Analysis Date2015-10-30 06:54:32
MD57e2a31c07ecd54e90de62007d893def7
SHA18dbb0a1c99736b05cddc01f844670c52110e37a5

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 93eb6d9d4dc38672edc4290725e0afd5 sha1: d3d1f4a52b46dcb9fe3119157c7bec71c79b7766 size: 1294848
Section.rdata md5: ee52f182ff99f96bf52f6d69a796830c sha1: c238a11d53f76b3f41aa869bf6bc38766924bf3e size: 327168
Section.data md5: 39267882eb358d2b021abe8221bc45d8 sha1: 7281a8bf33107367c8a6816a1f667862cbb7e374 size: 7680
Section.reloc md5: 7a82a0d61c868bdbcbfc1965a2d661ea sha1: c48c45dbc768b44f12c62da0bb556f1e64d24046 size: 175616
Timestamp2015-05-11 04:23:03
PackerVC8 -> Microsoft Corporation
PEhashbaebee8dec1f28ed2db49598c4b330a18ffa0d4a
IMPhash6cdc5d0a709ead1f4c8262fe5f3aca0e
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Kazy.611782
AVDr. WebTrojan.Bayrob.5
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Kazy.611782
AVBullGuardGen:Variant.Kazy.611782
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Generic
AVZillya!no_virus
AVEmsisoftGen:Variant.Kazy.611782
AVIkarusTrojan.Win32.Bayrob
AVFrisk (f-prot)no_virus
AVAuthentiumW32/SoxGrave.A.gen!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Gen:Variant.Kazy.611782
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort!rfn
AVK7Trojan ( 004c77f41 )
AVBitDefenderGen:Variant.Kazy.611782
AVFortinetW32/Bayrob.X!tr
AVSymantecDownloader.Upatre!g15
AVGrisoft (avg)Win32/Cryptor
AVEset (nod32)Win32/Bayrob.Y
AVAlwil (avast)Dropper-OJQ [Drp]
AVAd-AwareGen:Variant.Kazy.611782
AVRisingno_virus
AVTwisterno_virus
AVAvira (antivir)TR/Crypt.Xpack.306030
AVMcafeeTrojan-FGIJ!7E2A31C07ECD

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\albeuhn1mhgopzmwzgzsg.exe
Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\albeuhn1mhgopzmwzgzsg.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\albeuhn1mhgopzmwzgzsg.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Key Routing Application List Server Class ➝
C:\WINDOWS\system32\hnqmsavu.exe
Creates FileC:\WINDOWS\system32\hnqmsavu.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\tst
Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\etc
Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\lck
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\hnqmsavu.exe
Creates ServiceControls AutoConfig User-mode Defragmenter - C:\WINDOWS\system32\hnqmsavu.exe

Process
↳ Pid 812

Process
↳ Pid 856

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1116

Process
↳ Pid 1212

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates FileWMIDataDevice

Process
↳ Pid 1868

Process
↳ Pid 1144

Process
↳ C:\WINDOWS\system32\hnqmsavu.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\cfg
Creates FileC:\WINDOWS\TEMP\albeuhn1umfopz.exe
Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\tst
Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\lck
Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\run
Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\rng
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\pmgcokukrqfp.exe
Creates File\Device\Afd\Endpoint
Creates ProcessWATCHDOGPROC "c:\windows\system32\hnqmsavu.exe"
Creates ProcessC:\WINDOWS\TEMP\albeuhn1umfopz.exe -r 47555 tcp

Process
↳ C:\WINDOWS\system32\hnqmsavu.exe

Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\hnqmsavu.exe"

Creates FileC:\WINDOWS\system32\lwroxxfeenrvzkv\tst

Process
↳ C:\WINDOWS\TEMP\albeuhn1umfopz.exe -r 47555 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSrecordsoldier.net
Type: A
208.91.197.241
DNSfliersurprise.net
Type: A
208.91.197.241
DNShistorybright.net
Type: A
208.91.197.241
DNSchiefsoldier.net
Type: A
208.91.197.241
DNSclasssurprise.net
Type: A
208.91.197.241
DNSthosecontinue.net
Type: A
208.91.197.241
DNSthroughcontain.net
Type: A
208.91.197.241
DNSbelongguard.net
Type: A
208.91.197.241
DNSmaybellinethaddeus.net
Type: A
208.91.197.241
DNSkimberleyshavonne.net
Type: A
208.91.197.241
DNSnaildeep.com
Type: A
74.220.215.218
DNSriddenstorm.net
Type: A
66.147.240.171
DNSdestroystorm.net
Type: A
216.239.138.86
DNSwatchguide.net
Type: A
207.148.248.143
DNSfairguide.net
Type: A
82.165.105.244
DNSdreamhalf.net
Type: A
195.22.26.248
DNSdreamname.net
Type: A
195.22.26.231
DNSdreamname.net
Type: A
195.22.26.252
DNSdreamname.net
Type: A
195.22.26.253
DNSdreamname.net
Type: A
195.22.26.254
DNSthisname.net
Type: A
194.68.6.3
DNSdreamguide.net
Type: A
50.63.202.104
DNSsouthwing.net
Type: A
183.90.232.5
DNSwhichfish.net
Type: A
184.168.221.62
DNSsaltfish.net
Type: A
206.130.110.212
DNSgladfish.net
Type: A
50.63.202.30
DNSgroupfish.net
Type: A
184.168.221.47
DNSfairlady.net
Type: A
69.172.201.208
DNSfairfish.net
Type: A
5.226.149.110
DNSdreamwing.net
Type: A
49.212.198.17
DNSdreamlady.net
Type: A
205.186.175.166
DNSdreamfish.net
Type: A
207.148.248.143
DNShumanpaid.net
Type: A
208.100.26.234
DNShairborn.net
Type: A
46.28.105.4
DNShusbandfound.net
Type: A
DNSleadershort.net
Type: A
DNSeggbraker.com
Type: A
DNSithouneed.com
Type: A
DNSwatchlate.net
Type: A
DNSfairlate.net
Type: A
DNSthishalf.net
Type: A
DNSthisguide.net
Type: A
DNSdreamlate.net
Type: A
DNSthislate.net
Type: A
DNSarivewing.net
Type: A
DNSarivepast.net
Type: A
DNSsouthpast.net
Type: A
DNSarivelady.net
Type: A
DNSsouthlady.net
Type: A
DNSarivefish.net
Type: A
DNSsouthfish.net
Type: A
DNSuponwing.net
Type: A
DNSwhichwing.net
Type: A
DNSuponpast.net
Type: A
DNSwhichpast.net
Type: A
DNSuponlady.net
Type: A
DNSwhichlady.net
Type: A
DNSuponfish.net
Type: A
DNSspotwing.net
Type: A
DNSsaltwing.net
Type: A
DNSspotpast.net
Type: A
DNSsaltpast.net
Type: A
DNSspotlady.net
Type: A
DNSsaltlady.net
Type: A
DNSspotfish.net
Type: A
DNSgladwing.net
Type: A
DNStakenwing.net
Type: A
DNSgladpast.net
Type: A
DNStakenpast.net
Type: A
DNSgladlady.net
Type: A
DNStakenlady.net
Type: A
DNStakenfish.net
Type: A
DNSequalwing.net
Type: A
DNSgroupwing.net
Type: A
DNSequalpast.net
Type: A
DNSgrouppast.net
Type: A
DNSequallady.net
Type: A
DNSgrouplady.net
Type: A
DNSequalfish.net
Type: A
DNSspokewing.net
Type: A
DNSvisitwing.net
Type: A
DNSspokepast.net
Type: A
DNSvisitpast.net
Type: A
DNSspokelady.net
Type: A
DNSvisitlady.net
Type: A
DNSspokefish.net
Type: A
DNSvisitfish.net
Type: A
DNSwatchwing.net
Type: A
DNSfairwing.net
Type: A
DNSwatchpast.net
Type: A
DNSfairpast.net
Type: A
DNSwatchlady.net
Type: A
DNSwatchfish.net
Type: A
DNSthiswing.net
Type: A
DNSdreampast.net
Type: A
DNSthispast.net
Type: A
DNSthislady.net
Type: A
DNSthisfish.net
Type: A
DNShumancloth.net
Type: A
DNShaircloth.net
Type: A
DNShairpaid.net
Type: A
DNShumanaugust.net
Type: A
DNShairaugust.net
Type: A
DNShumanborn.net
Type: A
DNSyardcloth.net
Type: A
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://watchguide.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://fairguide.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamhalf.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamname.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://thisname.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamguide.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://southwing.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://whichfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://saltfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://gladfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://groupfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://fairlady.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://fairfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamwing.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamlady.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://humanpaid.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://hairborn.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://watchguide.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://fairguide.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamhalf.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamname.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://thisname.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamguide.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://southwing.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://whichfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://saltfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://gladfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://groupfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://fairlady.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://fairfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamwing.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamlady.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://dreamfish.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://humanpaid.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
HTTP GEThttp://hairborn.net/index.php?method=validate&mode=sox&v=050&sox=4e843a02&lenhdr
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1043 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1044 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1046 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1047 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1048 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1049 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1050 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1051 ➝ 82.165.105.244:80
Flows TCP192.168.1.1:1052 ➝ 195.22.26.248:80
Flows TCP192.168.1.1:1053 ➝ 195.22.26.231:80
Flows TCP192.168.1.1:1054 ➝ 194.68.6.3:80
Flows TCP192.168.1.1:1055 ➝ 50.63.202.104:80
Flows TCP192.168.1.1:1056 ➝ 183.90.232.5:80
Flows TCP192.168.1.1:1057 ➝ 184.168.221.62:80
Flows TCP192.168.1.1:1058 ➝ 206.130.110.212:80
Flows TCP192.168.1.1:1059 ➝ 50.63.202.30:80
Flows TCP192.168.1.1:1060 ➝ 184.168.221.47:80
Flows TCP192.168.1.1:1061 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1062 ➝ 5.226.149.110:80
Flows TCP192.168.1.1:1063 ➝ 49.212.198.17:80
Flows TCP192.168.1.1:1064 ➝ 205.186.175.166:80
Flows TCP192.168.1.1:1065 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1066 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1067 ➝ 46.28.105.4:80
Flows TCP192.168.1.1:1068 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1069 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1070 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1071 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1072 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1073 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1074 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1075 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1076 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1077 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1078 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1079 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1080 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1081 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1082 ➝ 82.165.105.244:80
Flows TCP192.168.1.1:1083 ➝ 195.22.26.248:80
Flows TCP192.168.1.1:1084 ➝ 195.22.26.231:80
Flows TCP192.168.1.1:1085 ➝ 194.68.6.3:80
Flows TCP192.168.1.1:1086 ➝ 50.63.202.104:80
Flows TCP192.168.1.1:1087 ➝ 183.90.232.5:80
Flows TCP192.168.1.1:1088 ➝ 184.168.221.62:80
Flows TCP192.168.1.1:1089 ➝ 206.130.110.212:80
Flows TCP192.168.1.1:1090 ➝ 50.63.202.30:80
Flows TCP192.168.1.1:1091 ➝ 184.168.221.47:80
Flows TCP192.168.1.1:1092 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1093 ➝ 5.226.149.110:80
Flows TCP192.168.1.1:1094 ➝ 49.212.198.17:80
Flows TCP192.168.1.1:1095 ➝ 205.186.175.166:80
Flows TCP192.168.1.1:1096 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1097 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1098 ➝ 46.28.105.4:80

Raw Pcap

Strings