Analysis Date2015-11-22 19:16:29
MD5005d1f05585bbfbafdb68b680a5bd5dd
SHA166823ce83d89e6074bea5015f5abe1087e45ded3

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: ff079055e1ea84c6f380d351ed7ad9b2 sha1: f22698facb8a768fc0ac9aef8e3284e4c455f7d2 size: 1325568
Section.rdata md5: 4ef3f4415f3616c83c7a206f49da4f8c sha1: 54258d89255b680a3bea45b5b936d96057e03cec size: 315392
Section.data md5: 569c0675dc7dfcc1d93e2c15c096e658 sha1: ed13dc22deeca0eaf51c4a5ab091e5bc82d21a36 size: 7680
Section.reloc md5: 27180a1422fccaabd8955714df8197db sha1: b3d7fc6ee756a269409031433aebd7b4baa311ef size: 182272
Timestamp2015-05-11 04:56:14
PackerVC8 -> Microsoft Corporation
PEhash02ccb94df21020c680cd3d483ba90f3e5eb800d8
IMPhash0b4c2d664598db6d633beb52039489dc
AVRisingno_virus
AVMcafeeTrojan-FGIJ!005D1F05585B
AVAvira (antivir)TR/AD.Nivdort.M.72
AVTwisterno_virus
AVAd-AwareGen:Variant.Diley.1
AVAlwil (avast)Dropper-OJQ [Drp]
AVEset (nod32)Win32/Bayrob.Y
AVGrisoft (avg)Crypt4.ADWO
AVSymantecDownloader.Upatre!g15
AVFortinetW32/Kryptik.EETB!tr
AVBitDefenderGen:Variant.Diley.1
AVK7Trojan ( 004c77f41 )
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.BN
AVMicroWorld (escan)Gen:Variant.Graftor.196367
AVMalwareBytesno_virus
AVAuthentiumW32/SoxGrave.A.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Bayrob
AVEmsisoftGen:Variant.Diley.1
AVZillya!Backdoor.SoxGrave.Win32.55
AVKasperskyTrojan.Win32.Generic
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Diley.1
AVArcabit (arcavir)Gen:Variant.Diley.1
AVClamAVno_virus
AVDr. WebTrojan.Bayrob.5
AVF-SecureGen:Variant.Diley.1
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeTrojan-FGIJ!005D1F05585B
AVAvira (antivir)TR/AD.Nivdort.M.72
AVTwisterno_virus
AVAd-AwareGen:Variant.Diley.1
AVAlwil (avast)Dropper-OJQ [Drp]
AVEset (nod32)Win32/Bayrob.Y
AVGrisoft (avg)Crypt4.ADWO
AVSymantecDownloader.Upatre!g15
AVFortinetW32/Kryptik.EETB!tr
AVBitDefenderGen:Variant.Diley.1
AVK7Trojan ( 004c77f41 )
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.BN
AVMicroWorld (escan)Gen:Variant.Graftor.196367
AVMalwareBytesno_virus
AVAuthentiumW32/SoxGrave.A.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Bayrob

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\lsrcgpxt\tst
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\wxqkcj11jwuamfcjrtnfk.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\wxqkcj11jwuamfcjrtnfk.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\wxqkcj11jwuamfcjrtnfk.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Reporting Extender Center Ordering Endpoint ➝
C:\WINDOWS\system32\sbojtew.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\lsrcgpxt\lck
Creates FileC:\WINDOWS\system32\sbojtew.exe
Creates FileC:\WINDOWS\system32\lsrcgpxt\etc
Creates FileC:\WINDOWS\system32\lsrcgpxt\tst
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\sbojtew.exe
Creates ServiceCertificate Mapper Time Launcher Call - C:\WINDOWS\system32\sbojtew.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates FileWMIDataDevice

Process
↳ Pid 816

Process
↳ Pid 864

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf
Creates FileC:\WINDOWS\Prefetch\66823CE83D89E6074BEA5015F5ABE-274F4747.pf
Creates FileC:\WINDOWS\Prefetch\monitor.exe-1949D260.pf
Creates FileC:\WINDOWS\Prefetch\WXQKCJ11JWUAMFCJRTNFK.EXE-1C1C7E4E.pf
Creates FileC:\WINDOWS\Prefetch\SBOJTEW.EXE-2F1A3FEB.pf
Creates FileC:\WINDOWS\Prefetch\WXQKCJ11VR1AMF.EXE-17E3D7C8.pf
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\Prefetch\WXSDIDL.EXE-3093ACDD.pf
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log
Creates FileC:\WINDOWS\Prefetch\svchost.EXE-0C867EC1.pf

Process
↳ Pid 1220

Process
↳ Pid 1308

Process
↳ Pid 1860

Process
↳ Pid 1604

Process
↳ C:\WINDOWS\system32\sbojtew.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\lsrcgpxt\cfg
Creates FileC:\WINDOWS\system32\wxsdidl.exe
Creates FileC:\WINDOWS\system32\lsrcgpxt\rng
Creates FileC:\WINDOWS\system32\lsrcgpxt\lck
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\lsrcgpxt\run
Creates FileC:\WINDOWS\TEMP\wxqkcj11vr1amf.exe
Creates FileC:\WINDOWS\system32\lsrcgpxt\tst
Creates File\Device\Afd\Endpoint
Deletes FileC:\WINDOWS\TEMP\wxqkcj11vr1amf.exe
Creates ProcessC:\WINDOWS\TEMP\wxqkcj11vr1amf.exe -r 31996 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\sbojtew.exe"

Process
↳ C:\WINDOWS\system32\sbojtew.exe

Creates FileC:\WINDOWS\system32\lsrcgpxt\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\sbojtew.exe"

Creates FileC:\WINDOWS\system32\lsrcgpxt\tst

Process
↳ C:\WINDOWS\TEMP\wxqkcj11vr1amf.exe -r 31996 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSrecordsoldier.net
Type: A
208.91.197.241
DNSfliersurprise.net
Type: A
208.91.197.241
DNShistorybright.net
Type: A
208.91.197.241
DNSchiefsoldier.net
Type: A
208.91.197.241
DNSclasssurprise.net
Type: A
208.91.197.241
DNSthosecontinue.net
Type: A
208.91.197.241
DNSthroughcontain.net
Type: A
208.91.197.241
DNSbelongguard.net
Type: A
208.91.197.241
DNSmaybellinethaddeus.net
Type: A
208.91.197.241
DNSkimberleyshavonne.net
Type: A
208.91.197.241
DNSnaildeep.com
Type: A
74.220.215.218
DNSriddenstorm.net
Type: A
66.147.240.171
DNSdestroystorm.net
Type: A
216.239.138.86
DNSsouthsound.net
Type: A
166.108.32.245
DNSwhichgreen.net
Type: A
85.233.160.22
DNSgladsound.net
Type: A
205.251.141.40
DNSmelbourneit.hotkeysparking.com
Type: A
8.5.1.16
DNSgroupsound.net
Type: A
69.172.201.208
DNSvisitlift.net
Type: A
50.63.202.45
DNSvisitgreen.net
Type: A
208.100.26.234
DNSfairgreen.net
Type: A
72.52.4.119
DNSwatchsound.net
Type: A
95.211.230.75
DNSfairsound.net
Type: A
157.7.200.171
DNSdreamlift.net
Type: A
98.191.83.85
DNSthisgreen.net
Type: A
95.211.230.75
DNSdreamsound.net
Type: A
207.148.248.143
DNSthissound.net
Type: A
66.6.44.4
DNSdreamhand.net
Type: A
74.220.219.141
DNSarivehappy.net
Type: A
195.22.28.197
DNSarivehappy.net
Type: A
195.22.28.198
DNSarivehappy.net
Type: A
195.22.28.199
DNSarivehappy.net
Type: A
195.22.28.196
DNShusbandfound.net
Type: A
DNSleadershort.net
Type: A
DNSeggbraker.com
Type: A
DNSithouneed.com
Type: A
DNSdreamwore.net
Type: A
DNSthiswore.net
Type: A
DNSdreamwhere.net
Type: A
DNSthiswhere.net
Type: A
DNSarivelift.net
Type: A
DNSsouthlift.net
Type: A
DNSarivegreen.net
Type: A
DNSsouthgreen.net
Type: A
DNSarivesound.net
Type: A
DNSarivehand.net
Type: A
DNSsouthhand.net
Type: A
DNSuponlift.net
Type: A
DNSwhichlift.net
Type: A
DNSupongreen.net
Type: A
DNSuponsound.net
Type: A
DNSwhichsound.net
Type: A
DNSuponhand.net
Type: A
DNSwhichhand.net
Type: A
DNSspotlift.net
Type: A
DNSsaltlift.net
Type: A
DNSspotgreen.net
Type: A
DNSsaltgreen.net
Type: A
DNSspotsound.net
Type: A
DNSsaltsound.net
Type: A
DNSspothand.net
Type: A
DNSsalthand.net
Type: A
DNSgladlift.net
Type: A
DNStakenlift.net
Type: A
DNSgladgreen.net
Type: A
DNStakengreen.net
Type: A
DNStakensound.net
Type: A
DNSgladhand.net
Type: A
DNStakenhand.net
Type: A
DNSequallift.net
Type: A
DNSgrouplift.net
Type: A
DNSequalgreen.net
Type: A
DNSgroupgreen.net
Type: A
DNSequalsound.net
Type: A
DNSequalhand.net
Type: A
DNSgrouphand.net
Type: A
DNSspokelift.net
Type: A
DNSspokegreen.net
Type: A
DNSspokesound.net
Type: A
DNSvisitsound.net
Type: A
DNSspokehand.net
Type: A
DNSvisithand.net
Type: A
DNSwatchlift.net
Type: A
DNSfairlift.net
Type: A
DNSwatchgreen.net
Type: A
DNSwatchhand.net
Type: A
DNSfairhand.net
Type: A
DNSthislift.net
Type: A
DNSdreamgreen.net
Type: A
DNSthishand.net
Type: A
DNSsouthhappy.net
Type: A
DNSariveheat.net
Type: A
DNSsouthheat.net
Type: A
DNSarivesince.net
Type: A
DNSsouthsince.net
Type: A
DNSarivepage.net
Type: A
DNSsouthpage.net
Type: A
DNSuponhappy.net
Type: A
DNSwhichhappy.net
Type: A
DNSuponheat.net
Type: A
DNSwhichheat.net
Type: A
DNSuponsince.net
Type: A
DNSwhichsince.net
Type: A
DNSuponpage.net
Type: A
DNSwhichpage.net
Type: A
DNSspothappy.net
Type: A
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://southsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://whichgreen.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://gladsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://takenhand.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://groupsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://visitlift.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://visitgreen.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://fairgreen.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://watchsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://fairsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://dreamlift.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://thisgreen.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://dreamsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://thissound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://dreamhand.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://arivehappy.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://southsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://whichgreen.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://gladsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://takenhand.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://groupsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://visitlift.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://visitgreen.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://fairgreen.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://watchsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://fairsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://dreamlift.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://thisgreen.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://dreamsound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://thissound.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://dreamhand.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
HTTP GEThttp://arivehappy.net/index.php?method=validate&mode=sox&v=050&sox=4feaec01&lenhdr
User-Agent:
Flows TCP192.168.1.1:1032 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1033 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1034 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1036 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1043 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1044 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1046 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1047 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1048 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1049 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1050 ➝ 166.108.32.245:80
Flows TCP192.168.1.1:1051 ➝ 85.233.160.22:80
Flows TCP192.168.1.1:1052 ➝ 205.251.141.40:80
Flows TCP192.168.1.1:1053 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1054 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1055 ➝ 50.63.202.45:80
Flows TCP192.168.1.1:1056 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1057 ➝ 72.52.4.119:80
Flows TCP192.168.1.1:1058 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1059 ➝ 157.7.200.171:80
Flows TCP192.168.1.1:1060 ➝ 98.191.83.85:80
Flows TCP192.168.1.1:1061 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1062 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1063 ➝ 66.6.44.4:80
Flows TCP192.168.1.1:1064 ➝ 74.220.219.141:80
Flows TCP192.168.1.1:1065 ➝ 195.22.28.197:80
Flows TCP192.168.1.1:1066 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1067 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1068 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1069 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1070 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1071 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1072 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1073 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1074 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1075 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1076 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1077 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1078 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1079 ➝ 166.108.32.245:80
Flows TCP192.168.1.1:1080 ➝ 85.233.160.22:80
Flows TCP192.168.1.1:1081 ➝ 205.251.141.40:80
Flows TCP192.168.1.1:1082 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1083 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1084 ➝ 50.63.202.45:80
Flows TCP192.168.1.1:1085 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1086 ➝ 72.52.4.119:80
Flows TCP192.168.1.1:1087 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1088 ➝ 157.7.200.171:80
Flows TCP192.168.1.1:1089 ➝ 98.191.83.85:80
Flows TCP192.168.1.1:1090 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1091 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1092 ➝ 66.6.44.4:80
Flows TCP192.168.1.1:1093 ➝ 74.220.219.141:80
Flows TCP192.168.1.1:1094 ➝ 195.22.28.197:80

Raw Pcap

Strings