Analysis Date2015-07-27 15:55:53
MD588c95b57f16924bc468e07abc373906e
SHA15f7351281be6622e0b470fc51ade42a95d6ba6fc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: ad3a7503d7664fa9a04a2f5d4c6881cf sha1: 7bf293f55b0ffe748887a86fc960cfb318cb2e49 size: 1009152
Section.rdata md5: 939cf6328ae5ac6ae6f91b2e7cc977b7 sha1: 84dda4611cee8116e3c39773b732a4e25c1b533b size: 512
Section.data md5: eca63e0fb21b0d9601bb167f5b2be0f9 sha1: 23e91568702c866cd20fc6f1684b917d79a92bfb size: 512
Section.rsrc md5: 22fc046f081d7f0e98a8ddcbbb1b3009 sha1: e994d36ddf75f33c2f7940e2265f37d6e946c012 size: 4608
Timestamp2015-02-07 09:53:36
PEhash64e6382cf29c93f0559d9cc1316ca70a69e1432b
IMPhash641c98b5eb299ae8da71cd3a6911babe
AVRisingTrojan.Win32.PolyRansom.a
AVMcafeeW32/VirRansom.b
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVTwisterW32.PolyRansom.b.brnk.mg
AVAd-AwareWin32.Virlock.Gen.2
AVAlwil (avast)Evo-gen [Susp]
AVEset (nod32)Win32/Virlock.I virus
AVGrisoft (avg)LockScreen.BO
AVSymantecno_virus
AVFortinetW32/Zegost.ATDB!tr
AVBitDefenderWin32.Virlock.Gen.2
AVK7Trojan ( 0040fa481 )
AVMicrosoft Security EssentialsVirus:Win32/Nabucur.C
AVMicroWorld (escan)Win32.Virlock.Gen.2
AVMalwareBytesno_virus
AVAuthentiumW32/S-712c29cb!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusVirus-Ransom.FileLocker
AVEmsisoftWin32.Virlock.Gen.2
AVZillya!Virus.Virlock.Win32.1
AVKasperskyVirus.Win32.PolyRansom.b
AVTrend MicroPE_VIRLOCK.I
AVCAT (quickheal)Error Scanning File
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardWin32.Virlock.Gen.2
AVArcabit (arcavir)Win32.Virlock.Gen.2
AVClamAVno_virus
AVDr. WebWin32.VirLock.10
AVF-SecureWin32.Virlock.Gen.2
AVCA (E-Trust Ino)Win32/Nabucur.C

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit ➝
C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe,
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\HUEcIEkg.exe ➝
C:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\igEsYooY.exe ➝
C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\5f7351281be6622e0b470fc51ade42a95d6ba6fc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\GIEoYQoU.bat
Creates FileC:\Documents and Settings\All Users\BGIwEQog\wAYUMkIw.exe
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
Creates FilePIPE\samr
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\lMoUYEYA.bat
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\lMoUYEYA.bat
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Creates Process""C:\Documents and Settings\Administrator\Local Settings\Temp\GIEoYQoU.bat" "C:\malware.exe""
Creates ProcessC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates ProcessC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
Creates Processreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Creates Process"C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc"
Creates MutexvWcsggUA
Creates MutexScUMMMcQ
Creates ServiceBgMMsMHT - C:\Documents and Settings\All Users\BGIwEQog\wAYUMkIw.exe
Starts ServiceBgMMsMHT

Process
↳ "C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc"

Creates ProcessC:\5f7351281be6622e0b470fc51ade42a95d6ba6fc

Process
↳ reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
NULL

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
2

Process
↳ reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
NULL

Process
↳ C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc

Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\5f7351281be6622e0b470fc51ade42a95d6ba6fc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\iAMgoEIY.bat
Creates FilePIPE\samr
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\nIAIwYcU.bat
Creates File\Device\Afd\Endpoint
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\iAMgoEIY.bat
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Creates Processreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Creates Process""C:\Documents and Settings\Administrator\Local Settings\Temp\nIAIwYcU.bat" "C:\malware.exe""
Creates Process"C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc"
Creates MutexvWcsggUA
Creates MutexScUMMMcQ

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt ➝
1

Process
↳ "C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc"

Creates ProcessC:\5f7351281be6622e0b470fc51ade42a95d6ba6fc

Process
↳ reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
NULL

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt ➝
1

Process
↳ ""C:\Documents and Settings\Administrator\Local Settings\Temp\GIEoYQoU.bat" "C:\malware.exe""

Process
↳ "C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc"

Creates ProcessC:\5f7351281be6622e0b470fc51ade42a95d6ba6fc

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
2

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
2

Process
↳ C:\malware.exe

Creates FilePIPE\samr
Creates FileC:\5f7351281be6622e0b470fc51ade42a95d6ba6fc
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\SEsAAAAw.bat
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\DoEcEEIQ.bat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\SEsAAAAw.bat
Creates Processreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Creates Process"C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc"

Process
↳ C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc

Process
↳ C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc

Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\5f7351281be6622e0b470fc51ade42a95d6ba6fc
Creates FilePIPE\samr
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\iyYUoUsc.bat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\YgwsMokw.bat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\YgwsMokw.bat
Creates Process""C:\Documents and Settings\Administrator\Local Settings\Temp\iyYUoUsc.bat" "C:\malware.exe""
Creates Processreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Creates Process"C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc"
Creates MutexvWcsggUA
Creates MutexScUMMMcQ

Process
↳ reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
NULL

Process
↳ ""C:\Documents and Settings\Administrator\Local Settings\Temp\iyYUoUsc.bat" "C:\malware.exe""

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\file.vbs
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\iyYUoUsc.bat
Creates Processcscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
2

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt ➝
1

Process
↳ ""C:\Documents and Settings\Administrator\Local Settings\Temp\nIAIwYcU.bat" "C:\malware.exe""

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\file.vbs
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\nIAIwYcU.bat
Creates Processcscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Process
↳ C:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\HUEcIEkg.exe ➝
C:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates Mutex$1@
Creates Mutex\\x141@
Creates Mutex,1@
Creates Mutex41@
Creates MutexnwYEEQIw0
Creates MutexrIwsEEEo0
Creates MutexScUMMMcQ
Creates MutexvWcsggUA
Creates Mutex\\x1c1@

Process
↳ C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe

RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\igEsYooY.exe ➝
C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates FileGwcG.exe
Creates FileC:\RCX9.tmp
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
Creates FileusIa.exe
Creates FilemEcG.exe
Creates FileegIe.exe
Creates FileEQkg.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
Creates FileC:\RCX2.tmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
Creates FileWaIw.ico
Creates FileC:\Documents and Settings\All Users\ICUk.txt
Creates FileC:\RCX8.tmp
Creates FileC:\RCX5.tmp
Creates FileWisg.ico
Creates FileaaAQ.ico
Creates FileC:\RCX3.tmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
Creates FileC:\RCXB.tmp
Creates FileqkAA.ico
Creates FileAwYi.exe
Creates FileYgso.ico
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
Creates FilemcUm.exe
Creates FileuEsk.ico
Creates FileikIw.ico
Creates FilemggQ.exe
Creates FilescoY.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
Creates FileC:\RCX7.tmp
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates FileC:\RCX1.tmp
Creates File\Device\Afd\Endpoint
Creates FileOGIc.ico
Creates FileC:\RCX6.tmp
Creates FileC:\RCXA.tmp
Creates FilemwoC.exe
Creates FileC:\RCX4.tmp
Creates FilemacU.ico
Creates FileuGQg.ico
Creates FileKwwA.exe
Creates FileC:\RCXC.tmp
Creates FileGawk.ico
Creates FileCIUK.exe
Creates FilemiIw.ico
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe
Deletes FileGwcG.exe
Deletes FileusIa.exe
Deletes FilemEcG.exe
Deletes FileegIe.exe
Deletes FileEQkg.exe
Deletes FileWaIw.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp
Deletes FileOGIc.ico
Deletes FilemwoC.exe
Deletes FileWisg.ico
Deletes FilemacU.ico
Deletes FileaaAQ.ico
Deletes FileuGQg.ico
Deletes FileKwwA.exe
Deletes FileqkAA.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp
Deletes FileAwYi.exe
Deletes FileYgso.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp
Deletes FilemcUm.exe
Deletes FileuEsk.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp
Deletes FileGawk.ico
Deletes FileCIUK.exe
Deletes FileikIw.ico
Deletes FilemggQ.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp
Creates Mutex$1@
Creates Mutex\\x141@
Creates Mutex,1@
Creates Mutex41@
Creates MutexnwYEEQIw0
Creates MutexrIwsEEEo0
Creates MutexScUMMMcQ
Creates MutexvWcsggUA
Creates Mutex\\x1c1@

Process
↳ C:\Documents and Settings\All Users\BGIwEQog\wAYUMkIw.exe

RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\igEsYooY.exe ➝
C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates Filepipe\net\NtControlPipe10
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\LocalService\sckowYEM\HUEcIEkg
Creates MutexvWcsggUA
Creates MutexScUMMMcQ

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 800

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Process
↳ Pid 1204

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LogonTime ➝
NULL
Creates FileWMIDataDevice

Process
↳ Pid 1872

Process
↳ Pid 1160

Process
↳ "C:\5f7351281be6622e0b470fc51ade42a95d6ba6fc"

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

Process
↳ cscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Creates FilePIPE\lsarpc

Process
↳ cscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Network Details:

DNSblock.io
Type: A
104.237.132.39
DNSgoogle.com
Type: A
173.194.46.70
DNSgoogle.com
Type: A
173.194.46.69
DNSgoogle.com
Type: A
173.194.46.68
DNSgoogle.com
Type: A
173.194.46.67
DNSgoogle.com
Type: A
173.194.46.66
DNSgoogle.com
Type: A
173.194.46.65
DNSgoogle.com
Type: A
173.194.46.64
DNSgoogle.com
Type: A
173.194.46.78
DNSgoogle.com
Type: A
173.194.46.73
DNSgoogle.com
Type: A
173.194.46.72
DNSgoogle.com
Type: A
173.194.46.71
HTTP GEThttp://google.com/
User-Agent:
HTTP GEThttp://google.com/
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1032 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1033 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1034 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1035 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1036 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1037 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1038 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1039 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1040 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1041 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1042 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1043 ➝ 173.194.46.70:80
Flows TCP192.168.1.1:1044 ➝ 173.194.46.70:80
Flows TCP192.168.1.1:1045 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1046 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1047 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1048 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1049 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1050 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1051 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1052 ➝ 104.237.132.39:443
Flows TCP192.168.1.1:1053 ➝ 104.237.132.39:443

Raw Pcap
0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   160303                                ...

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   486f7374 3a20676f 6f676c65 2e636f6d   Host: google.com
0x00000020 (00032)   0d0a0d0a c23c5de2 dd714f              .....<]..qO

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   486f7374 3a20676f 6f676c65 2e636f6d   Host: google.com
0x00000020 (00032)   0d0a0d0a                              ....


Strings