CapTipper Report

PCAP File	Analysis Time	CapTipper Version	Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-135-1//2015-09-10_winlinux.pcap	09/16/15 16:04:39	0.2 b10	09/03/15 07:04:58

Conversations

cf.gddos.com (59.188.242.190:8080)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/cfg.rar

application/octet-stream

cfg.rar

200 OK

BINARY

8.3 KB

09/03/15 07:04:58

LyYHe0w5UiQvOFBFCQB2A2xwBnZvAgJwb3QNGQUGch5zcQtocAMAb3RxFQMCH3cAcGwAc3IdBXFt cA4BGgB1CWxzAnBvBgdMSyVcW01YNg10cxx3dQQYcHFyFwQBBmoBdXYcd3IKGHB2dBcEBQFLOiYn XD8oQwtwcXYXBAEBaAN1bAt3bQIEc29zCwEaBX4edHEed3gBGHFvcggbBQRyHHN1BmhwAA9vc3AO GwUFcz1IJlcoOFpGfHBxChsGBXYec3YDaHQDGnB3cxcHBQloAXNwHHFMOVIkLzhQRQkAdwhscwB1 bwIPb3BxFQMGH3QBcmwLf28BB21wcQEbBQZ3HnB3AGhwBw9tcHgLGwYBdh57exx0cQsadXJvCwEE H3MBbHMDdW0CDnJvdA8bBQZ1HnNwAWpzAQRvcHkPGwEDaAdzbgN+cR0HcnBvDQcaCGoBe3Acd3cC GHdxbwgNAB13AnBsAHR1HQN1b3AJBhgDdwhscAJxbwIEcm94CBkFB3QecHACaHMHGHB3bQsFAB9y BGxzAnNvAgV1bXMJARoFch5zcgdocAcFbXR5FwcGAGgDd2wHanAKBG9wdAwbBQh3HnN1Amp3Ahhw d3UXBAYHaAFxdR53cQQYcHRwFwcAAGgCcW4DdnIdBHVvcRcEAgNqAXNxHHdxBhhwdHMXBAEddwhx bAR2bwEGc292ARkFAHMecHELaHMABm9weAwZBQB+HnNwAWhwChhwcXkVBwUJaAJ2dhx3dQsYcHRx FQQGAWgEc2wBdW8CDnhtcwsHGgB+BmxxA2h4HwdzdG8PABoAdwBscwdwbQIOcm93CBsFB3Iec3QF anABBW9zdQAbBwhoAXFxHndxAhhzdHUXBAMEaAJ3ch53eQAYd3FvCAwDH3QEc24DdnUdB3h1bwsF GgB/HHZxHHRzBhh0eG8OGQUAcx5wcQJocAEDb3RtCwcGH3cIdGwDc28BD21zcAEbDAZoAnF1HHd5 BRpwcXUXBA0FaAZsex50cwEYcHl3FwYAH3cHdW4Ed28CAnZvdgkbBQF3HHt0HHJ3HQ9vcHYJGQUJ dR53dBx3dgAYcHFzFQQFA2gIdmwDdHUdB3lxbQgbDQJoAXpsC39tAgd5b3AABhoDdglscAZzbQIG cm9zDAYaCH8ecXUed3EAGHN1bwobBQBqAXJxHHJzHQd5cm8IABgHdB5wcwJocwMDb3N0FQcFB2gB dXIcd3MFGHB3dBUADB9wBGxzCnFvAQ9tdHgXBAwJaAh0bAB0cx8HcHRvCwYFH3QBdWwAdm0CDnJv cAoDGgN3A2x7BGpwAw5vd3AXBAIDaAJzcB5zeB0HeXlvAQMaA3cFbnMKdW8FB29zdA0bBQBqAXN1 HHRwHQd2cm8IAQQdcAFscwZxbwIGcm9wAQAYAHYEbHACdW8CB3FvcAwEGABwAmxwAHdvAgVveXMV BAQCaAJ2chx3dAUYcHh1FQQMAmgGcmwDd3AdB3R2bQsHBh91BGxzAH9vAgN1bXgBGwUDcB5zbAN3 dR8Ecm9wCQIaAHAedG4AdW8BBXVvdQobBQJyHHVyHHV4HQF2b3ALABgAfwJscwpxbwIHdW9wCgQY AHcHbHADaHAEAm9zcQ4ZBQB/HnN2B2hwBw5vcHkVBAMFaAFwehx0dAYYc3JzFQQaCHUedHIcfnAf B3l1bwgDDB90AnNsAXVtAgJvcHgXBwYDaAd0bgN3dh0EcG9zCwIaAHcAbnMGaHAEGHhybwgBAx13 AnJsAHJvBgFvdngVBBoIdR50cBx3cgEacHZ1FwQGCWgCd3ccdHICGnBweRcEDQJoAXt2HHR0Axp0 eW8LBAwfdAFxbAB1dh8HeHNvDgEaA3MBbHMHdW0CAXVvcAsNGgNzBWxwAXZtBQdvcHcJGwYDdR5z dwZLS1dTLzgoSQgBCWgCcHMccnQdBHVzbQwMGgRwHnR2HHd3Chp3cW8IAw0fcQdscAB+bQUGb3B3 ABsDBmgCcXIecHEdB3ZybwgEGgBzAm50A2hwBwFvcHEKGwUHdxx0cxx3dQQYcHFyFwQMAmoGc2wD cnYdB3FybwsEGAd3HnN3AWhwAwJveHUVAwUfdwZybAB3ch0DTEslXFtNWDYNdHMcd3cDGHNwdBcE AQVqBnNsA3BxHQRzcG8LBAUdcAFscwR2bwECdm9wAQUYB3cec3UGaHULGHd5bQ8EGgBxBGx2C2h5 HwB2b3AADRoAdQZscwJqdgQYdnhvAQYaAHMEbnUKaHADD295cxcGBx1+HnBxHHRzBxhwc3EVDQEf dAVscwJ2bwQHbXhwFwQGAGgGdGwDd3gfD3BvcwgMGgN1CGxzA3dMOVIkLzhQRQkIdx5wcQRocAsE b3BtAAQaCXUednocf3UfD3JvcAAFGghzHnN0A2p4Bxhwc3QXBAwDaAJ3dx5/dB0OdG9yDhsFAX8c e3QccnUdB3l0bwgFBx1/Bmx2BmhwCwNveHkVDAwfdwJ0bAZzbwEEd214ARsFA3AednccdHMEGnNw eRcMBB90AHJsAHNxHwd4eW8LGwYBfx5zcQFLS1dTLzgoSQgMA2gBcXUcc28HAm1zchcHBgloAXJw HHd0Cxp0eG8IBQIfdABscwVybQEEcG9wAQUaAHIEbHMLcW0CD3RvcAwBGgRoAXZ7Hnd5ABh3cW8L BQYfdAB7bgB3eR0PcW9zCQUaA3IJbnMDc28BBXhvcwsBGgNyAW5zA39vAgJ2b3ANABoDdwNucwp1 bwYAb3B2ChsAB2oBcnMccXAdBHVveA04PlUjXjsrQntzABhzdHMXBAIDaAF1eh50dh0HdHNvCA0H H3cBdG4DfnIdAHFvcwkHGgBwHHNzB2hzAAdvcHYXBAcddwhxbAR2bwIHcW9wAAQYAHcFbHABd28C AW90bQsHBB9/BWxwAX5vAQJzbXAPBxoDdAFscwBocAYCbXNxDRsABWgBcnccd3IGGnBzcxcHBgVo BHpsA3d2Hwd3c28LBwUfdwJscwt3TDlSJC84UEUJAH4DbHQDaHMGAm9wcBUEBgBoAXBsA3FxHQRx d20IBAEfdANybAN0dh0Bcm1wCQQaBncecHYcd3gGGndwbwgCAB9yCGxzBWpzAgdvcHQLGwIAaAJy dx53cAsYc3V1FwQHBWgDcW4Dd3MdB3Fwbw8BGghyHHBzBGh4ChhwdXYXBwUCagFzdhx0cAYYcHhy Fw0AHX4IbHMHdm8BBnRvcw0HOTsiVSw7WzZ8BQRvc3AJGwYAdx5zcABqcAsOb3B3DBsGAH4ecHMe d3cBGHNzcBcEBh93BXZuA3FxHQd2eW8IDAUfdwhudAVocwIDb3NzABsFAXAccHAAaHALAG91cxcG Bx10AnJsA3B4HQR1c28KAhgAfgNsdAJocAIGb3B1ARkHBmgFe2wAd3EdD3htdQ8bBgN/HnN0C2h5 ChpzcHgXBAcEaAV0bAB1eR8HeXJvDwUaAHIJbHMLf0w5UiQvOFBFCQB3CGxzAHVvAg9vcHMNGQUI dB57exxydh0HdnNtCgMaA3MBbHMBcG8CDnhtcAEGGglwHnByBWh3Ahpwc3AXAQUfdwFxbAN0dh8E cm9zCw0aAHYCbHMBc20CBnJvcwkbBQhzHnB3BmpwCwNvd3IXBwECaAFxdR50cAEYc3N1FwQEBGgB dHMedHIdBHRzbwgDAB90AnduA35yHQN3b3AOBhoCcz1IJlcoOFpGfHdxFwQCCGgIc2wAd3IfBHJv cwoBGgV3HnBzC2pzAQRvcHkPGwUEaAdudwtocAsOb3l3FwcHAWoCcWwAdXUdAnBvcAAMGAN2CGx7 CmhwBhhwd3MVBBoIdR5zdBx3eQUac3JvCwYAH3QIbHcedHMBGHB5dxcABR93BHFuA35yHQBxb3AA AhoDcgBucAN/bwIFdG90DxsGAnMcc3YAaHUdAndvcwkCGAB2BGxzBn9vAg92b3AIBzk7IlUsO1s2 fAIAc29zCA0aAnYedXcedHIdBHJ1bw8FGgByAG5wA35vBQZvcnUXDQMdcwlscwp+bwsAb3NzDRkG AmgCcXYccnAdB3h4TDM4PlcvXCcsUyskDhkzLi5NGldUNVgrbEAnMx8ZLSgjFlZRQi5ZbDBTNEw5 UCgtJFdUWVR7HzAtXTJufwR3HnMMBQQAah8wLV0ybl5PMikpFRpAXDYfbDFBLiVXGm4zLlZBG0I1 WCYmHmkzXFk1bjJcR0JUNAJ0bh00LlxCbnN3SkBaRjNbLSxVam5BWS41bnVcWkQ+Amx0UCVtHEQu LjUWWAYfcBxtMF0pNRxxIDUkSnM5OyBZLidcJyxWC24jKFcaV1kjUylsQS5tHFQoL25eUEAfNVhu bVAvLxxdKC0tF0ZcHWlSKywdNCRAUzVvMlEZG1MpXzZtQjQuHxkjLi5NGkRDKVhubVcyIhwYEhIJ CxkbVDJTbWxhFQl7BG1uJE1WG1ciQyQxVDAnVRpuJDVaGlNVK18wMlcobRxELi41FkYBCSBDd3YG JyBAUnR3dQ84PlcvXCcsUyskDhkkNSIWUlJZLEI2JEsuNFUabiQ1WhpfWSNcMidAam5WQiJuL1FS VlkuWm5tVzIiHEQkNiZNUwdUNAQ2bh0jNVAZMiIyUGpRWRkBbm1XMiIcRSckNl9QR1c1HG0nRiVu QFsgMzdNURgeMl0ybUEuNV8abjMuVkEbHzVJLCdBMm0cUzUibltMR0MlHjEqP0wnWlokLyBUUAke M0MwbVAvLxxUMiVsSVpGRWlXJzZGP20cRC4uNRYbVkgoVTE2HmkkR1VuKjJdR11Bah8wLV0yblJG MS0kFRpBQjQfICtcaSNAUmwxLktBG1AhVSw2HmkzXFk1biJWW11cI0RubUApLkcZeXRzCRkbRDVC bSBbKG5HWTNtblxBVx41STEsXGgyWztLJyhVUFpQK1V/bVcyIhxBKSg1SUFVUy9cbm1XMiIcUjIn M1xTRh1pWC0vV2kyWkAoMS5KGl1BaVIjMVpqbl5TJSggFkZNQjJVL24dKy9HGS0yKGZYRlU1Xi8y HmkzXFk1bm9JRUdZcBxtMF0pNRwYMjgySkxaHWlCLS1GaQ1aWDQ5cxcBGB40Xy02HScoSV82JC80 P1JYKlUsI18jfBxELi41FnldXzNIcGwEam5BWS41bnRYBh1pQi0tRmkVYFssbW5LWltFaVJwdB5p M1xZNW4tTxkbQylfNm1AKS5HG21uM1ZaQB4+RSYyHmk1XkZubyBJVFdZIxxtNl82bh1FMiklXQQA HWlELzIdaDJAXiklJQgBBB1pRC8yHSAlQFAyJzdfUzk7IFkuJ1wnLFYLbjUsSRpTVStfMDJXKG0c Qiwxbl5TXFs0RCQ7WjMnHxk1LDEWR1FGIUQkcVc0dUcabjUsSRpHVyNHJCdBIDIfGTUsMRZGWVA0 RjYmHmk1XkZuNilQQURFJ1IrLh5pNEBEbiMoVxpOXWofNzFAaSZSWyQybhdeUFRpUzAtXCJtHEQu LjUWTVgAdANPSFQvLVZYICwkBBpBQjQfLi1RJy0cVCgvbldUXV1qHzcxQGkyW1czJG5dWlceJFEx Kh5pNEBEbjIpWEdRHitVLDcdJCBAXm1uN1hHG10vUm0nUzU4HkIuLCJYQQMeMVUgI0I2MhwBdnZ2 FlRHVWofNCNAaTVeRm5vIElUV1kjHG03QTRuUV8vbiVYR19YJVVPSFQvLVZYICwkBBpZXzIfJzEd NSJSWDIyKRUaRl4pRG1wAXVtHEQuLjUWWV1fM0g6bh00LlxCbjIyUQQYHjRfLTYdNTJbBXJtbkta W0VpUjcuXSgmHxk0MjMWV11faVsmLx5pNV5GbiQsXFZcXS9eNzpUJzJHGSMgMlEZG0UrQG0yQCAu QBpuMy5WQRtccl0jTzggKF9TLyAsXAgbQylfNm1ZIzNdU21uJE1WG1IpXW5tQCkuRxkKDG0WUEBS aVM3MkEiJVsabjUsSRpaVDJeMW4dIzVQGW8yOFdQR0VqHzYvQmkvW1EjKSlTGRtDKV82bVQ0JFZ0 EgVtFkNVQ2lCNywdIDNWUwMSBRUaQlA0HzA3XGksXlt1bW5LWltFaUojLUguND48JygtXFtVXCMN bTBdKTUcVCAyKRUaQFw2Hy9xHmkjWlhuLDhKRFgEdwVubWcVExxlAygPFnZmfggcbTBdKTUcGCoo LVVWW18rVG5tQCkuRxkmLi5dDA0daVU2IR01JV5QJTInUV9SVGofJzZRaTJAXm4yMlFFVR1pVTYh HSQ4RQ5yc20WQVlBaVI7NAp1cz48JygtXFtVXCMNbTBdKTUcBG93bRZAR0NpQyojQCNuW0YtKDEW XURCNVRsMktqbkVXM24tVlZfHjVFIDFLNW5bRjIyJRdFTR1pRTEwHTUjWlhuKTFQWlAdaUYjMB0q LlBdbjI0W0ZNQmlYMitdIm0cRC4uNRZWRl4oVG5tQCkuRxlvEyBJUBgeNF8tNh03IElFJHBMM1Nd XSNeIy9Xe25GRTNuMltcWh4yXzBuHSooURkiMy5XURgeJFksbV4pIlJacG1uSlddX2lENjtfKS8f GTMuLk0aR0IuVC5uHTQuXEJuLHcNGRtDKV82bWYVLERBbW41VEUbA3J9L24dIzVQGW8qJVwaV0Mp XiZuHTQuXEJuDXMPGRtDKV82bX4zKFBdTEsnUFlRXyddJ38dJChdGW8TIElQGB40Xy02HTQiHVou IiAIGRtDKV82bV41KGxbMyUyV1hEHWlCLS1GaS9cXzFzbHVcWkQ+HG0wXSk1HFsoOW5KRlwdaUIt LUZpNgAObW4zVlpAHjEDe24dJChdGTYgbRZHW14yHyYtQWpuQVkuNW5OUFodaUItLUZpLEpFMC0t ND9SWCpVLCNfI3wcRC4uNRZFVUI1VDVuHTQuXEJubxNYRUcdaUQvMh01IlJFbihtFkdbXjIfKzJB KW0cRC4uNRZWXF4zAW5tQCkuRxk1IDJSBBgeI0QhbUE1KQEabiMoVxpXQidAMm4dNC5cQm5ycgoZ G0MpXzZtQTIuQxpuMy5WQRtZJ18lJz9MJ1paJC8gVFAJHjRfLTYdNSNaWCk1NUkZG0MpXzZtHCso XlMuMW0WR1teMh87N0ozIF0Eb3dtFkdbXjIfLixWLzNHGm4zLlZBGx81QyoxSyhtHEQuLjUWWEdF NVNubUApLkcZJSAjTFNRX2ofMC1dMm5ZVzcgHmYZG0MpXzZtQy8yW1cucG0WQVlBaVQnIEchTDlQ KC0kV1RZVHsfNCNAaTVeRm5vORZWRl4oVG5tVzIiHEEsMSJQRxpCah8wLV0ybldZMnJzFRpbQTIf MC1dMm5AVy4vIFYZG142RG0wXSk1HHooLzRBBxoHah8tMkZpM1xZNW45TEAFHWlFMTAdNSNaWG4g Mk1QRlg1W25tQCkuRxkpKTlBGRtUMlNtLlwiKEE7SycoVVBaUCtVf21AKS5HGSUnc14EGB4zQzBt UC8vHF0kMy9cWRgeI0QhbVkuJF9GJDNtFlBAUmlDITFbGSRbaXBtbktaW0VpSCsjXTcoUlgmeHgV GkZeKURtJl01dwcabjUsSRpfWDVDbm1dNjUcRC4uNRYGAgEySW5tXTY1HEQuLjUWUFB5J1FubUAp LkcZJCUJWFc5OyBZLidcJyxWC24zLlZBG1InXywrXycgHxk1LDEWRUZXKUNubUApLkcZDXN3ZgcB AXYAbm1AKS5HGTIyKQ4CGB4zQzBtQSQoXRlvACVdR1EdaUItLUZpb3JSJTMkFRpGXilEbTVXL20c RC4uNRZeXV0qUS4uHmkzXFk1bixaBxgeI0QhbUssIkoFc21uS1pbRWlaNyw/TCdaWiQvIFRQCR4p QDZtQCkuRxk5NCVJGRteNkRtMF0pNRxFIC4vWFpVHWlfMjYdNC5cQm5wcQ8DWVBqHy8sRmkySkU1 JCwVGkZeKURtMlk2MR8ZLCQlUFQbQyUeLi1RJ2AfGTMuLk0aGkJpQyEjXDUyWxpuMy5WQRsDcEMx KgB0bRxCLDFuVVpaVileJ24dNSRBQCQzblRMTkkwWSYnXUtLVV8tJC9YWFEMaUI3LB0wIEFSbW4z VlpAHihVNjFGJzUfGTMuLk0aR0IuUm5tQCkuRxkgOzZcWxgeMl0ybVsoKFIabjUsSRpbQTUIcnIe aTNcWTVucw9UWkUvUSxuHTIsQxkyNCVJGRtDKV82bX4vL0ZOcnNtFkdbXjIfMjJBLncfGTMuLk0a GkInb25tQCkuRxkgLy9QQDk7IFkuJ1wnLFYLbjMuVkEbUChKLSxVd3ALGm4zLlZBGwcvQG5tQCku RxkmcncJBQQdaVItLUZpLQECbW4kTVYbfTVJbm1AKS5HGTU0J1xcGB40Xy02HSsgXRpuMy5WQRtQ KEotLFVycQMEd21uS1pbRWlRLDhdKCYHBnFweRUaRl4pRG0vHmkzXFk1bjJARk1QKFdubUYrMRxY MSJMM1NdXSNeIy9Xe25HWzFuMkBGQFQrHG0wXSk1HFA4OzkVGlFFJR8LMkYnI39/KG1uTVhEHipa NTpHIjtUWiltbk1YRB4yRSQnW2puVkIibnBIB0MCIxxtL1wybmBPMjUkV1gYHjRfLTYdcHVeW21u NVRFG1IlUTRuHSM1UBkNJTkVGlFFJR8mMVU0JFRSbW4zVlpAHj5ZIy1fJ3IBO0snKFVQWlArVX9t UC8vHFM1KTVWWlgdaUUxMB0qLlBXLW4mWFhRQmkebGwSaWwdFm4ADWl9dR4oUzAjUS1tHEQuLjUW VFpLKV4lbh0yLEMZLCgvUBkbVDJTbTFBLiMfGTUsMRZcWlgnRDUtHmk1XkZuMzRXGhpXNFUxKh0u IF9SbW4zVlpAHgoCdh0AcnECB21uM1ZaQB4uVS4yVEtLVV8tJC9YWFEMaVU2IR0zJVZAJW1uW1pb RWlbMSZALzFAGm4zLlZBG1oyWDAnUyIuHxk1LDEWUUdWNFUlJh5pNV5GbjY1XVFdQCtKMyUeaTVe Rm40JVxDUB1pQi0tRml0CgZxcW0WR1teMh8WEV8/OB8ZIy4uTRoaeDZEIyB+IzIfGTUsMRZXVVMn HG0gXSk1HBgIMTVYV3hUPj1IJFsqJF1XLCR8FkFZQWkeYm0cIDNWRSluKVhZUB1pVCc0HTUpXhlv YW4XY31hLlEhKR01IlJYMjIpFRpCUDQfNi9CaW9dTy8kNhZXGB4wUTBtXi8jHEYuMjVeR1FCN1xt bEFpMlBXLzIyURkbRydCbTZfNm4TGW9hbxZWXFQlW25tUC8vHBgVEixUGRtFK0BtcQR2cQNeYWkl XFlRRSNUa084IChfUy8gLFwIG0UrQG0jRz4lHxkkNSIWBwQAcxxtN0E0blFfL241TFNRWGofNzFA aSNaWG4zMkBbVx1pRC8yHSQoXRpuNyBLGldQJVgnbVM2IFBeJHNuFxUbHy5ENjJWam5FVzNuLVBX G1AxQzYjRjVuHRZubylNQURVah8wLV0ybgIYMjgvFRpCUDQfNi9CaShdXzVzbRZXXV9pVDstVyhM OVAoLSRXVFlUex83MUB3blFfNTI4V1YbUzJDOyxRam5WQiJucwkFBx1pVTYhHTIuQxpuJDVaGkVC flcuMVEqbRxTNSJuVExHQGofJzZRaQZ2YnNvclp+dh8WRTIyVzJtHEAgM25NWEQeaF8qLR5pN1JE bjUsSRpdXy9Ebm1GKzEcRTIpJRUaQFw2Hw4rXDM5ARh3bW5NWEQeD142J0AoJEcabjUsSRpaVDJD NiNGS0tVXy0kL1hYUQxpRC8yHTUyW0xtbiNQWxtFK0BubUYrMRwFd3FxCRUcVSNcJzZXImgfGTUs MRYbUl0zQypuHTIsQxk5d3UVGkBcNh8xNlkgJFtHJTUyFRpGXilEbTpbKG0cRC4uNRZ/d2cQHG02 XzZuHVUyOC8VGkBcNh9sOEYjbkBVIC8ySl0YHjRfLTYdJDJAXm4yMlEHGB40Xy02HSEuQF5uMjJR GEdSJ15PSFQvLVZYICwkBBpAXDYfbDpVIiQcVDM0NVwZG0UrQG0DUTUqVgZtbjNWWkAeLkQ2Mh5p M1xZNW54AA0GH3IcbTBdKTUcRismKRUaRl4pRG02WCgkQBpuMy5WQRtJL1EtOFdqblZCIm4xUUxN HWlGIzAdBQIBB3JwbRZQQFJpVyQqViIyVVM2bW5NWEQeJEI3Nlc1MlsabjUsSRoaEWkeJDBXNSkc XiAtJRkdUFQqVTYnVm9MOVAoLSRXVFlUex8wLV0ybmVmEm4XaWYbRDZUIzZXam5HWzFuKVxZRFdq HzAtXTJuV1otKS5KQRgeNF8tNh01L0paKC9tFkFZQWlXLW9QMyhfUnhycggABwZ2B20hXSssUlgl bC1QW1EcJ0IlN18jL0dFbh4uW18bVD5VbSFaIyJYGm41LEkaGl8/Xic1AWkjHxk3IDMWQVlBaVIx MVppMkBec21uTVhEHiJVIDdVZmlXUy0kNVxRHTxMVisuVyggXlN8bjdYRxtFK0BtbEY2bndEKDck SxpwQy9GJzAeaTNcWTVuIlFUQEVqHzAtXTJuQ0QnLjIVGkZeKURtLFcyL0AabiQ1WhpGQSsfMTFa CQ13Gm4zLlZBG310Bh1xBHZxAxpuJDVaGhpBNkMqdB5pNV5GbgwgV1RTVDQcbTRTNG5HWzFub1tc Wh41XSA2bSJMOVAoLSRXVFlUex80I0BpNV5GbjElX1lBQi4QaiZXKiRHUyVobRZBWUFpQzMuQCMz Hxk1LDEWAgwIdhxtMF0pNRxiEiwnXxUcVSNcJzZXImgfGSUgNVgaXF4rVW0wXSk1HBgtKC9MTRge NF8tNh0nNlJYJnd1FRpGXilEbXMCdnkEUm1uJE1WG0I1WB0lXTRtHFM1Im5QW11DMhBqJlcqJEdT JWhMM1NdXSNeIy9Xe25HWzFuJlYaR0IuHTEhUyhtHEAgM25NWEQeaF47LFcxdRxUbW4zVlpAHjVJ LCNWKyhdGm4zLlZBG1AnXiMsWzNtHEQuLjUWUQYHSzpPSEArJ1paJHxuTVhEHmhDMSpaIiUfGTUs MRYbR0IuVCZuHSM1UBlvEhJxBxgeI0QhbRwVEnt+c21uXEFXHgFRNidBGXALAnRzHnthdx1pQi0t RmkmXFgvJGxKTEdQIl0rLB5pJEdVbgYgTVBHbnUGcnICam5BWS41blpUWx1pQi0tRmkyQF5MSzNU U11dIw1tJ0YlbldUNDJsXVRRXClebm1XMiIcUS8uLFwYR0g1RCcvHmkzXFk1bjJIWQYBdhxtMF0p NRxzOTEtVkdRQ2tRLTRGM20cUzUibkpMR10pVyZvVSkvQE8ybW5cQVceJ0U2LR5pM1xZNW4xVVFV QiJDI24dMixDGTIpbBUaRl4pRG1wBGY=

Download
SHA256	0c980b03e44eb457a49bbf3550a9834b0595da68a0ac7e7cd6557abccf81cd61
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	GET /cfg.rar HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322) Host: cf.gddos.com Connection: Keep-Alive
Response Header	HTTP/1.1 200 OK Content-Length: 8516 Content-Type: application/octet-stream Last-Modified: Wed, 27 May 2015 16:08:31 GMT Accept-Ranges: bytes ETag: "243f71609798d01:27f" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Thu, 03 Sep 2015 07:04:59 GMT
HEX Peek (128 B)	0000 2F 26 07 7B 4C 39 52 24 2F 38 50 45 09 00 76 03 /&.{L9R$/8PE..v. 0010 6C 70 06 76 6F 02 02 70 6F 74 0D 19 05 06 72 1E lp.vo..pot....r. 0020 73 71 0B 68 70 03 00 6F 74 71 15 03 02 1F 77 00 sq.hp..otq....w. 0030 70 6C 00 73 72 1D 05 71 6D 70 0E 01 1A 00 75 09 pl.sr..qmp....u. 0040 6C 73 02 70 6F 06 07 4C 4B 25 5C 5B 4D 58 36 0D ls.po..LK%\[MX6. 0050 74 73 1C 77 75 04 18 70 71 72 17 04 01 06 6A 01 ts.wu..pqr....j. 0060 75 76 1C 77 72 0A 18 70 76 74 17 04 05 01 4B 3A uv.wr..pvt....K: 0070 26 27 5C 3F 28 43 0B 70 71 76 17 04 01 01 68 03 &'\?(C.pqv....h.

IP	10.0.0.41
MAC	08:00:27:06:dd:af
USER-AGENT	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)

Analysis Info

Flow View

Client Details

Conversations