Analysis Date2015-11-02 16:20:02
MD5477ae994b3490842b61736307a42a69a
SHA1f07f1b249f9a10f93f3b188c55be787f3729648f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: db240ece3132817f63441fc8c058f507 sha1: 6e41a35586dfc7d0d78b9ba60324b86a15ccee17 size: 1408000
Section.rdata md5: 392aab1e49b0e8750ba517567548477e sha1: 2577f2c4064edcb2e1161ffccc0f7cd029c28ead size: 325120
Section.data md5: f290dbe659a454c851b70bb0ee39c0d9 sha1: 67006ccdb5fa5deaa4a8b104737edee808362a1e size: 7680
Section.reloc md5: 8fa168eef128f82e49eebf24a4314aa5 sha1: 9acbaa81e72ed338c2e8788a8be81d758ecee4f4 size: 197120
Timestamp2015-05-11 04:36:08
PackerVC8 -> Microsoft Corporation
PEhashc37a235058e64d42f953ad1cdff22917083954e4
IMPhashdad8e12ea035ce7a9c513eb41b85526d
AVMalwareBytesNo Virus
AVPadvishNo Virus
AVIkarusTrojan.Win32.Bayrob
AVMalwareBytesNo Virus
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort!rfn
AVMicroWorld (escan)Gen:Variant.Diley.1
AVFortinetW32/Bayrob.X!tr
AVGrisoft (avg)Win32/Cryptor
AVK7Trojan ( 004c77f41 )
AVKasperskyTrojan.Win32.Generic
AVMcafeeTrojan-FGIJ!477AE994B349
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort!rfn
AVF-SecureGen:Variant.Diley.1
AVMicroWorld (escan)Gen:Variant.Diley.1
AVEset (nod32)Win32/Bayrob.Y
AVEset (nod32)Win32/Bayrob.Y
AVFrisk (f-prot)No Virus
AVGrisoft (avg)Win32/Cryptor
AVFortinetW32/Bayrob.X!tr
AVIkarusTrojan.Win32.Bayrob
AVK7Trojan ( 004c77f41 )
AVKasperskyTrojan.Win32.Generic
AVF-SecureGen:Variant.Diley.1
AVMcafeeTrojan-FGIJ!477AE994B349
AVAd-AwareGen:Variant.Diley.1
AVBullGuardGen:Variant.Diley.1
AVBullGuardGen:Variant.Diley.1
AVAlwil (avast)Dropper-OJQ [Drp]
AVAuthentiumW32/SoxGrave.A.gen!Eldorado
AVCA (E-Trust Ino)No Virus
AVCA (E-Trust Ino)No Virus
AVAuthentiumW32/SoxGrave.A.gen!Eldorado
AVAlwil (avast)Dropper-OJQ [Drp]
AVCAT (quickheal)No Virus
AVCAT (quickheal)No Virus
AVAd-AwareGen:Variant.Diley.1
AVAvira (antivir)TR/Crypt.Xpack.280228
AVClamAVNo Virus
AVClamAVNo Virus
AVAvira (antivir)TR/Crypt.Xpack.280228
AVFrisk (f-prot)No Virus
AVDr. WebTrojan.Bayrob.5
AVDr. WebTrojan.Bayrob.5
AVArcabit (arcavir)Gen:Variant.Diley.1
AVBitDefenderGen:Variant.Diley.1
AVEmsisoftGen:Variant.Diley.1
AVEmsisoftGen:Variant.Diley.1
AVBitDefenderGen:Variant.Diley.1
AVArcabit (arcavir)Gen:Variant.Diley.1
AVPadvishNo Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\efbfbdsnhqj\tst
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\chmridz81lqzngv9iqsomorge.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\chmridz81lqzngv9iqsomorge.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\chmridz81lqzngv9iqsomorge.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Interactive Connections List Auto ➝
C:\WINDOWS\system32\seathvj.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\efbfbdsnhqj\etc
Creates FileC:\WINDOWS\system32\efbfbdsnhqj\lck
Creates FileC:\WINDOWS\system32\efbfbdsnhqj\tst
Creates FileC:\WINDOWS\system32\seathvj.exe
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\seathvj.exe
Creates ServiceAudio Driver DHCP Fax Link-Layer - C:\WINDOWS\system32\seathvj.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1204

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LogonTime ➝
NULL
Creates FileWMIDataDevice

Process
↳ Pid 1864

Process
↳ Pid 1128

Process
↳ C:\WINDOWS\system32\seathvj.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\efbfbdsnhqj\run
Creates FileC:\WINDOWS\system32\efbfbdsnhqj\rng
Creates FileC:\WINDOWS\system32\efbfbdsnhqj\tst
Creates FileC:\WINDOWS\system32\efbfbdsnhqj\cfg
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\TEMP\chmridz81tb4ngv9i.exe
Creates FileC:\WINDOWS\system32\efbfbdsnhqj\lck
Creates FileC:\WINDOWS\system32\vphxcvk.exe
Creates File\Device\Afd\Endpoint
Creates ProcessWATCHDOGPROC "c:\windows\system32\seathvj.exe"
Creates ProcessC:\WINDOWS\TEMP\chmridz81tb4ngv9i.exe -r 41695 tcp

Process
↳ C:\WINDOWS\system32\seathvj.exe

Creates FileC:\WINDOWS\system32\efbfbdsnhqj\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\seathvj.exe"

Creates FileC:\WINDOWS\system32\efbfbdsnhqj\tst

Process
↳ C:\WINDOWS\TEMP\chmridz81tb4ngv9i.exe -r 41695 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSrecordsoldier.net
Type: A
208.91.197.241
DNSfliersurprise.net
Type: A
208.91.197.241
DNShistorybright.net
Type: A
208.91.197.241
DNSchiefsoldier.net
Type: A
208.91.197.241
DNSclasssurprise.net
Type: A
208.91.197.241
DNSthosecontinue.net
Type: A
208.91.197.241
DNSthroughcontain.net
Type: A
208.91.197.241
DNSbelongguard.net
Type: A
208.91.197.241
DNSmaybellinethaddeus.net
Type: A
208.91.197.241
DNSkimberleyshavonne.net
Type: A
208.91.197.241
DNSnaildeep.com
Type: A
74.220.215.218
DNSriddenstorm.net
Type: A
66.147.240.171
DNSdestroystorm.net
Type: A
216.239.138.86
DNSwishfish.net
Type: A
50.63.202.55
DNSdeadwing.net
Type: A
85.25.214.16
DNSdeadlady.net
Type: A
195.22.26.253
DNSdeadlady.net
Type: A
195.22.26.254
DNSdeadlady.net
Type: A
195.22.26.231
DNSdeadlady.net
Type: A
195.22.26.252
DNSrocklady.net
Type: A
64.61.199.44
DNSdeadfish.net
Type: A
69.172.201.208
DNSrockfish.net
Type: A
96.45.83.91
DNSrockfish.net
Type: A
96.45.83.235
DNSrockfish.net
Type: A
96.45.82.90
DNSrockfish.net
Type: A
96.45.82.194
DNSwronglady.net
Type: A
208.100.26.234
DNSsouthcity.net
Type: A
207.148.248.143
DNSspotcity.net
Type: A
91.195.240.101
DNSsaltcity.net
Type: A
184.168.221.55
DNSgladcity.net
Type: A
65.254.248.183
DNSvisitcity.net
Type: A
104.193.110.28
DNSwatchcity.net
Type: A
207.148.248.143
DNSfaircity.net
Type: A
80.77.120.47
DNSdreamgrow.net
Type: A
213.180.31.141
DNSdreamcity.net
Type: A
72.52.4.119
DNSthiscity.net
Type: A
121.42.126.34
DNShusbandfound.net
Type: A
DNSleadershort.net
Type: A
DNSeggbraker.com
Type: A
DNSithouneed.com
Type: A
DNSwishpast.net
Type: A
DNSjoinlady.net
Type: A
DNSwishlady.net
Type: A
DNSjoinfish.net
Type: A
DNSrockwing.net
Type: A
DNSdeadpast.net
Type: A
DNSrockpast.net
Type: A
DNSwrongwing.net
Type: A
DNSmadewing.net
Type: A
DNSwrongpast.net
Type: A
DNSmadepast.net
Type: A
DNSmadelady.net
Type: A
DNSwrongfish.net
Type: A
DNSmadefish.net
Type: A
DNSarivegrow.net
Type: A
DNSsouthgrow.net
Type: A
DNSarivetear.net
Type: A
DNSsouthtear.net
Type: A
DNSarivethank.net
Type: A
DNSsouththank.net
Type: A
DNSarivecity.net
Type: A
DNSupongrow.net
Type: A
DNSwhichgrow.net
Type: A
DNSupontear.net
Type: A
DNSwhichtear.net
Type: A
DNSuponthank.net
Type: A
DNSwhichthank.net
Type: A
DNSuponcity.net
Type: A
DNSwhichcity.net
Type: A
DNSspotgrow.net
Type: A
DNSsaltgrow.net
Type: A
DNSspottear.net
Type: A
DNSsalttear.net
Type: A
DNSspotthank.net
Type: A
DNSsaltthank.net
Type: A
DNSgladgrow.net
Type: A
DNStakengrow.net
Type: A
DNSgladtear.net
Type: A
DNStakentear.net
Type: A
DNSgladthank.net
Type: A
DNStakenthank.net
Type: A
DNStakencity.net
Type: A
DNSequalgrow.net
Type: A
DNSgroupgrow.net
Type: A
DNSequaltear.net
Type: A
DNSgrouptear.net
Type: A
DNSequalthank.net
Type: A
DNSgroupthank.net
Type: A
DNSequalcity.net
Type: A
DNSgroupcity.net
Type: A
DNSspokegrow.net
Type: A
DNSvisitgrow.net
Type: A
DNSspoketear.net
Type: A
DNSvisittear.net
Type: A
DNSspokethank.net
Type: A
DNSvisitthank.net
Type: A
DNSspokecity.net
Type: A
DNSwatchgrow.net
Type: A
DNSfairgrow.net
Type: A
DNSwatchtear.net
Type: A
DNSfairtear.net
Type: A
DNSwatchthank.net
Type: A
DNSfairthank.net
Type: A
DNSthisgrow.net
Type: A
DNSdreamtear.net
Type: A
DNSthistear.net
Type: A
DNSdreamthank.net
Type: A
DNSthisthank.net
Type: A
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://wishfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://deadwing.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://deadlady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://rocklady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://deadfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://rockfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://wronglady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://southcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://spotcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://saltcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://gladcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://visitcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://watchcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://faircity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://dreamgrow.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://dreamcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://thiscity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://historybright.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://wishfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://deadwing.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://deadlady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://rocklady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://deadfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://rockfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://wronglady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://southcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://spotcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://saltcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://gladcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://visitcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://watchcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://faircity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://dreamgrow.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://dreamcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
HTTP GEThttp://thiscity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1043 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1044 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1046 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1047 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1048 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1049 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1050 ➝ 50.63.202.55:80
Flows TCP192.168.1.1:1051 ➝ 85.25.214.16:80
Flows TCP192.168.1.1:1052 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1053 ➝ 64.61.199.44:80
Flows TCP192.168.1.1:1054 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1055 ➝ 96.45.83.91:80
Flows TCP192.168.1.1:1056 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1057 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1058 ➝ 91.195.240.101:80
Flows TCP192.168.1.1:1059 ➝ 184.168.221.55:80
Flows TCP192.168.1.1:1060 ➝ 65.254.248.183:80
Flows TCP192.168.1.1:1061 ➝ 104.193.110.28:80
Flows TCP192.168.1.1:1062 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1063 ➝ 80.77.120.47:80
Flows TCP192.168.1.1:1064 ➝ 213.180.31.141:80
Flows TCP192.168.1.1:1065 ➝ 72.52.4.119:80
Flows TCP192.168.1.1:1066 ➝ 121.42.126.34:80
Flows TCP192.168.1.1:1067 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1068 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1069 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1070 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1071 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1072 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1073 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1074 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1075 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1076 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1077 ➝ 74.220.215.218:80
Flows TCP192.168.1.1:1078 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1079 ➝ 216.239.138.86:80
Flows TCP192.168.1.1:1080 ➝ 50.63.202.55:80
Flows TCP192.168.1.1:1081 ➝ 85.25.214.16:80
Flows TCP192.168.1.1:1082 ➝ 195.22.26.253:80
Flows TCP192.168.1.1:1083 ➝ 64.61.199.44:80
Flows TCP192.168.1.1:1084 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1085 ➝ 96.45.83.91:80
Flows TCP192.168.1.1:1086 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1087 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1088 ➝ 91.195.240.101:80
Flows TCP192.168.1.1:1089 ➝ 184.168.221.55:80
Flows TCP192.168.1.1:1090 ➝ 65.254.248.183:80
Flows TCP192.168.1.1:1091 ➝ 104.193.110.28:80
Flows TCP192.168.1.1:1092 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1093 ➝ 80.77.120.47:80
Flows TCP192.168.1.1:1094 ➝ 213.180.31.141:80
Flows TCP192.168.1.1:1095 ➝ 72.52.4.119:80
Flows TCP192.168.1.1:1096 ➝ 121.42.126.34:80

Raw Pcap

Strings