Analysis Date2015-11-22 05:00:25
MD5c99a18647b28ee60608d2294802b8eaf
SHA1da593fc0eeb4784bd8afa805ff41b3cebec7a6e8

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 000e446efa2c8609520794581855839c sha1: 5c3731d450dbceee8033114474f5382eeae0c380 size: 1175040
Section.rdata md5: 256d3291c9ec51ddef22450f1c4a0b70 sha1: f3e00b9caa6e4714a1a111b189d54c498d2cb433 size: 293888
Section.data md5: f21078785ddcf96e44d797079ba1680c sha1: ec51a6614fc032b391ac971e4075b85facfb3057 size: 8192
Section.reloc md5: 7dfe89559d873ffff72c2d612a6cd941 sha1: 5088306595badf9e4a767a338dcd6960ca88101a size: 146432
Timestamp2015-05-11 04:26:21
PackerVC8 -> Microsoft Corporation
PEhash978b6a004d927204483e86c49d6f5bb76b80ff6e
IMPhash8b1be3254f78d74ec9ed8780de87cb7b
AVF-SecureGen:Variant.Diley.1
AVAuthentiumW32/SoxGrave.A.gen!Eldorado
AVMalwareBytesno_virus
AVDr. WebTrojan.Bayrob.5
AVGrisoft (avg)Win32/Cryptor
AVMalwareBytesno_virus
AVEset (nod32)Win32/Bayrob.Y
AVMicroWorld (escan)no_virus
AVTrend Microno_virus
AVClamAVno_virus
AVTwisterno_virus
AVEset (nod32)Win32/Bayrob.Y
AVBitDefenderGen:Variant.Diley.1
AVMicroWorld (escan)no_virus
AVAvira (antivir)TR/Crypt.Xpack.314766
AVAlwil (avast)Dropper-OJQ [Drp]
AVFortinetW32/Kryptik.EETB!tr
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort!rfn
AVIkarusTrojan.Win32.Bayrob
AVKasperskyTrojan.Win32.Generic
AVVirusBlokAda (vba32)no_virus
AVArcabit (arcavir)no_virus
AVMcafeeTrojan-FGIJ!C99A18647B28
AVAvira (antivir)TR/Crypt.Xpack.314766
AVAd-AwareGen:Variant.Diley.1
AVAlwil (avast)Dropper-OJQ [Drp]
AVSymantecDownloader.Upatre!g15
AVFortinetW32/Kryptik.EETB!tr
AVK7Trojan ( 004c77f41 )
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort!rfn
AVRising0x593ce7d1
AVMcafeeTrojan-FGIJ!C99A18647B28
AVTwisterno_virus
AVAd-AwareGen:Variant.Diley.1
AVGrisoft (avg)Win32/Cryptor
AVSymantecDownloader.Upatre!g15
AVBitDefenderno_virus
AVK7Trojan ( 004c77f41 )
AVAuthentiumW32/SoxGrave.A.gen!Eldorado
AVFrisk (f-prot)no_virus
AVEmsisoftno_virus
AVZillya!no_virus
AVCAT (quickheal)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Diley.1
AVCA (E-Trust Ino)no_virus
AVRising0x593ce7d1
AVIkarusTrojan.Win32.Bayrob
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\tst
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\ohtu0pf1kq3lsuhwcpjax.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\ohtu0pf1kq3lsuhwcpjax.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\ohtu0pf1kq3lsuhwcpjax.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Process Center Diagnostic Network Studio ➝
C:\WINDOWS\system32\ibaogjub.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\lck
Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\tst
Creates FileC:\WINDOWS\system32\ibaogjub.exe
Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\etc
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\ibaogjub.exe
Creates ServiceSuperfetch Telephony Resource Locator - C:\WINDOWS\system32\ibaogjub.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 800

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1204

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1168

Process
↳ C:\WINDOWS\system32\ibaogjub.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\rng
Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\run
Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\lck
Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\tst
Creates FileC:\WINDOWS\system32\cxcvbgocsjam.exe
Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\cfg
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\TEMP\ohtu0pf1oxklsu.exe
Creates ProcessC:\WINDOWS\TEMP\ohtu0pf1oxklsu.exe -r 23624 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\ibaogjub.exe"

Process
↳ C:\WINDOWS\system32\ibaogjub.exe

Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\ibaogjub.exe"

Creates FileC:\WINDOWS\system32\fncofqzlqcjsx\tst

Process
↳ C:\WINDOWS\TEMP\ohtu0pf1oxklsu.exe -r 23624 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSrecordsoldier.net
Type: A
208.91.197.241
DNSfliersurprise.net
Type: A
208.91.197.241
DNShistorybright.net
Type: A
208.91.197.241
DNSchiefsoldier.net
Type: A
208.91.197.241
DNSclasssurprise.net
Type: A
208.91.197.241
DNSthosecontinue.net
Type: A
208.91.197.241
DNSthroughcontain.net
Type: A
208.91.197.241
DNSbelongguard.net
Type: A
208.91.197.241
DNSmaybellinethaddeus.net
Type: A
208.91.197.241
DNSkimberleyshavonne.net
Type: A
208.91.197.241
DNSnaildeep.com
Type: A
74.220.215.218
DNSriddenstorm.net
Type: A
66.147.240.171
DNSdestroystorm.net
Type: A
216.239.138.86
DNSmelbourneit.hotkeysparking.com
Type: A
8.5.1.16
DNSspotroad.net
Type: A
82.165.208.244
DNSsaltroad.net
Type: A
50.63.202.8
DNSspotmail.net
Type: A
94.75.234.208
DNSsaltwhere.net
Type: A
208.100.26.234
DNSgladroad.net
Type: A
62.109.6.166
DNSequalmail.net
Type: A
64.12.128.215
DNSequalmail.net
Type: A
64.12.130.215
DNSequalmail.net
Type: A
149.174.107.143
DNSequalmail.net
Type: A
149.174.110.147
DNSgroupmail.net
Type: A
137.117.90.235
DNSequalwhere.net
Type: A
195.22.28.196
DNSequalwhere.net
Type: A
195.22.28.197
DNSequalwhere.net
Type: A
195.22.28.198
DNSequalwhere.net
Type: A
195.22.28.199
DNSgroupwhere.net
Type: A
76.30.51.151
DNSwatchroad.net
Type: A
14.17.77.103
DNSfairmail.net
Type: A
195.250.142.238
DNSdreammail.net
Type: A
66.111.4.54
DNSdreammail.net
Type: A
66.111.4.53
DNSthismail.net
Type: A
213.155.25.144
DNSsouthsound.net
Type: A
166.108.32.245
DNSwhichgreen.net
Type: A
85.233.160.22
DNShusbandfound.net
Type: A
DNSleadershort.net
Type: A
DNSeggbraker.com
Type: A
DNSithouneed.com
Type: A
DNSsouthwhere.net
Type: A
DNSuponroad.net
Type: A
DNSwhichroad.net
Type: A
DNSuponmail.net
Type: A
DNSwhichmail.net
Type: A
DNSuponwore.net
Type: A
DNSwhichwore.net
Type: A
DNSuponwhere.net
Type: A
DNSwhichwhere.net
Type: A
DNSsaltmail.net
Type: A
DNSspotwore.net
Type: A
DNSsaltwore.net
Type: A
DNSspotwhere.net
Type: A
DNStakenroad.net
Type: A
DNSgladmail.net
Type: A
DNStakenmail.net
Type: A
DNSgladwore.net
Type: A
DNStakenwore.net
Type: A
DNSgladwhere.net
Type: A
DNStakenwhere.net
Type: A
DNSequalroad.net
Type: A
DNSgrouproad.net
Type: A
DNSequalwore.net
Type: A
DNSgroupwore.net
Type: A
DNSspokeroad.net
Type: A
DNSvisitroad.net
Type: A
DNSspokemail.net
Type: A
DNSvisitmail.net
Type: A
DNSspokewore.net
Type: A
DNSvisitwore.net
Type: A
DNSspokewhere.net
Type: A
DNSvisitwhere.net
Type: A
DNSfairroad.net
Type: A
DNSwatchmail.net
Type: A
DNSwatchwore.net
Type: A
DNSfairwore.net
Type: A
DNSwatchwhere.net
Type: A
DNSfairwhere.net
Type: A
DNSdreamroad.net
Type: A
DNSthisroad.net
Type: A
DNSdreamwore.net
Type: A
DNSthiswore.net
Type: A
DNSdreamwhere.net
Type: A
DNSthiswhere.net
Type: A
DNSarivelift.net
Type: A
DNSsouthlift.net
Type: A
DNSarivegreen.net
Type: A
DNSsouthgreen.net
Type: A
DNSarivesound.net
Type: A
DNSarivehand.net
Type: A
DNSsouthhand.net
Type: A
DNSuponlift.net
Type: A
DNSwhichlift.net
Type: A
DNSupongreen.net
Type: A
DNSuponsound.net
Type: A
DNSwhichsound.net
Type: A
DNSuponhand.net
Type: A
DNSwhichhand.net
Type: A
DNSspotlift.net
Type: A
DNSsaltlift.net
Type: A
DNSspotgreen.net
Type: A
DNSsaltgreen.net
Type: A
DNSspotsound.net
Type: A
DNSsaltsound.net
Type: A
DNSspothand.net
Type: A
DNSsalthand.net
Type: A
DNSgladlift.net
Type: A
DNStakenlift.net
Type: A
DNSgladgreen.net
Type: A
DNStakengreen.net
Type: A
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://uponmail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://spotroad.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://saltroad.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://spotmail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://saltwhere.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://gladroad.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://equalmail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://groupmail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://equalwhere.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://groupwhere.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://watchroad.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://fairmail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://dreammail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://thismail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://southsound.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://whichgreen.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://uponmail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://spotroad.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://saltroad.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://spotmail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://saltwhere.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://gladroad.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://equalmail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://groupmail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://equalwhere.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://groupwhere.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://watchroad.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://fairmail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://dreammail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://thismail.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://southsound.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
HTTP GEThttp://whichgreen.net/index.php?method=validate&mode=sox&v=050&sox=5216d200&lenhdr
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1044 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1045 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1046 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1047 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1048 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1049 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1050 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1051 ➝ 82.165.208.244:80
Flows TCP192.168.1.1:1052 ➝ 50.63.202.8:80
Flows TCP192.168.1.1:1053 ➝ 94.75.234.208:80
Flows TCP192.168.1.1:1054 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1055 ➝ 62.109.6.166:80
Flows TCP192.168.1.1:1056 ➝ 64.12.128.215:80
Flows TCP192.168.1.1:1057 ➝ 137.117.90.235:80
Flows TCP192.168.1.1:1058 ➝ 195.22.28.196:80
Flows TCP192.168.1.1:1059 ➝ 76.30.51.151:80
Flows TCP192.168.1.1:1060 ➝ 14.17.77.103:80
Flows TCP192.168.1.1:1061 ➝ 195.250.142.238:80
Flows TCP192.168.1.1:1062 ➝ 66.111.4.54:80
Flows TCP192.168.1.1:1063 ➝ 213.155.25.144:80
Flows TCP192.168.1.1:1064 ➝ 166.108.32.245:80
Flows TCP192.168.1.1:1065 ➝ 85.233.160.22:80
Flows TCP192.168.1.1:1066 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1067 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1068 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1069 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1070 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1071 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1072 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1073 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1074 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1075 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1076 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1077 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1078 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1079 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1080 ➝ 82.165.208.244:80
Flows TCP192.168.1.1:1081 ➝ 50.63.202.8:80
Flows TCP192.168.1.1:1082 ➝ 94.75.234.208:80
Flows TCP192.168.1.1:1083 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1084 ➝ 62.109.6.166:80
Flows TCP192.168.1.1:1085 ➝ 64.12.128.215:80
Flows TCP192.168.1.1:1086 ➝ 137.117.90.235:80
Flows TCP192.168.1.1:1087 ➝ 195.22.28.196:80
Flows TCP192.168.1.1:1088 ➝ 76.30.51.151:80
Flows TCP192.168.1.1:1089 ➝ 14.17.77.103:80
Flows TCP192.168.1.1:1090 ➝ 195.250.142.238:80
Flows TCP192.168.1.1:1091 ➝ 66.111.4.54:80
Flows TCP192.168.1.1:1092 ➝ 213.155.25.144:80
Flows TCP192.168.1.1:1093 ➝ 166.108.32.245:80
Flows TCP192.168.1.1:1094 ➝ 85.233.160.22:80

Raw Pcap

Strings