yk1.exe Malware File Sample Traffic Analysis PCAP file download ilo.brenz.pl mhyk.lyjq.org payjap.com

2016-09-26 22:22:04.373195 IP 192.168.1.102.58619 > 75.75.75.75.53: 298+ A? ilo.brenz.pl. (30)
E..:f3….{….fKKKK…5.&…*………..ilo.brenz.pl…..
2016-09-26 22:22:04.632916 IP 192.168.1.102.58534 > 148.81.111.121.80: Flags [S], seq 3557214258, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.P@……..f.Qoy…P…2…… ……………..
2016-09-26 22:22:04.800918 IP 192.168.1.102.58620 > 75.75.75.75.53: 61606+ A? mhyk.lyjq.org. (31)
E..;f4….{….fKKKK…5.’.u………….mhyk.lyjq.org…..
2016-09-26 22:22:05.795124 IP 192.168.1.102.58621 > 75.75.75.75.53: 61606+ A? mhyk.lyjq.org. (31)
E..;f5….{….fKKKK…5.’.t………….mhyk.lyjq.org…..
2016-09-26 22:22:06.794418 IP 192.168.1.102.58620 > 75.75.76.76.53: 61606+ A? mhyk.lyjq.org. (31)
E..;-……c…fKKLL…5.’.t………….mhyk.lyjq.org…..
2016-09-26 22:22:06.794767 IP 192.168.1.102.58622 > 75.75.75.75.53: 61606+ A? mhyk.lyjq.org. (31)
E..;f7….{….fKKKK…5.’.s………….mhyk.lyjq.org…..
2016-09-26 22:22:07.638098 IP 192.168.1.102.58534 > 148.81.111.121.80: Flags [S], seq 3557214258, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.Q@……..f.Qoy…P…2…… ……………..
2016-09-26 22:22:07.794456 IP 192.168.1.102.58621 > 75.75.76.76.53: 61606+ A? mhyk.lyjq.org. (31)
E..;-……a…fKKLL…5.’.s………….mhyk.lyjq.org…..
2016-09-26 22:22:08.794356 IP 192.168.1.102.58620 > 75.75.75.75.53: 61606+ A? mhyk.lyjq.org. (31)payjap.com
E..;f9….{….fKKKK…5.’.u………….mhyk.lyjq.org…..
2016-09-26 22:22:08.794467 IP 192.168.1.102.58622 > 75.75.76.76.53: 61606+ A? mhyk.lyjq.org. (31)
E..;-……_…fKKLL…5.’.r………….mhyk.lyjq.org…..
2016-09-26 22:22:08.794764 IP 192.168.1.102.58623 > 75.75.75.75.53: 61606+ A? mhyk.lyjq.org. (31)
E..;f;….{….fKKKK…5.’.r………….mhyk.lyjq.org…..
2016-09-26 22:22:09.794363 IP 192.168.1.102.58621 > 75.75.75.75.53: 61606+ A? mhyk.lyjq.org. (31)
E..;f<….{….fKKKK…5.’.t………….mhyk.lyjq.org…..
2016-09-26 22:22:10.794347 IP 192.168.1.102.58620 > 75.75.76.76.53: 61606+ A? mhyk.lyjq.org. (31)
E..;-……\…fKKLL…5.’.t………….mhyk.lyjq.org…..
2016-09-26 22:22:10.794355 IP 192.168.1.102.58622 > 75.75.75.75.53: 61606+ A? mhyk.lyjq.org. (31)
E..;f>….{….fKKKK…5.’.s………….mhyk.lyjq.org…..

2016-09-26 22:23:18.033117 IP 192.168.1.102.63012 > 75.75.75.75.53: 43595+ A? kvhcxs.com. (28)
E..8fX….{….fKKKK.$.5.$…K………..kvhcxs.com…..
2016-09-26 22:23:18.072352 IP 192.168.1.102.62664 > 75.75.75.75.53: 7953+ A? kvhcxs.com.hsd1.md.comcast.net. (48)
E..LfY….{….fKKKK…5.8.;………….kvhcxs.com.hsd1.md.comcast.net…..
2016-09-26 22:23:18.091599 IP 192.168.1.102.62664 > 75.75.76.76.53: 7953+ A? kvhcxs.com.hsd1.md.comcast.net. (48)
E..L-……….fKKLL…5.8.:………….kvhcxs.com.hsd1.md.comcast.net…..
2016-09-26 22:23:20.359266 IP 192.168.1.102.62665 > 75.75.75.75.53: 5847+ A? payjap.com. (28)
E..8f[….{….fKKKK…5.$.j………….payjap.com…..
2016-09-26 22:23:21.357755 IP 192.168.1.102.62666 > 75.75.75.75.53: 5847+ A? payjap.com. (28)
E..8f\….{….fKKKK…5.$.i………….payjap.com…..
2016-09-26 22:23:22.357332 IP 192.168.1.102.62665 > 75.75.76.76.53: 5847+ A? payjap.com. (28)
E..8-……?…fKKLL…5.$.i………….payjap.com…..
2016-09-26 22:23:22.357720 IP 192.168.1.102.62667 > 75.75.75.75.53: 5847+ A? payjap.com. (28)
E..8f^….{….fKKKK…5.$.h………….payjap.com…..
2016-09-26 22:23:23.357300 IP 192.168.1.102.62666 > 75.75.76.76.53: 5847+ A? payjap.com. (28)
E..8-……=…fKKLL…5.$.h………….payjap.com…..
2016-09-26 22:23:24.357250 IP 192.168.1.102.62665 > 75.75.75.75.53: 5847+ A? payjap.com. (28)
E..8f`….{….fKKKK…5.$.j………….payjap.com…..
2016-09-26 22:23:24.357263 IP 192.168.1.102.62667 > 75.75.76.76.53: 5847+ A? payjap.com. (28)
E..8-……;…fKKLL…5.$.g………….payjap.com…..
2016-09-26 22:23:24.357604 IP 192.168.1.102.62668 > 75.75.75.75.53: 5847+ A? payjap.com. (28)
E..8fb….{….fKKKK…5.$.g………….payjap.com…..
2016-09-26 22:23:24.422840 IP 192.168.1.102.55484 > 75.75.75.75.53: 55184+ A? payjap.com.hsd1.md.comcast.net. (48)
E..Lfc….{….fKKKK…5.8&…………..payjap.com.hsd1.md.comcast.net…..
2016-09-26 22:23:24.451114 IP 192.168.1.102.55484 > 75.75.76.76.53: 55184+ A? payjap.com.hsd1.md.comcast.net. (48)
E..L-……$…fKKLL…5.8%…………..payjap.com.hsd1.md.comcast.net…..
2016-09-26 22:23:25.372910 IP 192.168.1.102.62666 > 75.75.75.75.53: 5847+ A? payjap.com. (28)
E..8fe….{….fKKKK…5.$.i………….payjap.com…..
2016-09-26 22:23:26.357196 IP 192.168.1.102.62667 > 75.75.75.75.53: 5847+ A? payjap.com. (28)
E..8ff….{….fKKKK…5.$.h………….payjap.com…..
2016-09-26 22:23:26.357286 IP 192.168.1.102.62668 > 75.75.76.76.53: 5847+ A? payjap.com. (28)
E..8-……5…fKKLL…5.$.f………….payjap.com…..
2016-09-26 22:23:28.357266 IP 192.168.1.102.62667 > 75.75.76.76.53: 5847+ A? payjap.com. (28)
E..8-……4…fKKLL…5.$.g………….payjap.com…..
2016-09-26 22:23:29.342488 IP 192.168.1.102.58540 > 83.133.119.197.80: Flags [S], seq 3777829734, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4$]@…I….fS.w….P.-.f…… ..&…………..
2016-09-26 22:23:31.250074 IP 192.168.1.102.55485 > 75.75.75.75.53: 57116+ A? xgzuok.com. (28)
E..8fi….{….fKKKK…5.$……………xgzuok.com…..
2016-09-26 22:23:31.288093 IP 192.168.1.102.62454 > 75.75.75.75.53: 829+ A? xgzuok.com.hsd1.md.comcast.net. (48)
E..Lfj….{….fKKKK…5.8…=………..xgzuok.com.hsd1.md.comcast.net…..
2016-09-26 22:23:31.310495 IP 192.168.1.102.62454 > 75.75.76.76.53: 829+ A? xgzuok.com.hsd1.md.comcast.net. (48)
E..L-……….fKKLL…5.8…=………..xgzuok.com.hsd1.md.comcast.net…..
2016-09-26 22:23:32.357174 IP 192.168.1.102.58540 > 83.133.119.197.80: Flags [S], seq 3777829734, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4$^@…I….fS.w….P.-.f…… ..&…………..
2016-09-26 22:23:33.578096 IP 192.168.1.102.62455 > 75.75.75.75.53: 52492+ A? gvyyca.com. (28)
E..8fl….{….fKKKK…5.$……………gvyyca.com…..