Analysis | #totalhash

Analysis Date	2015-11-02 16:20:02
MD5	477ae994b3490842b61736307a42a69a
SHA1	f07f1b249f9a10f93f3b188c55be787f3729648f

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: db240ece3132817f63441fc8c058f507 sha1: 6e41a35586dfc7d0d78b9ba60324b86a15ccee17 size: 1408000
Section	.rdata md5: 392aab1e49b0e8750ba517567548477e sha1: 2577f2c4064edcb2e1161ffccc0f7cd029c28ead size: 325120
Section	.data md5: f290dbe659a454c851b70bb0ee39c0d9 sha1: 67006ccdb5fa5deaa4a8b104737edee808362a1e size: 7680
Section	.reloc md5: 8fa168eef128f82e49eebf24a4314aa5 sha1: 9acbaa81e72ed338c2e8788a8be81d758ecee4f4 size: 197120
Timestamp	2015-05-11 04:36:08
Packer	VC8 -> Microsoft Corporation
PEhash	c37a235058e64d42f953ad1cdff22917083954e4
IMPhash	dad8e12ea035ce7a9c513eb41b85526d
AV	MalwareBytes	No Virus
AV	Padvish	No Virus
AV	Ikarus	Trojan.Win32.Bayrob
AV	MalwareBytes	No Virus
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort!rfn
AV	MicroWorld (escan)	Gen:Variant.Diley.1
AV	Fortinet	W32/Bayrob.X!tr
AV	Grisoft (avg)	Win32/Cryptor
AV	K7	Trojan ( 004c77f41 )
AV	Kaspersky	Trojan.Win32.Generic
AV	Mcafee	Trojan-FGIJ!477AE994B349
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort!rfn
AV	F-Secure	Gen:Variant.Diley.1
AV	MicroWorld (escan)	Gen:Variant.Diley.1
AV	Eset (nod32)	Win32/Bayrob.Y
AV	Eset (nod32)	Win32/Bayrob.Y
AV	Frisk (f-prot)	No Virus
AV	Grisoft (avg)	Win32/Cryptor
AV	Fortinet	W32/Bayrob.X!tr
AV	Ikarus	Trojan.Win32.Bayrob
AV	K7	Trojan ( 004c77f41 )
AV	Kaspersky	Trojan.Win32.Generic
AV	F-Secure	Gen:Variant.Diley.1
AV	Mcafee	Trojan-FGIJ!477AE994B349
AV	Ad-Aware	Gen:Variant.Diley.1
AV	BullGuard	Gen:Variant.Diley.1
AV	BullGuard	Gen:Variant.Diley.1
AV	Alwil (avast)	Dropper-OJQ [Drp]
AV	Authentium	W32/SoxGrave.A.gen!Eldorado
AV	CA (E-Trust Ino)	No Virus
AV	CA (E-Trust Ino)	No Virus
AV	Authentium	W32/SoxGrave.A.gen!Eldorado
AV	Alwil (avast)	Dropper-OJQ [Drp]
AV	CAT (quickheal)	No Virus
AV	CAT (quickheal)	No Virus
AV	Ad-Aware	Gen:Variant.Diley.1
AV	Avira (antivir)	TR/Crypt.Xpack.280228
AV	ClamAV	No Virus
AV	ClamAV	No Virus
AV	Avira (antivir)	TR/Crypt.Xpack.280228
AV	Frisk (f-prot)	No Virus
AV	Dr. Web	Trojan.Bayrob.5
AV	Dr. Web	Trojan.Bayrob.5
AV	Arcabit (arcavir)	Gen:Variant.Diley.1
AV	BitDefender	Gen:Variant.Diley.1
AV	Emsisoft	Gen:Variant.Diley.1
AV	Emsisoft	Gen:Variant.Diley.1
AV	BitDefender	Gen:Variant.Diley.1
AV	Arcabit (arcavir)	Gen:Variant.Diley.1
AV	Padvish	No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\WINDOWS\system32\efbfbdsnhqj\tst
Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\chmridz81lqzngv9iqsomorge.exe
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\chmridz81lqzngv9iqsomorge.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\chmridz81lqzngv9iqsomorge.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Interactive Connections List Auto ➝ C:\WINDOWS\system32\seathvj.exe
Creates File	C:\WINDOWS\system32\drivers\etc\hosts
Creates File	C:\WINDOWS\system32\efbfbdsnhqj\etc
Creates File	C:\WINDOWS\system32\efbfbdsnhqj\lck
Creates File	C:\WINDOWS\system32\efbfbdsnhqj\tst
Creates File	C:\WINDOWS\system32\seathvj.exe
Deletes File	C:\WINDOWS\system32\\drivers\etc\hosts
Creates Process	C:\WINDOWS\system32\seathvj.exe
Creates Service	Audio Driver DHCP Fax Link-Layer - C:\WINDOWS\system32\seathvj.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates File	C:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1204

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7
Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LogonTime ➝ NULL
Creates File	WMIDataDevice

Process
↳ Pid 1864

Process
↳ Pid 1128

Process
↳ C:\WINDOWS\system32\seathvj.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1
Creates File	C:\WINDOWS\system32\efbfbdsnhqj\run
Creates File	C:\WINDOWS\system32\efbfbdsnhqj\rng
Creates File	C:\WINDOWS\system32\efbfbdsnhqj\tst
Creates File	C:\WINDOWS\system32\efbfbdsnhqj\cfg
Creates File	pipe\net\NtControlPipe10
Creates File	C:\WINDOWS\TEMP\chmridz81tb4ngv9i.exe
Creates File	C:\WINDOWS\system32\efbfbdsnhqj\lck
Creates File	C:\WINDOWS\system32\vphxcvk.exe
Creates File	\Device\Afd\Endpoint
Creates Process	WATCHDOGPROC "c:\windows\system32\seathvj.exe"
Creates Process	C:\WINDOWS\TEMP\chmridz81tb4ngv9i.exe -r 41695 tcp

Process
↳ C:\WINDOWS\system32\seathvj.exe

Creates File	C:\WINDOWS\system32\efbfbdsnhqj\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\seathvj.exe"

Creates File	C:\WINDOWS\system32\efbfbdsnhqj\tst

Process
↳ C:\WINDOWS\TEMP\chmridz81tb4ngv9i.exe -r 41695 tcp

Creates File	\Device\Afd\Endpoint
Winsock DNS	239.255.255.250

Network Details:

DNS	recordsoldier.net Type: A 208.91.197.241
DNS	fliersurprise.net Type: A 208.91.197.241
DNS	historybright.net Type: A 208.91.197.241
DNS	chiefsoldier.net Type: A 208.91.197.241
DNS	classsurprise.net Type: A 208.91.197.241
DNS	thosecontinue.net Type: A 208.91.197.241
DNS	throughcontain.net Type: A 208.91.197.241
DNS	belongguard.net Type: A 208.91.197.241
DNS	maybellinethaddeus.net Type: A 208.91.197.241
DNS	kimberleyshavonne.net Type: A 208.91.197.241
DNS	naildeep.com Type: A 74.220.215.218
DNS	riddenstorm.net Type: A 66.147.240.171
DNS	destroystorm.net Type: A 216.239.138.86
DNS	wishfish.net Type: A 50.63.202.55
DNS	deadwing.net Type: A 85.25.214.16
DNS	deadlady.net Type: A 195.22.26.253
DNS	deadlady.net Type: A 195.22.26.254
DNS	deadlady.net Type: A 195.22.26.231
DNS	deadlady.net Type: A 195.22.26.252
DNS	rocklady.net Type: A 64.61.199.44
DNS	deadfish.net Type: A 69.172.201.208
DNS	rockfish.net Type: A 96.45.83.91
DNS	rockfish.net Type: A 96.45.83.235
DNS	rockfish.net Type: A 96.45.82.90
DNS	rockfish.net Type: A 96.45.82.194
DNS	wronglady.net Type: A 208.100.26.234
DNS	southcity.net Type: A 207.148.248.143
DNS	spotcity.net Type: A 91.195.240.101
DNS	saltcity.net Type: A 184.168.221.55
DNS	gladcity.net Type: A 65.254.248.183
DNS	visitcity.net Type: A 104.193.110.28
DNS	watchcity.net Type: A 207.148.248.143
DNS	faircity.net Type: A 80.77.120.47
DNS	dreamgrow.net Type: A 213.180.31.141
DNS	dreamcity.net Type: A 72.52.4.119
DNS	thiscity.net Type: A 121.42.126.34
DNS	husbandfound.net Type: A
DNS	leadershort.net Type: A
DNS	eggbraker.com Type: A
DNS	ithouneed.com Type: A
DNS	wishpast.net Type: A
DNS	joinlady.net Type: A
DNS	wishlady.net Type: A
DNS	joinfish.net Type: A
DNS	rockwing.net Type: A
DNS	deadpast.net Type: A
DNS	rockpast.net Type: A
DNS	wrongwing.net Type: A
DNS	madewing.net Type: A
DNS	wrongpast.net Type: A
DNS	madepast.net Type: A
DNS	madelady.net Type: A
DNS	wrongfish.net Type: A
DNS	madefish.net Type: A
DNS	arivegrow.net Type: A
DNS	southgrow.net Type: A
DNS	arivetear.net Type: A
DNS	southtear.net Type: A
DNS	arivethank.net Type: A
DNS	souththank.net Type: A
DNS	arivecity.net Type: A
DNS	upongrow.net Type: A
DNS	whichgrow.net Type: A
DNS	upontear.net Type: A
DNS	whichtear.net Type: A
DNS	uponthank.net Type: A
DNS	whichthank.net Type: A
DNS	uponcity.net Type: A
DNS	whichcity.net Type: A
DNS	spotgrow.net Type: A
DNS	saltgrow.net Type: A
DNS	spottear.net Type: A
DNS	salttear.net Type: A
DNS	spotthank.net Type: A
DNS	saltthank.net Type: A
DNS	gladgrow.net Type: A
DNS	takengrow.net Type: A
DNS	gladtear.net Type: A
DNS	takentear.net Type: A
DNS	gladthank.net Type: A
DNS	takenthank.net Type: A
DNS	takencity.net Type: A
DNS	equalgrow.net Type: A
DNS	groupgrow.net Type: A
DNS	equaltear.net Type: A
DNS	grouptear.net Type: A
DNS	equalthank.net Type: A
DNS	groupthank.net Type: A
DNS	equalcity.net Type: A
DNS	groupcity.net Type: A
DNS	spokegrow.net Type: A
DNS	visitgrow.net Type: A
DNS	spoketear.net Type: A
DNS	visittear.net Type: A
DNS	spokethank.net Type: A
DNS	visitthank.net Type: A
DNS	spokecity.net Type: A
DNS	watchgrow.net Type: A
DNS	fairgrow.net Type: A
DNS	watchtear.net Type: A
DNS	fairtear.net Type: A
DNS	watchthank.net Type: A
DNS	fairthank.net Type: A
DNS	thisgrow.net Type: A
DNS	dreamtear.net Type: A
DNS	thistear.net Type: A
DNS	dreamthank.net Type: A
DNS	thisthank.net Type: A
HTTP GET	http://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://historybright.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://wishfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://deadwing.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://deadlady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://rocklady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://deadfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://rockfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://wronglady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://southcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://spotcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://saltcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://gladcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://visitcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://watchcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://faircity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://dreamgrow.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://dreamcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://thiscity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://recordsoldier.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://fliersurprise.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://historybright.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://chiefsoldier.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://classsurprise.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://thosecontinue.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://throughcontain.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://belongguard.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://maybellinethaddeus.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://kimberleyshavonne.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://naildeep.com/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://riddenstorm.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://destroystorm.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://wishfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://deadwing.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://deadlady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://rocklady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://deadfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://rockfish.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://wronglady.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://southcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://spotcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://saltcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://gladcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://visitcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://watchcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://faircity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://dreamgrow.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://dreamcity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
HTTP GET	http://thiscity.net/index.php?method=validate&mode=sox&v=050&sox=3c18da00&lenhdr User-Agent:
Flows TCP	192.168.1.1:1036 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1042 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1043 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1044 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1046 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1047 ➝ 74.220.215.218:80
Flows TCP	192.168.1.1:1048 ➝ 66.147.240.171:80
Flows TCP	192.168.1.1:1049 ➝ 216.239.138.86:80
Flows TCP	192.168.1.1:1050 ➝ 50.63.202.55:80
Flows TCP	192.168.1.1:1051 ➝ 85.25.214.16:80
Flows TCP	192.168.1.1:1052 ➝ 195.22.26.253:80
Flows TCP	192.168.1.1:1053 ➝ 64.61.199.44:80
Flows TCP	192.168.1.1:1054 ➝ 69.172.201.208:80
Flows TCP	192.168.1.1:1055 ➝ 96.45.83.91:80
Flows TCP	192.168.1.1:1056 ➝ 208.100.26.234:80
Flows TCP	192.168.1.1:1057 ➝ 207.148.248.143:80
Flows TCP	192.168.1.1:1058 ➝ 91.195.240.101:80
Flows TCP	192.168.1.1:1059 ➝ 184.168.221.55:80
Flows TCP	192.168.1.1:1060 ➝ 65.254.248.183:80
Flows TCP	192.168.1.1:1061 ➝ 104.193.110.28:80
Flows TCP	192.168.1.1:1062 ➝ 207.148.248.143:80
Flows TCP	192.168.1.1:1063 ➝ 80.77.120.47:80
Flows TCP	192.168.1.1:1064 ➝ 213.180.31.141:80
Flows TCP	192.168.1.1:1065 ➝ 72.52.4.119:80
Flows TCP	192.168.1.1:1066 ➝ 121.42.126.34:80
Flows TCP	192.168.1.1:1067 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1068 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1069 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1070 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1071 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1072 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1073 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1074 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1075 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1076 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1077 ➝ 74.220.215.218:80
Flows TCP	192.168.1.1:1078 ➝ 66.147.240.171:80
Flows TCP	192.168.1.1:1079 ➝ 216.239.138.86:80
Flows TCP	192.168.1.1:1080 ➝ 50.63.202.55:80
Flows TCP	192.168.1.1:1081 ➝ 85.25.214.16:80
Flows TCP	192.168.1.1:1082 ➝ 195.22.26.253:80
Flows TCP	192.168.1.1:1083 ➝ 64.61.199.44:80
Flows TCP	192.168.1.1:1084 ➝ 69.172.201.208:80
Flows TCP	192.168.1.1:1085 ➝ 96.45.83.91:80
Flows TCP	192.168.1.1:1086 ➝ 208.100.26.234:80
Flows TCP	192.168.1.1:1087 ➝ 207.148.248.143:80
Flows TCP	192.168.1.1:1088 ➝ 91.195.240.101:80
Flows TCP	192.168.1.1:1089 ➝ 184.168.221.55:80
Flows TCP	192.168.1.1:1090 ➝ 65.254.248.183:80
Flows TCP	192.168.1.1:1091 ➝ 104.193.110.28:80
Flows TCP	192.168.1.1:1092 ➝ 207.148.248.143:80
Flows TCP	192.168.1.1:1093 ➝ 80.77.120.47:80
Flows TCP	192.168.1.1:1094 ➝ 213.180.31.141:80
Flows TCP	192.168.1.1:1095 ➝ 72.52.4.119:80
Flows TCP	192.168.1.1:1096 ➝ 121.42.126.34:80

Raw Pcap

Strings