CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-189-1//2016-09-22_win3.pcap 09/22/16 20:26:44 0.2 b10 05/26/70 09:16:43

Flow View


Client Details

IP192.168.1.113
MAC08:00:27:11:4e:fa
USER-AGENTMicrosoft NCSI

Conversations

www.msftncsi.com    (195.113.232.90:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/ncsi.txttext/plainncsi.txt200 OKTEXT14.0 B05/26/70 09:16:43

stats.adobe.com    (66.117.29.34:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
1/b/ss/adbacdcprod/1/H.25.4/s72548665853952?AQB=1&ndh=1&t=9%2F8%2F2016%202%3A31%3A45%205%20420&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_launched&g=res%3A%2F%2FC%3A%5CUsers%5CAdministrator%5CAppData%5CLocal%5CTemp%5CRarSFX0%5Cflashplayer22_xa_install.exe%2F160&ch=acdc_flashplayer&events=event96&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=en_us&c5=en_us%3Aacdc_fp_adm_launched&v18=new&v22=friday%20-%203%3A30am&v73=acdc_flashplayer&s=819x583&c=32&j=1.5&v=Y&k=N&bw=620&bh=355&ct=lan&hp=N&AQE=1text/plains72548665853952302 Found0.0 B07/12/72 07:38:23
2/b/ss/adbacdcprod/1/H.25.4/s72548665853952?AQB=1&pccr=true&vidn=2BE940C28530A498-400003006001209B&&ndh=1&t=9%2F8%2F2016%202%3A31%3A45%205%20420&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_launched&g=res%3A%2F%2FC%3A%5CUsers%5CAdministrator%5CAppData%5CLocal%5CTemp%5CRarSFX0%5Cflashplayer22_xa_install.exe%2F160&ch=acdc_flashplayer&events=event96&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=en_us&c5=en_us%3Aacdc_fp_adm_launched&v18=new&v22=friday%20-%203%3A30am&v73=acdc_flashplayer&s=819x583&c=32&j=1.5&v=Y&k=N&bw=620&bh=355&ct=lan&hp=N&AQE=1image/gifs72548665853952200 OKGIF43.0 B07/14/72 05:47:17
3/b/ss/adbacdcprod/1/H.25.4/s7366343009791?AQB=1&ndh=1&t=9%2F8%2F2016%202%3A32%3A40%205%20420&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_pref_0&g=res%3A%2F%2FC%3A%5CUsers%5CAdministrator%5CAppData%5CLocal%5CTemp%5CRarSFX0%5Cflashplayer22_xa_install.exe%2F160&ch=acdc_flashplayer&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=en_us&c5=en_us%3Aacdc_fp_adm_pref_0&v18=new&v22=friday%20-%203%3A30am&v73=acdc_flashplayer&s=819x583&c=32&j=1.5&v=Y&k=N&bw=620&bh=355&ct=lan&hp=N&AQE=1image/gifs7366343009791200 OKGIF43.0 B02/28/74 05:52:11
7/b/ss/adbacdcprod/1/H.25.4/s75864100109884?AQB=1&ndh=1&t=9%2F8%2F2016%202%3A34%3A47%205%20420&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_success_exitcode%3D0&g=res%3A%2F%2FC%3A%5CUsers%5CAdministrator%5CAppData%5CLocal%5CTemp%5CRarSFX0%5Cflashplayer22_xa_install.exe%2F160&ch=acdc_flashplayer&events=event95&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=en_us&c5=en_us%3Aacdc_fp_adm_success_exitcode%3D0&v18=new&v22=friday%20-%203%3A30am&v73=acdc_flashplayer&s=819x583&c=32&j=1.5&v=Y&k=N&bw=620&bh=355&ct=lan&hp=N&AQE=1image/gifs75864100109884200 OKGIF43.0 B03/05/78 20:30:51

s.symcd.com    (23.37.43.27:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
4/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3Dapplication/ocsp-responseMFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D200 OKBINARY1.7 KB05/24/74 18:35:30

sw.symcd.com    (23.37.43.27:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
5/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSbgiNwvmjR4M%2B9oE39sZR%2FxyzMPwQUFmbeSjTjUKcRhgOxbKnGrM1ZbpsCEE6h6J4V6k%2F6k3mE2I9UX7o%3Dapplication/ocsp-responseMFEwTzBNMEswSTAJBgUrDgMCGgUABBSbgiNwvmjR4M%2B9oE39sZR%2FxyzMPwQUFmbeSjTjUKcRhgOxbKnGrM1ZbpsCEE6h6J4V6k%2F6k3mE2I9UX7o%3D200 OKBINARY1.6 KB05/25/74 17:10:09

fpdownload2.macromedia.com    (195.113.232.81:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
6/get/flashplayer/update/current/install/version.xml22.0.0.209~installVector=8&previousVersion=0.0.0.0&lang=en&cpuWordLength=32&playerType=pl&os=win&osVer=13text/htmlversion.xml22.0.0.209~installVector=8404 Not FoundHTML377.0 B07/15/74 02:30:48
26/get/flashplayer/update/current/install/version.xml23.0.0.162~installVector=11&previousVersion=22.0.0.209&lang=en&cpuWordLength=32&playerType=pl&os=win&osVer=13text/htmlversion.xml23.0.0.162~installVector=11404 Not FoundHTML381.0 B10/17/84 15:12:43
27/pub/flashplayer/update/current/sau/22/install/patch/22.0.0.209/23.0.0.162/patch_all_win_pl_sgn.zpatch_all_win_pl_sgn.z200 OKBINARY283.0 KB10/16/84 10:27:58

www.download.windowsupdate.com    (13.107.4.50:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
8/msdownload/update/v3/static/trustedr/en/authrootstl.cabapplication/vnd.ms-cab-compressedauthrootstl.cab200 OKCAB48.5 KB05/26/41 13:46:53

cmyip.com    (23.239.1.39:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
9/text/html9.html200 OKHTML6.9 KB02/11/05 16:50:41
10/css/styles.csstext/cssstyles.css200 OKTEXT2.5 KB02/11/05 17:49:45
11/font-awsome4/css/font-awesome.min.csstext/cssfont-awesome.min.css200 OKTEXT17.4 KB02/11/05 17:49:41
12/css/bootstrap.min.csstext/cssbootstrap.min.css200 OKTEXT119.7 KB02/11/05 17:49:25
14/img_partner/high-speed-premium-vpn-horizontal-d5b5ef120ae5ca0c69e501d3a6d39f94.pngimage/pnghigh-speed-premium-vpn-horizontal-d5b5ef120ae5ca0c69e501d3a6d39f94.png200 OKPNG10.7 KB02/11/05 19:41:27
15/fonts/glyphicons-halflings-regular.eot?application/octet-streamglyphicons-halflings-regular.eot200 OKBINARY19.7 KB02/11/05 19:33:38
16/font-awsome4/fonts/fontawesome-webfont.eot?application/octet-streamfontawesome-webfont.eot200 OKBINARY37.3 KB02/11/05 19:38:58
17/flag/CZ.pngimage/pngCZ.png200 OKPNG3.3 KB02/11/05 20:06:41
18/js/jquery-2.1.4.min.jsapplication/x-javascriptjquery-2.1.4.min.js200 OKTEXT82.4 KB02/11/05 20:06:44
20/img_partner/expressvpn-privacy-square-guard-c6845ef86532e3a630ce2c0576f3b7fb.gifimage/gifexpressvpn-privacy-square-guard-c6845ef86532e3a630ce2c0576f3b7fb.gif200 OKGIF109.1 KB02/11/05 20:06:43
21/js/bootstrap.min.jsapplication/x-javascriptbootstrap.min.js200 OKTEXT36.0 KB02/11/05 22:37:53
22/favicon.icoimage/x-iconfavicon.ico200 OKICO894.0 B02/12/05 00:27:30
23/js/script.jsapplication/x-javascriptscript.js200 OK0.0 B02/11/05 23:33:05

www.google-analytics.com    (216.58.209.174:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
13/analytics.jstext/javascriptanalytics.js200 OKTEXT11.3 KB02/11/05 19:51:41
19/r/collect?v=1&_v=j46&a=1245814314&t=pageview&_s=1&dl=http%3A%2F%2Fcmyip.com%2F&ul=en-us&de=utf-8&dt=CmyIP.com%20-%20Check%20My%20IP%20address%20fast!&sd=32-bit&sr=819x583&vp=798x385&je=0&fl=10.0%20r22&_u=AEAAAEAAI~&jid=158795438&cid=2015145105.1473524245&tid=UA-55808620-3&_r=1&z=883335837text/htmlcollect302 FoundHTML367.0 B02/11/05 21:51:10
25/r/collect?v=1&_v=j46&a=899025531&t=pageview&_s=1&dl=http%3A%2F%2Fcmyip.com%2F&ul=en-us&de=utf-8&dt=CmyIP.com%20-%20Check%20My%20IP%20address%20fast!&sd=32-bit&sr=819x583&vp=815x385&je=0&fl=10.0%20r22&_u=AACAAEAAI~&jid=343132682&cid=2015145105.1473524245&tid=UA-55808620-3&_r=1&z=686918987text/htmlcollect302 FoundHTML367.0 B12/03/05 22:25:50

162.246.20.116    (162.246.20.116:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
24/ip/text/html24.html200 OKTEXT12.0 B12/02/05 03:05:09