timestamp s-port sc-http-status sc-bytes sc-header-bytes c-port cs-bytes cs-header-bytes cs-method cs-url s-ip c-ip connection.time request.time response.time close.time idle.time0 idle.time1 cs-mime-type cs(Referer) cs(User-Agent) 14.887585 80 200 184 14 49240 97 0 GET http://www.msftncsi.com/ncsi.txt 195.113.232.73 192.168.1.102 0.000307 0.000000 0.065818 0.001979 0.000392 0.001979 "text/plain" "-" "Microsoft NCSI" 142.705049 80 502 385 268 49241 1388 926 POST http://31.41.47.41/upload/_dispatch.php 31.41.47.41 192.168.1.102 0.000233 0.000141 1.064255 0.000153 0.000206 0.000153 "text/html" "http://31.41.47.41/upload/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET4.0C; .NET4.0E)" 143.770962 80 502 387 270 49242 1392 926 POST http://91.234.35.216/upload/_dispatch.php 91.234.35.216 192.168.1.102 0.000232 0.000231 4.067169 0.000082 0.000294 0.000082 "text/html" "http://91.234.35.216/upload/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET4.0C; .NET4.0E)" 170.58018 80 502 385 268 49243 1388 926 POST http://31.41.47.41/upload/_dispatch.php 31.41.47.41 192.168.1.102 0.000382 0.000289 0.811364 0.000063 0.000285 0.000063 "text/html" "http://31.41.47.41/upload/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET4.0C; .NET4.0E)" 170.871290 80 502 387 270 49244 1392 926 POST http://91.234.35.216/upload/_dispatch.php 91.234.35.216 192.168.1.102 0.000304 0.000290 4.062676 0.000061 0.000284 0.000061 "text/html" "http://91.234.35.216/upload/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET4.0C; .NET4.0E)" 205.668992 80 502 385 268 49245 1388 926 POST http://31.41.47.41/upload/_dispatch.php 31.41.47.41 192.168.1.102 0.000297 0.000207 2.610633 0.000065 0.000347 0.000065 "text/html" "http://31.41.47.41/upload/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET4.0C; .NET4.0E)" 246.94534 80 200 15096 14848 49253 288 0 GET http://armmf.adobe.com/arm-manifests/win/ArmManifest.msi 95.101.202.181 192.168.1.102 0.000300 0.000000 0.579443 - 0.000597 5.347367 "application/x-msi" "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET4.0C; .NET4.0E)" 252.21344 80 200 839500 864256 49253 304 0 GET http://armmf.adobe.com/arm-updates/win/ARM/1.8.x/AdobeARM_1824191728.msi 95.101.202.181 192.168.1.102 - 0.000000 66.897638 0.000866 - 0.000866 "application/x-msi" "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET4.0C; .NET4.0E)" 334.815995 80 200 256 0 49261 211 0 HEAD http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1501720050/AcroRdrDCUpd1501720050.msp 195.113.232.81 192.168.1.102 0.000300 0.000000 0.087398 148.352961 0.000348 148.352961 "application/microsoftpatch" "-" "Microsoft BITS/7.5"