Malware file analysis svchost.exe 42.51.194.34 port 2015 42.51.154.54 port 88 Callback Traffic PCAP file download

2016-09-26 22:16:04.449616 IP 192.168.1.102.61244 > 75.75.75.75.53: 55563+ A? say.f3322.net. (31)
E..;f0….{….fKKKK.<.5.’……………say.f3322.net…..
2016-09-26 22:16:04.465148 IP 192.168.1.102.58524 > 42.51.154.54.88: Flags [S], seq 2057695102, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4u.@……..f*3.6…Xz..~…… .y……………
2016-09-26 22:16:05.183887 IP 192.168.1.102.58523 > 42.51.194.34.2015: Flags [S], seq 1154554972, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0x.@……..f*3.”….D..\….p. .g………..
2016-09-26 22:16:05.215113 IP 192.168.1.102.58524 > 42.51.154.54.88: Flags [S], seq 2057695102, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0u.@……..f*3.6…Xz..~….p. ………….
2016-09-26 22:16:05.840509 IP 192.168.1.102.58525 > 42.51.154.54.88: Flags [S], seq 2317228510, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4u.@……..f*3.6…X………. .?……………
2016-09-26 22:16:05.840728 IP 192.168.1.102.58526 > 42.51.194.34.2015: Flags [S], seq 1248349474, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4x.@……..f*3.”….JhM”…… ……………..
2016-09-26 22:16:06.609014 IP 192.168.1.102.58525 > 42.51.154.54.88: Flags [S], seq 2317228510, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4u.@……..f*3.6…X………. .?……………
2016-09-26 22:16:06.621366 IP 192.168.1.102.58526 > 42.51.194.34.2015: Flags [S], seq 1248349474, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4x.@……..f*3.”….JhM”…… ……………..
2016-09-26 22:16:07.371419 IP 192.168.1.102.58525 > 42.51.154.54.88: Flags [S], seq 2317228510, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0u.@……..f*3.6…X……..p…s………..
2016-09-26 22:16:07.387001 IP 192.168.1.102.58526 > 42.51.194.34.2015: Flags [S], seq 1248349474, win 65535, options [mss 1460,nop,nop,sackOK], length 0
E..0x.@……..f*3.”….JhM”….p…P………..
2016-09-26 22:16:08.137449 IP 192.168.1.102.58527 > 42.51.154.54.88: Flags [S], seq 4165976399, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4u.@……..f*3.6…X.O.O…… .*……………
2016-09-26 22:16:08.902682 IP 192.168.1.102.58527 > 42.51.154.54.88: Flags [S], seq 4165976399, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4u.@……..f*3.6…X.O.O…… .*……………

Leave a Reply