Description

Files

IP Addresses

- Infected host: 192.168.1.128
- Default GW: 192.168.1.2

Timeline

Wed Sep 14 12:09:17 CEST 2016

started win18

Wed Sep 14 12:11:54 CEST 2016

started ie

Wed Sep 14 12:12:06 CEST 2016

www.google.com

Wed Sep 14 12:12:22 CEST 2016

search "my normal behavior"

Wed Sep 14 12:12:42 CEST 2016

www.healthychildren.org

Wed Sep 14 12:13:12 CEST 2016

search videos about behavior in bing

Wed Sep 14 12:13:26 CEST 2016

access a youtube video

Wed Sep 14 12:15:16 CEST 2016

Click a link in healthychildren.org

Wed Sep 14 12:15:54 CEST 2016

click on www.officialmbmusic.com from bing

Wed Sep 14 12:19:27 CEST 2016

clicks on healthchildre

Wed Sep 14 12:20:13 CEST 2016

click on a video on officialmusic

Wed Sep 14 12:21:50 CEST 2016

search on bing "twitter behavior"

Wed Sep 14 12:22:06 CEST 2016

click on link to a twitter account

Wed Sep 14 12:23:18 CEST 2016

more clicks on healthchildren

Wed Sep 14 12:40:27 CEST 2016

go for lunch

Wed Sep 14 13:48:27 CEST 2016

click more on web pages normally Specially in wikipedia, some twitters accounts

Infection

Wed Sep 14 13:55:18 CEST 2016

infected

Wed Sep 14 14:00:57 CEST 2016

Normal activities in the web page some requests to facebook

Wed Sep 14 14:05:25 CEST 2016

Normal from twitter open a site in france

Wed Sep 14 14:07:44 CEST 2016

normal click from twitter to vimeo

Wed Sep 14 14:10:12 CEST 2016

From now on, no more normal clicks and interactions. Just what is already opened.

Wed Sep 14 14:21:11 CEST 2016

power off