Analysis Date2015-12-27 21:18:49
MD501eb92cbb524499d9e1e698ab47ef1d3
SHA132467d6c69ed1b5430831e681e9ef5513e583fb0

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 2000441b153cf00bdd2c7185882a9a58 sha1: 4ac6011a6da2db367f8a50dc40f80a0d21f83738 size: 69120
Section.rdata md5: fa04fee9049740139fdd09134ea430b7 sha1: 7047b02e17972d826463b3195dd18c09fc66b437 size: 50688
Section.data md5: 0a4103121bac7322f9192115de6f2d21 sha1: 1d82e5f55b4b05029a4e726d93013ce4ef2d93e1 size: 5632
Section.rsrc md5: 4d28cf56847f0e30b78641fb771f9a08 sha1: ee19fb9158b65fddf348b2cb562977b7419bc17d size: 92160
Timestamp2015-04-11 07:04:09
VersionLegalCopyright: Copyright (C) Failed 2006-2013
Legal Trademarks: Failed
Internal Name: Weigh.exe
CompanyName: Loss belt earn - www.Failed.com
ProductName: Failed
Original Filename: Weigh.exe
ProductVersion: 8.0
FileDescription: Swing bean create fed pan
FileVersion: 7.0.0.8
PackerMicrosoft Visual C++ ?.?
PEhashc12127dd515b542f9c4739dc280cde94f53b5a8f
IMPhash563985571ba7a2df1b43cf8d3eeb642d
AVAd-AwareGen:Heur.CryptoWall.1
AVDr. WebTrojan.Encoder.514
AVKasperskyTrojan.Win32.Generic
AVAuthentiumW32/FakeAlert.ACZ.gen!Eldorado
AVEmsisoftGen:Heur.CryptoWall.1
AVK7Trojan ( 004ce5441 )
AVTrend Microno_virus
AVEset (nod32)Win32/Injector.BZRD
AVIkarusno_virus
AVAlwil (avast)Androp [Drp]
AVFortinetW32/Kryptik.DFOP!tr
AVGrisoft (avg)Win32/Cryptor
AVAvira (antivir)TR/Crypt.Xpack.292464
AVFrisk (f-prot)W32/FakeAlert.ACZ.gen!Eldorado
AVF-SecureGen:Heur.CryptoWall.1
AVSymantecTrojan.Cryptdef!gen13
AVVirusBlokAda (vba32)no_virus
AVBitDefenderGen:Heur.CryptoWall.1
AVZillya!Trojan.Injector.Win32.329170
AVBullGuardGen:Heur.CryptoWall.1
AVRisingno_virus
AVMicroWorld (escan)Gen:Heur.CryptoWall.1
AVCA (E-Trust Ino)no_virus
AVMicrosoft Security EssentialsRansom:Win32/Crowti.A
AVArcabit (arcavir)Gen:Heur.CryptoWall.1
AVCAT (quickheal)Worm.Gamarue.WL4
AVMcafeeGeneric-FAWO!01EB92CBB524
AVTwisterno_virus
AVClamAVno_virus
AVMalwareBytesTrojan.Agent.DED

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\explorer.exe

Process
↳ C:\WINDOWS\explorer.exe

Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\6ff06165.exe
Creates FileC:\6ff06165\6ff06165.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\6ff06165.exe
Creates Process-k netsvcs
Creates Processvssadmin.exe Delete Shadows /All /Quiet

Process
↳ -k netsvcs

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSvision-nex.com
Winsock DNSforushande.com
Winsock DNSopus59.com
Winsock DNSmarcortes.com
Winsock DNScasavina.com
Winsock DNSabar-sy.com
Winsock DNScurlmyip.com
Winsock DNSjinzai-anken.com
Winsock DNSav-kazan.com
Winsock DNSuaru.net
Winsock DNSmyexternalip.com
Winsock DNStmeng.net
Winsock DNScheapafrimovies.com
Winsock DNSexpectr.com
Winsock DNSproxevil.com
Winsock DNSip-addr.es
Winsock DNShicoop.com
Winsock DNShostingberry.com
Winsock DNSchonburipalms.com
Winsock DNSpcrauto.com
Winsock DNSjonespacking.com
Winsock DNShoffmobile.com
Winsock DNSsloeponline.org
Winsock DNSrunshengtang.com
Winsock DNSbowlung.com
Winsock DNSkatadata.com
Winsock DNSkurspreise.com
Winsock DNSjeanspuntoocho.com
Winsock DNSroberttrocina.com
Winsock DNSjunkumagai.com
Winsock DNSautobkk.com
Winsock DNSgoeasyebay.com

Process
↳ vssadmin.exe Delete Shadows /All /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNSip-addr.es
Type: A
188.165.164.184
DNSmyexternalip.com
Type: A
78.47.139.102
DNScurlmyip.com
Type: A
184.106.112.172
DNSproxevil.com
Type: A
204.11.56.48
DNSuaru.net
Type: A
46.41.144.43
DNSforushande.com
Type: A
5.144.130.31
DNShostingberry.com
Type: A
27.254.38.80
DNSautobkk.com
Type: A
122.155.17.176
DNSjonespacking.com
Type: A
121.127.231.66
DNScasavina.com
Type: A
128.199.98.116
DNSjunkumagai.com
Type: A
157.7.188.177
DNSchonburipalms.com
Type: A
150.107.31.55
DNSvision-nex.com
Type: A
27.254.40.113
DNStmeng.net
Type: A
60.21.214.66
DNShicoop.com
Type: A
139.0.15.26
DNSav-kazan.com
Type: A
89.108.79.96
DNSkatadata.com
Type: A
202.73.26.58
DNSpcrauto.com
Type: A
119.59.120.12
DNSrunshengtang.com
Type: A
60.21.214.81
DNSabar-sy.com
Type: A
90.153.255.233
DNSkurspreise.com
Type: A
85.13.150.157
DNSgoeasyebay.com
Type: A
74.220.207.119
DNSexpectr.com
Type: A
50.87.248.128
DNSjeanspuntoocho.com
Type: A
199.19.212.251
DNSbowlung.com
Type: A
121.127.231.66
DNScheapafrimovies.com
Type: A
184.168.221.96
DNSmarcortes.com
Type: A
176.31.39.202
DNSroberttrocina.com
Type: A
207.204.33.199
DNSopus59.com
Type: A
143.95.253.162
DNSjinzai-anken.com
Type: A
DNShoffmobile.com
Type: A
DNSsloeponline.org
Type: A
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://proxevil.com/img4.php?u=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://uaru.net/img3.php?p=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://forushande.com/img3.php?i=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hostingberry.com/img4.php?z=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://autobkk.com/img1.php?e=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://jonespacking.com/img1.php?p=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://casavina.com/img4.php?n=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://junkumagai.com/img5.php?o=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://chonburipalms.com/cgi-bin/img3.php?x=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://vision-nex.com/img/img2.php?w=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tmeng.net/img3.php?j=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hicoop.com/img2.php?i=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://av-kazan.com/img2.php?k=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://katadata.com/img4.php?d=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://pcrauto.com/errors/img5.php?b=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://runshengtang.com/vhost/img1.php?y=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://abar-sy.com/img1.php?h=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://kurspreise.com/img1.php?n=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://goeasyebay.com/img2.php?i=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://expectr.com/img5.php?k=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://jeanspuntoocho.com/img2.php?p=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bowlung.com/img4.php?s=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cheapafrimovies.com/img3.php?k=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://marcortes.com/img5.php?v=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://roberttrocina.com/img5.php?u=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://opus59.com/img3.php?t=j47fy973gn5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ip-addr.es/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://myexternalip.com/raw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://curlmyip.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://proxevil.com/img4.php?j=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://uaru.net/img3.php?v=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://forushande.com/img3.php?j=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hostingberry.com/img4.php?a=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://autobkk.com/img1.php?l=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://jonespacking.com/img1.php?u=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://casavina.com/img4.php?d=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://junkumagai.com/img5.php?u=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://chonburipalms.com/cgi-bin/img3.php?n=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://vision-nex.com/img/img2.php?m=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://tmeng.net/img3.php?v=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://hicoop.com/img2.php?s=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://av-kazan.com/img2.php?y=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://katadata.com/img4.php?a=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://pcrauto.com/errors/img5.php?h=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://runshengtang.com/vhost/img1.php?j=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://abar-sy.com/img1.php?p=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://kurspreise.com/img1.php?o=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://goeasyebay.com/img2.php?b=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://expectr.com/img5.php?v=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://jeanspuntoocho.com/img2.php?q=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://bowlung.com/img4.php?q=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://cheapafrimovies.com/img3.php?o=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://marcortes.com/img5.php?x=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://roberttrocina.com/img5.php?d=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP POSThttp://opus59.com/img3.php?a=347zb97yyqg5f1s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1031 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1032 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1033 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1034 ➝ 204.11.56.48:80
Flows TCP192.168.1.1:1035 ➝ 46.41.144.43:80
Flows TCP192.168.1.1:1036 ➝ 5.144.130.31:80
Flows TCP192.168.1.1:1037 ➝ 27.254.38.80:80
Flows TCP192.168.1.1:1038 ➝ 122.155.17.176:80
Flows TCP192.168.1.1:1039 ➝ 121.127.231.66:80
Flows TCP192.168.1.1:1040 ➝ 128.199.98.116:80
Flows TCP192.168.1.1:1041 ➝ 157.7.188.177:80
Flows TCP192.168.1.1:1042 ➝ 150.107.31.55:80
Flows TCP192.168.1.1:1043 ➝ 27.254.40.113:80
Flows TCP192.168.1.1:1044 ➝ 60.21.214.66:80
Flows TCP192.168.1.1:1045 ➝ 139.0.15.26:80
Flows TCP192.168.1.1:1046 ➝ 89.108.79.96:80
Flows TCP192.168.1.1:1047 ➝ 202.73.26.58:80
Flows TCP192.168.1.1:1048 ➝ 119.59.120.12:80
Flows TCP192.168.1.1:1049 ➝ 60.21.214.81:80
Flows TCP192.168.1.1:1050 ➝ 90.153.255.233:80
Flows TCP192.168.1.1:1051 ➝ 85.13.150.157:80
Flows TCP192.168.1.1:1052 ➝ 74.220.207.119:80
Flows TCP192.168.1.1:1053 ➝ 50.87.248.128:80
Flows TCP192.168.1.1:1054 ➝ 199.19.212.251:80
Flows TCP192.168.1.1:1055 ➝ 121.127.231.66:80
Flows TCP192.168.1.1:1056 ➝ 184.168.221.96:80
Flows TCP192.168.1.1:1057 ➝ 176.31.39.202:80
Flows TCP192.168.1.1:1058 ➝ 207.204.33.199:80
Flows TCP192.168.1.1:1059 ➝ 143.95.253.162:80
Flows TCP192.168.1.1:1060 ➝ 188.165.164.184:80
Flows TCP192.168.1.1:1061 ➝ 78.47.139.102:80
Flows TCP192.168.1.1:1062 ➝ 184.106.112.172:80
Flows TCP192.168.1.1:1063 ➝ 204.11.56.48:80
Flows TCP192.168.1.1:1064 ➝ 46.41.144.43:80
Flows TCP192.168.1.1:1065 ➝ 5.144.130.31:80
Flows TCP192.168.1.1:1066 ➝ 27.254.38.80:80
Flows TCP192.168.1.1:1067 ➝ 122.155.17.176:80
Flows TCP192.168.1.1:1068 ➝ 121.127.231.66:80
Flows TCP192.168.1.1:1069 ➝ 128.199.98.116:80
Flows TCP192.168.1.1:1070 ➝ 157.7.188.177:80
Flows TCP192.168.1.1:1071 ➝ 150.107.31.55:80
Flows TCP192.168.1.1:1072 ➝ 27.254.40.113:80
Flows TCP192.168.1.1:1073 ➝ 60.21.214.66:80
Flows TCP192.168.1.1:1074 ➝ 139.0.15.26:80
Flows TCP192.168.1.1:1075 ➝ 89.108.79.96:80
Flows TCP192.168.1.1:1076 ➝ 202.73.26.58:80
Flows TCP192.168.1.1:1077 ➝ 119.59.120.12:80
Flows TCP192.168.1.1:1078 ➝ 60.21.214.81:80
Flows TCP192.168.1.1:1079 ➝ 90.153.255.233:80
Flows TCP192.168.1.1:1080 ➝ 85.13.150.157:80
Flows TCP192.168.1.1:1081 ➝ 74.220.207.119:80
Flows TCP192.168.1.1:1082 ➝ 50.87.248.128:80
Flows TCP192.168.1.1:1083 ➝ 199.19.212.251:80
Flows TCP192.168.1.1:1084 ➝ 121.127.231.66:80
Flows TCP192.168.1.1:1085 ➝ 184.168.221.96:80
Flows TCP192.168.1.1:1086 ➝ 176.31.39.202:80
Flows TCP192.168.1.1:1087 ➝ 207.204.33.199:80
Flows TCP192.168.1.1:1088 ➝ 143.95.253.162:80

Raw Pcap

Strings