.com
Type: A
38.106.205.131
DNScableone.net
Type: A
24.116.1.80
DNSfloodcity.net
Type: A
64.186.80.70
DNSsurewest.net
Type: A
64.8.70.120
DNSzd.com
Type: A
64.30.224.118
DNSgenie.co.uk
Type: A
82.132.141.84
DNSipeg.com
Type: A
141.138.199.93
DNSzoomtown.com
Type: A
64.8.70.102
DNSsaude.gov.br
Type: A
200.214.130.72
DNSwiredsolutions.net
Type: A
209.15.202.77
DNSstaples.com
Type: A
170.37.25.140
DNSdsl.com
Type: A
63.111.3.108
DNSgoldcockerelbooks.co.uk
Type: A
127.0.0.1
DNSmediom.com
Type: A
199.243.212.203
DNSdreamwiz.com
Type: A
61.111.244.139
DNSdreamwiz.com
Type: A
61.111.244.129
DNSrucls.net
Type: A
50.63.97.1
DNSmadrid.com
Type: A
89.30.105.26
DNSexcite.com
Type: A
74.113.233.95
DNSlyuchta.org
Type: A
178.79.190.156
DNSgodpeople.com
Type: A
114.31.57.141
DNSpink.livedoor.com
Type: A
125.6.144.14
DNSkettering.edu
Type: A
192.138.137.44
DNStiscali.co.uk
Type: A
62.24.150.2
DNSfreenet.co.uk
Type: A
217.28.130.160
DNSalice-dsl.de
Type: A
85.183.254.1
DNSeircom.net
Type: A
86.43.38.8
DNSvip.hr
Type: A
212.91.113.39
DNScomporium.net
Type: A
208.104.2.209
DNSolemiss.edu
Type: A
130.74.120.3
DNSearthlink.com
Type: A
209.86.93.207
DNSearthlink.com
Type: A
209.86.93.208
DNSearthlink.com
Type: A
209.86.93.209
DNSearthlink.com
Type: A
209.86.93.210
DNSearthlink.com
Type: A
209.86.93.211
DNSearthlink.com
Type: A
209.86.93.201
DNSearthlink.com
Type: A
209.86.93.202
DNSearthlink.com
Type: A
209.86.93.203
DNSearthlink.com
Type: A
209.86.93.204
DNSearthlink.com
Type: A
209.86.93.205
DNSearthlink.com
Type: A
209.86.93.206
DNSwilliams.edu
Type: A
137.165.6.26
DNSpga.com
Type: A
157.166.226.37
DNSpga.com
Type: A
157.166.224.37
DNSpga.com
Type: A
157.166.249.128
DNSpga.com
Type: A
157.166.255.27
DNSpga.com
Type: A
157.166.255.26
DNSimaginet.com
Type: A
168.61.3.239
DNSiol.it
Type: A
151.1.67.215
DNSiol.it
Type: A
151.1.67.216
DNSiol.it
Type: A
151.1.67.221
DNSiol.it
Type: A
151.1.67.227
DNSwindermere.com
Type: A
205.234.73.170
DNSwindermere.com
Type: A
205.234.73.170
DNS24.com
Type: A
41.86.110.143
DNSzoomnet.net
Type: A
207.69.200.22
DNSzoomnet.net
Type: A
207.69.200.21
DNSbluewin.com
Type: A
195.186.196.33
DNSbluewin.com
Type: A
195.186.145.33
DNSpicsnet.com
Type: A
184.168.81.139
DNSvianet.com.mx
Type: A
67.205.6.250
DNSiupui.edu
Type: A
129.79.78.167
DNSiupui.edu
Type: A
129.79.78.166
DNSasteriks.be
Type: A
HTTP POSThttp://motivators.com/?ptrxcz_cNqGf6WyPr3mDd4UuKkBb1RsIh8YzO
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://capecod.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://mix947.com/?ptrxcz_Z0PqFf5VvLkBa1QrGg6WwMlCb2RsHh
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://mail.earthlink.net/?ptrxcz_kBa1RrHg7XxNmDd3TtJj9ZzPqFf5Vw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cableone.net/?ptrxcz_UvK4I1StIi9YzPqFf6VwMmCc3StJj9
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://floodcity.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://surewest.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://zd.com/?ptrxcz_NoDd3TuJj9Z0QqGg6WwMmCc2StIi8Y
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ipeg.com/?ptrxcz_wMmDd4UvLlCc3TuJjAa1RsIi9Z0QGi
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://aussiestockforums.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://zoomtown.com/?ptrxcz_b2StJi9ZzPqGf6WwMmCc3StJi9Z0Pq
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://saude.gov.br/?ptrxcz_Ab2StJi9Z0QrGg7XyOoEe5VvLlCc3S
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://wiredsolutions.net/?ptrxcz_tJj9ZzPqFf6VwMlCc2SsIi8YzOpFe5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://staples.com/?ptrxcz_RtJi9Z0QqGg7XxNoEe4UvLlBb2SsIi
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://staples.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://dsl.com/?ptrxcz_c4UvLkBb2RsIi9YzPqGf6WxMmDd4Tu
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://mediom.com/?ptrxcz_iDc3StJi9YzPpFe5VvLkBa1RrHg7Xx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://dreamwiz.com/?ptrxcz_MmWyPqGh8YzQrHh8Y0QrHh9Z0QrIi9
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kilovan.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://rucls.net/?ptrxcz_rHg7XxNmDc3SsIh8XyNoDd3TtJi9Yy
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://madrid.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://lyuchta.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://excite.com/?ptrxcz_e5VwMmDd4UvLlCc3TuKkBb2StJjAa1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://godpeople.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://pink.livedoor.com/?ptrxcz_PqGg7YzPpFf6WxNoEe5VwMmDd4UvLl
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kettering.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tiscali.co.uk/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://alice-dsl.de/?ptrxcz_Jj9Z0QqGg6WxMmDc3TtJj9Z0PqGf6W
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://eircom.net/?ptrxcz_Ff6WxMmDd3TuKkAa1RsHh8YyOpFf5W
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vip.hr/?ptrxcz_kBa1RrHg7WxMmCc2StIi8YyOoDd3Tt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://comporium.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://olemiss.edu/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://earthlink.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://pga.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://iol.it/?ptrxcz_PpFf1ZX7XyNoEd4UuKkAa1QrHh7XyN
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://aussiestockforums.com/?ptrxcz_a1RrHh7XxNmDc3StIi8YyOoEd4TuKj
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://zoomtown.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://24.com/?ptrxcz_MmCc2SsIh7XxNmDc2SsIh7XxNmDc2S
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://zoomnet.net/?ptrxcz_yOpFe5UvK6c3TuJjASDd4UuKjAa0Qr
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1034 ➝ 209.86.93.206:25
Flows TCP192.168.1.1:1035 ➝ 209.15.13.134:25
Flows TCP192.168.1.1:1036 ➝ 212.53.89.138:25
Flows TCP192.168.1.1:1037 ➝ 67.72.16.137:25
Flows TCP192.168.1.1:1038 ➝ 184.168.178.1:25
Flows TCP192.168.1.1:1039 ➝ 71.13.131.168:25
Flows TCP192.168.1.1:1040 ➝ 80.239.202.35:25
Flows TCP192.168.1.1:1041 ➝ 200.214.130.72:25
Flows TCP192.168.1.1:1043 ➝ 108.162.198.131:25
Flows TCP192.168.1.1:1045 ➝ 200.214.130.72:25
Flows TCP192.168.1.1:1048 ➝ 67.72.16.137:80
Flows TCP192.168.1.1:1049 ➝ 173.239.47.198:80
Flows TCP192.168.1.1:1050 ➝ 209.86.93.20:80
Flows TCP192.168.1.1:1053 ➝ 141.210.2.69:25
Flows TCP192.168.1.1:1052 ➝ 141.210.2.69:25
Flows TCP192.168.1.1:1051 ➝ 5.9.61.148:25
Flows TCP192.168.1.1:1055 ➝ 128.123.3.2:25
Flows TCP192.168.1.1:1054 ➝ 209.86.93.202:80
Flows TCP192.168.1.1:1056 ➝ 24.116.1.80:80
Flows TCP192.168.1.1:1057 ➝ 64.186.80.70:80
Flows TCP192.168.1.1:1058 ➝ 64.8.70.120:80
Flows TCP192.168.1.1:1059 ➝ 38.106.205.131:25
Flows TCP192.168.1.1:1060 ➝ 64.30.224.118:80
Flows TCP192.168.1.1:1061 ➝ 82.132.141.84:25
Flows TCP192.168.1.1:1062 ➝ 141.138.199.93:80
Flows TCP192.168.1.1:1063 ➝ 108.162.198.131:80
Flows TCP192.168.1.1:1064 ➝ 64.8.70.102:80
Flows TCP192.168.1.1:1065 ➝ 200.214.130.72:80
Flows TCP192.168.1.1:1066 ➝ 209.15.202.77:80
Flows TCP192.168.1.1:1068 ➝ 170.37.25.140:80
Flows TCP192.168.1.1:1067 ➝ 170.37.25.140:80
Flows TCP192.168.1.1:1069 ➝ 63.111.3.108:80
Flows TCP192.168.1.1:1071 ➝ 199.243.212.203:80
Flows TCP192.168.1.1:1072 ➝ 61.111.244.139:80
Flows TCP192.168.1.1:1073 ➝ 5.9.61.148:80
Flows TCP192.168.1.1:1074 ➝ 50.63.97.1:80
Flows TCP192.168.1.1:1075 ➝ 89.30.105.26:80
Flows TCP192.168.1.1:1076 ➝ 178.79.190.156:80
Flows TCP192.168.1.1:1077 ➝ 74.113.233.95:80
Flows TCP192.168.1.1:1078 ➝ 114.31.57.141:80
Flows TCP192.168.1.1:1079 ➝ 125.6.144.14:80
Flows TCP192.168.1.1:1081 ➝ 192.138.137.44:80
Flows TCP192.168.1.1:1082 ➝ 62.24.150.2:80
Flows TCP192.168.1.1:1084 ➝ 217.28.130.160:25
Flows TCP192.168.1.1:1085 ➝ 85.183.254.1:80
Flows TCP192.168.1.1:1086 ➝ 86.43.38.8:80
Flows TCP192.168.1.1:1087 ➝ 212.91.113.39:80
Flows TCP192.168.1.1:1088 ➝ 208.104.2.209:80
Flows TCP192.168.1.1:1089 ➝ 130.74.120.3:80
Flows TCP192.168.1.1:1090 ➝ 209.86.93.207:80
Flows TCP192.168.1.1:1092 ➝ 137.165.6.26:25
Flows TCP192.168.1.1:1093 ➝ 71.13.131.168:25
Flows TCP192.168.1.1:1094 ➝ 157.166.226.37:80
Flows TCP192.168.1.1:1095 ➝ 67.72.16.137:25
Flows TCP192.168.1.1:1096 ➝ 168.61.3.239:25
Flows TCP192.168.1.1:1097 ➝ 151.1.67.215:80
Flows TCP192.168.1.1:1098 ➝ 205.234.73.170:25
Flows TCP192.168.1.1:1099 ➝ 205.234.73.170:25
Flows TCP192.168.1.1:1100 ➝ 108.162.198.131:80
Flows TCP192.168.1.1:1101 ➝ 64.8.70.102:80
Flows TCP192.168.1.1:1102 ➝ 41.86.110.143:80
Flows TCP192.168.1.1:1103 ➝ 207.69.200.22:80
Flows TCP192.168.1.1:1104 ➝ 184.168.81.139:80
Flows TCP192.168.1.1:1105 ➝ 195.186.196.33:25

Raw Pcap

Strings